Can not reach the pc with bridge in L3 VPN
-
- Posts: 15
- Joined: Fri May 20, 2016 8:07 am
Can not reach the pc with bridge in L3 VPN
I set a Level 3 VPN with two sites.
Each bridge is setup on a pc with only one network card using local bridge.
However I can visit other ip in the other site except the ip which belongs to the pc with local bridge.
Site 1:
10.200.0.0/16
gateway: 10.200.0.1
bridge pc: 10.200.3.144
L3 switch virtual ip: 10.200.1.52
route add 192.168.120.0/24 10.200.1.52
Site 2:
192.168.120.0/24
gateway: 192.168.120.1
bridge pc: 192.168.120.8
L3 switch virtual ip: 192.168.120.13
route add 10.200.0.0/24 192.168.120.13
L3 virtual switch
route add 192.168.120.0/24 10.200.1.52
route add 10.200.0.0/24 192.168.120.13
192.168.120.8 can visit 10.200.*.* except 10.200.3.144
192.168.120.10 can visit 10.200.*.* except 10.200.3.144
in the other sites, the same things happened
Can anyone help me?
Each bridge is setup on a pc with only one network card using local bridge.
However I can visit other ip in the other site except the ip which belongs to the pc with local bridge.
Site 1:
10.200.0.0/16
gateway: 10.200.0.1
bridge pc: 10.200.3.144
L3 switch virtual ip: 10.200.1.52
route add 192.168.120.0/24 10.200.1.52
Site 2:
192.168.120.0/24
gateway: 192.168.120.1
bridge pc: 192.168.120.8
L3 switch virtual ip: 192.168.120.13
route add 10.200.0.0/24 192.168.120.13
L3 virtual switch
route add 192.168.120.0/24 10.200.1.52
route add 10.200.0.0/24 192.168.120.13
192.168.120.8 can visit 10.200.*.* except 10.200.3.144
192.168.120.10 can visit 10.200.*.* except 10.200.3.144
in the other sites, the same things happened
Can anyone help me?
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Can not reach the pc with bridge in L3 VPN
Did you use Linux for SoftEther VPN?
If so, it's OS limitation.
http://www.softether.org/4-docs/1-manua ... r_Mac_OS_X
If so, it's OS limitation.
http://www.softether.org/4-docs/1-manua ... r_Mac_OS_X
-
- Posts: 15
- Joined: Fri May 20, 2016 8:07 am
Re: Can not reach the pc with bridge in L3 VPN
thisjun wrote:
> Did you use Linux for SoftEther VPN?
> If so, it's OS limitation.
>
> http://www.softether.org/4-docs/1-manua ... r_Mac_OS_X
Windows as Bridge, CentOS as Center.
> Did you use Linux for SoftEther VPN?
> If so, it's OS limitation.
>
> http://www.softether.org/4-docs/1-manua ... r_Mac_OS_X
Windows as Bridge, CentOS as Center.
-
- Posts: 5
- Joined: Wed Jun 01, 2016 8:12 am
Re: Can not reach the pc with bridge in L3 VPN
A localbridged network device can't communicate with the virtualhub?
This is a problem for me as well.
http://www.vpnusers.com/viewtopic.php?f=7&t=5849
This is a problem for me as well.
http://www.vpnusers.com/viewtopic.php?f=7&t=5849
-
- Posts: 102
- Joined: Sat Jun 20, 2015 9:40 am
Re: Can not reach the pc with bridge in L3 VPN
thisjun wrote:
> Did you use Linux for SoftEther VPN?
> If so, it's OS limitation.
>
> http://www.softether.org/4-docs/1-manua ... r_Mac_OS_X
Does this mean that it is never possible to get a package to to computer running SoftEther from a remote site via the virtual hub and the locally bridged adapter? No mater if I set up a virtual NIC, TAP or dummy interface?
> Did you use Linux for SoftEther VPN?
> If so, it's OS limitation.
>
> http://www.softether.org/4-docs/1-manua ... r_Mac_OS_X
Does this mean that it is never possible to get a package to to computer running SoftEther from a remote site via the virtual hub and the locally bridged adapter? No mater if I set up a virtual NIC, TAP or dummy interface?
