VPN lan to lan on same subnet
-
- Posts: 15
- Joined: Sat Sep 25, 2021 9:00 am
VPN lan to lan on same subnet
Hi all. I am a complete noob who is trying to create a VPN lan to lan network. I have installed VPN Server on ‘Machine A’ (Win 10), and VPN Bridge on ‘Machine B’ (Win 10). I have managed to create a session and both server and bridge appear to be talking to each other. However, everything slows to a crawl.
I should point out that ‘Machine A’ and ‘Machine B’ are currently connected to the same network, i.e. both physically connected to the same switch and subnet behind my broadband router. This arrangement is for test purposes only. I plan to move the ‘Machine B’ off-site eventually.
Is it ok to try test a setup this way or have I broken some cardinal rule? When the session is running it seems my broadband router is being flooded. Even my home WiFi slows to a halt. Cheers in advance.
I should point out that ‘Machine A’ and ‘Machine B’ are currently connected to the same network, i.e. both physically connected to the same switch and subnet behind my broadband router. This arrangement is for test purposes only. I plan to move the ‘Machine B’ off-site eventually.
Is it ok to try test a setup this way or have I broken some cardinal rule? When the session is running it seems my broadband router is being flooded. Even my home WiFi slows to a halt. Cheers in advance.
-
- Posts: 1432
- Joined: Sun Feb 14, 2021 10:31 am
Re: VPN lan to lan on same subnet
You created a network loop with broadcast storm which slows everything down.
-
- Posts: 15
- Joined: Sat Sep 25, 2021 9:00 am
Re: VPN lan to lan on same subnet
That sounds about right. It is probably pointless in me testing this setup. Or perhaps that proves it works. I will be moving the bridge off-site soon. Cheers
-
- Posts: 15
- Joined: Sat Sep 25, 2021 9:00 am
Re: VPN lan to lan on same subnet
So I have finally got the VPN Server and Bridge set up on 2 isolated networks bat separate sites. I am satisfied the remote bridge has established a connected to the server's virtual hub. This is about as far as I can go. I was hoping the local and remote LANs would be as one. I have tried to do a basic communications test like pinging or trying to access a shared folder from one site to the other but I have not had any success. Am I missing a step?
I have attached a screen grab of their Virtual Hub's session IP Table. It list my local subnet (192.168.0.x) and the remote subnet (192.168.1.x). Do I need to 'bond/ bridge' these Lans or setup NAT to establish routing?
Cheers
I have attached a screen grab of their Virtual Hub's session IP Table. It list my local subnet (192.168.0.x) and the remote subnet (192.168.1.x). Do I need to 'bond/ bridge' these Lans or setup NAT to establish routing?
Cheers
You do not have the required permissions to view the files attached to this post.
-
- Posts: 1432
- Joined: Sun Feb 14, 2021 10:31 am
Re: VPN lan to lan on same subnet
Use Layer 3 switch and static routes as described here https://www.softether.org/4-docs/1-manu ... ork_Layout
-
- Posts: 15
- Joined: Sat Sep 25, 2021 9:00 am
Re: VPN lan to lan on same subnet
Thanks for that. It has put me on the right track but I have hit a stumbling block. I have created a Virtual L3 Switch. I have added 2 virtual interfaces in the switch configuration connecting to 2 virtual hubs respectively. But when I try to add a routing table entry, the 'OK' button is greyed out. Any ideas?
You do not have the required permissions to view the files attached to this post.
-
- Posts: 1432
- Joined: Sun Feb 14, 2021 10:31 am
Re: VPN lan to lan on same subnet
You need to add static routes to the routers or PCs in the subnets.
-
- Posts: 15
- Joined: Sat Sep 25, 2021 9:00 am
Re: VPN lan to lan on same subnet
That is not the screenshot I meant to upload in my last post. I'll try again.
The 'OK' button is still greyed out so I can't add a routing entry.
The 'OK' button is still greyed out so I can't add a routing entry.
You do not have the required permissions to view the files attached to this post.
-
- Posts: 1432
- Joined: Sun Feb 14, 2021 10:31 am
Re: VPN lan to lan on same subnet
No, you need to add static routes to the routers or PCs in the subnets.
-
- Posts: 15
- Joined: Sat Sep 25, 2021 9:00 am
Re: VPN lan to lan on same subnet
I'm confused here. The only PCs connected at the moment are the VPN Server (locally) and the VPN Bridge (remotely). The VPN bridge has a virtual hub set up that has established a connection with a virtual hub set up on the VPN Server. The VPN server has a second virtual hub setup that binds to its nic.
The VPN Server is set up locally. It has 2 virtual hubs set up.
