Building a VPN that assigns local IP to each device

nat vpn

I am trying to build a VPN, both site-to-site and point-to-site. I need the network to give each device a unique IP (doesn't have to be static) to identify them. Namely, if there are three devices in the main office, two in the branch office, one working from home, they would all have IP addresses 10.0.0.X. If a server in the main site receives a packet, it would be able to tell which specific device from the branch office sent it based on the network layer info alone.

For example, I am now looking at a doc from OpenVPN on building site-to-site VPN: https://openvpn.net/vpn-server-resources/site-to-site-routing-explained-in-detail/ This is a good example of what I do NOT want. When a server on the main site receives a packet, it would seem like it originated from the VPN access server (and it did), while I would like the packet to have the IP address of the original sender.

My question is: 1.Is it possible, technically? 2.Is it possible with a software solution, or do I need specific hardware? I cannot simply use a Cisco device for some reasons. If such a device exist, what's the terminology for it so I can search for other vendors' products?

(I am aware it is possible to tell the sender's identity even with the IP NATed if I just do it from application layer. I have my reasons to not do that.)

(If I wrote anything that makes me sound like an idiot, that's because I'm not a network engineer. I am sorry for any mistake I made. My boss is not very reasonal and I cannot just tell him to halt the project till he hires an expert.)


Solution 1:

Yes, what you are looking for is possible. You need a bridge VPN for that: By using a network bridge between your main office and your VPN, every network client sending out a DHCP request would receive an IP from your main dhcp server (which is serving the 10.0.0.X network). That way, all three networks are linked together, and you can reach all three locations without having to mess around with routing.

Check out openvpn's site on ethernet bridging.

And you do not need specific hardware for that - except that the VPN tunnel endpoint needs to run on a network capable device plugged into the correct network. (which can be very small: a Raspberry Pi is more than enough for such a task) OpenVPN compatible VPN solutions exists in software, and is included in many firewalls.

Related

How to choose the right rack and UPS?
How to block 111 udp port via iptables?
Is an reflexive relation also antisymetric?
Showing that $f(x,y)\sim f(x_0,y_0)+\frac{\partial f}{\partial x}\Delta x + \frac{\partial f}{\partial y}\Delta y$
Solving a linear programming problem using its dual problem.
representing anti-simmetric relations with directed graphs
Derivative of absolute value using epsilon delta
A little confusion regarding Sylow $p$-subgroups generated by a $p$-cycle
What is a sufficient condition such that the graph of $f(\theta)$ in polar coordinates is symmetric relative to the $y$ axis?
Primes made from alternating factorials
$\lim_t \int (F(x t) - F(0)) / xt dx$ and dominated convergence
A regular octahedron has a side length of 1. What is the distance between two opposite faces?