Page 1 of 1

LAN-to-LAN VPN (Using L3 IP Routing)

Posted: Sun Mar 17, 2013 7:26 am
by vpnuser
Hello,

First of all this software is awsome!

I'm trying to set up a LAN-to-LAN VPN using L3 IP routing but it does not work.

SoftEther VPN center server params:
Network: 192.168.11.0/24 as lana
SoftEther VPN server address: 192.168.11.10
OS: Windows 7 Pro x64
virtual hubs:
lana (bridged)
lanb (with one user named vpn)
l3 switch settings:
lana: ip 192.168.11.250 mask 255.255.255.0
lanb: ip 10.100.75.250 mask 255.255.0.0

SoftEther VPN site server (bridge mode) params:
Network: 10.100.0.0/16 as lanb
SoftEther VPN bridge address: 10.100.75.99
OS: Windows Xp (or Windows Vista7 x64)
virtual hub:
bridge (bridged, with cascade connection to vhub lanb of the server)

On the server I can ping the switch interface 192.168.11.250 from every pc on the lan (server side). On the site I can ping the switch interface 10.100.75.250 from every pc on the lan (site side). After I executed the route command on the server (route add 10.100.0.0 mask 255.255.0.0 192.168.11.250) I can ping the switch interface 10.100.75.250 and the 10.100.75.99 too but that's all. I can not reach any other computer on the site side. After I executed the route command on the site (route add 192.168.11.0 mask 255.255.255.0 10.100.75.250) I can ping the switch interface 192.168.11.250 and the server 192.168.11.10 too but that's all. I can not reach any other computer on the server side.

What do I misconfigure? I've attached the server log. Please help.

Re: LAN-to-LAN VPN (Using L3 IP Routing)

Posted: Sun Mar 17, 2013 1:04 pm
by cedar
You need to run 'route' command on all host to communicate via the L3SW.
There is also another method by adding a route to the router used as a default gateway.

Re: LAN-to-LAN VPN (Using L3 IP Routing)

Posted: Mon Mar 18, 2013 4:33 pm
by vpnuser
Thank you cedar for your reply. I've added a persistent route command to the hosts and it's working now. It seems that my knowledge about the networking is poor :P I thought that it is enough to add the route command to the client side only (the host where I wanted to connect from).

Thanks again!