Site-To-Site Clarification

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Posts: 2
Joined: Thu Jan 30, 2020 4:31 pm

Site-To-Site Clarification

Post by SterhTG » Thu Jan 30, 2020 5:50 pm

Hello everyone!
I need help and clarification on site-to-site vpn.
I have 3 sites. 2 sites has Mikrotik routers. HQ site has zyxel router. On HQ site I have "spare" public IP. I want to build IPSec VPN between sites.
How this done on Cisco\Fortigate\HP. You create peers, then define encryption policies, define traffic to encrypt(traffic policy). Usually Cisco\Fortigate are gateways in network. They receive packet to near site packet, check it against our traffic policy, encrypt it and push to IPSec tunnel.
Now I want realize something similar. But suppose it is impossible. Hope someone will clarify and correct me.
In my case I should setup SoftEther as RemoteAccess server. All remote sites, should connect to SoftEther and then they would be able to communicate with HQ and each other.
I attached my diagram.
I have following:
1. 2 Mikrotik Router with Internet connection and static IP. Both devices are NAT and routing devices in LAN.
2. Softether server in VMWare. Promiscuous mode on. This machine has 2 IPs - public and private.

To make my scheme work I should do following:
1. Create on SoftEther server Remote Access VPN.
2. Enable L2TPv3 and add there my remote peers
3. Create users in L2TPv3 and in virtual HUB(username should be the same)
4. Enable secure NAT?
5. If I want create L3 VPN. Should I use IP separate for L3 switch or IP from protected networks?

Please help me with following:
1. Is it correct - that I am unable to deploy scheme as it works on Cisco\Fortigate ?
2. How should I configure Layer 3 switching to make remote branch work with HQ ?
2.1 Should I create virtual interface with additional IP in HQs LAN ?
2.2 Should I create LAN bridge ?
You do not have the required permissions to view the files attached to this post.

Post Reply