Routing when vpn server runs on VM

[mlsjwr]

Dear Networking expert please find me.
I am fighting whit this problem sinc last december and I cant get an answer for my proble.
I have found a lot of information and a lot of configuration mistakes in my settings but
I still cant get work my network.

I know the problem is with my routing but I have no more idea so I would be greatful if
somebody give me a guide how to set it.

I have 3 sites with 3 different subnets:
Site A (which is running the SoftEther VPN server on a vmware bridged Virtual machine on Ubuntu trusty
Site B (which is running the SoftEther VPNbridge) there are some devices also on this network also (PC, DVR, IPcam)
Site C (which is running the SoftEther VPNbridge) there are some devices also on this network also (PC, DVR, IPcam)

Site B and Site C cascade connects to the Site A server which has hub for each site.
Hub A local bridged to LAN
Hub B for site B
Hub C for site C

I set an L3 Switch on server and connected these hubs to it as the interfaces. I set everything exactly the same way as it is in the documentation, Hub addresss in securenat (192.168.X.254) etc.

I trided to set a lot of versions but I can't find the correct settings, I think maybe because of VM or I don't know.
Please guide me where and what static routes do I have to set.

What routes do I have to set in router? What is the gateway?
(Physical machines IP?, the HUB of the Bridges IP?, maybe the connecting HUBs IP in the server? or the TAP interfaces IP?

What routes do I have to set on server on on bridges?
There is a couple of IP addresses here what I can set but I am not sure which one.

Thank You in advance
Richard

[thisjun]

Do Site B and C need communication each other?
Please show detail network address for each site.

[mlsjwr]

Dear Thisjun
I cant tell if I will need communication between B and C site. Let say Yes! and If I do not need, I will disable the static route between them.

At this moment the problem is Nobdoy can communicate to nobody.
I cant ping host from any site to any other site host.

does not matter what is the actual IP at the sites, These are different subnets
let say:
A 192.168.1.0/24 Server on Vm (ubuntu) with IP :192.168.1.100
Router:192.168.1.1

B 192.168.2.0/24 Bridge on physical pc (ubuntu) with IP:192.168.2.100
Router:192.168.2.1

C 192.168.3.0/24 Bridge on physical pc (ubuntu) with IP:192.168.3.100
Router:192.168.3.1

I am waiting for Your reply
Richard

[thisjun]

On Virtual L3 switch, If you configured these interfaces:
Hub A: 192.168.1.2
Hub B: 192.168.2.2
Hub C: 192.168.3.2

On each router, you should configure route on each site gateway.
Site A: 192.168.2.0/24 gateway 192.168.1.2
192.168.3.0/24 gateway 192.168.1.2

Site B: 192.168.1.0/24 gateway 192.168.2.2
192.168.3.0/24 gateway 192.168.2.2

Site C: 192.168.1.0/24 gateway 192.168.3.2
192.168.2.0/24 gateway 192.168.3.2

[mlsjwr]

What can be the problem when ping does not goes through the vpnbridge?
I have set the routes, on routers and on server also.
The router tells the route to other sites which is the vpnbridge or vpnservers IP
The server tells the route to other sites which is the tap devices IP
I can ping only the PC which is running the vpnbridge or vpnserver,
but I cannot ping Any other Host on the other site.

No firewall is enabled, the sysctl net.ipv4.ip-forward=1 is set.
The tap device is set on each site. And it gets static ip from another ip range.

What else is missing?

[thisjun]

You should set virtual L3 interface IP address as gateway. Not tap device or psychical interface IP address.