How to configure LAN to LAN using Softether VPN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
jufirst
Posts: 9
Joined: Tue Mar 05, 2024 6:22 am

How to configure LAN to LAN using Softether VPN

Post by jufirst » Tue Mar 05, 2024 6:40 am

Hi
I attempt to setup LAN to LAN using softether vpn
I try to the topolozy of network
192.168.2.2(PC) <-----wired----->192.168.2.1(vpnbridge), another NIC<----wireless(internet zone)------>220.XX.XX.XX,192.168.1.1(vpnserver)<-----wired--->192.168.1.2

I configured regard as se manual of Lan to Lan.
1. I installed vpnbridge and setting local bridge NIC of (192.168.2.1)
2. I installed vpnserver and setting local bridge NIC of(192.168.1.1)
3. I tried local bridge or secure nat of vpnserver machine
4. I connected from vpnbridge to vpnserver using cascade connection of account that created in vpnserver for connect from vpnbridge

There are two things I'm curious about:
First, in order to connect to the VPNbridge from a client, should it be done through VPNClient? So what are the specific methods?
Destination address is vpnserver? Or vpnbridge, it seems that accounts can only be created on vpnserver.
Second, if I don't need vpnclient, what additional work do I need to do to configure LAN to LAN with softether VPN, and how should I test the connection?

Which case or status that I confirm the success of connection and configure of topolozy?
What I inspect for success?

I searched by any days , But I can't the solution of them.

Thank you.

jufirst
Posts: 9
Joined: Tue Mar 05, 2024 6:22 am

Re: How to configure LAN to LAN using Softether VPN

Post by jufirst » Tue Mar 05, 2024 7:20 am

If I don't need the vpnclient to connect vpnbridge, Why listen the port of vpnbridge(443,5555,etc)

solo
Posts: 1333
Joined: Sun Feb 14, 2021 10:31 am

Re: How to configure LAN to LAN using Softether VPN

Post by solo » Tue Mar 05, 2024 7:49 am


jufirst
Posts: 9
Joined: Tue Mar 05, 2024 6:22 am

Re: How to configure LAN to LAN using Softether VPN

Post by jufirst » Tue Mar 05, 2024 8:47 am

Is it only one NIC ?

Can't I success with 2 NIC (vpnbridge side and vpnserver side) ?

What is role of vpn connection in LAN to LAN, If cant connect two site of internet ( Can't I use public ip address ? or port forwarding of pub IP) ?

jufirst
Posts: 9
Joined: Tue Mar 05, 2024 6:22 am

Can't I setup LAN to LAN on server that have two NIC (Server Zone is DMZ)

Post by jufirst » Thu Mar 07, 2024 12:21 am

Hello

When I setup LAN to LAN ( 2 sites), Can't I Use 2 Network Interface Card in (vpnbridge or vpnserver PC )

Reply that wrote by softether community say only 1 NIC (Connect to internet by Network Address Translation), But I try to 2 NIC.

2 NIC is followed

One NIC is connected internal network(can't connect internet and isolated),
Other NIC can connect Internet

and Vpnbridge and Vpnserver of softether installed on this servers.

Can I setup site to site (LAN to LAN) ?

solo
Posts: 1333
Joined: Sun Feb 14, 2021 10:31 am

Re: Can't I setup LAN to LAN on server that have two NIC (Server Zone is DMZ)

Post by solo » Thu Mar 07, 2024 2:14 am

jufirst wrote:
Thu Mar 07, 2024 12:21 am
Reply that wrote by softether community say only 1 NIC (Connect to internet by Network Address Translation)
Where did the community write that only one NIC+NAT is allowed?

jufirst
Posts: 9
Joined: Tue Mar 05, 2024 6:22 am

Re: How to configure LAN to LAN using Softether VPN

Post by jufirst » Thu Mar 07, 2024 2:32 am

link of document that You suggest to me, I find one network(IP of vpnserver(bridge) is one)
I can't find sample case that over 1 NIC.
So, I think that

solo
Posts: 1333
Joined: Sun Feb 14, 2021 10:31 am

Re: How to configure LAN to LAN using Softether VPN

Post by solo » Thu Mar 07, 2024 3:02 am


jufirst
Posts: 9
Joined: Tue Mar 05, 2024 6:22 am

Re: How to configure LAN to LAN using Softether VPN

Post by jufirst » Thu Mar 07, 2024 4:58 am

I don't want to clustering
I 'll attach the network topolozy

192.168.2.2 (client)
192.168.2.1(172.20.18.31/24 , gw-172.20.18.154 - wifi network connected hot spot cellular phone)
192.168.2.1 and 192.168.2.2 are wired connected
vpnbridge installed 192.168.2.1 and was setted local bridge NIC of 192.168.2.1


