-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/09/12 15:38, Andrea Bonomi wrote:
> Dear Developers, I developed a patch for implementing 1:1 NAT
> (something similar to the iptables NETMAP target). This is useful
> in situations when you have the same (private) network address
> behind clients. For example, consider the following scenario:
>
> -lan1--192.168.0.0/24-- -lan2--192.168.0.0/24-- |
> | gw1 192.168.0.1 gw2 192.168.0.1 |
> | [tunnel]-----OpenVPN server---[tunnel] | [tunnel] | clients…
>
> The clients have to access to both the machines in lan1 and lan2,
> This patch allow to map all the address of a network, e.g. [to g1]
> push "netmap 172.16.1.0/24 192.168.0.0/24" [to g2] push "netmap
> 172.16.2.0/24 192.168.0.0/24" The clients can access to, e.g.
> 192.168.0.79 on lan1 using the IP 172.16.1.79.
Hi Andrea,
First of all, thanks a lot for your efforts here! I just have one
question ... how does this differ from the --client-nat feature in the
code base for OpenVPN v2.3? (git master or alpha releases)
- From the man page:
--client-nat snat|dnat network netmask alias
This pushable client option sets up a stateless
one-to-one NAT rule on packet addresses (not
ports), and is useful in cases where routes or
ifconfig settings pushed to the client would cre?
ate an IP numbering conflict.
network/netmask (for example
192.168.0.0/255.255.0.0) defines the local view
of a resource from the client perspective, while
alias/netmask (for example 10.64.0.0/255.255.0.0)
defines the remote view from the server perspec?
tive.
Use snat (source NAT) for resources owned by the
client and dnat (destination NAT) for remote
resources.
Set --verb 6 for debugging info showing the
transformation of src/dest addresses in packets.
kind regards,
David Sommerseth
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlBN/eUACgkQDC186MBRfrqGzACfWvH91GXH6+Jc0EQ42conCEhZ
IqQAoKojc8X/H0kn4wyFQtIKzhyzND9f
=BrY7
-----END PGP SIGNATURE-----
