First Step to Debug L3 Switch

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
triwaves
Posts: 27
Joined: Mon May 16, 2016 3:11 pm

First Step to Debug L3 Switch

Post by triwaves » Tue May 23, 2017 2:47 pm

Hello,

I am struggling to get anywhere with a L3 switch implementation

I have read various posts and am starting with what seems to be the first basic connection test.

* I have one server hosted on AWS EC2 instance with public IP that I can connect to
* I defined one hub called home
* I defined one switch called Cloud Switch
* I defined virtual interface on switch connected to hub home with IP 192.168.1.254
* I have a raspberry pi running bridge SW in cascade mode to hub home
* RPi network is behind Linksys router using IP in range of 192.168.1.0/24 and successfully connects to AWS server (see picture)
* I have tried with and without securenat enabled

At this point I should be able to ping 192.168.1.254 but cannot.

Where should i look to figure out why I can't make this basic connection and see the switch virtual interface? Help appreciated as I can't continue learning the rest until I get one connection set up.

My goal is to have 3 sites all connected to the cloud server with a L3 switch creating access for all sites to one another and for a remote user to any site by connection to cloud.

I thought I would just try and get help to get a single branch running to fully understand the basics first.

Thanks in advance.
Attachments
rpi_connection.png

thisjun
Posts: 2425
Joined: Mon Feb 24, 2014 11:03 am

Re: First Step to Debug L3 Switch

Post by thisjun » Wed May 31, 2017 5:37 am

Where did you ping from?

Did you create localbridge?
Is it tap mode?

triwaves
Posts: 27
Joined: Mon May 16, 2016 3:11 pm

Re: First Step to Debug L3 Switch

Post by triwaves » Wed Jun 07, 2017 4:25 pm

thisjun wrote:
> Where did you ping from?
>
> Did you create localbridge?
> Is it tap mode?

Hi thisjun - thanks so much for reading and replying to my message ; I'm sorry for the delayed response, I somehow missed the notification it was responded to :( My bad, I hope to be able to make some progress.

I pinged from the RPi box at home that is cascade connected to the AWS sever hub called home.

The Rpi at home has a local TAP interface running

thisjun
Posts: 2425
Joined: Mon Feb 24, 2014 11:03 am

Re: First Step to Debug L3 Switch

Post by thisjun » Thu Jun 15, 2017 6:16 am

Did you configure bridge between tap and LAN interface?

triwaves
Posts: 27
Joined: Mon May 16, 2016 3:11 pm

Re: First Step to Debug L3 Switch

Post by triwaves » Sat Jun 17, 2017 5:27 pm

I have the tap interface running which was working for remote access to my network , not sure I understand what bridge you mean?

I have bridge SW running and cascade connected to central server.

Do you mean some local bridge in addition to the tap?

thisjun
Posts: 2425
Joined: Mon Feb 24, 2014 11:03 am

Re: First Step to Debug L3 Switch

Post by thisjun » Thu Jun 29, 2017 8:09 am

Please create OS bridge between tap and LAN interface.
http://forum.softether.org/viewtopic.ph ... 044#p22023

triwaves
Posts: 27
Joined: Mon May 16, 2016 3:11 pm

Re: First Step to Debug L3 Switch

Post by triwaves » Fri Sep 08, 2017 4:47 am

Where I got to on this is having a switch with two interfaces defined for two different subnets.

Names have changed ... but I have
* net1: 192.168.30.0 and an interface on the L3 switch of 192.168.30.254
* net2: 10.76.221.0 and an interface on the L3 switch of 10.76.221.254

On a PC in Net1 I tried to ping the L3 interface of 192.168.30.254 -- success
Since I can see the L3 interface I added a route : route ADD 10.76.221.0 MASK 255.255.255.0 192.168.30.254
On L3 switch I add a route: 10.76.221.0 / 255.255.255.0 to 10.76.221.254

On PC in Net1 I tried to ping the interface for Net2 : ping 10.76.221.254 -- success

So I think I get to the L3 switch Ok , but when I ping anything else on the 10.76 net I get no ping response

So I get packets to the L3 switch, and I can see the L3 interface for the other network on the switch, but I don't seem to have my packets forwarded anywhere beyond the interface itself.

Ideas I can try to debug? Thanks in advance

triwaves
Posts: 27
Joined: Mon May 16, 2016 3:11 pm

Re: First Step to Debug L3 Switch

Post by triwaves » Wed Sep 20, 2017 2:33 pm

Above didn't work because there was no valid route from the 10.76 net to the L3 switch. What I did instead was configure 2 fixed locations (hubs) into an AWS hosted server - both Raspberry Pi devices on the local network at the fixed location. Both are running secure NAT to eliminate need for any port configurations. I also added capability for android to VPN into server (as a 3rd hub)

I have successfully configured the L3 switch and can ping, VNC, etc. between the RPIs and the client! Thanks to this forum I was able to learn how to do that and understand it fairly well - appreciate all the people who take time to read and respond.

Now that I have the RPis working and the L3 switch working I'm on to the next phase of learning...

Please see diagram attached (sorry it's just by hand but I hope you get idea)

The RPi devices have manually added routes on them to steer traffic to proper 192.168.x.254 interface on the L3 switch. This works perfect from Rpi to Rpi.

If I connect a VPN client into a HUB directly (called home or cabin on the diagram) I can connect to the Rpi and it's DHCP on that HUB and communicate with all the machines on the same net as the Rpi (example all the 10.76.221.x machines). This gives full VPN access to the network.

With the L3 network however I don't understand how the routing could work to not only steer traffic to the correct port on the L3 switch, but to the machines the RPi is bridged to on that network.

Is there a way to use the L3 switch and bridge mode to keep the two networks permanently connected where every machine can see every machine? The Rpi are different subnets right now because I don't have control of the local DHCP server.
Attachments
AWS_L3_sketch_19sept2017.png

triwaves
Posts: 27
Joined: Mon May 16, 2016 3:11 pm

Re: First Step to Debug L3 Switch

Post by triwaves » Mon Oct 02, 2017 5:50 pm

Bump. Any ideas?

thisjun
Posts: 2425
Joined: Mon Feb 24, 2014 11:03 am

Re: First Step to Debug L3 Switch

Post by thisjun » Thu Oct 26, 2017 5:47 am

If you can configure DHCP server, pushing routes from DHCP is best way.
If you have control of gateway router, add routes to the router.
If you don't have neither, add routes on each hosts.

Post Reply