OpenVPN bridge config

2 Offices, 2 network (same IP range)
2 nethserver as gw

I want connect the networks so users can work as if it is a single LAN
This is my current situation:

LAN1: 192.168.10.x/24 gw .254
LAN2: 192.168.10.x/24 gw .254

How can I configure a VPN (and the second NS), to bridge LAN1 & LAN2?

And, eventually, also to bridge also a second IP range (192.168.20.x)?

Thanks, P.

P.S.: I know that routing is better, but I need this at the moment :frowning:


IMHO, I really don’t think that this will work.
It would be much less work to adapt one LAN to a different IP range and use routing.


This is not possible, as when using bridge, one LAN will not have a gateway, but a bridge.
The LAN as such can only have one default gateway. (True, there can be several other “internal” gateways, but only one default!).

NethServer doesn’t support OpenVPN bridging on a site2site network.
It may be possible to add in a pile of customised scripts, for this to work - and it will likely never be as stable as it should.
In the end you’ll mostly be passing broadcast storms - not actual data packets…

I really suggest to rethink this and redo the network (On whichever side is smaller!).

My 2 cents

I know your opinion (by previous similar posts), and I agree with you, but I think the bridge is my better option:
I have to migrate a firm from one place to another.
They can’t stop all activities for a couple of weeks and then restart in the new place, so we need to migrate PC, servers, devices, … few piecies at time.
Many devices or old software have IP “hard-coded” into their configuration and can’t be changed easily.
I think the migration will lasts some weeks, may be 2-3 months.

Obviously I described the current situation :wink:

There isn’t a “smaller” network; there is a slow full migration from one network to the other.
I was thinking to use a couple of SoftEther VM or install SoftEther to a Proxmox server that I have in both the places.
What about this or a similar solution?

Thanks, P.



I had to do something similiar 20 years ago:

A large financial institute bought another.

Both institutions used - purely by chance - the exact same IP range, even this was an unusual range, so that they used the same network was like a lotto winning.
The network was something like (on both sides).

Licensed software, also services like Bloomberg / Reuters prohibited changing IPs…

I had to connect both networks. :frowning:
At the time, this was a BIG headache.

I used a somewhat tricky solution: A 2-way 1:1 NAT, essentially mapping every IP in to a corresponding IP in the subnet. From then on, an IPsec VPN from <-> did the trick.
IP routing made all hosts available to the other side.

From then on (working VPN between the 2 networks) we then secured both networks from each other…

As in some games tips: “There be dragons here”… :slight_smile:

I’m glad it worked, and then long and stable enough until a real integration (New IP range) was possible.

My 2 cents

PS: A issue with “bridging” is often forgotten:
Quite often, IPs are used on both side, often enough exactly those can’t be changed. Watch out for IP conflicts! (Same IP used on both sides).

SoftEther sounds interesting, I’ve never heard about it. However, there are quite a few security “gotchas” here, besides language issues. I absolutly don’t need chinese or japanese for my clients. I’d need german or french. Chinese or Japanese characters would make my clients freak out… :slight_smile:

This IMVHO is the biggest trouble with bridging without a 2-way 1:1 NAT.
Next one is the inexplicable amount of noise due to broadcast.

Once I had a “similar” problem. I was not able to solve it, I simply… deleted the problem.
Which is, IMVHO @PaulVM, a better solution.

1 Like