I've installed Bridge on one linux server and Server on another and basically done the following setup.
Server:
IPSecEnable
HubCreate
BridgeCreate, bridging to eth0
In the hub: UserCreate and UserPasswordSet
Bridge
hub BRIDGE
BridgeCreate, bridging to eth0
CascadeCreate
CascadePasswordSet
CascadeOnline
After that the logs show that I have a working connection between Server and Bridge. The Bridge is on a 77.x.x.x address, and the Server is on 192.168.2.65 on my internal network. From the Bridge-server I've tried ssh/ping against addresses on my internal network without luck. Running mtr/traceroute I see that it has no idea where the traffic should go. Have I forgotten any steps in my configuration?
Help with LAN-to-LAN IPsec VPN
-
raafat
- Posts: 223
- Joined: Fri Jul 03, 2015 2:21 pm
Re: Help with LAN-to-LAN IPsec VPN
What is the Bridge-server side internal network ?
-
aproT
- Posts: 3
- Joined: Thu Sep 15, 2016 6:07 pm
Re: Help with LAN-to-LAN IPsec VPN
Not really sure what the answer to that is, but I'll try to explain some more.
Server:
The server is installed on a virtual machine on our network. The eth0 adapter is bridged, and the machine has a 192.168.2.x address on our network.
Bridge:
The bridge is installed on a VPS. It had only the address we could reach it from outside until today. Then we created another network adapter eth1 to get an internal network as well. Tried bridging to both of them without success. Below is the routing table, with the IP address anonymized.
test@ec05:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 79.xxx.xx.x 0.0.0.0 UG 0 0 0 eth0
10.26.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
79.xxx.xx.x 0.0.0.0 255.255.255.0 U 0 0 0 eth0
It may be that I'm missing something vital here, since I know (next to) nothing about routing or vpn.
Server:
The server is installed on a virtual machine on our network. The eth0 adapter is bridged, and the machine has a 192.168.2.x address on our network.
Bridge:
The bridge is installed on a VPS. It had only the address we could reach it from outside until today. Then we created another network adapter eth1 to get an internal network as well. Tried bridging to both of them without success. Below is the routing table, with the IP address anonymized.
test@ec05:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 79.xxx.xx.x 0.0.0.0 UG 0 0 0 eth0
10.26.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
79.xxx.xx.x 0.0.0.0 255.255.255.0 U 0 0 0 eth0
It may be that I'm missing something vital here, since I know (next to) nothing about routing or vpn.
-
raafat
- Posts: 223
- Joined: Fri Jul 03, 2015 2:21 pm
Re: Help with LAN-to-LAN IPsec VPN
aproT wrote:
> Not really sure what the answer to that is, but I'll try to explain some
> more.
>
> Server:
> The server is installed on a virtual machine on our network. The eth0
> adapter is bridged, and the machine has a 192.168.2.x address on our
> network.
>
> Bridge:
> The bridge is installed on a VPS. It had only the address we could reach it
> from outside until today. Then we created another network adapter eth1 to
> get an internal network as well. Tried bridging to both of them without
> success. Below is the routing table, with the IP address anonymized.
>
> test@ec05:~$ route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 0.0.0.0 79.xxx.xx.x 0.0.0.0 UG 0 0 0
> eth0
> 10.26.0.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth1
> 79.xxx.xx.x 0.0.0.0 255.255.255.0 U 0 0 0
> eth0
>
> It may be that I'm missing something vital here, since I know (next to)
> nothing about routing or vpn.
Try to find out if the web interface that you use to administer your VPS has an option for enabling "Promiscuous mode", if so, make sure that option is enabled on the Ethernet interface that is bridged to the internal network, if you couldn't find any option, then try your luck with this command :
ifcofnig eth1 promisc
Assuming your eth1 is connected to your internal network that is you desire to connect to remotely. Also, depending on your platform, may be you have to execute that command as a root. it's highly recommended to execute that command as a root. Finally, let's see the output of the command : "ifconfig eth1" to see configuration of eth1 on your VPS.
Good luck (:
> Not really sure what the answer to that is, but I'll try to explain some
> more.
>
> Server:
> The server is installed on a virtual machine on our network. The eth0
> adapter is bridged, and the machine has a 192.168.2.x address on our
> network.
>
> Bridge:
> The bridge is installed on a VPS. It had only the address we could reach it
> from outside until today. Then we created another network adapter eth1 to
> get an internal network as well. Tried bridging to both of them without
> success. Below is the routing table, with the IP address anonymized.
>
> test@ec05:~$ route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 0.0.0.0 79.xxx.xx.x 0.0.0.0 UG 0 0 0
> eth0
> 10.26.0.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth1
> 79.xxx.xx.x 0.0.0.0 255.255.255.0 U 0 0 0
> eth0
>
> It may be that I'm missing something vital here, since I know (next to)
> nothing about routing or vpn.
Try to find out if the web interface that you use to administer your VPS has an option for enabling "Promiscuous mode", if so, make sure that option is enabled on the Ethernet interface that is bridged to the internal network, if you couldn't find any option, then try your luck with this command :
ifcofnig eth1 promisc
Assuming your eth1 is connected to your internal network that is you desire to connect to remotely. Also, depending on your platform, may be you have to execute that command as a root. it's highly recommended to execute that command as a root. Finally, let's see the output of the command : "ifconfig eth1" to see configuration of eth1 on your VPS.
Good luck (:
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Help with LAN-to-LAN IPsec VPN
What is your goal?
Why do you create bridge on VPS?
Why do you create bridge on VPS?
-
aproT
- Posts: 3
- Joined: Thu Sep 15, 2016 6:07 pm
Re: Help with LAN-to-LAN IPsec VPN
My goal has changed now :)
Goal: Connect SoftEther to a remote site with Cisco hardware. I have received an IP and a PSK, and I'm currently trying to figure out how to make a connection. I thought I could use the SoftEther Bridge, but perhaps this can only be used if I have a SoftEther server as well? I have received an IP and a PSK, and that is pretty much all the info I have about the remove site...
Sorry for the vague question, but I really have no experience with VPN.
EDIT: Basically the other site is running Cisco HW and is the central server. I want to setup "something SoftEther" to connect to them, using IPSec site-to-site.
Goal: Connect SoftEther to a remote site with Cisco hardware. I have received an IP and a PSK, and I'm currently trying to figure out how to make a connection. I thought I could use the SoftEther Bridge, but perhaps this can only be used if I have a SoftEther server as well? I have received an IP and a PSK, and that is pretty much all the info I have about the remove site...
Sorry for the vague question, but I really have no experience with VPN.
EDIT: Basically the other site is running Cisco HW and is the central server. I want to setup "something SoftEther" to connect to them, using IPSec site-to-site.
-
cedar
- Site Admin
- Posts: 2082
- Joined: Sat Mar 09, 2013 5:37 am
Re: Help with LAN-to-LAN IPsec VPN
SoftEther VPN doesn't support bare IPsec protocol.
Cisco router can connect to SoftEther VPN Server with L2TPv3/IPsec.
But SoftEther VPN Bridge can't be an initiator.
Cisco router can connect to SoftEther VPN Server with L2TPv3/IPsec.
But SoftEther VPN Bridge can't be an initiator.