Hi,
I have been trying to follow Section 10.6 Build a LAN-to-LAN VPN (Using L3 IP Routing) in the Manual as closely as I can, but I have not succeeded in pinging between two LAN segments (LAN1, LAN2) .
Based on googling and forum posts my main concern is that I am most likely doing something wrong with bridging and tap devices.
Do I need tap devices in the configuration shown in the attachment, if I want to succeed in pinging from an arbitrary host in LAN1 to an arbitrary host in LAN2 and vice versa?
If yes, which hubs should I bridge to a tap device and which (if any) to physical interfaces (eth0, eth1)?
EDIT: At the moment I cannot add physical interfaces to the servers I'm using, so I am currently using only eth0, eth1
LAN-to-LAN connection with L3 routing Debian Wheezy
-
padawan
- Posts: 3
- Joined: Wed Oct 15, 2014 2:36 am
LAN-to-LAN connection with L3 routing Debian Wheezy
You do not have the required permissions to view the files attached to this post.
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: LAN-to-LAN connection with L3 routing Debian Wheezy
I think you need to add a route to PCs on both side.
If you want to communicate on the VPN server host itself, you should use TAP.
If you want to communicate on the VPN server host itself, you should use TAP.
-
padawan
- Posts: 3
- Joined: Wed Oct 15, 2014 2:36 am
Re: LAN-to-LAN connection with L3 routing Debian Wheezy
Many thanks for the tips. My issues were most likely related to my environment, not to SoftEther.
In my home LAN I had a Shorewall firewall that was dropping some of my packets. I was sure I had allowed all traffic to the relevant IP addresses, but there were some default policies that caused the conflict.
The office LAN is actually powered by Google Compute Engine (unfortunately not shown in my simplified drawing), which appears to have its own way of doing networking between instances and outside world.
I ended up with a setup, where a SE client is running on my home LAN gateway machine and SE server is running on GCE. The setup was very easy and now there is no need to use client software on computers connected to home LAN. Of course, connections are one way only (home to office), but in my case that is not an issue.
Lessons learned:
#1: Have you checked your firewall/iptables rules? If yes, check them once again : )
#2: If you are using a hosting service, read their networking docs. There may be some gotchas.
In the past I have paid little attention to layer 2 stuff. On linux I found arp-scan and ip neigh very helpful tools.
In my home LAN I had a Shorewall firewall that was dropping some of my packets. I was sure I had allowed all traffic to the relevant IP addresses, but there were some default policies that caused the conflict.
The office LAN is actually powered by Google Compute Engine (unfortunately not shown in my simplified drawing), which appears to have its own way of doing networking between instances and outside world.
I ended up with a setup, where a SE client is running on my home LAN gateway machine and SE server is running on GCE. The setup was very easy and now there is no need to use client software on computers connected to home LAN. Of course, connections are one way only (home to office), but in my case that is not an issue.
Lessons learned:
#1: Have you checked your firewall/iptables rules? If yes, check them once again : )
#2: If you are using a hosting service, read their networking docs. There may be some gotchas.
In the past I have paid little attention to layer 2 stuff. On linux I found arp-scan and ip neigh very helpful tools.