LAN-to-LAN VPN L2 Bridge is up but no ping

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
squdomenico
Posts: 4
Joined: Sat Jan 16, 2021 8:19 pm

LAN-to-LAN VPN L2 Bridge is up but no ping

Post by squdomenico » Sat Jan 16, 2021 8:41 pm

The configuration looks fine and i can see the iptables populated on both the Server and Bridge, The two implementation are Centos 7 on on Vsphere and the portgroups are been setted in promiscuous mode.
I don't know what to check more and don't find an option in vpncmd that can help me to put in debug the icmp.
Thank

sky59
Posts: 477
Joined: Tue Sep 11, 2018 5:58 pm

Re: LAN-to-LAN VPN L2 Bridge is up but no ping

Post by sky59 » Sat Jan 16, 2021 11:03 pm

elheho, why you make new nick on the forum instead of using your brain?

squdomenico
Posts: 4
Joined: Sat Jan 16, 2021 8:19 pm

Re: LAN-to-LAN VPN L2 Bridge is up but no ping

Post by squdomenico » Sun Jan 17, 2021 8:29 am

Hello, i did investigate yesterday and this moorning with my brain, troubleshooting the arp i seen with tcpdump that the Softether Box doesnt' reply to the arp requests. Firewall and selinux are down.
What other can i check?


[root@CentOS7 vpnbridge]# ifconfig ens192
ens192: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1986
inet 10.10.9.30 netmask 255.255.252.0 broadcast 10.10.11.255
inet6 fe80::3611:4cad:d8cf:6d6e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b5:d9:39 txqueuelen 1000 (Ethernet)
RX packets 139967 bytes 13751231 (13.1 MiB)
RX errors 0 dropped 18 overruns 0 frame 0
TX packets 105490 bytes 15410468 (14.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@CentOS7 vpnbridge]# tcpdump -i ens192 arp |grep 10.10.10.145
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
09:28:00.318147 ARP, Request who-has 10.10.10.145 tell 10.10.9.25, length 46
09:28:00.318164 ARP, Request who-has 10.10.10.145 tell 10.10.9.25, length 46
09:28:01.327248 ARP, Request who-has 10.10.10.145 tell 10.10.9.25, length 46

squdomenico
Posts: 4
Joined: Sat Jan 16, 2021 8:19 pm

Re: LAN-to-LAN VPN L2 Bridge is up but no ping

Post by squdomenico » Sun Jan 17, 2021 9:18 am

Hello, i did investigate yesterday and this moorning with my brain, troubleshooting the arp i seen with tcpdump that the Softether Box doesnt' reply to the arp requests. Firewall and selinux are down.
What other can i check?

sky59
Posts: 477
Joined: Tue Sep 11, 2018 5:58 pm

Re: LAN-to-LAN VPN L2 Bridge is up but no ping

Post by sky59 » Sun Jan 17, 2021 11:01 am

You need to provide picture/detailed description what you want.

Step by step: do you want to "connect" together both LANs? Are they in the same subnet? What will be the IP ranges for two LANs?

Do they both have internet connection?

I think the VPN is not your problem. Most likely it seems to be networking.

squdomenico
Posts: 4
Joined: Sat Jan 16, 2021 8:19 pm

Re: LAN-to-LAN VPN L2 Bridge is up but no ping

Post by squdomenico » Sun Jan 17, 2021 1:24 pm

Yes, i want to extend the 10.10.0.0/8 LAN on remote site and the VPN is UP as you can see :
also MAC table and IP Tables are populated

This the output from the bridge site
VPN Server/BRIDGE>stat
StatusGet command - Get Current Status of Virtual Hub
Item |Value
-----------------------------+-------------------
Virtual Hub Name |BRIDGE
Status |Online
Type |Standalone
SecureNAT |Disabled
Sessions |2
Access Lists |0
Users |0
Groups |0
MAC Tables |55
IP Tables |40
Num Logins |0
Last Login |2021-01-16 17:54:44
Last Communication |2021-01-17 14:13:24
Created at |2021-01-16 17:54:44
Outgoing Unicast Packets |3,606,673 packets
Outgoing Unicast Total Size |229,083,660 bytes
Outgoing Broadcast Packets |1,753,848 packets
Outgoing Broadcast Total Size|134,287,027 bytes
Incoming Unicast Packets |11,260,586 packets
Incoming Unicast Total Size |2,389,981,788 bytes
Incoming Broadcast Packets |1,891,827 packets
Incoming Broadcast Total Size|143,544,205 bytes
The command completed successfully.

and this is the output from the server site.
VPN Server/DEFAULT>stat
StatusGet command - Get Current Status of Virtual Hub
Item |Value
-----------------------------+-------------------
Virtual Hub Name |DEFAULT
Status |Online
Type |Standalone
SecureNAT |Disabled
Sessions |2
Sessions (Client) |0
Sessions (Bridge) |1
Access Lists |0
Users |1
Groups |0
MAC Tables |116
IP Tables |87
Num Logins |5
Last Login |2021-01-17 09:04:32
Last Communication |2021-01-17 14:20:34
Created at |2021-01-16 15:43:39
Outgoing Unicast Packets |1,783,898 packets
Outgoing Unicast Total Size |100,039,630 bytes
Outgoing Broadcast Packets |1,631,707 packets
Outgoing Broadcast Total Size|124,384,060 bytes
Incoming Unicast Packets |9,417,809 packets
Incoming Unicast Total Size |1,266,860,206 bytes
Incoming Broadcast Packets |1,749,572 packets
Incoming Broadcast Total Size|133,972,639 bytes
The command completed successfully.

sky59
Posts: 477
Joined: Tue Sep 11, 2018 5:58 pm

Re: LAN-to-LAN VPN L2 Bridge is up but no ping

Post by sky59 » Sun Jan 17, 2021 4:41 pm

I give up.

You can not be helped. You are obsessed with "no pinging". The only thing I understood from copy-paste useless information is that both server and bridge can see some MAC addresses.

I have written you many many times what you need to do. So I stop trying to help you.

Bye

qupfer
Posts: 202
Joined: Wed Jul 10, 2013 2:07 pm

Re: LAN-to-LAN VPN L2 Bridge is up but no ping

Post by qupfer » Wed Aug 10, 2022 10:07 am

Its not clear what you want,
but if you just bridge softether to your eth0 on server side, you CAN'T reach the server-ip through VPN. Its a Linux/Kernel behaviour.
What worked for me is a "double-bridge":
* create tap device
* bridge softether on that tap device
* use linux bridge-utils to bridge tap and eth0

Other solution could be to add an second interface on the server, this should be reachable through vpn.

Post Reply