(1) Local-Virtual-hub. This is bound to the server nic and local ethernet infrastructure.
(2) Remote-Virtual-hub. This is set up to accept connection from a VPN bridge at the remote site.
(3) A Layer 3 switch attempt to route traffic between local LAN and remote LAN
VPN Bridge is set up at remote site.
(1) It has a single virtual hub which is bound to the nic and ethernet structure and establishes a cascade connection to the VPN server
The VPN Server Layer 3 switch has the following entries.
192.168.0.254 and 192.168.1.254 are presviously non-assigned IP addresses and so are notional/ virtual addresses assigned as gateways to the Layer-3 switch. I think this is what I'm supposed to do.
The next thing I would like to do now is establish a basic ping between 192.168.0.99 and 192.168.1.100 and access shared folders, before I even add more hardware. So do I still need to add static routes? The VPN server can see the local IP table and the remote IP table. Would it not have all it needs to now perform the routing between the 2 subnets, if the entries are added to the Layer-3 switch on the server?
The VPN Server is set up locally. It has 2 virtual hubs set up.
(1) Local-Virtual-hub. This is bound to the server nic and local ethernet infrastructure.
(2) Remote-Virtual-hub. This is set up to accept connection from a VPN bridge at the remote site.
(3) A Layer 3 switch attempt to route traffic between local LAN and remote LAN
VPN Bridge is set up at remote site.
(1) It has a single virtual hub which is bound to the nic and ethernet structure and establishes a cascade connection to the VPN server
The VPN Server Layer 3 switch has the following entries.
192.168.0.254 and 192.168.1.254 are presviously non-assigned IP addresses and so are notional/ virtual addresses assigned as gateways to the Layer-3 switch. I think this is what I'm supposed to do.
The next thing I would like to do now is establish a basic ping between 192.168.0.99 and 192.168.1.100 and access shared folders, before I even add more hardware. So do I still need to add static routes? The VPN server can see the local IP table and the remote IP table. Would it not have all it needs to now perform the routing between the 2 subnets, if the entries are added to the Layer-3 switch on the server?
You do not have the required permissions to view the files attached to this post.
-
- Posts: 1432
- Joined: Sun Feb 14, 2021 10:31 am
Re: VPN lan to lan on same subnet
Ignore the SE "Add Routing Table Entry" option, it's useless in this particular context.
L3 switch is not a NAT and a ping across subnets will arrive OK but with an unroutable return address, resulting with the "unreachable" error.
Try out whatever you conceive but in the end you WILL...
...add static routes to the routers or PCs in the subnets.
L3 switch is not a NAT and a ping across subnets will arrive OK but with an unroutable return address, resulting with the "unreachable" error.
Try out whatever you conceive but in the end you WILL...
...add static routes to the routers or PCs in the subnets.
-
- Posts: 15
- Joined: Sat Sep 25, 2021 9:00 am
Re: VPN lan to lan on same subnet
Ok Solo. I am more than willing to try this. But I don't think it is working for me or I have done it correctly.??
On the VPN Server (local) I have 2 virtual interfaces defined, 1 per virtual hub, as already stated. If I have done it correctly, I have assigned previously non-assigned IP addresses to be the virtual interface gateways,i.e. 192.168.0.254 for the local subnet, 192.168.1.254 for the remote subnet. Both subnets use 192.168.0.1 and 192.168.1.1 for the actual physical gateway, so these addresses are unavailable.
I have applied this static route to the server
route add -p 192.168.1.100 mask 255.255.255.0 192.168.0.254
and this route to the remote bridge
route add -p 192.168.0.99 mask 255.255.255.0 192.168.1.254
I don't think I have achieved much by doing this. Does this tally with what you were suggesting?
On the VPN Server (local) I have 2 virtual interfaces defined, 1 per virtual hub, as already stated. If I have done it correctly, I have assigned previously non-assigned IP addresses to be the virtual interface gateways,i.e. 192.168.0.254 for the local subnet, 192.168.1.254 for the remote subnet. Both subnets use 192.168.0.1 and 192.168.1.1 for the actual physical gateway, so these addresses are unavailable.
I have applied this static route to the server
route add -p 192.168.1.100 mask 255.255.255.0 192.168.0.254
and this route to the remote bridge
route add -p 192.168.0.99 mask 255.255.255.0 192.168.1.254
I don't think I have achieved much by doing this. Does this tally with what you were suggesting?
-
- Posts: 1432
- Joined: Sun Feb 14, 2021 10:31 am
Re: VPN lan to lan on same subnet
You need to add them to any unit involved in communication across the L3 switch. If all are involved, then the most efficient way is to only add them to the routers with default gateways, here...
