Bridging multiple devices on two different LANs across a WAN
A customer of ours has several offices in New York and an office in India, and they use software at one of their Manhattan offices that only works when connected to the local network at that Manhattan office. The customer wanted his staff in India to be able to operate the software in Manhattan. We were able to achieve this goal by setting up a private network with routing between offices, and then making use of NAT to hide the IP address of the client device and make it seem like it was on the same network as the server in Manhattan.
The tools we used:
- OpenVPN for the point to point encrypted tunnels between offices. WireGuard would have worked as well.
- Quagga for its OSPF daemon. Once the point to point tunnels were in place, we set up OSPF to calculate and distribute routes amongst the different nodes. That permitted us to reach the server from the client PC, but it only solved part of the problem because we still needed a way to present the client device as a local device on the same network as the server.
- iptables (built in to Linux) to perform network address translation (NAT) so that the client device connects to the server with an IP address on the LAN of the server.
Astute readers may note that the configuration we deployed was not true bridging. True bridging is also possible with OpenVPN, but that is a post for a different day.