Hello,
I am currently trying to set up a VPN service for a small community with SoftEther. For this, I want to offer a multi-hop VPN (at least two hops), but I've not yet succeeded in setting it up. For clarity, what I'm trying to achieve:
User client > VPN Server 1 > VPN Server 2 > Internet
(I also refer to server 1 as the entry, and server 2 as the exit)
The setup is somewhat similar to the TOR project.
I've tried to set this up with cascading connections, but I could not figure out how to make all the traffic flow through server 2. Even if this worked, I think would mean I could not use the clustering option the way I want to (there would be set pairs of entry and exit servers?), so it's not ideal.
I've also tried to set it up with a SoftEther VPN instance on both servers, and a client instance on the entry node, connecting to the exit server. This established a connection, but also resulted in being unable to assign the user a DHCP address upon connecting to the entry server, and the user traffic bypassing the VPN servers entirely. I changed the range of internal IPs on server 1 (10.8.0.10-200 rather than the 192... it was originally), and this also did not remedy this.
Any thoughts are appreciated!
(Debian 7 32 bit)
Multi-hop VPN
-
dajhorn
- Posts: 137
- Joined: Mon Mar 24, 2014 3:59 am
Re: Multi-hop VPN
> I've tried to set this up with cascading connections, but I could not figure out how
> to make all the traffic flow through server 2.
Running SoftEther in server mode on Server 1 and Server 2 with a cascaded connection from Server 1 to Server 2 is indeed the best solution.
The easiest configuration is to run SecureNAT on the Server 2 hub, such that Server 1 carries DHCP traffic between Server 2 and the user clients.
In this topology, neither Server 1 nor Server 2 are bridging a physical interface. This means that any changes to /etc/network/interfaces or use of brctl is likely a misconfiguration.
> Even if this worked, I think would mean I could not use the clustering option the way I want to (there would be set pairs of entry and exit servers?), so it's not ideal.
Get the simple things working first. Do complex things like clustering second.
> to make all the traffic flow through server 2.
Running SoftEther in server mode on Server 1 and Server 2 with a cascaded connection from Server 1 to Server 2 is indeed the best solution.
The easiest configuration is to run SecureNAT on the Server 2 hub, such that Server 1 carries DHCP traffic between Server 2 and the user clients.
In this topology, neither Server 1 nor Server 2 are bridging a physical interface. This means that any changes to /etc/network/interfaces or use of brctl is likely a misconfiguration.
> Even if this worked, I think would mean I could not use the clustering option the way I want to (there would be set pairs of entry and exit servers?), so it's not ideal.
Get the simple things working first. Do complex things like clustering second.
-
redbean
- Posts: 8
- Joined: Tue Sep 30, 2014 12:33 pm
Re: Multi-hop VPN
Dajhorn, thank you for your reply. I set it up like you described and it works a charm. The setup is so simple I am a little embarrassed I could not figure it out through trial and error. Much obliged!
-
sunxpert
- Posts: 4
- Joined: Mon Jan 23, 2017 9:18 am
Re: Multi-hop VPN
Did you do it thru default gateway setting or somehow else?