OpenVPN on same class of LAN

[tiagomg]

Dear Sirs,

Due our requirements, we have a LAN on 192.168.0.0/16 because all devices inside that network are already configured based on that class / netmask.

Right now, we are adding a second instance of OpenVPN to allow particular users to access to that network, but two allow interaction and avoid current firewall filtering on devices, we need that user goes to that network inside the same network.

In this case, we have created a new OpenVPN with tunnel 192.168.1.0/24

With this configuration, and even with all firewall rules disabled, we can reach the devices inside the LAN but the response is not reaching the OpenVPN users on this network.

user: 192.168.1.6
icmp > 192.168.4.5

on 192.168.4.5, the icmp requests is received from 192.168.1.6 and delivered again to 192.168.1.6 (on device)

However, the user 192.168.1.6 is receiving Request timeout.

If we create a Outbound NAT rule, we can receive the icmp response correctly, however, in the device, we reach based on LAN interface, the gateway (192.168.0.1).

Are we missing something? Because the OpenVPN is using the same network the icmp from device is being processed by the interface instead of being delivered to the OpenVPN net? There is anyway to redirect this requests?

OpenVPN is operating in tun mode with client 3.x

Thank you

[Patrick M. Hausen]

You cannot have overlapping networks in IP. Fundamentally not.

Pick something from the 172.16-172.31 range for your OpenVPN and you will be fine.

[pheriko]

That Right,you have to clean yout network.

2 months ago I have a similar situation with a customer, they where using /22 for their networks of 50 devices(the big one) the branches 20 devices with /22,/23, overlapping.

OpenVPN reject to work that way, they had to fix there network to /24 and done, now is working.

I know, is a PITA, but necesary.