VPN: how to span same subnet on both the end heads?
Enzino78
Enthusiast ✭✭
Hello Community, one of our customer is moving his HQ in another location and since this process will not be completed in one shot there is the needs to share the same subnet as present in the current location also in the new one (they need to share servers and toher resources with minimal efforts).
Both the end heads are going to be protected by an NSa appliance and thus he thought to use a VPN between these two for spaning the same network.
Is there a way to accomplish this? Using the Central/Remote Gateway functions on DHCP over VPN, can help him to reach the goal? Any other hints without using nat over vpn option?
Thanks.
Best Answer
-
CORRECT ANSWEREnzino78
Enthusiast ✭✭
Hello, Partner have tested the configuration with DHCP over VPN for remote gateway and it works smoothly as per they desiderata. Integrating the VPN configuration depicted in the below screenshots to the KBs you linked, he solved:
Anyway thanks for your help.
0
Answers
I don't think there is an L2 VPN option in SonicOS. When we need to achieve this [which is pretty rare] we use an EoIP tunnel between two RouterOS boxes.
It's been a few years since I've had to do this but the DHCP over VPN function is what I used to accomplish what you are asking. I don't recall the finer details of how the tunnels were configured, but as long as your servers can handle being DHCP assigned you should be fine. FWIIW I was doing this for client PCs, not servers.
I can setup a test scenario if you need more details.
I'm looking on some KBs to provide customer with directions to use this configuration in his environment. If you have some notes should be useful since on the SonicWall Knowledgebase I'm not able to find any related docs. Thanks
There are limited docs in the KBs but there are a couple.
Essentially the VPN tunnel needs to be configured as IKE (not IKEv2). There are two 'gateways': the central (where the DHCP server and original subnet reside), and the remote (where the subnet needs to be 'extended' to).
On the 'central gateway' side, the tunnel will be configured with the appropriate local network and the remote network 'Destination network obtains IP addresses using DHCP through this VPN Tunnel'. Then follow the KB below as needed, using an external DHCP server, or the internal DHCP of the Sonicwall.
On the 'remote gateway' side, the tunnel will be configured with the local network as 'Local network obtains IP addresses using DHCP through this VPN Tunnel' and the remote network with the appropriate original subnet address object. Then follow the KB below as needed.
Take note of the example of the static devices on the 'remote gateway' LAN, and of the Notes and Tips at the end of the article.
Personally I wouldn't trust a customer with managing there own devices let alone the complex setup needed here.
You're welcome, feel free to mark my reply as an answer.