Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by og1 » Sun Nov 12, 2017 11:29 pm

Hi All:

I'm looking at using either OpenVPN or SoftEther VPN to add a remote cloud (KVM virtualization) Linux VPS (Debian 8) that I have to my local LAN subnet. I need to create a VPN bridge at Layer 2 using either OpenVPN or SoftEther VPN to have my local router/firewall assign an IP address from the local subnet DHCP service to the Linux VPS. Simply I want this remote Linux VPS to appear like any other host on my network. I have an application on the Linux VPS that needs to be on the same subnet as all my other computers and my local Internet Gateway/Firewall.

I never knew it would be so difficult to find specific documentation for this cloud based Linux VPS configuration given so many people use cloud based Linux VPS these days and they need these servers to serve the local business applications.

I see in the tutorials the following LAN-to-LAN set-up for SoftEther VPN, which is similar to what I'm doing, but not exactly the same. I control the remote Linux VPS, but I don't control my cloud service provider's routers/gateways or firewall. Though I have a public static IP address for the Linux VPS.

https://www.softether.org/4-docs/1-manu ... Access_VPN

I have a Mac OS workstation/computer that I'm going to use for the SoftEther VPN server on my LAN. My local LAN router/firewall is Mikrotik where I will configure the DHCP server. (I don't want to run the VPN server on my router/firewall). I have a public static IP address for my Mikrotik router/firewall.

Question. Do I set up the remote Linux VPS as a SoftEther VPN client and then create the bridge linking the SoftEther VPN server on my MAC OS computer? What else to I need to connect to the local SoftEther VPN server?

Thanks for your help and time.

og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

Re: Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by og1 » Mon Nov 13, 2017 1:03 am

Maybe I was not clear enough above.

I want the simplest set up possible. I believe the solution using SoftEther is to have a SoftEther Bridge setup at the remote cloud site either using my Linux VPS or setting up another small Linux VPS solely to serve as a SoftEther Bridge. I would hate to have to have two separate Linux VPS, where one just runs a SoftEther bridge.

Then on my local LAN I set up the SoftEther VPN Server. What I'm not sure about is all my host devices (a mixture of computers of both Windows and Mac OS, my IP phones, and other devices. How do I connect these to the VPN Server? It can't install SoftEther client software on all this devices, so how do they (especially the IP Phones) appear to the SoftEther Server as being on the same L2 LAN segment? It's not clear in the diagrams and text how this is done.

The solution that looks most logical to me is this one which uses the local bridge to connect a virtual hub both the Server config (Mac OS on my LAN) and the (Bridge config at the remote cloud site)

https://www.softether.org/4-docs/1-manu ... al_Bridges

Thanks for your help and time. I just need someone clear set the config and sets that are needed for my objective. My need is not specifically covered in the tutorials.

og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

Re: Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by og1 » Mon Nov 13, 2017 1:25 am

I think this is the configuration I need using the SoftEther VPN server on my local LAN (Mac OS workstation) and then the SoftEther VPN Bridge running on a remote Linux (Debian) VPS from my cloud services provider.

https://www.softether.org/4-docs/1-manu ... L2_Bridge)


Depending on if I set up a dedicated Linux VPS to run the SoftEther VPN Bridge or not, I may not need a local bridge between the two Linux VPSs.

Then the as soon as I connect the "cascade" connection over the Internet, the remote Linux VPS with the SoftEther VPN Bridge is virtually on the same Ethernet segment as my local LAN.

If I set up the DHCP addressing properly then the remove SoftEther VPN Bridge compute will be on the same subnet (192.168.xx.xxx) as my local LAN.

If believe this is the right direction. Am I missing some major components to get that remote Linux cloud VPS to appear on the same subnet as my local LAN?

Thanks for the help and time. Greatly appreciated.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by thisjun » Wed Nov 22, 2017 6:57 am

If you want to connect single VM to VPN, please connect VPN by SoftEther VPN Client instead of VPN bridge.

og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

Re: Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by og1 » Sun Nov 26, 2017 9:17 pm

Thanks for the note, but it's a more complex setup than is being suggested in the previous reply. That's why I gave so much background information.

I'll add some more information based on discussions with some experts for the application I'm running on my Linux VPS at the remote site (that needs to be bridged to my local network, so the remote Linux VPS with my application appears like it's on the same subnet as my main site).

This would all be much more straight forward if I could simply add the SoftEther VPN Bridge to the same VPS that I'm running my application on, but the experts of the application says that will negatively impact the application. I know, it seems strange to me as well, but for some reason they warn not to do it. So, I'll try to set things up to work within their restrictions.

