Differences

This shows you the differences between two versions of the page.

doc:howto:vpn.ipsec.overlappingsubnets [2013/01/20 19:11]
birnenschnitzel
doc:howto:vpn.ipsec.overlappingsubnets [2014/01/02 22:47] (current)
atajaca fix small typo
Line 1: Line 1:
====== IPsec With Overlapping Subnets ====== ====== IPsec With Overlapping Subnets ======
 +| For an overview over all existing Virtual private network (VPN)-related articles in the OpenWrt wiki, please visit [[doc/howto/vpn.overview]] |
:!: This page is about strongswan. The old racoon documentation can be found [[vpn.ipsec.overlappingsubnets.racoon|here]]. :!: This page is about strongswan. The old racoon documentation can be found [[vpn.ipsec.overlappingsubnets.racoon|here]].
Line 9: Line 9:
So what is it all about. Let us start with a picture and some explanations. What do we have? So what is it all about. Let us start with a picture and some explanations. What do we have?
-  * ACME company with internal subnet 10.1.2.0/24 has an existing tunnel to another company with subnet 192.168.2.0/24. The firewall therefore will route alle packets with destination 192.168.2.1-192.168.254 into the existing tunnel.+  * ACME company with internal subnet 10.1.2.0/24 has an existing tunnel to another company with subnet 192.168.2.0/24. The firewall therefore will route all packets with destination 192.168.2.1-192.168.2.254 into the existing tunnel.
  * Our OpenWrt user at home has already a IPsec VPN connection too. The OpenWrt firewall protects his network 192.168.2.64/26 and routes all traffic to 10.1.0.0-10.1.3.254 towards the established tunnel to another company.   * Our OpenWrt user at home has already a IPsec VPN connection too. The OpenWrt firewall protects his network 192.168.2.64/26 and routes all traffic to 10.1.0.0-10.1.3.254 towards the established tunnel to another company.
  * When establishing a new tunnel between home and ACME without address translation we would run into routing conflicts. E.g. if we want to reach the server 10.1.2.55 from home it could either be a machine in the ACME network or in the others company network.   * When establishing a new tunnel between home and ACME without address translation we would run into routing conflicts. E.g. if we want to reach the server 10.1.2.55 from home it could either be a machine in the ACME network or in the others company network.

Back to top

doc/howto/vpn.ipsec.overlappingsubnets.1358705466.txt.bz2 · Last modified: 2013/01/20 19:11 by birnenschnitzel