Softether LAN to LAN Setup Troubles

djreisch · Mar 7, 2016

So I have a functioning Linux server with Softether on it hosting a VPN server. My friend and I thought it would be cool to bridge our networks since we do a lot of networking stuff with each other. I wanted to set up a LAN to LAN so all devices on my network could connect to all of his.

So I followed this link (http://www.softether.org/4-docs/2-howto/1.VPN_for_On-premise/3.LAN_to_LAN_Bridge_VPN) guide on their website, and sadly could not get it working.

To give you the layout, my friend's network has gateway address of 10.0.2.1 with a subnet mask of 255.255.255.0. My networks gateway address is 10.0.0.1 with a subnet of 255.255.255.0.

I'd prefer to keep my gateway addresses the same and keep the subnets the same. What I have tried to far with Softether is...

I tried making both networks with a subnet of 255.255.0.0, and setup a cascade on his network to mine. I tried setting up a layer 3 bridge on my server, and then set up a static route to the VPN servers leading to the gateways of the opposing network. I've tried a few other attempts but can't get anything to work.

So I guess what I'm asking is... Can someone give me a step by step guide on how to set this up? Including any port forwards, or static routes, network settings that need to be changed, etc.

Ralston18 · Mar 7, 2016

When it does not work what error messages and warnings do you receive. Those should provide you with some insight....

Look at this link in this forum:

http://www.tomshardware.com/answers/id-1647778/connect-lan.html

Then draw out your network and look at the physical and virtual configurations that you have.

Compare to the link above and to the Softether link. Get a sense of the bigger picture and things should fall into place.

djreisch · Mar 7, 2016

Ralston18 :

So I checked that forum page, and rechecked the diagram. Unfortunately the forum posted you linked me to isn't quite a solution for me. Here's what's going down...

I've got my Softether VPN server stationed on my main network at my house. Gateway 10.0.0.1, subnet 255.255.255.0, server address is 10.0.0.206.

Then I have a bridge server installed at my friends network. Gateway 10.0.2.1, subnet 255.255.255.0, bridge address is 10.0.2.200.

On my VPN server, I have a user setup for the bridge to connect to, and ports are properly configured (the vpn portion for computers functions perfectly)

So I setup a cascade connections on the bridge server at my friends house, to connect to my VPN server. It connects fine, no errors, and I can see in it's IP tables it's gathering some of the IPs on my network, and my network is registering the IPs of some of his devises.

So then on both routers on either network, I set up a static route. On my network, any data attempting to traverse to 10.0.2.x should take gateway 10.0.0.206 (the VPN server which has the cascade connection) and on his network it's set up any data going to 10.0.0.x should use gateway 10.0.2.200 (his VPN bridge sever connected via cascade to mine.

The server say they are connected fine, no errors. The problem is I can't ping any device on either network.

I guess I am asking for in-depth knowledge of the software itself to help me troubleshoot, or someone to point me to other software.

EDIT: I have got a working layer 3 switch on the main network, a virtual hub for the remote LAN, his bridge is connected and working. The layer 3 switch seems to be functioning partly. If I attempt to ping from a computer at his house (10.0.2.15) and send the pings to a computer at my house (10.0.0.21) I can see the traceroute going to his router, the router sees I've put in a static route and sends the ping to the layer 3 switch located on the VPN server at my house, and I can pass about two packets through before the connections drops off. Why is this?

Ralston18 · Mar 8, 2016

Nice description.

Not noting anything immediately apparent.

Do you see any pattern in the IP's being gathered/registered in the tables? Could be a clue in the devices and their corresponding IPs that are not being gathered/registered. Or vice versa.

Did find this link while looking into Softether:

http://www.vpnusers.com/viewtopic.php?p=12281&sid=935ee954389ee6130965a2fc9c4af079

Please note the yellow highlighted area. No intention to insult your intelligence if you have already worked through that - just cannot tell from this end. The important part is are you seeing any Cause:Failure codes?

Also, are you familar with the pathping command? Pathping combines ping and traceroute with some additional output results.

That may find another clue or two.

djreisch · Mar 8, 2016

Ralston18 :

No insult taken! I didn't fully describe everything in great detail so I understand any need for clarification

I have setup the cascade like that, and it "should" be fully functional (no errors are given, I can see the IP tables generating, everything seems good).

I totally forgot about the pathping command! Upon running it I found out something.

So one more clarification which I didn't make before. Since the remote LAN is on 10.0.2.1 and my LAN is 10.0.0.1 and the subnets on both are 255.255.255.0 there needs to be something to translate between the different IP ranges. The Layer 3 switch function of Softether is supposed to do this. I have my router send 10.0.2.x bound packets to 10.0.0.254 (this is the address of the layer 3 switch). According to pathping this is where the packets drop. They can't get past the layer 3 switch...

Ralston18 · Mar 8, 2016

The 10.0.0.1 (your LAN) and 10.0.2.1 (Remote LAN) assignments are gnawing at something in my mind but I have not been able to put a finger on it.

My sense (for some reason) is to expect to see 10.0.1.1 and 10.0.2.1 - should not have to be that way but sort of wondering....

As to the matter at hand (and to see if I could work out the above) I looked at the Softether documentation via the following link:

https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.8_Virtual_Layer_3_Switches

Please see 3.8.4. Maybe there is still another setting required or to be reconfigured based on other changes that have been made.

gbb0330 · Mar 8, 2016

site to site VPN is super easy to setup between 2 IPCop firewalls (free linux firewall), and its rock solid. may be something you want to look into.

djreisch · Mar 8, 2016

Ralston18 :

I followed that portion to the point. I created a layer 3 Switch called VPNLANS. That layer 3 switch has two virtual interfaces. One interface is attached to virtual hub 2 (This virtual hub resides on my network and is responsible for accepting the cascade connection from the remote LAN bridge) and I have assigned the IP 10.0.2.254 with a subnet of 255.255.255.0 to that. The second virtual interface resides on the virtual hub 1 (the virtual hub on my network bridged to eth0) I gave this virtual interface the IP of 10.0.0.254 and a subnet of 255.255.255.0

Do you think it could for some reason be that my networks IP range is 10.0.0.x?

Ralston18 · Mar 8, 2016

That is what is nagging at me and I sure wish I could say yes. But I cannot justify that range (10.0.0.x) as a reason/cause right now.

My sense is that you pretty much know what you are doing so the problem is just some oversight or error I would hope. Versus a fundamental error in the entire scheme of things.

If it is viable to change the range in some manner and test accordingly I would do that. Just as a matter of elimination and learning.

Search

Softether LAN to LAN Setup Troubles

djreisch

Reputable

Ralston18

Ralston18

Titan

djreisch

Reputable

Ralston18

Titan

djreisch

Reputable

Ralston18

Titan

gbb0330

Reputable

djreisch

Reputable

Ralston18

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page