SoftEther VPN User Forum

SoftEther VPN User Forum
https://www.vpnusers.com/

VPN L2 Site2Site Ping only in one way

https://www.vpnusers.com/viewtopic.php?f=7&t=68342

Page 1 of 1

VPN L2 Site2Site Ping only in one way

Posted: Fri May 19, 2023 10:05 pm
by DerGrafPacula
Hallo from Germany,

ic have created a Site2Site L2 Bridge with SE Server and Bridge:

Site A:

IP Range: 192.168.0.0/24
Domain Controller: 192.168.0.21
Gateway (Lancom): 192.168.0.1
Server VPN SE-Server: 192.168.0.222
Static IP: 88.88.88.88 (for demonastration)

Server: Windows Server 2016 in an Hyper-V Machine

Site B:

IP Range: 192.168.0.0/24
Gateway (Lancom): 192.168.0.12
Server VPN SE-Bridge: 192.168.0.13
No IP (LTE)
Bridge Server: Windows 10 bare metal

For the VPN Tunnel IP Range: 10.0.0.0/24

I become a Bridge and i can ping all Devices on Site A from Site B.

BUT: No Devices on Site B from Site A.

As an Example: I had a PC with IP 192.168.0.90 on Site B. From there i can Ping, etc. all Devices on Site A. When i ping 192.168.0.90 from an PC on Site A i become TimeOuts.

On Site B i have enabled NAT/DHCP in the Bridge.

Any ideas?

Many thanks.

Frank

Re: VPN L2 Site2Site Ping only in one way

Posted: Sat May 20, 2023 3:20 pm
by solo
Hi, on B 192.168.0.90 run
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
and check for reciprocal ping. If still unsuccessful, while the VPN is active, post as code:

Code: Select all

Site A, VM host of 192.168.0.222:
netstat -r
ipconfig /all

Site A, 192.168.0.222 VM guest:
netstat -r
ipconfig /all
PS>Get-NetAdapter | Format-List -Property ifAlias,InterfaceDescription,PromiscuousMode
vpncmd localhost:port /server /password:*** /cmd BridgeList
vpncmd localhost:port /server /password:*** /adminhub:@@@ /cmd SecureNatStatusGet

Site B, 192.168.0.13:
netstat -r
ipconfig /all
vpncmd localhost:port /server /password:*** /cmd BridgeList
vpncmd localhost:port /server /password:*** /adminhub:@@@ /cmd SecureNatStatusGet

//replace: *** with SE admin password; @@@ with VPN hub's name

Re: VPN L2 Site2Site Ping only in one way

Posted: Sun Aug 06, 2023 9:56 pm
by nehakakar
On Site B, run the following command to enable ICMPv4 echo request (ping) in the Windows Firewall:

Code: Select all

netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
Try if this work..
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/