| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 93924 | 2008-10-06 22:34:00 | VPN - problem with same segment | Geek4414 (12000) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 710207 | 2008-10-06 22:34:00 | I am having problem accessing resources via a VPN connection because the destination network has the same network segment as my network. Short of changing the LAN settings on my side, is there any way to work around that? |
Geek4414 (12000) | ||
| 710208 | 2008-10-06 23:24:00 | Yes - if you're using Linux or BSD as one of the endpoints you can netmap the remote segment into a different ip range for the VPN, without needing to renumber any of the machines. Which VPN software are you using, how are you implementing it, which operating systems etc? We really need more info here. |
Erayd (23) | ||
| 710209 | 2008-10-07 08:56:00 | I didn't set up the VPN, the person who set it up is gone, so no one knows nothing about it . The end point is a Fedora Linux box, the rest of the system are mostly Macs (10 . 4 . 11) with 1 PC (XP) only . My past knowledge in SCO Unix (over 10 years ago) helps me get around the Linux box a bit but I don't know enough to configure it . It's mostly Vista & XP on my end, except an occasional Hackintosh and an Linux box running an ISO of Asterisk . Currently I'm trying to connect to the destination VPN either from Vista or XP only using the built-in VPN function . I've found the built-in VPN (both incoming & outgoing) very easy to setup and use in XP/Vista . So long as the destination network is not using the same network segment . While we're on this subject . . . I've been using an XP box for incoming VPN connection . How easy would it be to setup the Asterisk box to be the VPN end point instead . And . . . what if the Asterisk box is virtualised inside the XP box? The intention is to run only one box instead of two . |
Geek4414 (12000) | ||
| 710210 | 2008-10-07 14:05:00 | The end point is a Fedora Linux box...This is a good thing. ...I didn't set up the VPN, the person who set it up is gone, so no one knows nothing about it...the rest of the system are mostly Macs (10.4.11) with 1 PC (XP) only. My past knowledge in SCO Unix (over 10 years ago) helps me get around the Linux box a bit but I don't know enough to configure it.This isn't. Don't you have any documentation for your setup somewhere? If not, I strongly suggest you spend some time generating some, as there's nothing worse than having a network which nobody knows anything about - the sooner you remedy this the better. It's mostly Vista & XP on my end, except an occasional Hackintosh and an Linux box running an ISO of Asterisk. Currently I'm trying to connect to the destination VPN either from Vista or XP only using the built-in VPN function. Irrelevant, it's the VPN server endpoint we care about here. If you're using the Windows built-in stuff, you're probably using either IPSEC or PPTP. I've found the built-in VPN (both incoming & outgoing) very easy to setup and use in XP/Vista. So long as the destination network is not using the same network segment.This, we can work around, as long as your client LAN isn't on the same subnet as the VPN interface. On the Fedora box, run the following (as root), and set it to run after the firewall init every time the box boots: iptables -t nat -I PREROUTING -d 10.123.45.0/24 -j NETMAP --to 192.168.1.0/24Obviously you'll need to tweak it to your specific situation - the above rule will intercept all traffic for 10.123.45.0/24 and send it to 192.168.1.0/24 instead. Assuming that both your local LAN and the remote network are using 192.168.1.0/24, you will now be able to access (for example) the remote 192.168.1.96 from the client at the address 10.123.45.96. Sorry if that was a bit cryptic, let me know if you need a better explanation. While we're on this subject ... I've been using an XP box for incoming VPN connection. How easy would it be to setup the Asterisk box to be the VPN end point instead. Depends on which VPN software you want to use. I personally have a preference for terminating them on Linux machines (your asterisk box would fit the bill here), but note that it can get quite complicated, depending on what you need. You'll also need to manage this almost entirely via config files and command-line scripts, as Linux doesn't exactly have many GUI tools for this kind of thing. And ... what if the Asterisk box is virtualised inside the XP box? The intention is to run only one box instead of two.That would be fine as long as one of the following is true: The virtual NIC for the asterisk VM is bridged directly to the LAN, and has its own distinct IP. You are using some kind of TCP/UDP based VPN software (this means no IPSEC or PPTP) and have the correct ports mapped through to the asterisk VM. I hope this helped - let me know how you get on, or if you need anything further. |
Erayd (23) | ||
| 710211 | 2008-10-07 21:57:00 | Hi Erayd, first of all, thanks for taking your time to reply to this post, much appreciated. Before I jump in and try any of this, will that affect anyone else who is currently using that same VPN connection? |
Geek4414 (12000) | ||
| 710212 | 2008-10-08 01:02:00 | Yes, it will, but they won't notice unless they are using the 10.123.45.0/24 network segment. It won't stop them accessing things at the real addresses, if that's what you're asking - all the original ones will still work at the same time. The only impact on them should be they'll now be able to access the remote network at 10.123.45.0/24 also :). | Erayd (23) | ||
| 1 | |||||