IP Address Schemes for LAN to LAN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
triwaves
Posts: 27
Joined: Mon May 16, 2016 3:11 pm

IP Address Schemes for LAN to LAN

Post by triwaves » Thu Apr 27, 2017 5:26 am

Hello,

I have brought up several Raspberry pi units as servers in multiple locations

I tried for the simple Config with Secure NAT and Dhcp server and each one is working for remote access from a variety of clients.

I then brought up a server on an ec2 instance at Amazon. It also works and is reachable.

Then I made cascade connections to the AWS server with 2 locations to test.

Everything is connected but communication is not working right between sites. I don't understand what best practice is for the client computers in terms of getting them an IP address and a gateway address. I know to be aware of conflicting DHCP servers, but each location has a router that provides the local IP and GW for that site.

How would you recommend I think about the configuration of servers, gateway and IP address assignments?
Attachments
VPN_Topology.jpg
configuration of sites

thisjun
Posts: 2462
Joined: Mon Feb 24, 2014 11:03 am

Re: IP Address Schemes for LAN to LAN

Post by thisjun » Thu May 18, 2017 6:05 am


triwaves
Posts: 27
Joined: Mon May 16, 2016 3:11 pm

Re: IP Address Schemes for LAN to LAN

Post by triwaves » Wed Jun 07, 2017 4:49 pm

Thanks, I was using that as a reference but there isn't enough details for me on setup specifics with DHCP servers and what to use as GW for the different computers. I think I get the basic concept of different subnets but lack in several details to complete the task. Was looking for more of a detailed implementation guide, not necessarily from softether, but even from other source that does implementations.

scubawarm
Posts: 4
Joined: Mon Jun 12, 2017 3:14 am

Re: IP Address Schemes for LAN to LAN

Post by scubawarm » Mon Jun 12, 2017 11:35 am

I hear your pain. The "manual" says nothing about the physical routers on a site to site at all.

Yet most help, when you read this forums is simply a reply pointing​ back to the manual. At present my routers are 10.1.10.1 server and 10.1.10.2 bridge office with those referenced as Gateway addresses on each side. Can see each others resources via the GUI but pinging across doesn't work at all.

Read DMZ in a post, also question if I should only use .1 gateway. But changing the gateway​ is not an experimental step in a working production environment. When the docs make this sound so simple and you don't even need to touch the physical routers.

kneel
Posts: 6
Joined: Thu Jun 01, 2017 2:48 am

Re: IP Address Schemes for LAN to LAN

Post by kneel » Thu Jun 22, 2017 5:18 am

Looks to me that you are bridging the two networks at the moment - you could simply add an additional IP address in the target network to your local PC and comms would work for that PC.

To create a layer 3 link, you would need to create a second virtual hub at each site which bridges to the LAN, use a "hidden" hub which is bridged to join the different sites, and use a virtual layer 3 router at each site to route traffic between the virtual hubs. Then either the individual PCs that need it have a route added manually, or the gateway router at each site has a route via the layer 3 router. That may cause ICMP redirect messages to begin on your network, so better to add the routing information manually, or at the DHCP server for each site. If you can't add the required routes using DHCP, you could "fix" the redirect issue by adding another subnet on the local LAN and send traffic to that IP instead, but it's ugly - better if you can automagically add routes via DHCP.

Post Reply