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Can not reach the pc with bridge in L3 VPN
The limitation is only for localbridge with NIC.
If you use tap device, you can access the machine using localbridge via VPN.
If you use tap device, you can access the machine using localbridge via VPN.
-
- Posts: 15
- Joined: Fri May 20, 2016 8:07 am
Re: Can not reach the pc with bridge in L3 VPN
thisjun wrote:
> The limitation is only for localbridge with NIC.
> If you use tap device, you can access the machine using localbridge via
> VPN.
Can you teach me how to configure the tap device? I create a tap device and a localbridge with em1 (the NIC), however I still cannot access the server with em1's ip from the other side of VPN.
> The limitation is only for localbridge with NIC.
> If you use tap device, you can access the machine using localbridge via
> VPN.
Can you teach me how to configure the tap device? I create a tap device and a localbridge with em1 (the NIC), however I still cannot access the server with em1's ip from the other side of VPN.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Can not reach the pc with bridge in L3 VPN
Please read the manual.
https://www.softether.org/4-docs/1-manu ... Connection
https://www.softether.org/4-docs/1-manu ... Connection
-
- Posts: 15
- Joined: Fri May 20, 2016 8:07 am
Re: Can not reach the pc with bridge in L3 VPN
thisjun wrote:
> Please read the manual.
>
> https://www.softether.org/4-docs/1-manu ... Connection
So it must config the iptables to forward the flow? It seems to be similar with setup a pptpd service.
> Please read the manual.
>
> https://www.softether.org/4-docs/1-manu ... Connection
So it must config the iptables to forward the flow? It seems to be similar with setup a pptpd service.
-
- Posts: 102
- Joined: Sat Jun 20, 2015 9:40 am
Re: Can not reach the pc with bridge in L3 VPN
I have come to the conclusion that you can never communicate with the computer running SE through softether addressing the locally bridged adapter. This is a limitation of the physical switch or a OS limitation.
I have installed a USB Ethernet card not used by SE and I can communicate with that.
I have installed a USB Ethernet card not used by SE and I can communicate with that.
-
- Posts: 102
- Joined: Sat Jun 20, 2015 9:40 am
Re: Can not reach the pc with bridge in L3 VPN
link611 wrote:
> Hi,
>
> i have the same problem, but first without a site-to-site vpn.
>
> i have configured a bridge (main station) and a L2TP Server, if i connect
> over l2tp to SE, i can not reach the SE server over it's local ip
> anymore...
>
>
> I have tried to use a second network-card (WIFI) with a different ip, but
> if the vpn is open i can not reach the SE server. (Network and WIFI)
>
>
> I think there is a route or something else missing....
Well, a packet sent from an interface will never be returned to that interface at least not by a switch.
So, if you want to reach SE server, through that servers nic.. well the packet will stop at the switch. No way around that I think.
> Hi,
>
> i have the same problem, but first without a site-to-site vpn.
>
> i have configured a bridge (main station) and a L2TP Server, if i connect
> over l2tp to SE, i can not reach the SE server over it's local ip
> anymore...
>
>
> I have tried to use a second network-card (WIFI) with a different ip, but
> if the vpn is open i can not reach the SE server. (Network and WIFI)
>
>
> I think there is a route or something else missing....
Well, a packet sent from an interface will never be returned to that interface at least not by a switch.
So, if you want to reach SE server, through that servers nic.. well the packet will stop at the switch. No way around that I think.
-
- Posts: 15
- Joined: Fri May 20, 2016 8:07 am
Re: Can not reach the pc with bridge in L3 VPN
Mada wrote:
> link611 wrote:
> > Hi,
> >
> > i have the same problem, but first without a site-to-site vpn.
> >
> > i have configured a bridge (main station) and a L2TP Server, if i connect
> > over l2tp to SE, i can not reach the SE server over it's local ip
> > anymore...
> >
> >
> > I have tried to use a second network-card (WIFI) with a different ip, but
> > if the vpn is open i can not reach the SE server. (Network and WIFI)
> >
> >
> > I think there is a route or something else missing....
