Page 1 of 1

L3 switch between two virtual hubs

Posted: Sun Aug 16, 2020 3:08 pm
by xiaowei.zhang
We are trying to set up a two-level vpn network, and hope to split vpn data in the 1st level. The followings are details
1. the 1st level, one edge node, where we set up one virtual server with two virtual hubs: HUB A is for the clients in L2TP over IPSEC, and its NAT ip range is 172.16.2.0/24; HUB B is to connect to center node via cascade, and its virtual NAT is disabled.
2. the 2nd level, one center node, where we set up another virtual server with one virtual hubs, and the hub NAT ip range is 172.16.1.0/24, and it is connected by HUB B of edge node via cascade.
when client connects to edge node in L2TP over IPSEC, we set vpn interface as default gateway, so all the data goes to edge node. then we want edge node just delivers data packets whose destination are 172.16.1.0/24 to virtual HUB B, then to center node via cascade, and the other data packets go out from edge node to internet directly.

for the aboving data flow, we tried one L3 switch on edge node,
1. set up two virtual interaces, one for HUB A, 172.16.2.254, and the other for HUB B,172.16.1.254.
2. add routes, 172.16.2.0/24 gw 172.16.1.254, and 172.16.1.0/24 gw 172.16.2.254.
my client connecting to HUB A of edge node has 172.16.2.10. but it cannot ping 172.16.1.254, or 172.16.1.1.
by tcpdump on edge node and softEther logging, we found the icmp packet from client has been sent to HUB A of edge node. but the packet didn't go to HUB B, it is send to the Linux defaul gateway of edge node, then had no response at all. so L3 switch doesn't work at all.

is there something wrong during my configuration? any help is appreciated!