L2tp and lan

Forum|Forum|2 years ago
February 7, 2024
1 reply
1246 views

Hi all.

I have an annoying setup, where an l2tp client (a server machine) using native windows L2tp/IPsec client connects to the customer's office. The problem is, that customers' LAN is 192.168.0.0/24, the server's IP is 192.168.0.20. Naturally I cannot simply reach the server .20, since the LAN devices think that it is in the same broadcast domain, and do not turn to default gateway(192.168.0.1), flooding ARP requests instead. I cannot change the LAN network settings on the customer's side (e.g. narrow down the subnet). Also I cannot change the IP address for an L2TP client on the other side. Adding a static route to 192.168.0.20/32 via 192.168.0.1 works, but it is also not an option, since there are quite a few devices on the network, and we do not have control over most of them.

To this moment I've tried configuring policy route, enabling ARP-proxy.. Now I am trying to investigate if I can NAT the communication between LAN and .20 over .1

Does anyone have any other options?

FortiGate

sw2090

SuperUser

there is a kb documenbt about this:

https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/426761/site-to-site-vpn-with-overlapping-subnets

this is for 7.2 but I had that working in 6.x too some time ago.

AndrArtAuthor

New Member

Thanks for the KB, in my case, my server machine is looking at the internet directly, and directly connects to the Fortigate via windows native client, on the other side. So, basically I have only one half of the setup described. But, it's worth giving a try. Maybe I will work something out with tambourines and ping summoning dances :D

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded