SoftEtherVPN LAN to Cloud Connection
- 
				qorgh529
- Posts: 6
- Joined: Fri Mar 15, 2024 1:40 am
SoftEtherVPN LAN to Cloud Connection
Hello.
I want to connect between the company (main) and the cloud (site) with SoftEther VPN.
We have nine sites.
Currently, a SoftEtherVPN server for each site was created and configured for remote access, which required the client to create multiple connections.
VM <---> Cloud VPN Server or VPN Bridge (site) <==Cascade Connection==>company VPN Server(Main-Virtual hub "CLOUD") <==L3==> company VPN Server(Main-Virtual Hub "OFFICE")<--->Client
I want the Client to access VPNServer and configure it to be remotely accessible to the VM.
IP Setting
OFFICE - 10.0.10.0/24
CLOUD - 10.0.20.0/24
Main - 10.10.4.0/24
Site - 10.23.0.0/16
L3 Setting - OFFICE
Virtual interfaces:
OFFICE - 10.0.10.1 / 255.255.255.0
CLOUD - 10.0.20.1 / 255.255.255.0
Routing Table:
Network address/ Subnet Mask / Gateway Address / Metric
10.0.10.0 / 255.255.255.0 / 10.0.10.1 / 1
10.0.20.0 / 255.255.255.0 / 10.0.20.1 / 1
Virtual Hub SecureNAT Setting - OFFICE
Edit the static routing table to push
10.10.4.0/255.255.255.0/10.0.10.1
Virtual Hub SecureNAT Setting - CLOUD
Edit the static routing table to push
10.23.0.0/255.255.0.0/10.0.20.1
VPN Bridge - Site
Cascade Connetion
I would like to ask for your help on what is the problem in the above content.
			
									
									
						I want to connect between the company (main) and the cloud (site) with SoftEther VPN.
We have nine sites.
Currently, a SoftEtherVPN server for each site was created and configured for remote access, which required the client to create multiple connections.
VM <---> Cloud VPN Server or VPN Bridge (site) <==Cascade Connection==>company VPN Server(Main-Virtual hub "CLOUD") <==L3==> company VPN Server(Main-Virtual Hub "OFFICE")<--->Client
I want the Client to access VPNServer and configure it to be remotely accessible to the VM.
IP Setting
OFFICE - 10.0.10.0/24
CLOUD - 10.0.20.0/24
Main - 10.10.4.0/24
Site - 10.23.0.0/16
L3 Setting - OFFICE
Virtual interfaces:
OFFICE - 10.0.10.1 / 255.255.255.0
CLOUD - 10.0.20.1 / 255.255.255.0
Routing Table:
Network address/ Subnet Mask / Gateway Address / Metric
10.0.10.0 / 255.255.255.0 / 10.0.10.1 / 1
10.0.20.0 / 255.255.255.0 / 10.0.20.1 / 1
Virtual Hub SecureNAT Setting - OFFICE
Edit the static routing table to push
10.10.4.0/255.255.255.0/10.0.10.1
Virtual Hub SecureNAT Setting - CLOUD
Edit the static routing table to push
10.23.0.0/255.255.0.0/10.0.20.1
VPN Bridge - Site
Cascade Connetion
I would like to ask for your help on what is the problem in the above content.
- 
				solo
- Posts: 1728
- Joined: Sun Feb 14, 2021 10:31 am
Re: SoftEtherVPN LAN to Cloud Connection
The L3 is dysfunctional https://www.vpnusers.com/viewtopic.php? ... 688#p96682 
Consider an alternative approach https://www.vpnusers.com/viewtopic.php? ... 17#p101191
			
									
									
						Consider an alternative approach https://www.vpnusers.com/viewtopic.php? ... 17#p101191
- 
				qorgh529
- Posts: 6
- Joined: Fri Mar 15, 2024 1:40 am
Re: SoftEtherVPN LAN to Cloud Connection
Hi solo.
I would like to have remote access to the VM (10.20.X.XX) server on the Bridge when I connect to the Virtual Hub "OFFICE" by proceeding with the following configuration.
I looked at the link you gave me and tried to organize it as below, but it was not connected.
Main L3 OFFICE SecureNAT static routing table to push
10.10.2.0/255.255.255.0/10.0.10.1
CLOUD SecureNAT
IP Address : 10.0.20.1
Subnet Mask : 255.255.255.0
Virtual DHCP Server Setting
not use
static routing table to push
10.20.0.0/255.255.255.0/10.0.20.1, 10.0.20.0/255.255.255.0/10.0.10.200
Bridge
local Bridge Setting
status operating
BRIDGE SecureNAT
Disable SecureNAT
			
						I looked at the link you gave me and tried to organize it as below, but it was not connected.
Main L3 OFFICE SecureNAT static routing table to push
10.10.2.0/255.255.255.0/10.0.10.1
CLOUD SecureNAT
IP Address : 10.0.20.1
Subnet Mask : 255.255.255.0
Virtual DHCP Server Setting
not use
static routing table to push
10.20.0.0/255.255.255.0/10.0.20.1, 10.0.20.0/255.255.255.0/10.0.10.200
Bridge
local Bridge Setting
status operating
BRIDGE SecureNAT
Disable SecureNAT
You do not have the required permissions to view the files attached to this post.
			
									
						- 
				solo
- Posts: 1728
- Joined: Sun Feb 14, 2021 10:31 am
Re: SoftEtherVPN LAN to Cloud Connection
There are too many errors and omissions in your config. Let's simplify it:
- remove the L3
- disable SecureNAT on "CLOUD"
- install Microsoft Loopback Adapter and reboot it
- set a static IP on the MLA to 10.20.0.254 mask 255.255.0.0 - DG/DNS irrelevant
- bridge "CLOUD" to the MLA
In "OFFICE" change the "Static Routing Table to Push" to: 10.20.0.0/255.255.0.0/10.0.10.1
If your VPS is on Linux, use a soft tap bridge instead of MLA of course.
			
									
									
						- remove the L3
- disable SecureNAT on "CLOUD"
- install Microsoft Loopback Adapter and reboot it
- set a static IP on the MLA to 10.20.0.254 mask 255.255.0.0 - DG/DNS irrelevant
- bridge "CLOUD" to the MLA
In "OFFICE" change the "Static Routing Table to Push" to: 10.20.0.0/255.255.0.0/10.0.10.1
If your VPS is on Linux, use a soft tap bridge instead of MLA of course.
- 
				qorgh529
- Posts: 6
- Joined: Fri Mar 15, 2024 1:40 am
Re: SoftEtherVPN LAN to Cloud Connection
hi solo
I did it in the order you told me to do it. Can you check the settings?
<Main>
Server IP Setting
IP : 10.10.2.39
Subnet Mask : 255.255.255.0
DG : 10.10.2.1
Local Bridge Setting
OFFICE -->ethernet
CLOUD-01(Same to CLOUD) --> Loopback driver Adapter
L3 is disable
Virtual Hub "OFFICE"
SecureNAT inable
Virtual Host's Network Interface Settings
IP : 10.0.10.1
Subnet Mask : 255.255.255.0
Virtual DHCP Server Settings
inable DHCP
Distributes IP Address : 10.0.10.3 to 10.0.10.200
Subnet Mask : 255.255.255.0
DNS Server address : 8.8.8.8, 8.8.4.4
Static Routing table
10.10.2.0/255.255.255.0/10.0.10.1, 10.20.0.0/255.255.0.0/10.0.10.1
Virtual Hub "CLOUD-01"
SecureNAT disable
<Bridge>
Server IP Setting
IP : 10.20.0.3
Subnet : 255.255.255.240
DG : 10.20.0.1
Local Bridge Setting
BRIDGE --> Loopback driver Adapter
SecureNAT disable
Manage Cascade Connections
connect to <Main>-Virtual Hub "CLOUD-01"
After proceeding with the above setting, I tried to remotely access 10.10.2.39 and 10.20.0.3 on the external band PC (10.30.0.75) through OFFICE.
10.10.2.39, remote access was possible,
Remote access was not possible at 10.20.0.3.
Please let me know if there is anything I need to modify or add.
			