>
> Well, a packet sent from an interface will never be returned to that interface at
> least not by a switch.
>
> So, if you want to reach SE server, through that servers nic.. well the packet will
> stop at the switch. No way around that I think.
Then the only way is softether capture the packet itself?
Maybe softether should add such a feature.
> link611 wrote:
> > Hi,
> >
> > i have the same problem, but first without a site-to-site vpn.
> >
> > i have configured a bridge (main station) and a L2TP Server, if i connect
> > over l2tp to SE, i can not reach the SE server over it's local ip
> > anymore...
> >
> >
> > I have tried to use a second network-card (WIFI) with a different ip, but
> > if the vpn is open i can not reach the SE server. (Network and WIFI)
> >
> >
> > I think there is a route or something else missing....
>
> Well, a packet sent from an interface will never be returned to that interface at
> least not by a switch.
>
> So, if you want to reach SE server, through that servers nic.. well the packet will
> stop at the switch. No way around that I think.
Then the only way is softether capture the packet itself?
Maybe softether should add such a feature.
-
- Posts: 102
- Joined: Sat Jun 20, 2015 9:40 am
Re: Can not reach the pc with bridge in L3 VPN
cst_zf wrote:
> Mada wrote:
> > link611 wrote:
> > > Hi,
> > >
> > > i have the same problem, but first without a site-to-site vpn.
> > >
> > > i have configured a bridge (main station) and a L2TP Server, if i connect
> > > over l2tp to SE, i can not reach the SE server over it's local ip
> > > anymore...
> > >
> > >
> > > I have tried to use a second network-card (WIFI) with a different ip, but
> > > if the vpn is open i can not reach the SE server. (Network and WIFI)
> > >
> > >
> > > I think there is a route or something else missing....
> >
> > Well, a packet sent from an interface will never be returned to that interface
> at
> > least not by a switch.
> >
> > So, if you want to reach SE server, through that servers nic.. well the packet
> will
> > stop at the switch. No way around that I think.
>
> Then the only way is softether capture the packet itself?
> Maybe softether should add such a feature.
Maybe there is a reason this feature does not exist. Security or routing. Thisjun has hinted that there is a kernel limitation in Linux.
I have tried to set this up both in Linux and under windows. No luck. In the end a $ 20 USB Ethernet adapter solved the problem without having to configure anything in SE.
> Mada wrote:
> > link611 wrote:
> > > Hi,
> > >
> > > i have the same problem, but first without a site-to-site vpn.
> > >
> > > i have configured a bridge (main station) and a L2TP Server, if i connect
> > > over l2tp to SE, i can not reach the SE server over it's local ip
> > > anymore...
> > >
> > >
> > > I have tried to use a second network-card (WIFI) with a different ip, but
> > > if the vpn is open i can not reach the SE server. (Network and WIFI)
> > >
> > >
> > > I think there is a route or something else missing....
> >
> > Well, a packet sent from an interface will never be returned to that interface
> at
> > least not by a switch.
> >
> > So, if you want to reach SE server, through that servers nic.. well the packet
> will
> > stop at the switch. No way around that I think.
>
> Then the only way is softether capture the packet itself?
> Maybe softether should add such a feature.
Maybe there is a reason this feature does not exist. Security or routing. Thisjun has hinted that there is a kernel limitation in Linux.
I have tried to set this up both in Linux and under windows. No luck. In the end a $ 20 USB Ethernet adapter solved the problem without having to configure anything in SE.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Can not reach the pc with bridge in L3 VPN
Did you try tap mode localbridge?
-
- Posts: 102
- Joined: Sat Jun 20, 2015 9:40 am
Re: Can not reach the pc with bridge in L3 VPN
thisjun wrote:
> Did you try tap mode localbridge?
Yes, tap device does not respond to ping from offsite via SE vpn.
> Did you try tap mode localbridge?
Yes, tap device does not respond to ping from offsite via SE vpn.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Can not reach the pc with bridge in L3 VPN
Did you assign IP address on the tap?