Community discussions

MikroTik App
 
ritchan
just joined
Topic Author
Posts: 11
Joined: Mon Aug 27, 2018 2:41 pm

Site to site VPN with the same IP subnet?

Mon Dec 21, 2020 4:55 pm

My home network is 192.168.1.x. I went into Quick Set and enabled VPN, and this setup a 192.168.89.x subnet and some firewall forwarding rule. But I don't want this - I just want to be on the same IP subnet, 192.168.1.x, so I can use everything like normal.

Can I just delete the Firewall NAT rule?
In PPP->Profiles, can I just change the Local Address for default-encryption from 192.168.89.1 to 192.168.1.1?
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 772
Joined: Fri Nov 10, 2017 8:19 am

Re: Site to site VPN with the same IP subnet?

Mon Dec 21, 2020 11:43 pm

The VPN settings in quickset isn't really "site to site". It is rather typical road-warrior setup and there is no need for same subnet - your devices will be able to communicate with each other so why limit yourself by putting everything on the same subnet? If they are not able to communicate, then you got just a simple firewalling mistake which can be fixed.
If you really need to have them on the same subject, keep in mind it won't be direct L2 connection so your router will still have to behave as a proxy. There will be multiple changes, not just the "local address" in ppp profile. You will have to add arp-proxy on the LAN interface (probably your bridge), you will need to change IP->pool for the vpn...

it is hard (rather impossible) to give better info without having full config (you can export it with command
 /export hide-sensitive file=whateverFileName
If you ever want to set up a VPN between multiple sites on the same subnet: Not possible straight away - router has no chance to understand whether you want to communicate with IP from your site or from the other. Similarly, your PC have connected route with the local subnet, so it won't even bother to contact the router. You can overcome this partially with arp-proxy, but then IP colissions will appear. (because each site can have the same IP active unless you make sure they are all different by manually setting them or by giving different pool to each DHCP)
It is possible with some creative hacking and NATting (to make those subnets look different) but I would not recommend that at all. It would be a nightmare.
 
ISrueran
just joined
Posts: 1
Joined: Mon Jan 04, 2021 6:11 pm

Re: Site to site VPN with the same IP subnet?

Mon Jan 04, 2021 6:18 pm

Hi.

I also want to use a VPN for accessing websites that are banned in my country but some international sites like https://embroiderymachinebest.com/best- ... m-designs/ are easily opened without a VPN. But my question is this if I use VPN then websites that are easily assessable to me show in VPN usage or not because of IP address change?
Thank you!

Who is online

Users browsing this forum: Bing [Bot] and 57 guests