[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSec VPN with sort-of overlapping LAN subnets
 Date:  Fri, 28 Oct 2005 21:15:10 -0400
On 10/28/05, Scott Neader <scott dot neader at centurytel dot com> wrote:
> I know this has been discussed before....  If you have two LANs with
> duplicate subnets, you cannot do an IPSec VPN between them.  The
> documentation says this is a limitation of basic IP networking, and not
> a problem with m0n0wall, and I agree.
> Yet I keep thinking there is a way out of my problem with some type of
> NAT solution.

Possibly.  I don't know about the linksys, but advanced outbount NAT
in m0n0wall might achieve what you desire.  Due to packet processing
orders, NAT may not be able to be applied to IPsec traffic though, so
you might just be out of luck.

This is really kludgy anyway.  Depending on what you want to use
across the connection, it might cause some really ugly problems.  Like
if you want to do Windows file sharing, NAT will make that unreliable
at best, completely non-functional at worst.

I'd change the IP subnet on the network that's the least effort to
change.  In the long term, even if there is some workable NAT hack, I
think you'll be glad you did.