192.168.1.2 ( client of server side)
192.168.1.1 (172.30.1.81/24,gw-172.30.1.254 - wifi network connected ISP internet using NAT)
192.168.1.2 and 192.168.1.1 are wired connected
vpnserver installed 192.168.1.1 and was setted local bridge NIC of 192.168.1.1
and
cascade connect from 192.168.2.1 to 192.168.1.1 successfully.

then, I try to ping 192.168.2.2 to 192.168.1.2 and fail to ping.
attach.jpg
in network topolozy vpnserver(172.30.1.81) use port forwarding 5555 -> 172.30.1.81 (public ip is 220.76.XXX.XXX)
You do not have the required permissions to view the files attached to this post.
Last edited by jufirst on Thu Mar 07, 2024 7:17 am, edited 2 times in total.

jufirst
Posts: 9
Joined: Tue Mar 05, 2024 6:22 am

Re: How to configure LAN to LAN using Softether VPN

Post by jufirst » Thu Mar 07, 2024 7:13 am

In fact, 192.168.2.2 and 192.168.1.2 can't connect internet web site, only can connect internal ip (192.168.2.0/24, 192.168.1.0/24)

solo
Posts: 1333
Joined: Sun Feb 14, 2021 10:31 am

Re: How to configure LAN to LAN using Softether VPN

Post by solo » Thu Mar 07, 2024 8:11 am

jufirst wrote:
Thu Mar 07, 2024 4:58 am
I try to ping 192.168.2.2 to 192.168.1.2 and fail to ping.
Ensure they are on the same subnet or use L3 switch. Also run on both:
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes

jufirst
Posts: 9
Joined: Tue Mar 05, 2024 6:22 am

Re: How to configure LAN to LAN using Softether VPN

Post by jufirst » Fri Mar 08, 2024 12:37 am

thank you for your comment.

I tried set network config

192.168.2.2/16 <---------------> 192.168.2.1/16, 172.20.18.31/24 (NAT) ------- internet ------- 172.30.1.81/24(NAT), 192.168.1.1/16<----------> 192.168.1.2/16

but ping from 192.168.2.2 to 192.168.1.2 is failed.
and from 192.168.2.2 to 192.168.1.1(vpnserver) is failed

only from 192.168.2.2 to 192.168.2.1 is succeeded. but from 192.168.2.2 to 172.20.18.31 is failed.

vpnbridge,vpnserver 's OS are windows 10.

firewall are off all for test.

What can I do for success?

thank you

solo
Posts: 1333
Joined: Sun Feb 14, 2021 10:31 am

Re: How to configure LAN to LAN using Softether VPN

Post by solo » Fri Mar 08, 2024 1:50 am

Start the VPN and post AS CODE the output of:

Code: Select all

from Windows #1 PC
------------------
ping 192.168.1.1
ping 192.168.1.2
ping 192.168.2.2
netstat -r
ipconfig /all
arp -a
netsh advfirewall show allprofiles state
vpncmd localhost:port /server /password:*** /cmd ServerInfoGet
vpncmd localhost:port /server /password:*** /cmd BridgeDeviceList
vpncmd localhost:port /server /password:*** /cmd BridgeList
vpncmd localhost:port /server /password:*** /adminhub:@@@ /cmd StatusGet
vpncmd localhost:port /server /password:*** /adminhub:@@@ /cmd NatGet
vpncmd localhost:port /server /password:*** /adminhub:@@@ /cmd AccessList
vpncmd localhost:port /server /password:*** /adminhub:@@@ /cmd CascadeList
vpncmd localhost:port /server /password:*** /adminhub:@@@ /cmd CascadeStatusGet [name]
//replace: 'port' with number; *** with SE admin password; @@@ with VPN hub's name

from Client #1 PC
------------------
ping 192.168.2.1
ping 192.168.1.1
ping 192.168.1.2
netstat -r
ipconfig /all
arp -a
netsh advfirewall show allprofiles state

from Windows #2 PC
------------------
ping 192.168.2.1
ping 192.168.2.2
ping 192.168.1.2
netstat -r
ipconfig /all
arp -a
netsh advfirewall show allprofiles state
vpncmd localhost:port /server /password:*** /cmd ServerInfoGet
vpncmd localhost:port /server /password:*** /cmd BridgeDeviceList
vpncmd localhost:port /server /password:*** /cmd BridgeList
vpncmd localhost:port /server /password:*** /adminhub:@@@ /cmd StatusGet
vpncmd localhost:port /server /password:*** /adminhub:@@@ /cmd NatGet
vpncmd localhost:port /server /password:*** /adminhub:@@@ /cmd AccessList

from Client #2 PC
------------------
ping 192.168.1.1
ping 192.168.2.1
ping 192.168.2.2
netstat -r
ipconfig /all
arp -a
netsh advfirewall show allprofiles state

Post Reply