SITE TO SITE VPN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
simosan
Posts: 2
Joined: Tue May 16, 2017 1:19 pm

SITE TO SITE VPN

Post by simosan » Tue May 16, 2017 2:10 pm

Hello everybody,

I would like to configure a Site-to-Site VPN between two server located in different places, but i don't understand how to do that with softEther software.

The manual on the homepage of the software is not so clear, at least for me.

I still searching for a step-by-step guide but I don't find it.

I have site A on a win10 server with 10.10.10.2 ip address and site B with winXP with 172.16.7.59.

Someone can help me?

LankyMax
Posts: 2
Joined: Wed May 17, 2017 1:18 pm

Re: SITE TO SITE VPN

Post by LankyMax » Wed May 17, 2017 2:09 pm

On site A or on site B you need admin access to FireWall to transfer ex. tcp port 5555 on server site A or B.

Ex. Site A is master, IP area 10.10.10.0/24 Then on server you create two Hub, first for Site A (ex. "HubA") and second for Site B (ex. "HubB"). Now on Site A in SEManager you create "Local bridge" for "HubA" and physical interface (ip 10.10.10.2) and set Virtual Hub Extended option "NoDhcpPacketLogOutsideHub" in 1.
Site B is slave. IP area 172.16.7.0/24. On Server you create one Hub (ex. "HubB") and create "Local Bridge" for "HubB" and physical interface (ip 172.16.7.59)) and set Virtual Hub Extended option "NoDhcpPacketLogOutsideHub" in 1. Then in Management screen HubB Site B you create cascade connection to HubB Site A. (Advanced Settings: Number of TCP Connections - 32 and check two options "Use Half-Duplex Mode" and "Use Data Compression")
Ex. ip Gateway for Site B in Site A is 10.10.10.254/24 and ip gateway for Site A in Site B is 172.16.7.254/24? then in SE Manager of Site A you create new layer 3 Switch Settings (ex "A-B"), where for hub "HubA" you enter ip 10.10.10.254 mask 255.255.255.0 and for hub "HubB" ypu enter ip 172.16.7.254 mask 255.255.255.0. Start switch.

Now you need on Site A create persistent routing to Site B through gw 10.10.10.254, and on Site B create persistent routing to Site A through gw 172.16.7.254.

If you have not real ip address for each inet interface of each Sites, you can use ddns SE. Current DDNS hostname for each SE server signed in left down corner of screen "Manage VPN Server".

That is all what you need.

starkruzr
Posts: 2
Joined: Fri May 19, 2017 8:11 pm

Re: SITE TO SITE VPN

Post by starkruzr » Fri May 19, 2017 8:59 pm

I'm trying to do this too, and I'm stumped. I was just going to do it over Layer 3, because I need to connect two totally different subnets -- our local datacenter and AWS. It doesn't seem to be creating a new interface that I can assign an IP address to when I set up the bridge.

triwaves
Posts: 27
Joined: Mon May 16, 2016 3:11 pm

Re: SITE TO SITE VPN

Post by triwaves » Mon May 22, 2017 2:53 pm

LankyMax - thanks for this explanation - I am also trying to connect to different locations with a L3 switch for the main reason that I can leave the IP assignment scheme of each location intact. In my case Location Servers is on AWS and have an A site and a B site both cascade connected to AWS.

I follow your whole explanation until the statement:

LankyMax wrote:
>
>
> Now you need on Site A create persistent routing to Site B through gw
> 10.10.10.254, and on Site B create persistent routing to Site A through gw
> 172.16.7.254.
>
How does one actually implement that? Right now each PC in each network has a GW pointing to the router that runs the network (it is a Cisco router connected to internet that provides Internet and DHCP / static IP addresses to each client on network).

In this example you don't install any "client" on any PC right? I was hoping it's all at the network level where each PC works just as it did before the VPN is connected (and in that way for my case, if the VPN site is disconnected each PC works like it did before, just w/o access to the disconnected remote site).

So to get traffic to the internet or a local machine on same subnet, the original gateway on the Cisco router is still needed, but to get to site A (or site B) I need traffic to get to the L3 switch (ex. 192.168.1.254/24) which will route it to the other site correct? How do I do this w/o modifying each and PC client on each network?

