How do you avoid network conflict with VPN internal networks?

security networking vpn openvpn

We have several IPSec VPNs with our partners and customers and occasionally run into IP conflicts with their network. The solution in our case is to do either source-NAT or destination-NAT over the VPN. We are using Juniper Netscreen and SSG products, but I assume this can be handled by most higher-end IPSec VPN devices.


I think that what ever you use, you're going to risk a conflict. I would say that very few networks use ranges under 172.16, but I have no evidence to back that up; just the gut feeling that no one can remember it. You could use public IP addresses, but that's a bit of a waste and you may not have enough to spare.

An alternative could be to use IPv6 for your VPN. This would require setting up IPv6 to every host you'd want access to, but you'd definitely be using a unique range, especially if you get yourself a /48 allocated to your organisation.

Related

NTFS file owner is able to delete a file with read permission
Unable to access vsftpd from public ip
Persistence of local SSDs of EC2 instances
How can I crontably reboot a Linux host upon network failure? [closed]
What was linux/unix time standard before inventing epoch? [closed]
fsck.vfat auto repair on error
Website not being served (NGINX, Ubuntu)
How to improve initialization (start up) time for AWS EC2?
For DNS and SSL do I need a separate certificate for every (DNS RR) A record?
How to use wget http status codes in an if else statement to take an action based on the status code
What is the maximum value acceptable for xargs -P argument? [duplicate]
Mutate subset average and add to all groups R