VPN Site-to-site with raspberry pi (HQ+2 branches)

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
jedimaster365
Posts: 4
Joined: Mon Oct 22, 2018 2:07 pm

VPN Site-to-site with raspberry pi (HQ+2 branches)

Post by jedimaster365 » Mon Oct 22, 2018 2:49 pm

Hello,

I've been looking for quite a while now for a solution to my issues with SoftEther, although I am sure that it is only thanks to my ignorance on the matter that I have yet to get things working properly.

I am trying to set up 3 raspberry pis 3 b+ sitting in 3 different locations and trying to get the LANs in those 3 locations to communicate in between them.

First of all a quick LAN topology across the company:
-- HQ --
LAN: 192.168.1.0/255.255.255.0
Pi IP: 192.168.0.252
Router: 192.168.0.254, public IP:x.x.x.x
-- Branch 1 --
LAN: 192.168.2.0/255.255.255.0
Pi IP: 192.168.0.252
Router: 192.168.0.254, public IP: y.y.y.y
-- Branch 2 --
LAN: 192.168.3.0/255.255.255.0
Pi IP: 192.168.0.252
Router: 192.168.0.254, public IP: z.z.z.z

As you might have noticed, my routers and my LANs are not on the same subnet so I would need the Pis to do some kind of NATing.
I've already tried using SoftEther Server on the HQ and Bridges on the branches but even though they connect with the cascade connections I can't seem to get any of the remote computers from any locations.
I've not done anything on the Pis except installed the SoftEther server/bridges versions as per default.

I can successfully access all Pis through the SoftEther VPN Manager (using Windows 10) but I am stuck onto how to achieve my goals. I've not set up bridges (lack of knowledge) nor taps (beh....) and the tutorials I've found on the net do not go into that much details.

Could any help me out? Though it looks like an enormous task :(

Thanks in advance to the good samaritan(s) :)

cmd wh0ami
Posts: 107
Joined: Sun Jul 16, 2017 6:58 pm

Re: VPN Site-to-site with raspberry pi (HQ+2 branches)

Post by cmd wh0ami » Mon Oct 22, 2018 3:08 pm

This is only a guess, but unless you have default INPUT, FORWARD, & OUTPUT ACCEPT policies in iptables your not going to see anything on the LAN's.

Here is a guide I started to write using CentOS on Raspberry Pi... maybe it will give you an idea of what I'm talking about. I don't have default accept policies in place

Code: Select all

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

but it should give you an idea of what i mean.

https://github.com/cmdwhoami/whoami_vpn ... PN-Server.
VPN Discord invite: https://discord.gg/QByKXA9

jedimaster365
Posts: 4
Joined: Mon Oct 22, 2018 2:07 pm

Re: VPN Site-to-site with raspberry pi (HQ+2 branches)

Post by jedimaster365 » Mon Oct 22, 2018 3:27 pm

Ok I've been through your blog and find it of interest. However I think I still have to work my way around of configuring the Pis to have access to both the router subnet and the local LAN subnet. So I'm thinking a tap will be needed there with the 1 physical ethernet on the pi. One with the LAN ip 192.168.0.252 and the virtual adapter gets a LAN IP of 192.168.1.254, 192.168.2.254, 192.168.3.254 and all the virtual LANs pointing to the same router IP in there own branches 192.168.0.254

cmd wh0ami
Posts: 107
Joined: Sun Jul 16, 2017 6:58 pm

Re: VPN Site-to-site with raspberry pi (HQ+2 branches)

Post by cmd wh0ami » Mon Oct 22, 2018 3:51 pm

The documentation (link below) on LAN to LAN Bridge doesn't look that complicated. I get the concept your talking about, although I've never made a LAN to LAN bridge. I do use local bridge to tap_interface on OpenVZ containers and SNAT to source IP with iptables so I understand your concept.

I'm thinking its not necessary to do all that work.

https://www.softether.org/4-docs/2-howt ... Bridge_VPN

edit: I think that might be for Layer-3 (altho it doesnt look like it bridging virtual hub to network adapter)

This link states it is for Layer-2
https://www.softether.org/4-docs/1-manu ... L2_Bridge)
VPN Discord invite: https://discord.gg/QByKXA9

jedimaster365
Posts: 4
Joined: Mon Oct 22, 2018 2:07 pm

Re: VPN Site-to-site with raspberry pi (HQ+2 branches)

Post by jedimaster365 » Mon Oct 22, 2018 5:16 pm

Ok here's what I've done so far. I've modified the 3 pis by adding the following to /etc/network/interfaces using the same structure as follows:
auto eth0
iface eth0 inet static
address 192.168.0.252
netmask 255.255.255.0
gateway 192.168.0.254

auto eth0:0
iface eth0:0 inet static

HQ uses this
address 192.168.1.254
netmask 255.255.255.0

Branch 1 uses this
address 192.168.2.254
netmask 255.255.255.0

Branch 2 uses this
address 192.168.3.254
netmask 255.255.255.0

Now I have my Pis set up so that they can ping both the router and the LAN (respectively)
My next step is to setup the SoftEther VPN Server on my HQ. Will keep you posted!

sky59
Posts: 63
Joined: Tue Sep 11, 2018 5:58 pm

Re: VPN Site-to-site with raspberry pi (HQ+2 branches)

Post by sky59 » Tue Oct 23, 2018 11:36 am

can you please tell us what sort of internet are u using?

do you have public static addresses everywhere?

can you try then where there are clients temporarily test if it works over standard SIM mobile internet?

jedimaster365
Posts: 4
Joined: Mon Oct 22, 2018 2:07 pm

Re: VPN Site-to-site with raspberry pi (HQ+2 branches)

Post by jedimaster365 » Tue Oct 23, 2018 5:33 pm

Hi sky59. All 3 sites are using public dynamic addresses but all of them have been configured to use dyndns.org and the setup is working flawlessly.
As mentioned above I can ssh in all three locations remotely.

thisjun
Posts: 2200
Joined: Mon Feb 24, 2014 11:03 am

Re: VPN Site-to-site with raspberry pi (HQ+2 branches)

Post by thisjun » Thu Nov 01, 2018 8:30 am

This tutorial is suite for you.
https://www.softether.org/4-docs/1-manu ... P_Routing)

The tutorial page that cmd wh0ami proposed is not suitable for your environment.
Because its configuration is used when the network addresses of all sites are the same.

Post Reply