Lan to Lan VPN Raspbian - need help

[tekaib@gmail.com]

Hello all,

If anyone could help me with this it would be greatly appreciated. I am trying to build a Lan to Lan bridge using 2 RaspberryPi's. I have installed the server on my home network behind a linksys router. The router port forwarding on the Linksys has been configured and this all appears to be working. I tested it by tethering my phone to my laptop via wifi hotspot, installing the SoftEther client on the laptop, and initiating a successful connection to the home VPN. I can ping across the virtual connection both ways and everything works.

I then configured another Rpi with the SoftEther VPN Bridge software and configured the cascade connection to the home server. I also set up a bridge to eth0 on the Rpi. This bridge setting is also on the server. The Remote Rpi has the wifi configured to connect to the Android phone.

When I boot up the remote Rpi it connects to wifi and establishes its connection to the home server with no problem. Using the Server Manager, connected to the home VPN server, I can see the connection and the status looks good. It also lists that there is a cascade connection. On the laptop, remote end, when I connect the Laptop ethernet port to the Rpi ethernet port it connects and shows me the home network name with a connection established. Problem is it does not get a DHCP address. Tying to renew the DHCP request using ipconfig command results in error message "unable to contact DHCP server". I also tried setting a static IP on the laptop for my home network. I am not able to ping any devices on my home network.

It just seems like the bridge mechanism to eth0 is not working. This may be a basic question but I have been reading and trying for a couple of days to figure this out. Any help or troubleshooting advice would be greatly appreciated.

Thanks
Tom

vpnbridge.png

[tekaib@gmail.com]

I have some additional information on my experiments. I setup a static IP on the laptop on the remote side. On the home VPNSERVER connection status screen under IP Address Tables I see the IP address (192.168.1.191) of the laptop that I setup. Still, no traffic . When I bring up a web page all that I get is "no internet access". Also can't ping either way. I also tried to ping a machine on my home LAN from the RPi itself and no luck there either.

Again, any suggestions would be greatly appreciated.

Thanks
Tom

Capture1.JPG

[drodriguez]

Hi, let's see if I can help.
Please check the ethernet interfaces on each RPI. You can run following command in a console:

Code: Select all

ip addr

The ethernet interface (probably eth0) must not have an IP address assigned. Probably the one in the remote side won't have one since there is no DHCP server, but maby the one in your home LAN does.
Also, who is 192.168.1.148?

David

[tekaib@gmail.com]

David,

Thank you very much for your offer of assistance. I am doing this project for a friend who is in his 80's and in a retirement living home. He is a ham radio operator and I am trying to get his radio to work at a remote location so that he can enjoy his hobby while in lock-down for this virus.

I have attached a significant amount of info. While I was digging I found that the DHCP transactions are occurring. It looks like the RPi eth0 port is receiving 192.168.1.148 and the PC connected to this port is receiving 192.168.1.141. This is confusing to me.

Also, about 30 - 40 seconds after the DHCP transaction the connection fails and is never re-established unless I reboot the remote bridge Rpi. The logs for the server and bridge are at the end of the text file. I can see the bridge trying to reconnect but it is not successful. If I reboot just the bridge it will reconnect. If I leave it to sit there for a while it remains connected. When I plug the laptop ethernet cable into the RPi the DHCP transaction occurs and then shortly thereafter the connection drops.

Thanks again for any help.
Tom

[centeredki69]

@tekaib I just set up my Raspberrypi to duplicate your setup. Although I have mine connecting to a Windows hosted SE- server. Your Pi SE-server is fine as you verified it with the SE-clients. Your remote/SE-Bridge Pi is where the issue lies. Right now the pi establishes the SE-cassade using the wifi (wlan0) but when you plug a device into the NIC (eth0) the Pi tries to re-route its internet traffic through NIC (eth0) by default, but it can't because its just the laptop. And the SE-cascade then drops because the Pi loses internet even though its still connected to the hotspot. On the remote /SE-bridge pi you need to change the network metric on the eht0 & wlan0. The lower the number the higher the priority. Edit the following file /etc/dhcpcd.conf

interface eth0
metric 10

interface wlan0
metric 5

Pi metric.jpg

[centeredki69]

Now the Pi will always try to route its internet traffic via the WiFi ( wlan0) first and the NIC (eth0) 2nd. Of course you can always reconfigure it back the other way if needed just be editing the file and saving it.

[tekaib@gmail.com]

@centeredki69 Thank you very very much! That fixed my issue and I am grateful.

As I mentioned, I am trying to help an older gentleman in a retirement home with his remote radio setup. I have it functioning now but need to work on bandwidth improvements if that is possible. Possibly more horsepower that the Raspberry Pi's may help the situation so I will do more reading. The test I am running is using an older RPi 3 and a 3B+. Maybe Rpi 4's will give better performance.

Again, Thank you. If you can point me to any info on performance boosting a bridge connection it would be appreciated.

Tom

[centeredki69]

Your welcome Tom,
First thing is stick with the "localBridge" option like you are using. There is another option called "SecureNAT" that works a little different then the "localBridge" but it puts more demand on the host device. Ideally two hard wired NIC's are recommended for the "localBridge" setup. One for the Host and one dedicated for the "localBridge". Similar to what you are doing with the (wlan0 & eth0) on the SE-Bridge/Pi. However I have 2 servers that have been running for years using only one NIC, though only a few VPN-Clients connect to them. Under advances settings of the Cassade connection verify it is set to 8 to 10 tcp connections. It still might not connect at the 8 but the option is set if the connection allows for it. This still might not improve the bandwidth.

Most of my experience is running SE on Windows platforms using home and small office hardware, with the exception of a couple SE-Ubuntu cloud hosted servers I have running. Actually my first raspberryPi arrived yesterday and the first thing I did was configure it so I could simulate and troubleshoot your issue. It is a Pi4B 4gig so I can't compare it to a 3 or 3B but I understand it is much improved. I do know others who post in the forum use the Pi's with good success.

Personally I found in general most of my bandwidth issues are due to a particular ISPs "upload" restrictions at a given location. Many people including myself tend to focus on the download speeds and can't understand why SE is not getting the 200-300-500 Mbps. They then realize oh yea my upload is only 10 Mbps max. Your max bandwidth will only be as fast as the slowest/weakest link in the connection, plus a little loss for the encryption. That's not to say that hardware, proper config and tweaking doesn't play a part.

[sky59]

I was thinking why I have never experienced such problems, here is the answer:

In such configuration I always set up eth0 with static address without gateway, so Rpi doesnot use eth0 to access internet

Still curious what was your network interfaces setting and what system you run on pi?

I always use openwrt and there is interface setting very straightforward and the system is very light, no overhead

With orange pi zero as server I reach upload/download 6/6 Mbit easily

[sky59]

Another reason came to my mind why i did not have s problem:

Wifi firewall is set up in wan zone
Eth0 is set up in LAN zone

So now i see how perfect is openwrt!!!