Page 1 of 1

SITE TO SITE VPN

Posted: Tue May 16, 2017 2:10 pm
by simosan
Hello everybody,

I would like to configure a Site-to-Site VPN between two server located in different places, but i don't understand how to do that with softEther software.

The manual on the homepage of the software is not so clear, at least for me.

I still searching for a step-by-step guide but I don't find it.

I have site A on a win10 server with 10.10.10.2 ip address and site B with winXP with 172.16.7.59.

Someone can help me?

Re: SITE TO SITE VPN

Posted: Wed May 17, 2017 2:09 pm
by LankyMax
On site A or on site B you need admin access to FireWall to transfer ex. tcp port 5555 on server site A or B.

Ex. Site A is master, IP area 10.10.10.0/24 Then on server you create two Hub, first for Site A (ex. "HubA") and second for Site B (ex. "HubB"). Now on Site A in SEManager you create "Local bridge" for "HubA" and physical interface (ip 10.10.10.2) and set Virtual Hub Extended option "NoDhcpPacketLogOutsideHub" in 1.
Site B is slave. IP area 172.16.7.0/24. On Server you create one Hub (ex. "HubB") and create "Local Bridge" for "HubB" and physical interface (ip 172.16.7.59)) and set Virtual Hub Extended option "NoDhcpPacketLogOutsideHub" in 1. Then in Management screen HubB Site B you create cascade connection to HubB Site A. (Advanced Settings: Number of TCP Connections - 32 and check two options "Use Half-Duplex Mode" and "Use Data Compression")
Ex. ip Gateway for Site B in Site A is 10.10.10.254/24 and ip gateway for Site A in Site B is 172.16.7.254/24? then in SE Manager of Site A you create new layer 3 Switch Settings (ex "A-B"), where for hub "HubA" you enter ip 10.10.10.254 mask 255.255.255.0 and for hub "HubB" ypu enter ip 172.16.7.254 mask 255.255.255.0. Start switch.

Now you need on Site A create persistent routing to Site B through gw 10.10.10.254, and on Site B create persistent routing to Site A through gw 172.16.7.254.

If you have not real ip address for each inet interface of each Sites, you can use ddns SE. Current DDNS hostname for each SE server signed in left down corner of screen "Manage VPN Server".

That is all what you need.

Re: SITE TO SITE VPN

Posted: Fri May 19, 2017 8:59 pm
by starkruzr
I'm trying to do this too, and I'm stumped. I was just going to do it over Layer 3, because I need to connect two totally different subnets -- our local datacenter and AWS. It doesn't seem to be creating a new interface that I can assign an IP address to when I set up the bridge.

Re: SITE TO SITE VPN

Posted: Mon May 22, 2017 2:53 pm
by triwaves
LankyMax - thanks for this explanation - I am also trying to connect to different locations with a L3 switch for the main reason that I can leave the IP assignment scheme of each location intact. In my case Location Servers is on AWS and have an A site and a B site both cascade connected to AWS.

I follow your whole explanation until the statement:

LankyMax wrote:
>
>
> Now you need on Site A create persistent routing to Site B through gw
> 10.10.10.254, and on Site B create persistent routing to Site A through gw
> 172.16.7.254.
>
How does one actually implement that? Right now each PC in each network has a GW pointing to the router that runs the network (it is a Cisco router connected to internet that provides Internet and DHCP / static IP addresses to each client on network).

In this example you don't install any "client" on any PC right? I was hoping it's all at the network level where each PC works just as it did before the VPN is connected (and in that way for my case, if the VPN site is disconnected each PC works like it did before, just w/o access to the disconnected remote site).

So to get traffic to the internet or a local machine on same subnet, the original gateway on the Cisco router is still needed, but to get to site A (or site B) I need traffic to get to the L3 switch (ex. 192.168.1.254/24) which will route it to the other site correct? How do I do this w/o modifying each and PC client on each network?

Thanks!

Re: SITE TO SITE VPN

Posted: Wed May 24, 2017 8:09 am
by simosan
Thank you LankyMax,
now i'm very busy with other project but, when i will have a bit of time, i will try to do that instructions.
Many many thanks

LankyMax wrote:
> On site A or on site B you need admin access to FireWall to transfer ex.
> tcp port 5555 on server site A or B.
>
> Ex. Site A is master, IP area 10.10.10.0/24 Then on server you create two
> Hub, first for Site A (ex. "HubA") and second for Site B (ex.
> "HubB"). Now on Site A in SEManager you create "Local
> bridge" for "HubA" and physical interface (ip 10.10.10.2)
> and set Virtual Hub Extended option "NoDhcpPacketLogOutsideHub"
> in 1.
> Site B is slave. IP area 172.16.7.0/24. On Server you create one Hub (ex.
> "HubB") and create "Local Bridge" for "HubB"
> and physical interface (ip 172.16.7.59)) and set Virtual Hub Extended
> option "NoDhcpPacketLogOutsideHub" in 1. Then in Management
> screen HubB Site B you create cascade connection to HubB Site A. (Advanced
> Settings: Number of TCP Connections - 32 and check two options "Use
> Half-Duplex Mode" and "Use Data Compression")
> Ex. ip Gateway for Site B in Site A is 10.10.10.254/24 and ip gateway for
> Site A in Site B is 172.16.7.254/24? then in SE Manager of Site A you
> create new layer 3 Switch Settings (ex "A-B"), where for hub
> "HubA" you enter ip 10.10.10.254 mask 255.255.255.0 and for hub
> "HubB" ypu enter ip 172.16.7.254 mask 255.255.255.0. Start
> switch.
>
> Now you need on Site A create persistent routing to Site B through gw
> 10.10.10.254, and on Site B create persistent routing to Site A through gw
> 172.16.7.254.
>
> If you have not real ip address for each inet interface of each Sites, you
> can use ddns SE. Current DDNS hostname for each SE server signed in left
> down corner of screen "Manage VPN Server".
>
> That is all what you need.

