LAN-to-LAN again // L3 SWITCH PROBLEM SOLVED FOREVER !
Posted: Sat Feb 13, 2021 2:39 pm
recently a lot question were raised about LAN-2-LAN connection L3 layer
I tested it and found there seems to be some problem?
I have running server sitting on public IP with two hubs: VPN and VPC
Everything is working excellent when I and many other people in company
use both hubs for L2 layer connections, always within the same subnet
never mixing two separate subnets together
VPN has got cascade connection to Ubuntu PC that provides BRIDGE to
company local net 10.52.254.0/24 with many devices on it
so, Ubuntu has got 2 NICs: one for internet connection to connect to VPN hub
on server, the second is local bridge to 10.52.254.0
When I need to connect to work from home I use SoftEther Windows Client, so I connect
to the VPN hub on server and everything works excellent! I even get IP from DHCP from
10.52.254.0 subnet at work, client uses virtual NIC inside PC for this connection
For next test steps I do not connect to VPN any more.
So far VPC hub is not used it is only for special circumstancies, so I did following:
As there is no DHCP at work on VPC hub subnet and no devices at all I made
IP address for my SoftEther Windows Client and its virtual NIC as follows:
IP: 10.100.100.5
mask: 255.255.255.0
gw: 10.100.100.102 - this will be address for Virtual L3 switch at server
Now I enable Virtual L3 switch on server:
Let us call it SW. It has got two Virtual Interfaces:
10.100.100.102 255.255.255.0 VPC
10. 52.254.102 255.255.255.0 VPN
The adresses 102 are not used in any way in both subnets. They serve now for SW.
Virtual L3 Switch started, no errors reported.
Documentation reads: "When multiple virtual interfaces that respectively belong to
a different IP network of a different Virtual Hub are defined,IP routing will be
automatically performed between these interfaces."
(so I did not write any Routing Table lines, though, I also played with all possible
and impossible lines..... no change)
Now I connected from my PC using aboveconfigured Windows Client to the VPC hub.
So after connection I could ping my own virtual interface: 10.100.100.5 in less than 1ms
I could also ping Virtual Interface 10.100.100.102 in tens of ms as it is on remote server.
What is good and I also expected it I could also ping another Virtual Interface belonging to VPN:
to be 100% sure I used this command (as still another NIC on PC is running for internet connection):
ping 10.52.254.102 -S 10.100.100.5 response also in a few of tens of ms
BUT BUT BUT:
I can not ping any other device in network 10.52.254.0 !?
Just for case ping is not supported I also tried to connect SSH to some devices - no success.
Is there something special that all people including me overlooked? Or is there really a problem
with this L3 switch?
Why packages for VPN network do not leave SW but only go maximal to its interface 10.52.254.102?
EDIT: I spent another hours fighting with L3 switch and it seems there is a real problem, or documentation
is not sufficient.
I have found many many questions about this since 2015 - so I am not the only one with problem.
Though I found also one solution: one guy claimed that after rebooting server it started suddenly to work
but did not helped me.
I think I described very well my configuration that is also simplest possible. Would be nice if someone
from Softhether team explained where is the problem.
Thank you in advance
I tested it and found there seems to be some problem?
I have running server sitting on public IP with two hubs: VPN and VPC
Everything is working excellent when I and many other people in company
use both hubs for L2 layer connections, always within the same subnet
never mixing two separate subnets together
VPN has got cascade connection to Ubuntu PC that provides BRIDGE to
company local net 10.52.254.0/24 with many devices on it
so, Ubuntu has got 2 NICs: one for internet connection to connect to VPN hub
on server, the second is local bridge to 10.52.254.0
When I need to connect to work from home I use SoftEther Windows Client, so I connect
to the VPN hub on server and everything works excellent! I even get IP from DHCP from
10.52.254.0 subnet at work, client uses virtual NIC inside PC for this connection
For next test steps I do not connect to VPN any more.
So far VPC hub is not used it is only for special circumstancies, so I did following:
As there is no DHCP at work on VPC hub subnet and no devices at all I made
IP address for my SoftEther Windows Client and its virtual NIC as follows:
IP: 10.100.100.5
mask: 255.255.255.0
gw: 10.100.100.102 - this will be address for Virtual L3 switch at server
Now I enable Virtual L3 switch on server:
Let us call it SW. It has got two Virtual Interfaces:
10.100.100.102 255.255.255.0 VPC
10. 52.254.102 255.255.255.0 VPN
The adresses 102 are not used in any way in both subnets. They serve now for SW.
Virtual L3 Switch started, no errors reported.
Documentation reads: "When multiple virtual interfaces that respectively belong to
a different IP network of a different Virtual Hub are defined,IP routing will be
automatically performed between these interfaces."
(so I did not write any Routing Table lines, though, I also played with all possible
and impossible lines..... no change)
Now I connected from my PC using aboveconfigured Windows Client to the VPC hub.
So after connection I could ping my own virtual interface: 10.100.100.5 in less than 1ms
I could also ping Virtual Interface 10.100.100.102 in tens of ms as it is on remote server.
What is good and I also expected it I could also ping another Virtual Interface belonging to VPN:
to be 100% sure I used this command (as still another NIC on PC is running for internet connection):
ping 10.52.254.102 -S 10.100.100.5 response also in a few of tens of ms
BUT BUT BUT:
I can not ping any other device in network 10.52.254.0 !?
Just for case ping is not supported I also tried to connect SSH to some devices - no success.
Is there something special that all people including me overlooked? Or is there really a problem
with this L3 switch?
Why packages for VPN network do not leave SW but only go maximal to its interface 10.52.254.102?
EDIT: I spent another hours fighting with L3 switch and it seems there is a real problem, or documentation
is not sufficient.
I have found many many questions about this since 2015 - so I am not the only one with problem.
Though I found also one solution: one guy claimed that after rebooting server it started suddenly to work
but did not helped me.
I think I described very well my configuration that is also simplest possible. Would be nice if someone
from Softhether team explained where is the problem.
Thank you in advance