I've decided that I need to add another small Linux VPS just to run the SoftEther VPN Bridge configuration at the remote site and connect it with a cascade (over the Internet) to my MacOS computer running a SoftEther VPN Server configuration at my main site with all my computers and servers.

That's straight forward enough to do with SoftEther. The "local bridge" to my physical Ethernet segment in my main site is also easy enough to set up.

Where I'm struggling is figuring out to how to set up a local bridge in the remote site between my Linux VPS running the application and the other Linux VPS with the VPN Bridge configuration.

Remember, I can't put the SoftEther client software on my Linux VPS with the application running on it (to address the suggestion to just use SoftEther client and connect it to the VPN Server in my site... that can't be done given the restrictions)

Any suggestions on to connect (create the local bridge?) the Linux VPS with with my application (public IP, remember it can't have any VPN software running on it) to my Linux VPS with the SoftEther VPN Bridge at the remote site? Maybe I'm making it more complicated than it is between the two remote Linux VPSs.

It's this configuration shown here again ( https://www.softether.org/4-docs/1-manu ... _Bridge%29) ....but the remote site uses two cloud based Linux VPSs. One cloud VPS to run the SoftEther VPN Bridge and the other VPS is running my application. No SoftEther or other VPN software can run the VPS running my application.

Thanks for your help and time.

og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

Re: Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by og1 » Sun Nov 26, 2017 10:06 pm

The people at SoftEther have obviously spent a lot of time documenting how to using their technology. I found the SoftEther documentation for my site-to-site application.

Thanks SoftEther, it good to see. Too many projects and companies these days no longer do detailed documentation on their products. They rely on their clients to do the documentation for them, which can lead to a lot of misinformation being propagated on their products (via forums, videos, etc.).

The SoftEther configuration documentation for my application is right here: https://www.softether.org/4-docs/2-howt ... Bridge_VPN

Question. Does anyone have experience setting up this site-to-site VPN Server to VPN Bridge configuration (VPN bridge at a cloud site with two Linux VPSs) using promiscuous mode (MAC address spoofing)? It seems SoftEther recommends setting up this site-to-site VPN configuration using the promiscuous mode on the cloud VPS (with the VPN bidge), as the SecureNat Virtual DHCP and Nat Server Function is a more complex, risky setup and also may not have the same level of performance as promiscuous mode.

My concern (as stated in the previous reply) about the local bridge at the cloud site is backed up by the notes at the bottom that the local bridge at the remote site requires the VPS running the SoftEther VPN Bridge (if I'm readying the instructions right) to use promiscuous mode. If promiscuous mode not available on that VPS, then I need to setup (enable) the SecureNat Virtual DHCP and the Nat Server, which I prefer to avoid if possible.

Thanks for your help and time. Appreciated.

og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

Re: Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by og1 » Thu Nov 30, 2017 8:16 am

There's a big assumption in this configuration that https://www.softether.org/4-docs/1-manu ... Access_VPN that the local bridge is on a physical private network. I don't have a physical private network that with my cloud VPSs.

With my VPS (virtual machines) I just have public network interface.

I set up SoftEther with the Bridge setup on a Linux server. My two cloud VPSs are not connecting to my host site over the cascade connection the way I want. It's not assigning my private IP addresses using DHCP to the two VPSs at the remote cloud site.

SoftEther within my main site works great. It's the cloud end that the complication starts as I feared.

I need to create a virtual private network in the cloud site using a tap interface on each Linux VPS, and then link the SoftEther Bridge Server to the tap interface that interfaces with the SoftEther Bridge virtual hub to cascade connection.

I need to create a virtual tap interface on both my Linux VPSs and link them with a "Veth" virtual patch cable.

The best description I've found is on TAP and Veth is here. https://www.fir3net.com/Networking/Term ... ained.html

Has anyone out there successfully gotten multiple Linux VPSs to interface to a TAP local bridge running on SoftEther Bridge Server and assigned private dynamic DHCP (at simply assigned private static IPs) from the main site?

Thanks for your help and time.

og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

Re: Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by og1 » Thu Nov 30, 2017 6:58 pm

Does anyone have experience using TAP on to connect a Linux (CentOS) VPS running a SoftEther Bridge configuration to another Linux VPS (both VPSs are in a remote cloud site, there is no private networking infrastructure that I control at the remote cloud site). I'll then connect the Linux VPS with the SoftEther Bridge to my main site over the cascading connection where my DHCP server resides.