Re: SITE TO SITE VPN

Posted: Mon Mar 16, 2020 11:16 pm
by jacqljh
I succeeded Site to Site vpn in a different way.

The configuration method and manual are left as the link below.


HQ
Router
- network 172.16.0.0/22
- IP : 172.16.0.1
- static ip routing 192.168.219.0/24 172.16.0.15
- Local network dhcp server

Platform : vmware exsi 6.7
ubuntu Server 18.04
- 172.16.0.10
- gw : 172.16.0.1
- softehter vpn server install

BR
Router
- network 192.168.219.0/24
- IP : 192.168.219.1
- static ip routing 172.16.0.0/22 192.168.219.15
- Local network dhcp server

Platform : raspberry Pi
ubuntu server 19.10
- 192.168.219.10
- gw : 192.168.219.1
- softehter vpn server install

softehter virtual L3 Switch interface
172.16.0.15 255.255.252.0 HQ-HUB
192.168.219.15 255.255.255.0 BR-HUB

softehter Routing Table
no configuration



http://gofile.me/518fc/72T7CmlyP

Re: SITE TO SITE VPN

Posted: Fri Mar 27, 2020 12:48 pm
by destinia
Hi All:
I also have some problems regarding the 'site 2 site vpn' setup and really appreciate if you can help.
I have a Center VPN server(Running on OpenWRT) for our HQ and a bridge server(running windows 10) for branch
the IP/subnet of the Center is 10.86.32.0 255.255.254.0
the IP/subnet of the Branch is 192.168.199.0 255.255.0
The cascade connection is succesfully connected
I also setup a L3 Switch on the center server and assign IP:10.86.32.254 for the virtual interface of HQ hub and IP:192.168.199.254 for the virtual interface of Branch hub.
My question is all clients in the same subnet cannot reach remote clients except the remote virtual interface.
for instance a client in branch which IP is 192.168.199.100 can reach remote '10.86.32.254', but cannot reach other clients in HQ's subnet
Figure:
Work:
192.168.199.100->10.86.33.254(HQ SoftEther L3 Switch Virtual Interface)
Doesnt work:
192.168.199.100->10.86.33.200(HQ File Server)

*************************************************************
Some updates:
I tried to use L2 switch over the softether vpn tunnel and all branch clients can obtain an IP address from HQ DHCP server wand ithout problem accessing HQ servers/clients at all.
It looks like there are something wrong with L3 routing.

Could you please advise?

Re: SITE TO SITE VPN

Posted: Sat Feb 20, 2021 9:05 pm
by johnfolia
LankyMax wrote:
Wed May 17, 2017 2:09 pm
On site A or on site B you need admin access to FireWall to transfer ex. tcp port 5555 on server site A or B.

Ex. Site A is master, IP area 10.10.10.0/24 Then on server you create two Hub, first for Site A (ex. "HubA") and second for Site B (ex. "HubB"). Now on Site A in SEManager you create "Local bridge" for "HubA" and physical interface (ip 10.10.10.2) and set Virtual Hub Extended option "NoDhcpPacketLogOutsideHub" in 1.
Site B is slave. IP area 172.16.7.0/24. On Server you create one Hub (ex. "HubB") and create "Local Bridge" for "HubB" and physical interface (ip 172.16.7.59)) and set Virtual Hub Extended option "NoDhcpPacketLogOutsideHub" in 1. Then in Management screen HubB Site B you create cascade connection to HubB Site A. (Advanced Settings: Number of TCP Connections - 32 and check two options "Use Half-Duplex Mode" and "Use Data Compression")
Ex. ip Gateway for Site B in Site A is 10.10.10.254/24 and ip gateway for Site A in Site B is 172.16.7.254/24? then in SE Manager of Site A you create new layer 3 Switch Settings (ex "A-B"), where for hub "HubA" you enter ip 10.10.10.254 mask 255.255.255.0 and for hub "HubB" ypu enter ip 172.16.7.254 mask 255.255.255.0. Start switch.

Now you need on Site A create persistent routing to Site B through gw 10.10.10.254, and on Site B create persistent routing to Site A through gw 172.16.7.254.

If you have not real ip address for each inet interface of each Sites, you can use ddns SE. Current DDNS hostname for each SE server signed in left down corner of screen "Manage VPN Server".

That is all what you need.
Hi LankMAx,
I have followed same steps you have mentioned. I was able to ping Virtual IP on L3 switch on AWS from office LAN machine but not able to ping virtual IP on L3 switch on AWS from AWS windows machine on SAME subnet.
SG allowed both CIDR inbound and out bound and attached to windows machine. As Windows and SoftEther server are on same VPC subnet they should be able to TALK. (route Table entry 10.0.0.0/16 --> local) Firewall is off on windows machine.

What am I missing? will you please help?
softehter vpn setup.jpg


my set up is as below link:

https://www.vpnusers.com/viewtopic.php?f=7&t=66577

Thanks.