Client to bridge gateway

mesa57 · Post by **mesa57** » Fri Oct 11, 2013 4:10 pm

I have setup a server with the local bridge option.
Goal is that clients can access the local network.
This is pretty straightforward and works ok.
But the client gets a IP address from the router in the server network, but also the gateway is set to the vpn server router.
That implies that all internet access is also routed to the vpn server, which degrades performance. I would like to have the client NOT to set the gateway on the virtual adapter and keep the gateway on the physical adapter (which is removed when connection is established).

Does anyone know a solution for that ?

kh_tsang · Post by **kh_tsang** » Sat Oct 12, 2013 1:59 am

Use Layer 3 Switch. Then do not fill in any default gateway in the DHCP in thr hub that client connects.

e.g. Bridge Hub 1 and Hub 2. Hub 1 to LAN adapter and Hub 1 to Hub 2 by layer 3 switch. Finally, do not fill in anydefault gateway for the DHCP in Hub 2.

mesa57 · Post by **mesa57** » Sat Oct 12, 2013 9:57 am

Thanks for the quick reply.
I defined a new hub2
Hub1 is local bridged to the physical network adapter (192.168.2.63, gateway 192.168.2.254).
Added a layer 3 switch with 2 virtual interface :
192.168.2.21 - Hub1
192.168.2.22 - Hub2
both outside the dhcp range of the router.
I did not define a router, because both IP's are in the same subnet.

Now I connect the client to Hub2, but it does not receive any dhcp IP address and therefore is not working.

What am I doing wrong ?

kh_tsang · Post by **kh_tsang** » Sat Oct 12, 2013 10:16 am

Firstly, You need different subnet to use Layer 3 Bridge.

Secondly, DHCP function is available at SecureNAT. Enable it and disable NAT in the configuration. ALso, remove default gateway at the DHCP server settings.

[attachment=0]33.png[/attachment]

This picture is taken from http://www.softether.org/4-docs/1-manua ... 3_Switches

mesa57 · Post by **mesa57** » Sat Oct 12, 2013 10:36 am

Ok

Added a layer 3 switch with 2 virtual interface :
192.168.2.21 - Hub1
192.168.15.2 - Hub2
Added route 192.168.15.0/255.255.255.0 gateway 192.168.2.21
Added SecureNat on hub3 :
Ip address 192.168.15.2 dhcp range 192.168.15.10-200 (no gateway/dns)

After the connection the client gets IP address 192.168.15.10
I ping the host (via IPV6 ?????) but not other machines on the host network which perfectly works in the single hub+local bridge configuration

So my goal is not reached yet.

(btw I have read the manual about layer 3 switches)

kh_tsang · Post by **kh_tsang** » Sat Oct 12, 2013 11:19 am

You need to set two routes, one with 192.168.2.0/255.255.255.0 on Hub 1 and another with 192.168.15.0/255.255.255.0 on Hub2. The switch will allocate one IP in each Subnet.

mesa57 · Post by **mesa57** » Sat Oct 12, 2013 11:28 am

Eh, routes cannot be added to a hub, but to a virtual interface.
Of course I can add an extra route, but what should the gateways be ?
Sorry that I do not have experience with level 3 routing statements.

Btw I can see the switch virtual interface 192.168.2.21 in my router as connected device.
Of course not the other one, but there is a SECURENAT_DA9E40B63E37 device which got an ip address from dhcp (192.168.2.84)...

kh_tsang · Post by **kh_tsang** » Sat Oct 12, 2013 12:47 pm

I think it is not easy to configure that Layer 3 Switch with SoftEther VPN Server.

If you are using Windows Server, install the client as well and connect to each afapter with static IP configuration without default gateway. If you are using Linux Server, add tap device for each virtual hub and set a static IP address without default gateway.

Then, run a layer 3 switch on the two network adapters with other softwares like RRAS on Windows.

mesa57 · Post by **mesa57** » Sat Oct 12, 2013 1:21 pm

What of course also helps is setting the IP adress and DNS address on the client vpn adapter to a fixed address without a gateway and connect to hub1 (the one with a local bridge). Then all nodes in the server netwerk are reachable and internet traffic is going via the client network adapter.

I also setup an IpSec/L2TP connection to the server. On the client I created a windows VPN adapter and set "use standard gateway of external network" to OFF.

The VPN connection over ipsec/l2tp behave exactly as I want. It gets an IP address from the server, can access all nodes on the server network but leave the gateway untouched so that internet traffic goes through the client network connection. :)
I do not know yet if the ipsec/l2tp connection performs lower then a native connection.
And of course router forward configuration.

I think it should be an option on the client VPN adapters to ignore the gateway override, the same as with the microsoft vpn adapter. Maybe for a next release ?

Thanks for the support !

kh_tsang · Post by **kh_tsang** » Sat Oct 12, 2013 4:21 pm

Perhaps it is very difficult to set the items you wants automatically.

mesa57 · Post by **mesa57** » Sat Oct 12, 2013 5:49 pm

Softether is a marvelous package with some many options that I think it could easily do what hamachi gateway does. Just add some routes on the client is enough I experienced after an afternoon of experimenting.

mesa57 · Post by **mesa57** » Wed Oct 23, 2013 3:02 pm

I found a marvelous simple solution to direct internet traffic over the local network !
In in VPN client adapter, goto the IPV4 (IPV6 not tested) protocol, select advanced options.
Observe that in the default config, automatic metric is OFF and set to 1.
It is enough to trun automatic metric to ON.

On connect, the default gateway (for internet traffic) will now point to the local network interface, so internet traffic will NOT go thru the vpn connection. :)

Client to bridge gateway

Client to bridge gateway

Re: Client to bridge gateway

Re: Client to bridge gateway

Re: Client to bridge gateway

Re: Client to bridge gateway

Re: Client to bridge gateway

Re: Client to bridge gateway

Re: Client to bridge gateway

Re: Client to bridge gateway

Re: Client to bridge gateway

Re: Client to bridge gateway

Re: Client to bridge gateway SOLVED !