I cannot access a VPN client from current site to different location vpn site

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
lucas
Posts: 7
Joined: Wed Feb 08, 2023 7:51 pm

I cannot access a VPN client from current site to different location vpn site

Post by lucas » Wed Feb 08, 2023 8:02 pm

A site
WAN IP A, Lan 192.168.1.1, softether 192.168.20.1, DHCP in softether, vnat in softether, route 192.168.20.0/255.255.255.0/192.168.1.1, 192.168.100.0/255.255.255.0/192.168.10.1

B site
WAN IP B, Lan 192.168.10.1, softether 192.168.100.1, DHCP in softether, vnat in softether, route 192.168.100.0/255.255.255.0/192.168.10.1, 192.168.20.0/255.255.255.0/192.168.1.1

Any clients connect to A site or B site, no problem access any resources at LAN[192.168.1.x OR 192.168.10.x]

I try to use site to site connect from A to B, let B site create the username and password and connect, but any clients connect to A site, still not able access any resources from B[192.168.10.x / 192.168.100.x], I try to create L3 switch, but I don't think create right one, so it still doesn't work, any advice will be appreciated.

Thanks

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: I cannot access a VPN client from current site to different location vpn site

Post by solo » Wed Feb 08, 2023 11:42 pm

https://www.softether.org/4-docs/1-manu ... Routing%29

Can you restructure site-to-site as prescribed above?
As it is, it'd be messy to work around the current setup.

lucas
Posts: 7
Joined: Wed Feb 08, 2023 7:51 pm

Re: I cannot access a VPN client from current site to different location vpn site

Post by lucas » Thu Feb 09, 2023 2:45 pm

solo wrote:
Wed Feb 08, 2023 11:42 pm
https://www.softether.org/4-docs/1-manu ... Routing%29

Can you restructure site-to-site as prescribed above?
As it is, it'd be messy to work around the current setup.
I did review this and don't think it will work in my case, at the first those vL3 before the LAN, in my case, LAN before the vL3, I did try to use IP Routing try to fix the problem, at the beginning, any client connect to VPN can't access to LAN resource, after setup the IP Routing in SecureNAT, it can access now, I already use site to site connection from A site to B site, how can I use vL3 to make A site client access B site LAN resource.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: I cannot access a VPN client from current site to different location vpn site

Post by solo » Thu Feb 09, 2023 8:36 pm

The SE doc outlines only L3 topology, which also requires proper routing. Here are examples:
https://www.vpnusers.com/viewtopic.php? ... 688#p96682
https://www.vpnusers.com/viewtopic.php? ... 639#p96377

lucas
Posts: 7
Joined: Wed Feb 08, 2023 7:51 pm

Re: I cannot access a VPN client from current site to different location vpn site

Post by lucas » Thu Feb 09, 2023 10:07 pm

solo wrote:
Thu Feb 09, 2023 8:36 pm
The SE doc outlines only L3 topology, which also requires proper routing. Here are examples:
https://www.vpnusers.com/viewtopic.php? ... 688#p96682
https://www.vpnusers.com/viewtopic.php? ... 639#p96377
I did try ip routing in my router, it doesn't work, I will review the examples you provided and try again, may provide feedback few days later.

lucas
Posts: 7
Joined: Wed Feb 08, 2023 7:51 pm

Re: I cannot access a VPN client from current site to different location vpn site

Post by lucas » Thu May 04, 2023 7:43 pm

Hi solo,

Sorry about the late reply, many project going on stop me to look in this forum,

recently have little change, still need site to site vpn connect, has been look up lot of documents for SE, unfortunate no one getting work,

Let me explain my current network,

A LAN 192.168.0.1/23, hub 192.168.20.1/24
B LAN 192.168.10.1/24, hub 192.168.30.1/24
C LAN 10.0.0.1/24, hub 192.168.40.1/24

I check LAN-to-LAN VPN (Using L2 Bridge) and LAN-to-LAN VPN (Using L3 IP Routing) didn't work, can you help me out with L3 IP Routing way, I can't resolve in past two months, please correct me any wrong I may operator, I don't provide any L3 IP routing detail at this moment, please just direct me how to make it work in IP Routing if possible.

Thanks
Lucas

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: I cannot access a VPN client from current site to different location vpn site

Post by solo » Fri May 05, 2023 1:11 am

lucas wrote:
Thu May 04, 2023 7:43 pm
I check LAN-to-LAN VPN (Using L2 Bridge) and LAN-to-LAN VPN (Using L3 IP Routing) didn't work, can you help me out with L3 IP Routing way, I can't resolve in past two months, please correct me any wrong I may operator, I don't provide any L3 IP routing detail at this moment, please just direct me how to make it work in IP Routing if possible.
I note you asking a question about Hyper-V elsewhere. Whatever you have tried and failed may be caused by network specifics of VM deployment if indeed this is where you set it up and did not tell us about it.

To reiterate - you have to apply site-to-site and its routing exactly as advised above. If in Hyper-V, then in "Advanced Features" of the network adapter enable "MAC Address Spoofing" and maybe/possibly in management OS vNIC set "Port Mirroring" to destination mode, while the VMs to source mode.

lucas
Posts: 7
Joined: Wed Feb 08, 2023 7:51 pm

Re: I cannot access a VPN client from current site to different location vpn site

Post by lucas » Wed May 10, 2023 2:48 pm

solo wrote:
Fri May 05, 2023 1:11 am
lucas wrote:
Thu May 04, 2023 7:43 pm
I check LAN-to-LAN VPN (Using L2 Bridge) and LAN-to-LAN VPN (Using L3 IP Routing) didn't work, can you help me out with L3 IP Routing way, I can't resolve in past two months, please correct me any wrong I may operator, I don't provide any L3 IP routing detail at this moment, please just direct me how to make it work in IP Routing if possible.
I note you asking a question about Hyper-V elsewhere. Whatever you have tried and failed may be caused by network specifics of VM deployment if indeed this is where you set it up and did not tell us about it.

To reiterate - you have to apply site-to-site and its routing exactly as advised above. If in Hyper-V, then in "Advanced Features" of the network adapter enable "MAC Address Spoofing" and maybe/possibly in management OS vNIC set "Port Mirroring" to destination mode, while the VMs to source mode.

Thanks for reply, no, I didn't run my SE in Hyper-V mode or any VM mode, it run under my server direct in my network, when I create the site to site using DHCP in hub and bridge to my network, it cause mix up my second network dhcp issue, now I'm sure I need using L3 IP routing, but I didn't know how to make it right and work since I make a lot if change but it still didn't work right. if you can use my information as beginning to tell me how to make L3 ip routing correctly, it will help a lot, thanks.

Post Reply