From owner-freebsd-questions@FreeBSD.ORG Sun Aug 18 10:20:42 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id D4CD7F95 for ; Sun, 18 Aug 2013 10:20:42 +0000 (UTC) (envelope-from freebsd-doc@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8487129C7 for ; Sun, 18 Aug 2013 10:20:42 +0000 (UTC) Received: from [192.168.1.35] (mux.fjl.org.uk [62.3.120.246]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id r7IAKaSp019417 (version=TLSv1/SSLv3 cipher=DHE-DSS-CAMELLIA256-SHA bits=256 verify=NO); Sun, 18 Aug 2013 11:20:37 +0100 (BST) (envelope-from freebsd-doc@fjl.co.uk) Message-ID: <52109FF8.7010301@fjl.co.uk> Date: Sun, 18 Aug 2013 11:20:40 +0100 From: Frank Leonhardt User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 MIME-Version: 1.0 To: Terje Elde Subject: Re: VPN where local private address collide References: <520E5EC0.5090105@fjl.co.uk> <9FB6809B-DD5D-4A04-8BD9-0271FAC03181@elde.net> <520F53A2.80707@fjl.co.uk> <520F8AA8.8030407@fjl.co.uk> <1FF39756-0555-4CD8-95B7-862F9644CF78@elde.net> In-Reply-To: <1FF39756-0555-4CD8-95B7-862F9644CF78@elde.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "freebsd-questions@freebsd.org" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Aug 2013 10:20:43 -0000 On 18/08/2013 00:29, Terje Elde wrote: > > The obvious answer is IPv6, of course. I'm surprised no one has > mentioned it yet. > > You seemed dead set on not renumbering the networks, and moving to > IPv6 would not only be just that, but also be harder than just > renumbering IPv4-nets, so you answered that question for us already. I was being ironic ;-) I'm not sure that TLS would cause more problems than any other packets, but as you point out, the exercise is bound to be full of pooh traps as yet undiscovered. FTP should be interesting, for a start. But for most things, why would swapping an IP address in the packet header cause any kind of problem as long as it was done consistently? Apparently Cisco routers manage to sort this all out as a matter of course, which goes some way to explaining why they cost so much. There are lots of corporate networks on 10.x.x.x, and I'm told this kind of caper is used to sort them out when they collide. Paying for a Cisco VPN could easily work out cheaper than reconfiguring a large corporate LAN, but I don't have the budget for either. Unfortunately this goes beyond my current knowledge of FreeBSD's networking layers so I may be busy for some time. Regards, Frank.