Configuration of Layer 3 Switch

[hitman20]

Hello,

I try to make a LAN to LAN Connection with a Layer 3 Switch and Routing. The VPN Server has the IP Address 172.16.6.254 on a TAP Adapter. The other LAN's should connect with IP Address of 172.16.6.253 and 172.16.6.252 and the subnet's 172.16.1.0, 172.16.2.0 and 172.16.3.0 should be reachable via 172.16.6.253.
If I do a layer 2 bridge it can only ping the network 172.16.6.0 but if I add manually a route then it also work but I don't want to do that on every client.
Then I configured a Layer 3 Switch with 172.16.6.254, 253 and 252 but If I do a cascade connection it won't work.

maybe someone can help me with this. Thanks

[kh_tsang]

Can you draw a network topology? I don't understand it.

About the routes, you can push the routes using DHCP.

[hitman20]

I have create a network diagram I hope it is now clearer. For DHCP I want to use an external DHCP Server.
The routes should be pushed by Softether if it is possible.

[kh_tsang]

You should add the routes manually on the VPN Server and the VPN Bridge.
A default route is enough for the clients in the three VLANs. If you still want to push the routes to the clients, you will need to do this on your DHCP Server. Since you are using external DHCP Server, you should not use SoftEther VPN Server DHCP to push the routes.

Is Router001 running SoftEther VPN Bridge or Server?

[hitman20]

Router001 has VPN Bridge. The VPN Server has the Server installed. The devices has all static IP Adresses then it will not query then DHCP Server. Is DHCP working when I do a Cascade Connection?

[kh_tsang]

No, static IP hosts will not receive routes pushed by the DHCP server unless the static IP is configured using DHCP Reservation instead of configuring on the hosts directly.

However, as I stated, a default route is enough for the clients in the three VLANs if internet traffic is routed through Router001.

[hitman20]

These devices should only route the internal networks the traffic should not go over VPN. Is it possible via a cascade connection that the devices get an IP Adress via DHCP?

[kh_tsang]

Router001 should have its own connection to the internet and the internet traffic should not be routed through the VPN. (Given that default gateway is not provided/configured on the virtual hub.)

You can use DHCP in a cascade connection but you cannot use the SoftEther one because you cannot configure DHCP reservation in SoftEther VPN.

[hitman20]

Can I also realize this setup with the layer 3 switch of Softether or is this not possible? If this is possible can you give me an example how to do that because I got the layer 3 switch not to work via the cascade connection. Thanks.

[kh_tsang]

The Layer 3 Switch provided by SoftEther VPN is doing routing between two or more virtual hubs. However, you are connecting the VPN Bridge and Router001 to the same Virtual Hub. The Layer 3 Switch provided by SoftEther VPN is useless in your case.

[kh_tsang]

Adding the routes on the VPN Server, the VPN Bridge is enough.
Treat the cascade connections as ethernet cables.

[hitman20]

I created now a VPN Bridge to my VPN Server but I get no IP Address via DHCP Server. I connect via Client Connection then I get an IP Address. Maybe there is something wrong?

I also added two screenshots with my Settings of the VPN Bridge.

[kh_tsang]

The VPN Bridge is used for making site-to-site VPN, not connecting the host itself to the virtual hub.
You should use a VPN Client to connect to the VPN Server in your case, no need VPN Bridge.

I misunderstand that you are using the Linux Version so I used the cascade connection with a tap device.
The tap device is used to connect the host to the virtual hub and is only available in Linux.

[hitman20]

The VPN Server itself is running on Linux. The Router001 has also Linux installed. Both use an TAP Adapter.
I set the VPN Bridge on the Windows Server becasue the Windows Server should always be connected.
I already connected it via Client and set the Connection as Startup Connection and this only worked after a restart when an internet connection already exist.
If the Windows Server has no internet connection then it didn't work after it get back the connection.
The real network card on the Windows Server has an public IP Address and the Loopback Adapter should get an IP Address of the VPN Network.

[kh_tsang]

Please install SoftEther VPN Server on the Windows Server for the Cascade connection.

SoftEther VPN Server can be used as VPN Bridge as well.

Connect the VPN Client to localhost.

[hitman20]

I nstalled now the VPN Server on the Windows Server and created the cascade connection then I connected the VPN Client to localhost but I get no IP Address on the VPN Client Adapter it only works when I set an static IP manually. Is it possible to forward the DHCP requests to DHCP Server on my VPN Server?

[kh_tsang]

Do you have DHCP server on your virtual hub?

SoftEther VPN is a layer 2 VPN, you need to prepare your own DHCP server.

[hitman20]

On the Linux VPN Server is a DHCP Server installed and it gives IP Adresses when a Client Connection is made. On the Windows VPN Server I don't have an DHCP Server because the Windows Server should in the same IP Range like the Router001 and the VPN Server. Can I also do this with the Layer 3 Switch?

[kh_tsang]

Some switches may allow you do this, but not the SoftEther VPN Layer 3 Switch.

Firstly, if you use DHCP, the route will be pushed to Router001 which should not happen.
Secondly, DHCP server requires a static IP address.

Finally, only your Windows Server will be using DHCP to obtain its IP.

Again, do not use Layer 3 switch in your setup, will only make it more complicated.

[hitman20]

Then I think the easier way is to create an Batch File that add the routes at every startup.

[kh_tsang]

For linux, you can include the commands in /etc/init.d/vpnserver.
For Windows, you can add persistent routes in the registry, or announce it using your DHCP server on linux.

[hitman20]

On the Linux Server I have already add the commands that the TAP Adapter get his IP Address and that the routes are added. On the Windows Server I will create a cascade connection and let the routes add via a Batch File.

[kh_tsang]

Is it working now?

[hitman20]

Now it is working with the Batch File which add the routes. Thanks for your help.