Can not reach the pc with bridge in L3 VPN

[cst_zf]

I set a Level 3 VPN with two sites.
Each bridge is setup on a pc with only one network card using local bridge.
However I can visit other ip in the other site except the ip which belongs to the pc with local bridge.

Site 1:
10.200.0.0/16
gateway: 10.200.0.1
bridge pc: 10.200.3.144
L3 switch virtual ip: 10.200.1.52

route add 192.168.120.0/24 10.200.1.52

Site 2:
192.168.120.0/24
gateway: 192.168.120.1
bridge pc: 192.168.120.8
L3 switch virtual ip: 192.168.120.13

route add 10.200.0.0/24 192.168.120.13

L3 virtual switch
route add 192.168.120.0/24 10.200.1.52
route add 10.200.0.0/24 192.168.120.13


192.168.120.8 can visit 10.200.*.* except 10.200.3.144
192.168.120.10 can visit 10.200.*.* except 10.200.3.144
in the other sites, the same things happened

Can anyone help me?

[thisjun]

Did you use Linux for SoftEther VPN?
If so, it's OS limitation.
http://www.softether.org/4-docs/1-manua ... r_Mac_OS_X

[cst_zf]

thisjun wrote:
> Did you use Linux for SoftEther VPN?
> If so, it's OS limitation.
>
> http://www.softether.org/4-docs/1-manua ... r_Mac_OS_X

Windows as Bridge, CentOS as Center.

[mithrandir]

A localbridged network device can't communicate with the virtualhub?

This is a problem for me as well.
http://www.vpnusers.com/viewtopic.php?f=7&t=5849

[Mada]

thisjun wrote:
> Did you use Linux for SoftEther VPN?
> If so, it's OS limitation.
>
> http://www.softether.org/4-docs/1-manua ... r_Mac_OS_X


Does this mean that it is never possible to get a package to to computer running SoftEther from a remote site via the virtual hub and the locally bridged adapter? No mater if I set up a virtual NIC, TAP or dummy interface?

[thisjun]

The limitation is only for localbridge with NIC.
If you use tap device, you can access the machine using localbridge via VPN.

[cst_zf]

thisjun wrote:
> The limitation is only for localbridge with NIC.
> If you use tap device, you can access the machine using localbridge via
> VPN.

Can you teach me how to configure the tap device? I create a tap device and a localbridge with em1 (the NIC), however I still cannot access the server with em1's ip from the other side of VPN.

[thisjun]

Please read the manual.
https://www.softether.org/4-docs/1-manu ... Connection

[cst_zf]

thisjun wrote:
> Please read the manual.
>
> https://www.softether.org/4-docs/1-manu ... Connection

So it must config the iptables to forward the flow? It seems to be similar with setup a pptpd service.

[Mada]

I have come to the conclusion that you can never communicate with the computer running SE through softether addressing the locally bridged adapter. This is a limitation of the physical switch or a OS limitation.

I have installed a USB Ethernet card not used by SE and I can communicate with that.

[Mada]

link611 wrote:
> Hi,
>
> i have the same problem, but first without a site-to-site vpn.
>
> i have configured a bridge (main station) and a L2TP Server, if i connect
> over l2tp to SE, i can not reach the SE server over it's local ip
> anymore...
>
>
> I have tried to use a second network-card (WIFI) with a different ip, but
> if the vpn is open i can not reach the SE server. (Network and WIFI)
>
>
> I think there is a route or something else missing....

Well, a packet sent from an interface will never be returned to that interface at least not by a switch.

So, if you want to reach SE server, through that servers nic.. well the packet will stop at the switch. No way around that I think.

[cst_zf]

Mada wrote:
> link611 wrote:
> > Hi,
> >
> > i have the same problem, but first without a site-to-site vpn.
> >
> > i have configured a bridge (main station) and a L2TP Server, if i connect
> > over l2tp to SE, i can not reach the SE server over it's local ip
> > anymore...
> >
> >
> > I have tried to use a second network-card (WIFI) with a different ip, but
> > if the vpn is open i can not reach the SE server. (Network and WIFI)
> >
> >
> > I think there is a route or something else missing....
>
> Well, a packet sent from an interface will never be returned to that interface at
> least not by a switch.
>
> So, if you want to reach SE server, through that servers nic.. well the packet will
> stop at the switch. No way around that I think.

Then the only way is softether capture the packet itself?
Maybe softether should add such a feature.

[Mada]

cst_zf wrote:
> Mada wrote:
> > link611 wrote:
> > > Hi,
> > >
> > > i have the same problem, but first without a site-to-site vpn.
> > >
> > > i have configured a bridge (main station) and a L2TP Server, if i connect
> > > over l2tp to SE, i can not reach the SE server over it's local ip
> > > anymore...
> > >
> > >
> > > I have tried to use a second network-card (WIFI) with a different ip, but
> > > if the vpn is open i can not reach the SE server. (Network and WIFI)
> > >
> > >
> > > I think there is a route or something else missing....
> >
> > Well, a packet sent from an interface will never be returned to that interface
> at
> > least not by a switch.
> >
> > So, if you want to reach SE server, through that servers nic.. well the packet
> will
> > stop at the switch. No way around that I think.
>
> Then the only way is softether capture the packet itself?
> Maybe softether should add such a feature.

Maybe there is a reason this feature does not exist. Security or routing. Thisjun has hinted that there is a kernel limitation in Linux.

I have tried to set this up both in Linux and under windows. No luck. In the end a $ 20 USB Ethernet adapter solved the problem without having to configure anything in SE.

[thisjun]

Did you try tap mode localbridge?

[Mada]

thisjun wrote:
> Did you try tap mode localbridge?

Yes, tap device does not respond to ping from offsite via SE vpn.

[thisjun]

Did you assign IP address on the tap?