Point2Point(IPv4), IPv6, RoadWarrior connection

[kvv213]

Dear All!

I'd like to ask your opinion about how to implemment my idea using SoftEther VPN. I have the following setup:

Remote Network:
"White" publich IPv4 interface (but Dynamic)
ZyXel Giga II as a router with 6to4 IPv6 Tunnel
IPv4 Network 192.168.0.0/24
This network has Ubuntu Server 16.04 LTS headless ("Remote Ubuntu") and a number of other devices.

Local Network:
"Grey" non-public IPv4 address
A router with admin rights
IPv4 Network 192.168.1.0/24
This network has Ubuntu Server 16.04 LTS headless ("Local Ubuntu") and a number of other devices.

I'd like to do the following:
1. Connect both Remote and Local IPv4 networks via TUN (routing). I don't want to merge both IPv4 networks into one. But would like to enable access from one network to another.
2. Share IPv6 network from Remote Network to Local Network in order to let access from Local Network to normal (tunneled) IPv6 network.
3. Let my handheld devices like smarphones, tablets and other laptops to access joint Remote and Local networks resources.

I'd like to use Ubuntu Servers for SoftEther VPN and as I think the Remote Ubuntu should be the entry point for RoadWarriors devices (Tablets etc.) as well as it should be the VPN server. I don't transfer military or top-secret information data via the networks so extremely strong crypto is not neccessary but I'd like to get enough protection against non-permitted access to my networks.

Any wise comments are welcomed! :)

The network diagramm is below:
[attachment=0]Network-EtherVPN.png[/attachment]

[kvv213]

First of all I'm trying to establish Site-to-Site Layer 3 VPN channel:

Works done at Remote network (192.168.0.0/24):
1. I've installed SoftEhter VPN Server at Remote Ubuntu Server (192.168.0.19)
2. Created Two Virtual Hubs: Remote and Local
3. Created Local Bridge and Connected it to Remote Virtual Hub
4. Created Layer 3 Switch. Created two virtual interfaces in it: 192.168.0.254 (for Remote Hub) and 192.168.1.254 (for Local Hub). Added the following routing at the Switch 192.168.0.0/24 gw 192.168.1.254 and 192.168.1.0/24 gw 192.168.0.254
5. Added at Remote Ubuntu server (192.168.0.19) the following routing: route add -net 192.168.1.0/24 gw 192.168.0.254

Works done at Local network (192.168.1.0/24):
1. Installed Bridge at Local Ubuntu Server (192.168.1.11).
2. Local Bridge is connected to Virtual Hub is istablished.
3. Cascade connection to Local Hub at Remote Ubuntu server is istablished.
4. At local router (192.168.1.0) a route 192.168.0.0/24 gw 192.168.1.254 added.

Now I see the following:

At Local Bridge (192.168.1.11):
a. the cascade connection is working
b. Local Bridge is working (I can see a list of Local network ip-addresses).

At Remote VPN Server (192.168.0.19):
c. At Local Hub I see the list of Local network ip-addresses.
d. At Remote Hub I see the list of Remote network ip-addresses.
e. Each Local and Remote Hubs have two sessions: Layer 3 Switch and Local Bridge/Cascade connection.

It seems that everything should work but something is wrong and I receive the following:

Tracert from Win10 machine at Local Network to Remote Ubuntu Server:
C:\Program Files\Far Manager>tracert 192.168.0.19

Tracing route to 192.168.0.19 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms SMBSHARE [192.168.1.1]
2 24 ms 15 ms 28 ms 192.168.1.254
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

Traceroute from Local Ubuntu Server to the Remote Ubuntu Server:
traceroute 192.168.0.19
traceroute to 192.168.0.19 (192.168.0.19), 64 hops max
1 192.168.1.11 1289.603ms !H 2999.808ms !H 2999.859ms !H

Ping from Local Ubuntu Server to the Remote Ubuntu Server:
ping 192.168.0.19
PING 192.168.0.19 (192.168.0.19) 56(84) bytes of data.
From 192.168.1.11 icmp_seq=1 Destination Host Unreachable
From 192.168.1.11 icmp_seq=2 Destination Host Unreachable
From 192.168.1.11 icmp_seq=3 Destination Host Unreachable
From 192.168.1.11 icmp_seq=4 Destination Host Unreachable
^C


Ping from Local Ubuntu Server to the Gateway to Remote Network:
ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
From 192.168.1.11 icmp_seq=1 Destination Host Unreachable
From 192.168.1.11 icmp_seq=2 Destination Host Unreachable
From 192.168.1.11 icmp_seq=3 Destination Host Unreachable
^C

Ping from Remote Ubuntu Server to Local Ubuntu Server:
ping 192.168.1.11
PING 192.168.1.11 (192.168.1.11) 56(84) bytes of data.
From 192.168.0.19 icmp_seq=1 Destination Host Unreachable
From 192.168.0.19 icmp_seq=2 Destination Host Unreachable
^C

Ping from Remote Ubuntu Server to GW to Local network:
ping 192.168.0.254
PING 192.168.0.254 (192.168.0.254) 56(84) bytes of data.
From 192.168.0.19 icmp_seq=1 Destination Host Unreachable
From 192.168.0.19 icmp_seq=2 Destination Host Unreachable
From 192.168.0.19 icmp_seq=3 Destination Host Unreachable
^C

Traceroute from Remote Ubuntu Server to Local Ubuntu Server:
traceroute 192.168.1.11
traceroute to 192.168.1.11 (192.168.1.11), 64 hops max
1 192.168.0.19 2999.478ms !H 2999.876ms !H 2999.718ms !H

So, what can be wrong?

[kvv213]

I've checked everthing three times more. Everyhting seems to be OK but the routing doesn't work.

From a windows machine at local network I can traceroute the remote virtual hub:
tracert 192.168.0.254

Tracing route to 192.168.0.254 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms SMBSHARE [192.168.1.1]
2 14 ms 11 ms 11 ms 192.168.1.254
3 30 ms 16 ms 17 ms 192.168.0.254

Trace complete.

And it works.

But I can't ping or traceroute the host machine Remote Ubuntu with SoftEther VPN Server installed:
tracert 192.168.0.19

Tracing route to 192.168.0.19 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms SMBSHARE [192.168.1.1]
2 10 ms 12 ms 12 ms 192.168.1.254
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.

:(

Client connectino from a Win10 machine is possible to establish and it works very well. But site-to-site - something wrong happens.

[thisjun]

SecureNAT doesn't have IPv6 routing function.
So, please configure routing on Local Ubuntu.

[kvv213]

thisjun wrote:
> SecureNAT doesn't have IPv6 routing function.
> So, please configure routing on Local Ubuntu.
The problem is with User space that is used by SoftEhter at Linux. It is not possible to route anyting from the tunnel to the sot machine and vice versa.
Uner Windows everything works fine.

[thisjun]

>2. Share IPv6 network from Remote Network to Local Network in order to let access from Local Network to normal (tunneled) IPv6 network.

The requirement doesn't be met with this way because virtual L3 switch doesn't have IPv6 routing function.