I looked around a bit, but didn’t find an answer in a while (might be a problem, that I didn’t know what to look for exactly).
When I connect my OpenWrt to a VPN-Host and forward the whole network behind OpenWrt (eth0) towards the VPN-Host (vpn), it might happen that two networks with the same range (192.168.0.0/24) meet, which is not nice.
In /etc/config/firewall I can nat an address towards the VPN-Hub:
config redirect option src 'vpn' option target 'DNAT' option dest 'eth0' option src_dip '10.10.10.8' option dest_ip '192.168.0.8' option name 'vpn-eth0-008' list proto 'all'
Does anyone know a possibility to nat a whole network? Like 192.168.0.0/24 to 10.10.10.0/24? That might be a really great help.
Your VPN interface has an address which is dictated by your VPN provider /server all your traffic has to be NATted to this address as that is the only way the traffic can return as the VPN provider does not know your LAN ip address for a return route and it would not be practical as there are many VPN clients with the same or overlapping LAN address.
If you control the VPN server then you can set a return route on the VPN server and you do not need to NAT traffic, but most VPN's (Wireguard, OpenVPN tun) are routed which means all involved subnets need to be different.
The VPN-Server is mine. The OpenWrt is in networks where I cannot change the used IP-addresses. So I need to change the addresses inside OpenWrt.
From VPN-Server I can ping 10.10.10.8 and from 192.168.0.8 I can ping the VPN-Server using the firewall rule in OpenWrt.
So everything works fine this way. Only question is, if I can do that for a whole range or have to use 254 single rules, which might make the OpenWrt pretty slow.
If it works and your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!
