Hello. So, we have a server. It has one network card, through which it is connected by VPN to the remote office and proxy to the local network. I need to access the remote server (VPN) from the local network machines. In the case of two network cards, it’s clear that you need to create a bridge. But how to do with a single network card?

So, the task has changed. We put a separate computer with two grids. On one grid is connected to VPN, on the other to the local network. IP VPN is assigned manually (172.16.27.252), and another grid is assigned automatically (192.168.1.47). Created a bridge. On another machine I registered the route route add -p 172.16.0.0 mask 255.255.0.0 192.168.0.0. But this machine still does not see the network 172.16 ... Maybe not configured this way?

  • See and will not, because different subnets (from one subnet to another can only be through a VPN). Also light the task completely. If VPN 172.16.27.252 is the Internet and you need to send it to the subnet 192.168.1.47, this is one solution, and if you just need access to certain services, then this is another solution. Just in what you ask, it turns out "How to get from Moscow to St. Petersburg, and at once (without getting on the train / plane / route 11, etc.)" - avparfiriev
  • I needed access to a specific service through 172.16.27.252. We have a web server in another office and I had to get there. I have already solved the problem. Just in the settings of the network adapter with IP 172.16.27.252 I shared the Internet and that's it. And in the register I registered the key IPEnableRouter. But now another problem. To get to that web server we drive in IP. This is usually uncomfortable. We have a server and there ISA Server. The network is NOT domain. Created on a working group. I need to match the IP with the domain name. It is possible and through the hosts on each computer, but it is long. I would like to somehow solve this on the server. - Genghis
  • Well, here you can only register the reverse domain zone, but there is no domain controller, there is no way to do it. Is there a DNS server? If yes, then you can register a reverse zone in it. Or, in extreme cases, write a bat file that will add the site to the Host file (to automate the adding process) - avparfiriev

3 answers 3

It is possible to create vpn and send traffic on one interface

    In the bridge, you can combine a physical interface with a VPN interface. Implementation details depend on the operating system.

      If you use Mikrotik as your router, then on PPP-Profiles you should have a profile set up, like this, where LA is the virtual network for the tunnel. RA: this is a pool of virtual network addresses 10.100.11.0/28

      enter image description here

      Accordingly, Secret should be created with the indication of this profile. In the settings of IP-Firewall-NAT you need to create masquerading. enter image description here

      I have created this way, with the only difference being that L2TP / IPSec is used as a VPN. When a client connects via L2TP, it gets an address from the range of the virtual network 10.100.11.0/28 And thanks to the masquerading, I have the opportunity to access between the subnets 192.168.1.0/24 and 10.100.11.0/28 in both directions. I will only add that in the masquerading rules I have Out.Interface: pppoe, in order to be able to connect networks via the Internet.

      enter image description here

      In your case, this will most likely be eth1 (LAN)