									
									
						I did it in the order you told me to do it. Can you check the settings?
<Main>
Server IP Setting
IP : 10.10.2.39
Subnet Mask : 255.255.255.0
DG : 10.10.2.1
Local Bridge Setting
OFFICE -->ethernet
CLOUD-01(Same to CLOUD) --> Loopback driver Adapter
L3 is disable
Virtual Hub "OFFICE"
SecureNAT inable
Virtual Host's Network Interface Settings
IP : 10.0.10.1
Subnet Mask : 255.255.255.0
Virtual DHCP Server Settings
inable DHCP
Distributes IP Address : 10.0.10.3 to 10.0.10.200
Subnet Mask : 255.255.255.0
DNS Server address : 8.8.8.8, 8.8.4.4
Static Routing table
10.10.2.0/255.255.255.0/10.0.10.1, 10.20.0.0/255.255.0.0/10.0.10.1
Virtual Hub "CLOUD-01"
SecureNAT disable
<Bridge>
Server IP Setting
IP : 10.20.0.3
Subnet : 255.255.255.240
DG : 10.20.0.1
Local Bridge Setting
BRIDGE --> Loopback driver Adapter
SecureNAT disable
Manage Cascade Connections
connect to <Main>-Virtual Hub "CLOUD-01"
After proceeding with the above setting, I tried to remotely access 10.10.2.39 and 10.20.0.3 on the external band PC (10.30.0.75) through OFFICE.
10.10.2.39, remote access was possible,
Remote access was not possible at 10.20.0.3.
Please let me know if there is anything I need to modify or add.
- 
				solo
- Posts: 1728
- Joined: Sun Feb 14, 2021 10:31 am
Re: SoftEtherVPN LAN to Cloud Connection
Hi qorgh529, note...
- delete the bridge
You have forgotten <Main> MLA
- set a static IP on the MLA to 10.20.0.254 mask 255.255.0.0 - DG/DNS irrelevant
Next, on <Main>:
- set to "auto" and start the "Routing and Remote Access" service (if not running already by default)
- run: netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
- on "OFFICE" click "Edit Virtual Hub Extended Option List" and set DisableKernelModeSecureNAT = 1
- reboot
- remove the MLA
- this is only a bridge to NIC 10.20.0.3
Also on <Bridge>:
- run: netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
Then on <Bridge> LAN DG: 10.20.0.1 - on the router add a static route:
ip route add 10.10.2.0/24 via 10.20.0.254
- if the router does not support static routes, add persistent static route to every PC/VM which needs to cross-connect:
route -p add 10.10.2.0 mask 255.255.255.0 10.20.0.254
Test pings:
from 10.10.2.39 to 10.20.0.3
...and vice-versa
			
									
									
						...you can't have both sNAT and a bridge.
- delete the bridge
You have forgotten <Main> MLA
- set a static IP on the MLA to 10.20.0.254 mask 255.255.0.0 - DG/DNS irrelevant
Next, on <Main>:
- set to "auto" and start the "Routing and Remote Access" service (if not running already by default)
- run: netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
- on "OFFICE" click "Edit Virtual Hub Extended Option List" and set DisableKernelModeSecureNAT = 1
- reboot
Why? I did not specify 2x MLAs!<Bridge>
...
Local Bridge Setting
BRIDGE --> Loopback driver Adapter
- remove the MLA
- this is only a bridge to NIC 10.20.0.3
Also on <Bridge>:
- run: netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
Then on <Bridge> LAN DG: 10.20.0.1 - on the router add a static route:
ip route add 10.10.2.0/24 via 10.20.0.254
- if the router does not support static routes, add persistent static route to every PC/VM which needs to cross-connect:
route -p add 10.10.2.0 mask 255.255.255.0 10.20.0.254
Test pings:
from 10.10.2.39 to 10.20.0.3
...and vice-versa
- 
				qorgh529
- Posts: 6
- Joined: Fri Mar 15, 2024 1:40 am
Re: SoftEtherVPN LAN to Cloud Connection
hello, solo.
The VPN Bridge was configured in the way you told me last time.
In addition, may I ask if the current VPN Bridge can be configured as follows?
For example, is there a way for a 10.10.2.45 PC to have remote access to a 10.20.0.3 PC or 10.20.0.0/24 band PC without using the SoftEtherVPN Client program?
Is there a way to remotely access 10.20.0.3 and check the situation where 10.10.2.45PC has remote access on the record with netstat?
I'll be waiting for your help. Thank you.
			
