Hi Knut,

First of all, sorry for the late reply.

On Tue, 2008-07-08 at 13:03 +0200, Knut Saastad wrote:
> Hi László!
>
> Using the same network on both sides of a VPN will cause trouble for
> you, since your are trying to route traffic between two locations using
> the same identifiers. Traffic originating from one side of your tunnel
> will always have the ipaddress you are trying to reach, listed in its
> routingtable as local, and thus will never try to forward it through the
> ssh-tunnel.


I understand why using the same network on both sides is a bad idea from
a routing point of view. I originally wanted to come up with a solution
for the usual problem of VPNing two 192.168.1.0/24 networks.

> If you cannot change ip-range on either side of the link, I would
> suggest looking into the possibility of 1:1 NAT'ing the traffic on
> receiver side ( i.e 10.0.0.0/8 -> 192.168.1.0/8 ), and the use ie.
> 10.168.1.100 to reach 192.168.1.100 from the sender side.


I see, NATing is the solution here. How would you implement such a
scenario? I guess iptables is the key.

Thank you!

> Best regards,
> Knut Saastad
>
> László Monda wrote:
> > Hi List,
> >
> > I'm trying to build an SSH VPN based on the
> > https://help.ubuntu.com/community/SSH_VPN Ubuntu howto, but can't get
> > it done.
> >
> > After setting up the VPN and trying to connect to the remote host
> > which is now on my virtual network I realize that I actually connect
> > to localhost.
> >
> > This may be because the remote network and the local network are both
> > 192.168.1.0/8. Do the network adresses of the networks in question
> > need to differ?
> >
> > Thanks in advance!
> >
> >

>

--
Laci


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBIh6bJ5t2qLX5n7ZgRAmjRAKDLKddBzYgtwdyfM86wpe lJ8jwL1gCeKXtR
NDtfhImUr55OjIY/48Rfvfc=
=nJaI
-----END PGP SIGNATURE-----