I have eth00 configured for 192.168.50.0/24 and VPN99 configured to allocate addresses from a pool that is 192.168.50.220 – 192.168.50.240 as I want the VPN users to be be on the Internal network. Both eth00 and VPN99 are using 192.168.50.254 (internal IP of the zeroshell router) as their gateway.
When I attempt to bridge eth00 and VPN99 to allow them to communicate freely, zeroshell says there is an error due to overlap and the bridge cannot be created.
How do I set it up so that my VPN users are on the same internal network and multicast, broadcasts, etc. flow freely between VPN99 and eth00?
For reasons I don’t want to go into, I can’t simply allocate a new subnet for the VPN users and then use NAT to bridge across, the VPN users have to maintain an allocated IP address on the internal network without NAT.
Security-wise you should stick to the plan having your intranet as a different zone than the vpn users. NAT is not an issue, you can allocate an other address space for them, e.g. 192.168.51.0/24 and route between these two subnets. Do not apply any NAT on these 2 interfaces.
If you desperately want to bridge them, remove the IP addresses from interface VPN99, then try to bridge it with ETH00 and finally apply the IP on the BRIDGE00 interface.
Thanks ppalias, I’ll give that a try. a couple of months ago I managed to get this bridging to work on a Zeroshell router in our dev/qa lab, but couldn’t replicate it on a production router (hence the question). I must have gone through the steps you laid out while hacking around at it.