Site to Site VPN with NAT on UBUNTU, is it possible

[78jm68se]

We have two unrelated sites (A and B) with two different working Softether on UBUNTU installations

We have a situation where we want to connect site to site VPN from SITE A to SITE B, we want a device in SITE A to connect to multiple devices in SITE B using a NAT address from SITE B and we'd like to accomplish this using the existing Softether installations.

The idea is to:
1:) set up HUB A on SITE A Softether Server, bridge HUB A to an unnumbered Ethernet interface connected to SITE A network,
2:) set up HUB B on SITE B Softether Server, bridge HUB B to an unnumbered Ethernet interface connected to SITE B network,
3:) create a cascade connection from HUB A to HUB B
4:) create a single SITE B NAT address for devices from SITE A
5:) route IP traffic from SITE A to SITE B using the NAT address

Example:
SITE A Network (192.168.100.0/24)
SITE A Softether UBUNTU Server IP (192.168.100.2)

SITE B Network (192.168.200.0/24)
SITE B Softether UBUNTU Server IP (192.168.200.2)
SITE B NAT IP Address for device traffic coming from SITE A (192.168.200.3)

During this exercise, we have not figured out if its best to assign HUB A and HUB B IP addresses using Softether SecureNAT or Softether L3 Switch and which would be best for this use case.

We currently have this working with a hardware router and VPN solution and would like to replicate with Softether for cloud solutions.

Our ask, is this use case possible using:

1:) only the Softether application or;
2:) a combination of Softether application and Linux Networking in UBUNTU.

If yes, how would we accomplish this as the online manuals do not show this particular use case in any of the site to site L2 or L3 documentation. Any examples and configurations would be appreciated.

[centeredki69]

Your needs can be accomplished using the existing SE-servers using the SE Layer 3 switch but this requires hardware routers/DHCP server at each location that supports static routes. SecureNAT would not be used as you would be using the "local Bridge" function. This could also be done on layer 2 level, but this requires using the same IP subnet at both locations and setting IP address ranges per location. Both setups are listed in detail on the following links. Are you using the "SE server manager" to configure your SE servers?

https://www.softether.org/4-docs/1-manu ... P_Routing)

https://www.softether.org/4-docs/1-manu ... L2_Bridge)

[78jm68se]

Thank you for the information and the assistance.

Based on the answer provided and the specific situation we have with the network IP addressing, this will not work as envisioned.

The idea was that we would be able to replicate the functionality you get when using the SE Client and SE server configured to use SecureNAT in a road warrior configuration, however we would substitute the SE Client for another SE Server in a Site to Site configuration.

The goal was to configure the L2 Tunnel, setup the cascade connection and configure the L3 Switch, allow devices with addresses from SITE A to access devices with addresses from SITE B using a SITE B address NAT and L3 routing. In effect we are trying to replicate what you can do with a hardware router that supports VPN

To answer your question, yes we are using SE server manager to configure the SE servers and all of this is operating in cloud environments