									
									
						The VPN Bridge was configured in the way you told me last time.
In addition, may I ask if the current VPN Bridge can be configured as follows?
For example, is there a way for a 10.10.2.45 PC to have remote access to a 10.20.0.3 PC or 10.20.0.0/24 band PC without using the SoftEtherVPN Client program?
Is there a way to remotely access 10.20.0.3 and check the situation where 10.10.2.45PC has remote access on the record with netstat?
I'll be waiting for your help. Thank you.
- 
				solo
- Posts: 1728
- Joined: Sun Feb 14, 2021 10:31 am
Re: SoftEtherVPN LAN to Cloud Connection
Yes, of course, in fact it is so by design, no client necessary, note my previous post...
Test pings:
from 10.10.2.39 to 10.20.0.3
...and vice-versa
- 
				qorgh529
- Posts: 6
- Joined: Fri Mar 15, 2024 1:40 am
Re: SoftEtherVPN LAN to Cloud Connection
Hello. Solo
I changed the internal IP of each server because the conditions were confusing for myself. And I reorganized the contents below by referring to the answer you posted before.
<Main>
Private IP : 192.168.0.40/255.255.255.0/192.168.0.1
Virtual Hub
not use "Office"
Use Only "CLOUD-01"
Local Bridge connect : MS Loopback(172.20.10.254) <-->CLOUD-01
CLOUD-01 not use SecureNAT
DisableKernelModeSecureNAT=1
<Bridge>
Private : 172.20.10.2/255.255.255.0/172.20.10.1
Cascadeconnection : CLOUD-01
Local Bridge : default nic <-->BRIDGE
Route -p add 192.168.0.0 mask 255.255.255.0 172.20.10.254
"File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
<test1>
IP : 192.168.0.201/255.255.255.0/192.168.0.1
<ping test>
Main ---> Bridge Bridge --> Main
			
						I changed the internal IP of each server because the conditions were confusing for myself. And I reorganized the contents below by referring to the answer you posted before.
<Main>
Private IP : 192.168.0.40/255.255.255.0/192.168.0.1
Virtual Hub
not use "Office"
Use Only "CLOUD-01"
Local Bridge connect : MS Loopback(172.20.10.254) <-->CLOUD-01
CLOUD-01 not use SecureNAT
DisableKernelModeSecureNAT=1
<Bridge>
Private : 172.20.10.2/255.255.255.0/172.20.10.1
Cascadeconnection : CLOUD-01
Local Bridge : default nic <-->BRIDGE
Route -p add 192.168.0.0 mask 255.255.255.0 172.20.10.254
"File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
<test1>
IP : 192.168.0.201/255.255.255.0/192.168.0.1
<ping test>
Main ---> Bridge Bridge --> Main
You do not have the required permissions to view the files attached to this post.
			
									
						- 
				solo
- Posts: 1728
- Joined: Sun Feb 14, 2021 10:31 am
Re: SoftEtherVPN LAN to Cloud Connection
That "cloud" is only 2ms away. If you're testing it all on a LAN or VMs, you will most likely fail without prior networking experience. Furthermore, as you keep moving the goalposts and changing configuration, it becomes convoluted, inconsistent and no longer interesting.
			
									
									
						