Site-Site VPN implementation

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Rolster
Posts: 1
Joined: Wed Jun 16, 2021 9:22 am

Site-Site VPN implementation

Post by Rolster » Sun Jul 24, 2022 6:55 pm

Forgive me if I have put this in the wrong place, wasn't quite sure if it should be: VPN, Routing, Bridging, Cascade etc.
My business model is currently; Business A and Business B.
Business A is an MPLS with no in-house L3 or routing change access
Business B is a hybrid star/spoke, Dynamic Virtual VPN arrangement, with outsourced L3/routing control ( the third party then outsources the control to another company: A recipe for not getting anything done, or anything remotely approaching what was requested).

I have PFSense servers at each HQ with an OVPN successfully running between them and all users at each HQ site can communicate with the HQ at the other end of the link.
This was the model originally proposed and it works great!
"End of story" I hear you say...
Nope: "Project creep" has set in and ALL SITES now need to talk to ALL SITES.

I have implemented SoftEther in "A/HQ" and the first of my "A/nn" sites (A/1)
The tunnel came up straight away, but can't work out how to get traffic across it, to hand off to the PFSense server at HQ.

There is no way to create a second IP range in either Business, so a standard "LAN/WAN" approach can't be adopted.
I have tried using a single NIC (as firewalling isn't really needed).
I have tried using dual NICs, with a split of the 192.168.n.0/23 thus: 192.168.101.249/28 aliased to WAN & the rest aliased to LAN

In my head, both should work, but I suspect I still need a VPN tunnel to route through.
I have created a VPN tunnel between A/1 and A/HQ but, traffic doesn't traverse.

I can easily create the routing condition on each PC (192.168.104.0/23 => IP of SoftEther host) but can't get traffic to enter the tunnel

I like a challenge, but can't find any help with this.
One more thing.....

HELP!
You do not have the required permissions to view the files attached to this post.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Site-Site VPN implementation

Post by solo » Mon Jul 25, 2022 4:57 am

If you can convert everything (A, B, A/x, B/x) to SoftEther VPN then this topology will simplify and resolve all your issues.

If you intend to implement hybrid multi-protocol VPN connections including OpenVPN, it will rather not work.

Wait, since pFsense has built-in WireGuard already, why not convert everything to it? It's proven to work in a similar config.

Post Reply