The configuration looks fine and i can see the iptables populated on both the Server and Bridge, The two implementation are Centos 7 on on Vsphere and the portgroups are been setted in promiscuous mode.
I don't know what to check more and don't find an option in vpncmd that can help me to put in debug the icmp.
Thank
LAN-to-LAN VPN L2 Bridge is up but no ping
-
- Posts: 4
- Joined: Sat Jan 16, 2021 8:19 pm
-
- Posts: 477
- Joined: Tue Sep 11, 2018 5:58 pm
Re: LAN-to-LAN VPN L2 Bridge is up but no ping
elheho, why you make new nick on the forum instead of using your brain?
-
- Posts: 4
- Joined: Sat Jan 16, 2021 8:19 pm
Re: LAN-to-LAN VPN L2 Bridge is up but no ping
Hello, i did investigate yesterday and this moorning with my brain, troubleshooting the arp i seen with tcpdump that the Softether Box doesnt' reply to the arp requests. Firewall and selinux are down.
What other can i check?
[root@CentOS7 vpnbridge]# ifconfig ens192
ens192: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1986
inet 10.10.9.30 netmask 255.255.252.0 broadcast 10.10.11.255
inet6 fe80::3611:4cad:d8cf:6d6e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b5:d9:39 txqueuelen 1000 (Ethernet)
RX packets 139967 bytes 13751231 (13.1 MiB)
RX errors 0 dropped 18 overruns 0 frame 0
TX packets 105490 bytes 15410468 (14.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@CentOS7 vpnbridge]# tcpdump -i ens192 arp |grep 10.10.10.145
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
09:28:00.318147 ARP, Request who-has 10.10.10.145 tell 10.10.9.25, length 46
09:28:00.318164 ARP, Request who-has 10.10.10.145 tell 10.10.9.25, length 46
09:28:01.327248 ARP, Request who-has 10.10.10.145 tell 10.10.9.25, length 46
What other can i check?
[root@CentOS7 vpnbridge]# ifconfig ens192
ens192: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1986
inet 10.10.9.30 netmask 255.255.252.0 broadcast 10.10.11.255
inet6 fe80::3611:4cad:d8cf:6d6e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b5:d9:39 txqueuelen 1000 (Ethernet)
RX packets 139967 bytes 13751231 (13.1 MiB)
RX errors 0 dropped 18 overruns 0 frame 0
TX packets 105490 bytes 15410468 (14.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@CentOS7 vpnbridge]# tcpdump -i ens192 arp |grep 10.10.10.145
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
09:28:00.318147 ARP, Request who-has 10.10.10.145 tell 10.10.9.25, length 46
09:28:00.318164 ARP, Request who-has 10.10.10.145 tell 10.10.9.25, length 46
09:28:01.327248 ARP, Request who-has 10.10.10.145 tell 10.10.9.25, length 46
-
- Posts: 4
- Joined: Sat Jan 16, 2021 8:19 pm
Re: LAN-to-LAN VPN L2 Bridge is up but no ping
Hello, i did investigate yesterday and this moorning with my brain, troubleshooting the arp i seen with tcpdump that the Softether Box doesnt' reply to the arp requests. Firewall and selinux are down.
What other can i check?
What other can i check?
-
- Posts: 477
- Joined: Tue Sep 11, 2018 5:58 pm
Re: LAN-to-LAN VPN L2 Bridge is up but no ping
You need to provide picture/detailed description what you want.
Step by step: do you want to "connect" together both LANs? Are they in the same subnet? What will be the IP ranges for two LANs?
Do they both have internet connection?
I think the VPN is not your problem. Most likely it seems to be networking.
Step by step: do you want to "connect" together both LANs? Are they in the same subnet? What will be the IP ranges for two LANs?
Do they both have internet connection?
I think the VPN is not your problem. Most likely it seems to be networking.
-
- Posts: 4
- Joined: Sat Jan 16, 2021 8:19 pm
Re: LAN-to-LAN VPN L2 Bridge is up but no ping
Yes, i want to extend the 10.10.0.0/8 LAN on remote site and the VPN is UP as you can see :
also MAC table and IP Tables are populated
This the output from the bridge site
VPN Server/BRIDGE>stat
StatusGet command - Get Current Status of Virtual Hub
Item |Value
-----------------------------+-------------------
Virtual Hub Name |BRIDGE
Status |Online
Type |Standalone
SecureNAT |Disabled
Sessions |2
Access Lists |0
Users |0
Groups |0
MAC Tables |55
IP Tables |40
Num Logins |0
Last Login |2021-01-16 17:54:44
Last Communication |2021-01-17 14:13:24
Created at |2021-01-16 17:54:44
Outgoing Unicast Packets |3,606,673 packets
Outgoing Unicast Total Size |229,083,660 bytes
Outgoing Broadcast Packets |1,753,848 packets
Outgoing Broadcast Total Size|134,287,027 bytes
Incoming Unicast Packets |11,260,586 packets
Incoming Unicast Total Size |2,389,981,788 bytes
Incoming Broadcast Packets |1,891,827 packets
Incoming Broadcast Total Size|143,544,205 bytes
The command completed successfully.
and this is the output from the server site.