Both subnets use 192.168.0.1 and 192.168.1.1 for the actual physical gateway
-
- Posts: 15
- Joined: Sat Sep 25, 2021 9:00 am
Re: VPN lan to lan on same subnet
Solo, it makes sense doing it at the router level as you have pointed out. I will eventually have a couple of non-windows, embedded devices that will need to communicate over IP and will not have a static route configuration exposed to me. In the meantime however, there are just two PCs connected, The Server and The Bridge. I only need to try it configured at the Windows level for proof of concept.
So I spotted what I was doing wrong. My static routes should have looked like this:
On the VPN Server PC
route add -p 192.168.1.0 mask 255.255.255.0 192.168.0.254
On the VPN Bridge
route add -p 192.168.0.0 mask 255.255.255.0 192.168.1.254
Earlier I was specifying a destination IP address as opposed to a destination subnet address. Now that I have made this change I can ping back and forth between the two. So first step achieved I think.
Cheers
So I spotted what I was doing wrong. My static routes should have looked like this:
On the VPN Server PC
route add -p 192.168.1.0 mask 255.255.255.0 192.168.0.254
On the VPN Bridge
route add -p 192.168.0.0 mask 255.255.255.0 192.168.1.254
Earlier I was specifying a destination IP address as opposed to a destination subnet address. Now that I have made this change I can ping back and forth between the two. So first step achieved I think.
Cheers
-
- Posts: 15
- Joined: Sat Sep 25, 2021 9:00 am
Re: VPN lan to lan on same subnet
The saga continues .....
I am now trying to set up an embedded device on the Server subnet. The static route added to the server PC needed to route traffic to the remote PC, cannot be applied at the router level unfortunately. It is a limitation of this domestic router and ISP provider. This is a problem for said embedded device. I can't set a static route for it. And while I can set the device's IP address and subnet mask, there is no setting for a gateway. ?? So setting its IP to 192.168.0.xxx , and connecting it to the local switch is enough to communicate on the local lan, it can not talk to the remote lan.
I could set the device to use DHCP but I am not sure this will help in this sittuation.
I am now trying to set up an embedded device on the Server subnet. The static route added to the server PC needed to route traffic to the remote PC, cannot be applied at the router level unfortunately. It is a limitation of this domestic router and ISP provider. This is a problem for said embedded device. I can't set a static route for it. And while I can set the device's IP address and subnet mask, there is no setting for a gateway. ?? So setting its IP to 192.168.0.xxx , and connecting it to the local switch is enough to communicate on the local lan, it can not talk to the remote lan.
I could set the device to use DHCP but I am not sure this will help in this sittuation.
-
- Posts: 1432
- Joined: Sun Feb 14, 2021 10:31 am
Re: VPN lan to lan on same subnet
Yes, try DHCP.
In the DHCP server set default gateway to the L3 switch address and use MAC-to-IP address reservation for the device to ensure static IP if required.
In the DHCP server set default gateway to the L3 switch address and use MAC-to-IP address reservation for the device to ensure static IP if required.
-
- Posts: 15
- Joined: Sat Sep 25, 2021 9:00 am
Re: VPN lan to lan on same subnet
My solution in the end was to avoid static routes altogether and layer 3 switching by installing a second NIC in each Softhether PC. NIC 1 (192.168.1.xx) connects to the router and outside world at each end. NIC 2 (20.20.20.xx) connects to the local lan switch at each end, which bridges to a virtual hub appearing as one subnet, (20.20.20.xx).
What I'm not sure about though, is if I need to open up certain ports in Softether server, do I need to do likewise at the internet router?
What I'm not sure about though, is if I need to open up certain ports in Softether server, do I need to do likewise at the internet router?
-
- Posts: 2
- Joined: Thu Dec 30, 2021 2:02 pm
Re: VPN lan to lan on same subnet
I was giving a destination IP address rather than a destination subnet address earlier. I can now ping back and forth between the two now that I've made this update. So, I believe the first step has been accomplished.
As you have pointed out, implementing it cookie clicker at the router level makes sense. I'll ultimately have a few non-windows embedded devices that need to connect via IP but don't have access to a static route setup. In the meanwhile, The Server and The Bridge are the only two PCs linked. For proof of concept, I simply need to try it set up at the Windows level.
As you have pointed out, implementing it cookie clicker at the router level makes sense. I'll ultimately have a few non-windows embedded devices that need to connect via IP but don't have access to a static route setup. In the meanwhile, The Server and The Bridge are the only two PCs linked. For proof of concept, I simply need to try it set up at the Windows level.