From owner-freebsd-questions@FreeBSD.ORG Fri Aug 16 17:17:59 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 44FC3235 for ; Fri, 16 Aug 2013 17:17:59 +0000 (UTC) (envelope-from freebsd-doc@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C3FB0255B for ; Fri, 16 Aug 2013 17:17:58 +0000 (UTC) Received: from [192.168.1.35] (mux.fjl.org.uk [62.3.120.246]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id r7GHHnPQ001168 (version=TLSv1/SSLv3 cipher=DHE-DSS-CAMELLIA256-SHA bits=256 verify=NO) for ; Fri, 16 Aug 2013 18:17:50 +0100 (BST) (envelope-from freebsd-doc@fjl.co.uk) Message-ID: <520E5EC0.5090105@fjl.co.uk> Date: Fri, 16 Aug 2013 18:17:52 +0100 From: Frank Leonhardt User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: VPN where local private address collide Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Aug 2013 17:17:59 -0000 Let's say we're using MPD on FreeBSD at both ends of a link here, using a VPN to connect two LANs. (The use of MPD is negotiable). One LAN uses the address range 192.168.1.0/24 and the other uses the address range, er, 192.168.1.0/24. However hard you try to avoid this, it's going to happen. Let's also assume there is no way either end can change its range. NO WAY. Just don't go there. I've found I can still get away with this if the actual used IP addresses don't conflict, but it's not ideal. I'm not even 100% on why it works at all. I've heard of a mythical solution called "VPN NAT". It makes sense; just use NAT to map one range on to something completely different and away you go. Hosts at either end would be none the wiser. Has anyone actually done this, and if so, how? Thanks, Frank.