Thanks!

simosan
Posts: 2
Joined: Tue May 16, 2017 1:19 pm

Re: SITE TO SITE VPN

Post by simosan » Wed May 24, 2017 8:09 am

Thank you LankyMax,
now i'm very busy with other project but, when i will have a bit of time, i will try to do that instructions.
Many many thanks

LankyMax wrote:
> On site A or on site B you need admin access to FireWall to transfer ex.
> tcp port 5555 on server site A or B.
>
> Ex. Site A is master, IP area 10.10.10.0/24 Then on server you create two
> Hub, first for Site A (ex. "HubA") and second for Site B (ex.
> "HubB"). Now on Site A in SEManager you create "Local
> bridge" for "HubA" and physical interface (ip 10.10.10.2)
> and set Virtual Hub Extended option "NoDhcpPacketLogOutsideHub"
> in 1.
> Site B is slave. IP area 172.16.7.0/24. On Server you create one Hub (ex.
> "HubB") and create "Local Bridge" for "HubB"
> and physical interface (ip 172.16.7.59)) and set Virtual Hub Extended
> option "NoDhcpPacketLogOutsideHub" in 1. Then in Management
> screen HubB Site B you create cascade connection to HubB Site A. (Advanced
> Settings: Number of TCP Connections - 32 and check two options "Use
> Half-Duplex Mode" and "Use Data Compression")
> Ex. ip Gateway for Site B in Site A is 10.10.10.254/24 and ip gateway for
> Site A in Site B is 172.16.7.254/24? then in SE Manager of Site A you
> create new layer 3 Switch Settings (ex "A-B"), where for hub
> "HubA" you enter ip 10.10.10.254 mask 255.255.255.0 and for hub
> "HubB" ypu enter ip 172.16.7.254 mask 255.255.255.0. Start
> switch.
>
> Now you need on Site A create persistent routing to Site B through gw
> 10.10.10.254, and on Site B create persistent routing to Site A through gw
> 172.16.7.254.
>
> If you have not real ip address for each inet interface of each Sites, you
> can use ddns SE. Current DDNS hostname for each SE server signed in left
> down corner of screen "Manage VPN Server".
>
> That is all what you need.

jacqljh
Posts: 2
Joined: Sat Mar 14, 2020 7:58 am

Re: SITE TO SITE VPN

Post by jacqljh » Mon Mar 16, 2020 11:16 pm

I succeeded Site to Site vpn in a different way.

The configuration method and manual are left as the link below.


HQ
Router
- network 172.16.0.0/22
- IP : 172.16.0.1
- static ip routing 192.168.219.0/24 172.16.0.15
- Local network dhcp server

Platform : vmware exsi 6.7
ubuntu Server 18.04
- 172.16.0.10
- gw : 172.16.0.1
- softehter vpn server install

BR
Router
- network 192.168.219.0/24
- IP : 192.168.219.1
- static ip routing 172.16.0.0/22 192.168.219.15
- Local network dhcp server

Platform : raspberry Pi
ubuntu server 19.10
- 192.168.219.10
- gw : 192.168.219.1
- softehter vpn server install

softehter virtual L3 Switch interface
172.16.0.15 255.255.252.0 HQ-HUB
192.168.219.15 255.255.255.0 BR-HUB

softehter Routing Table
no configuration



http://gofile.me/518fc/72T7CmlyP

destinia
Posts: 1
Joined: Fri Mar 27, 2020 12:29 pm

Re: SITE TO SITE VPN

Post by destinia » Fri Mar 27, 2020 12:48 pm

Hi All:
I also have some problems regarding the 'site 2 site vpn' setup and really appreciate if you can help.
I have a Center VPN server(Running on OpenWRT) for our HQ and a bridge server(running windows 10) for branch
the IP/subnet of the Center is 10.86.32.0 255.255.254.0
the IP/subnet of the Branch is 192.168.199.0 255.255.0
The cascade connection is succesfully connected
I also setup a L3 Switch on the center server and assign IP:10.86.32.254 for the virtual interface of HQ hub and IP:192.168.199.254 for the virtual interface of Branch hub.
My question is all clients in the same subnet cannot reach remote clients except the remote virtual interface.
for instance a client in branch which IP is 192.168.199.100 can reach remote '10.86.32.254', but cannot reach other clients in HQ's subnet
Figure:
Work:
192.168.199.100->10.86.33.254(HQ SoftEther L3 Switch Virtual Interface)
Doesnt work:
192.168.199.100->10.86.33.200(HQ File Server)

*************************************************************
Some updates:
I tried to use L2 switch over the softether vpn tunnel and all branch clients can obtain an IP address from HQ DHCP server wand ithout problem accessing HQ servers/clients at all.
It looks like there are something wrong with L3 routing.

Could you please advise?

jacqljh
Posts: 2
Joined: Sat Mar 14, 2020 7:58 am

Re: SITE TO SITE VPN

Post by jacqljh » Thu Apr 02, 2020 1:54 am

Hi destinia:

What is the gateway IP address of your file server and PC?

PC (IP:192.168.199.100, Subnet : 255.255.255.0 : Gateway : ??)
File Server (IP:10.86.33.200, Subnet : 255.255.254.0 : Gateway : ??)

If it is a gateway address as below, it should communicate with each other. But the internet won't work.
PC (IP:192.168.199.100, Subnet : 255.255.255.0 : Gateway : 192.168.199.254)
File Server (IP:10.86.33.200, Subnet : 255.255.254.0 : Gateway : 10.86.32.254)

Post Reply