VPN Server/DEFAULT>stat
StatusGet command - Get Current Status of Virtual Hub
Item |Value
-----------------------------+-------------------
Virtual Hub Name |DEFAULT
Status |Online
Type |Standalone
SecureNAT |Disabled
Sessions |2
Sessions (Client) |0
Sessions (Bridge) |1
Access Lists |0
Users |1
Groups |0
MAC Tables |116
IP Tables |87
Num Logins |5
Last Login |2021-01-17 09:04:32
Last Communication |2021-01-17 14:20:34
Created at |2021-01-16 15:43:39
Outgoing Unicast Packets |1,783,898 packets
Outgoing Unicast Total Size |100,039,630 bytes
Outgoing Broadcast Packets |1,631,707 packets
Outgoing Broadcast Total Size|124,384,060 bytes
Incoming Unicast Packets |9,417,809 packets
Incoming Unicast Total Size |1,266,860,206 bytes
Incoming Broadcast Packets |1,749,572 packets
Incoming Broadcast Total Size|133,972,639 bytes
The command completed successfully.
also MAC table and IP Tables are populated
This the output from the bridge site
VPN Server/BRIDGE>stat
StatusGet command - Get Current Status of Virtual Hub
Item |Value
-----------------------------+-------------------
Virtual Hub Name |BRIDGE
Status |Online
Type |Standalone
SecureNAT |Disabled
Sessions |2
Access Lists |0
Users |0
Groups |0
MAC Tables |55
IP Tables |40
Num Logins |0
Last Login |2021-01-16 17:54:44
Last Communication |2021-01-17 14:13:24
Created at |2021-01-16 17:54:44
Outgoing Unicast Packets |3,606,673 packets
Outgoing Unicast Total Size |229,083,660 bytes
Outgoing Broadcast Packets |1,753,848 packets
Outgoing Broadcast Total Size|134,287,027 bytes
Incoming Unicast Packets |11,260,586 packets
Incoming Unicast Total Size |2,389,981,788 bytes
Incoming Broadcast Packets |1,891,827 packets
Incoming Broadcast Total Size|143,544,205 bytes
The command completed successfully.
and this is the output from the server site.
VPN Server/DEFAULT>stat
StatusGet command - Get Current Status of Virtual Hub
Item |Value
-----------------------------+-------------------
Virtual Hub Name |DEFAULT
Status |Online
Type |Standalone
SecureNAT |Disabled
Sessions |2
Sessions (Client) |0
Sessions (Bridge) |1
Access Lists |0
Users |1
Groups |0
MAC Tables |116
IP Tables |87
Num Logins |5
Last Login |2021-01-17 09:04:32
Last Communication |2021-01-17 14:20:34
Created at |2021-01-16 15:43:39
Outgoing Unicast Packets |1,783,898 packets
Outgoing Unicast Total Size |100,039,630 bytes
Outgoing Broadcast Packets |1,631,707 packets
Outgoing Broadcast Total Size|124,384,060 bytes
Incoming Unicast Packets |9,417,809 packets
Incoming Unicast Total Size |1,266,860,206 bytes
Incoming Broadcast Packets |1,749,572 packets
Incoming Broadcast Total Size|133,972,639 bytes
The command completed successfully.
-
- Posts: 477
- Joined: Tue Sep 11, 2018 5:58 pm
Re: LAN-to-LAN VPN L2 Bridge is up but no ping
I give up.
You can not be helped. You are obsessed with "no pinging". The only thing I understood from copy-paste useless information is that both server and bridge can see some MAC addresses.
I have written you many many times what you need to do. So I stop trying to help you.
Bye
You can not be helped. You are obsessed with "no pinging". The only thing I understood from copy-paste useless information is that both server and bridge can see some MAC addresses.
I have written you many many times what you need to do. So I stop trying to help you.
Bye
-
- Posts: 202
- Joined: Wed Jul 10, 2013 2:07 pm
Re: LAN-to-LAN VPN L2 Bridge is up but no ping
Its not clear what you want,
but if you just bridge softether to your eth0 on server side, you CAN'T reach the server-ip through VPN. Its a Linux/Kernel behaviour.
What worked for me is a "double-bridge":
* create tap device
* bridge softether on that tap device
* use linux bridge-utils to bridge tap and eth0
Other solution could be to add an second interface on the server, this should be reachable through vpn.
but if you just bridge softether to your eth0 on server side, you CAN'T reach the server-ip through VPN. Its a Linux/Kernel behaviour.
What worked for me is a "double-bridge":
* create tap device
* bridge softether on that tap device
* use linux bridge-utils to bridge tap and eth0
Other solution could be to add an second interface on the server, this should be reachable through vpn.