VPN to Internal network bridging question

Home Page Forums Network Management Networking VPN to Internal network bridging question

This topic contains 1 reply, has 0 voices, and was last updated by  ssanders 9 years, 5 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #42056

    ssanders
    Member

    I have eth00 configured for 192.168.50.0/24 and VPN99 configured to allocate addresses from a pool that is 192.168.50.220 – 192.168.50.240 as I want the VPN users to be be on the Internal network. Both eth00 and VPN99 are using 192.168.50.254 (internal IP of the zeroshell router) as their gateway.

    When I attempt to bridge eth00 and VPN99 to allow them to communicate freely, zeroshell says there is an error due to overlap and the bridge cannot be created.

    How do I set it up so that my VPN users are on the same internal network and multicast, broadcasts, etc. flow freely between VPN99 and eth00?

    For reasons I don’t want to go into, I can’t simply allocate a new subnet for the VPN users and then use NAT to bridge across, the VPN users have to maintain an allocated IP address on the internal network without NAT.

    Thanks for any advice!

    #49137

    ppalias
    Member

    Security-wise you should stick to the plan having your intranet as a different zone than the vpn users. NAT is not an issue, you can allocate an other address space for them, e.g. 192.168.51.0/24 and route between these two subnets. Do not apply any NAT on these 2 interfaces.
    If you desperately want to bridge them, remove the IP addresses from interface VPN99, then try to bridge it with ETH00 and finally apply the IP on the BRIDGE00 interface.

    #49138

    ssanders
    Member

    Thanks ppalias, I’ll give that a try. a couple of months ago I managed to get this bridging to work on a Zeroshell router in our dev/qa lab, but couldn’t replicate it on a production router (hence the question). I must have gone through the steps you laid out while hacking around at it.

    Thanks!

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.