Dynamic IP Address in VPN Setup

atp03

6/11/23, 1:53 AM

I have an infrastructure with two physical locations which we are connecting via a Site-to-Site VPN. Only one side has a static IP from the ISP whilst the other site does not as the ISP there does not offer static IP services. Long story short, we do not own the line at SiteB so cannot switch providers etc.

SiteA (Static IP) and SiteB (Dynamic IP).

Our issue is not so much about the VPN setup but we have services running at SiteB which requires the IP address to be Whitelisted for security reasons. This is a long shot but are there any methods to setup SiteB's network so that any outbound connection will report SiteA's IP address?

I've seen some home Client-Server VPN solutions where client IP can report the server's IP address. Not sure how we can approach this at the "Business/Enterprise" level and if Client-Server VPN setup would solve our problem or any Site-to-Site VPN solution to achieve the same?

TIA

0 + 0

networking

vpn

Score:1

Server

Appleoddity

6/11/23, 2:35 AM

It sounds like what you are looking for is to turn off “split-tunneling.”

Generally speaking, when a VPN connection is established ALL traffic flows through the VPN. This means that internet bound traffic from Site B will flow through the VPN to Site A and egress out Site A’s internet connection. To the outside world it looks like the traffic is coming from Site A.

With Split-Tunneling turned on, only traffic of interest (i.e. private subnets between Site A and B) is sent through the VPN, while all other general internet traffic egresses Site B’s internet connection.

You can either tunnel all traffic through the VPN, or if the destinations that need a whitelist have static IP addresses, you can tunnel just those IP addresses through the VPN.

Depending on your VPN bandwidth, tunneling all traffic through the VPN may be quite a drag on your internet performance at Site B and cause a significant problem for your end users. In any case, VPN adds some overhead so it will always slow your network traffic a little.

There is no way for Site B to “assume” Site A’s IP address. That is not technically possible unless you are a large company capable of obtaining your own ASN address and controlling your own routing on the internet backbone, and even if you are, you cant have traffic destined to the same IP address reliably delivered to two different physical locations at the same time.

0 + 0

atp03

6/11/23, 4:07 AM

Thanks for the tips. To be specific we may have 1 VM in SiteB’s network that required to be Whitelisted so does that make turning off the split tunnelling any easier/harder? Will give this a shot.

Appleoddity

6/11/23, 4:28 AM

@atp03 If I'm understanding correctly, it doesn't make any difference. All systems at Site B probably use/share a common internet connection. That is the only thing that matters, although you could choose to tunnel only the traffic for the one VM rather than the whole network.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Dynamic IP Address in VPN Setup

TH: ที่อยู่ IP แบบไดนามิกในการตั้งค่า VPN

RO: Adresă IP dinamică în configurarea VPN

RU: Динамический IP-адрес в настройках VPN

VI: Địa chỉ IP động trong Thiết lập VPN

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.