Totally routed Layer 2 VPN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
augur
Posts: 12
Joined: Tue Jun 04, 2019 6:09 am

Totally routed Layer 2 VPN

Post by augur » Tue Sep 28, 2021 7:04 am

Hi,

to avoid unnecessary traffic going through VPN like broadcasts I like to setup a totally routed VPN connection (layer 2) between two linux boxes. Actually I filter broadcasts in Softether which works fine in most cases but I like to do it right (also for my understanding).

How is setup actually:

Site 1 (main): Linux (Debian Server with Softether Server)
- Network segment 192.168.178.0
- tap device has ip 192.168.177.6
- routing enabled (no bridge)

Site 2: Linux (OpenWRT with Softether Bridge)
- Network segment 192.168.177.0
- Using a tap devices bridged to eth0
- tap device has ip 192.168.177.6
- traffic to 192.168.178.0 is routed to 192.168.177.6

My problem is that all traffic from site 2 is routed through VPN and then dropped. I setup package filters in Softether Bridge but I like to setup a fully routed network. Actually I can get this configuration to work only and did not know how to configure Site 2 to use also a routed connection.

What I tried:
- setup site 2 like site 1 with IP 192.168.178.6 so that 178 traffic should go there
- setup without IP and route all 178 traffic to this device

Any ideas or a tip what I should try?

Cheers,
Nils

nobody12
Posts: 139
Joined: Sat Feb 13, 2021 10:22 pm

Re: Totally routed Layer 2 VPN

Post by nobody12 » Tue Sep 28, 2021 11:27 am

I dont understand why you are using a layer2 VPN when there is a layer3 switch available in Softether?
But regarding your configuration:


If a PC in site 1 needs to send packets somewhere else it sends it to the default gateway, or if it has a routing table it will send it to the entry in the routing table. AFAIK the IP in for the route needs to be in the local network. But you say:
Site1: "tap device has ip 192.168.177.6"
and site2: traffic to 192.168.178.0 is routed to 192.168.177.6

Where is the IP in Site1 where the packets wll be sent to if you want to reachh Site2? This will not work to my knowlede.

Post Reply