Please, I can't put SoftEther Client on the other Linux VPS (for specific reasons). If it was that simple, I would have done that already and saved myself a lot of research on this technology and configuration and a saved a lot of writing.

It's turned out at the remote site exactly like I thought it would. SoftEther doesn't seem to have been built to address this configuration, though I think it's a very standard configuration. I'm sure it would help a lot of user of SoftEther and help with adoption of the technology.

If anyone has something to help get the remote site configured properly using TAP and Veth to connect the two VPSs to the together and then connect the Virtual Hub running on the one Linux VPS with the Bridge configuration.

Thanks for your help and time.

og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

Re: Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by og1 » Sun Dec 03, 2017 8:36 am

Hi:

If anyone can offer a solution to get the SoftEther Bridge to connect with the second Linux VPS at the cloud site, it would be appreciated. Almost at the point of taking SoftEther off and going with OpenVPN which will probably work for my needed site (VPN server)-to-cloud site(VPN bridge) to cloud Linux VPS on virtual ethernet segment configuration.

Thanks.

og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

Re: Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by og1 » Mon Dec 04, 2017 4:17 am

I think I made some progress on my own by moving away from the official instructions for the SoftEther server site-to-bridge site VPN setup and looking at other peoples posts outside this forum.

I notice many people prefer the local bridge setup at the remote site, but they will use the the DHCP server available under SecureNat to get the bridge (remote) server configuration talking to the main VPN server over the Cascading connection (with the NAT function off). I decided to try to do the similar and for the fist time I think I have Layer 2 connectivity between my local LAN, over the cascading connection, to the network interface on the remote bridge server using SecureNat, but I unchecked the NAT function (just using the DHCP). I gave the network interface card setup under SecureNat a private static IP address 192.168.yy.01 that is on my subnet. I then allowed the DHCP server under SecureNat to allocate a group of private addresses from my subnet with the gateway as the 192.168.yy.01 interface.

I can ping private address 192.168.yy.01 from my subnet and get a reply back right away. First time that's happened.

After that, all the other instructions others have posted are also not much use to me as most often they have a physical private network linked to the bridge site. And even they seem to struggle to get those private LAN devices to connect to the SoftEther remote bridge and have some pretty elaborate configurations using Linux networking features that I'd like to avoid.

I have a second remote Linux VPS with a public IP address that I now want to connect to the bridge, without using any VPN client software on the Linux VPS (there are several reasons why I can't have VPN client software on that second Linux VPS, and if the bridge configuration can be set up properly, I should not need any VPN client software in the remote bridge site. That feature/functionality that was advertised to connect a remote LAN and it's devices to a SoftEther Bridge without the need for client software everywhere on devices to connect back to the main LAN was the entire purpose of trying to go down this road with the SoftEther server site-to-bridge site configuration. That said, I saw the flaw in the assumptions made for the bridge configuration at the cloud VPS remote site right away (as noted in my original posts that I could see it would be an issue).

If anyone has suggestions to get my second remote Linux VPS with the public IP address connected to the SoftEther bridge such that it can appear at Layer 2 like it's on my main local subnet using the SoftEther bridge at the remote site, it would be appreciated.

og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

Re: Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by og1 » Wed Dec 06, 2017 6:00 pm

I'm going to have to pick up the SoftEther Bridge connection to the main site SoftEther VPN Server another time. It's not working for me and I have a pretty good handle on the abilities and limitations of SoftEther now after getting the server at the main site working the way I want it for most part, though the performance is not as strong as I would like.

The Bridge site-to-site setup is not what I was hoping it would be (the far end configurations are not picking up the addressing from my DHCP server). I think SoftEther needs to look at this site-to-site bridge to server configuration some more given the different ways that people use Linux VPSs from their cloud hosting providers.

I'll come back to it later and hopefully there will be someone that has got this working properly to discuss with.

Goovle
Posts: 2
Joined: Wed Dec 06, 2017 9:35 am

Re: Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by Goovle » Thu Dec 07, 2017 3:42 am

Hey, did you resolve your problem? I have similar condition like yours. Do you have tutorial links for unix environment?

Adrianguzman
Posts: 1
Joined: Sun Dec 22, 2019 4:31 pm

Re: Add Remote Linux Cloud VPS to Local LAN (Layer 2 Bridge To Add VPS to Subnet)

Post by Adrianguzman » Sun Dec 22, 2019 4:34 pm

Same problem here do you solve your problem? We need a remote hardware connecting local lan and VPN bridge to cloud and then remote VPN cliente.

Post Reply