Answer the question
In order to leave comments, you need to log in
How to connect to server via VPN with same subnets?
I connect to a remote branch via VPN, on both sides there is a network from the same 192.168.1.x range, of course, in this situation, I will not be able to access either folders or RDP to the server. Is there a way to fix this without changing the ip address? If I change the addressing at home, then it will be problematic for users.
Answer the question
In order to leave comments, you need to log in
Use the netmap action on nat on the branch side for dnat and snat chains.
And in human terms - corporate grids are made in the 10.0.0.0/8 range.
1. option
https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/...
https://qna.habr.com/answer?answer_id=75022#answer...
2. option
https:/ /habr.com/en/post/282858/
in a mental way
so novice admins do so as not to rack their brains with network classes and that's all
Change the subnet mask to a smaller one, down to /32, then everything will go through the gateway, where you can centrally resolve this issue. But in general, to use this range for an enterprise network is in itself such ...
If you want to work with both networks with a constantly connected vpn - no way. If your networks are separated by masks, then no problem. When you connect to a remote network, just add a dynamic subnet route behind the vpn through this gateway, then all packets will go through it and you will see everything. Both rdp and folders. True computers in your home network will be inaccessible. In general, these are all crutches. There must be three subnets - external - vpn - internal. And they should all be different. Otherwise, I can’t even imagine how routing can be configured.
If we are talking about OpenVPN, then it has a built-in NAT for such purposes:
--client-nat snat|dnat network netmask alias
This pushable client option sets up a stateless one-to-one NAT rule on packet addresses (not ports), and is useful in cases where routes or ifconfig settings pushed to the client would create an IP numbering conflict.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question