Layer 3 routing: What am I doing wrong?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
abcym
Posts: 2
Joined: Tue Jun 22, 2021 9:03 pm

Layer 3 routing: What am I doing wrong?

Post by abcym » Tue Jun 22, 2021 9:12 pm

I have a SoftEther VPN server on a VPS at Vultr. I have connected 2 x separate Windows machines in different subnets:

Machine 1 - 10.3.50.1 / 255.255.255.0 (Hub - VPN)
Machine 2 - 10.3.51.1 / 255.255.255.0 (Hub - VPN51)

I am trying to configure layer 3 switching between the subnets. I have set up virtual interfaces in both hubs on xx.254

I attached a screenshot showing my Layer 3 switch settings.

Both machines can ping their own switch - i.e. Machine 1 can ping 10.3.50.254 - but neither machine can ping each other.

I've spent about 8 hours trying to work this out and I am sure it is very obvious, but my head hurts!

Do you have any ideas what I might be doing wrong?
You do not have the required permissions to view the files attached to this post.

solo
Posts: 67
Joined: Sun Feb 14, 2021 10:31 am

Re: Layer 3 routing: What am I doing wrong?

Post by solo » Tue Jun 22, 2021 10:29 pm

You are not doing anything wrong but you need to do more. Preset static routes either on the router or LAN PCs.

eddiewu
Posts: 135
Joined: Wed Nov 25, 2020 9:10 am

Re: Layer 3 routing: What am I doing wrong?

Post by eddiewu » Wed Jun 23, 2021 2:51 am

yeah you need to add routes on subnet routers or push routes from dhcp servers (adding routes on individual clients is not recommended)
and the two entries in your routing table settings are not needed

abcym
Posts: 2
Joined: Tue Jun 22, 2021 9:03 pm

Re: Layer 3 routing: What am I doing wrong?

Post by abcym » Wed Jun 23, 2021 6:49 pm

Thank you for your replies, that's been very helpful and I've been able to ping one way... but I think the other way is a Windows firewall issue.

Hoping I can ask for some more advice... I have a situation where I have 35 x Cisco RV042 routers at sites across the country. Each router is on 10.x.x.1 and has a DHCP range of 10.x.x.100-200. Subnet on all is 255.255.255.0. The routers are pretty old and support IKEv1.

I need to get to a position where each of these 35 sites is connected to a single SoftEther server hosted in Vultr. They don't need to be able to access any other site, but headquarters must be able to access any device in any network.

What's the best way of setting this up in SoftEther? I considered having a switch in SoftEther for every site but this would need me to have a hub for each site, so it seems a little excessive (also not sure if this is possible as there is only one pre-shared key per SoftEther server). Unless that is required? I guess I would need to define a 'HQ' network (which does not yet exist) in a similar range?

I'm incredibly grateful for your advice.

Post Reply