SNAT/DNAT 1:1 NAT with identical LANs
Posted: Sun Nov 10, 2013 11:20 am
I want to connect several LANs located on remote buildings
The central site is a server running OpenVPN
Each remote site also run OpenVpn in Clien mode.
1. The central site has only one public IP
2. Serveral remote sites are using networks 192.168.0.0/24
3. I cant/wont to modify LAN numbering
4. I want to control these networks via the client
I know that i need definie virtual LANs
I know thats works on dnat/snat
site A
192.168.20.0/24 real network
10.9.1.0/24 virtual network
site B
192.168.20.0/24 real network
10.9.2.0/24 virtual network
site C
192.168.20.0/24 real network
10.9.3.0/24 virtual network
site Server
Global IP
10.8.0.1 - virtual network
10.8.0.0/24 - assigned ips for remote computers not routers
So each site is seen to have a 10.9.x.0/24 LAN
When a VPN Client want to get access to 192.168.20.17 on site C its sending request to 10.9.3.17
If the same client want to get access to 192.168.20.1 on site A - main router its sending request to 10.9.1.1
Site A/B/C - cannot communicate together, only remote computers can do access to the choosen network.
Client A - 10.8.0.6 can connect only to site A and C
Client B - 10.8.0.12 can connect only to site A,B,C
I found some information how to do it on snat/dnat from but it`s really hard to find why it`s doesnt work.
I now that the OpenVPN from version 2.3 are included client-nat dnat/snat option
Is any body who can help me with setting this ?
The central site is a server running OpenVPN
Each remote site also run OpenVpn in Clien mode.
1. The central site has only one public IP
2. Serveral remote sites are using networks 192.168.0.0/24
3. I cant/wont to modify LAN numbering
4. I want to control these networks via the client
I know that i need definie virtual LANs
I know thats works on dnat/snat
site A
192.168.20.0/24 real network
10.9.1.0/24 virtual network
site B
192.168.20.0/24 real network
10.9.2.0/24 virtual network
site C
192.168.20.0/24 real network
10.9.3.0/24 virtual network
site Server
Global IP
10.8.0.1 - virtual network
10.8.0.0/24 - assigned ips for remote computers not routers
So each site is seen to have a 10.9.x.0/24 LAN
When a VPN Client want to get access to 192.168.20.17 on site C its sending request to 10.9.3.17
If the same client want to get access to 192.168.20.1 on site A - main router its sending request to 10.9.1.1
Site A/B/C - cannot communicate together, only remote computers can do access to the choosen network.
Client A - 10.8.0.6 can connect only to site A and C
Client B - 10.8.0.12 can connect only to site A,B,C
I found some information how to do it on snat/dnat from but it`s really hard to find why it`s doesnt work.
I now that the OpenVPN from version 2.3 are included client-nat dnat/snat option
Is any body who can help me with setting this ?