Using VPN server for multiple routers as Site to Site VPN
-
- Posts: 10
- Joined: Wed Oct 19, 2016 8:09 am
- Location: Ankara, Turkey
- Contact:
Using VPN server for multiple routers as Site to Site VPN
Hello,
I have 3 routers (LAN block 192.168.11.0/24, 192.168.12.0/24, 192.168.13.0/24) and they can get IP from VPN server (172.17.10.0/24) . Connection type is L2TP/IPSec but can't route traffic between them. I tried following steps
1- Enabled DHCP server with gateway, clients have IP from server and added static route to SecureNAT (192.168.11.0/255.255.255.0/172.17.10.11, 192.168.12.0/255.255.255.0/172.17.10.12, 192.168.13.0/255.255.255.0/172.17.10.13)
2- Enabled DHCP server without gateway address, clients have IP from server and added static route same as above
3- While DHCP server is enabled gave static IP to clients from device settings but couldn't give gateway, added static route same as above
4- Disabled DHCP server and gave static IP but VPN server would reject connection even there was no security policy like enforce DHCP IP pool...
5- When IP is taken from DHCP server, default gateway shows 1.0.0.1 but there is nothing like this in configuration
6- While DHCP server is enabled gave static IP to clients from device settings, removed static route from SecureNAT, and gave static routes from routers like above
7- Just for try, I connected all 3 routers to a router and routed traffic between them without any issues but I would like to use SoftEther for this
Can't think anything about more what to do
Thank you for help
I have 3 routers (LAN block 192.168.11.0/24, 192.168.12.0/24, 192.168.13.0/24) and they can get IP from VPN server (172.17.10.0/24) . Connection type is L2TP/IPSec but can't route traffic between them. I tried following steps
1- Enabled DHCP server with gateway, clients have IP from server and added static route to SecureNAT (192.168.11.0/255.255.255.0/172.17.10.11, 192.168.12.0/255.255.255.0/172.17.10.12, 192.168.13.0/255.255.255.0/172.17.10.13)
2- Enabled DHCP server without gateway address, clients have IP from server and added static route same as above
3- While DHCP server is enabled gave static IP to clients from device settings but couldn't give gateway, added static route same as above
4- Disabled DHCP server and gave static IP but VPN server would reject connection even there was no security policy like enforce DHCP IP pool...
5- When IP is taken from DHCP server, default gateway shows 1.0.0.1 but there is nothing like this in configuration
6- While DHCP server is enabled gave static IP to clients from device settings, removed static route from SecureNAT, and gave static routes from routers like above
7- Just for try, I connected all 3 routers to a router and routed traffic between them without any issues but I would like to use SoftEther for this
Can't think anything about more what to do
Thank you for help
-
- Posts: 1433
- Joined: Sun Feb 14, 2021 10:31 am
Re: Using VPN server for multiple routers as Site to Site VPN
- on SE vHUB disable SecureNAT
- on router A add static routes to routers B and C
- on router B add static routes to routers A and C
- on router C add static routes to routers B and A
- on router A add static routes to routers B and C
- on router B add static routes to routers A and C
- on router C add static routes to routers B and A
-
- Posts: 10
- Joined: Wed Oct 19, 2016 8:09 am
- Location: Ankara, Turkey
- Contact:
Re: Using VPN server for multiple routers as Site to Site VPN
When I disable securenat and give static ip to routers they cant connect to server and have logs like server refused client ip
-
- Posts: 1433
- Joined: Sun Feb 14, 2021 10:31 am
Re: Using VPN server for multiple routers as Site to Site VPN
Since they connect OK this way then try a workaround:3- While DHCP server is enabled gave static IP to clients from device settings
- on SE vHUB keep vDHCP on but give static IPs to the clients
- on router A add static routes to routers B and C
- on router B add static routes to routers A and C
- on router C add static routes to routers B and A
-
- Posts: 10
- Joined: Wed Oct 19, 2016 8:09 am
- Location: Ankara, Turkey
- Contact:
Re: Using VPN server for multiple routers as Site to Site VPN
I tried everything, with or without gateway, with or without dhcp can't see gateway address in routing table. only 1.0.0.1/32 0.0.0.0 which is softether's main problem. I added routes to securenat but doesn't work. when I trace other router lan ip it goes to 0.0.0.0 (wan). looks like there is no solution with this vpn server. I can ping other router from vpn thats all. traffic doesn't route across. looks like 1.0.0.1 is the main problem which I don't understand where its getting this from. there is no config about this ip. routers model are keenetic
-
- Posts: 1433
- Joined: Sun Feb 14, 2021 10:31 am
Re: Using VPN server for multiple routers as Site to Site VPN
You keep adding routes to SecureNAT over and over but it is useless. They must be added to the routers manually. There is no SoftEther problem, it merely facilitates a "transparent" Layer 2 vhub and has nothing to do with the reported "1.0.0.1" outcome.
Look, here are keenetic instructions on where to add static routes to the routers.
-
- Posts: 10
- Joined: Wed Oct 19, 2016 8:09 am
- Location: Ankara, Turkey
- Contact:
Re: Using VPN server for multiple routers as Site to Site VPN
I have 3 keenetics and they are connected each other. 1 keenetic works as vpn server. all keenetics can reach networks between them. I am trying to do the same thing over softether due to good bandwith
branch keenetics get ip from main keenetic by their username and have static routings between them
does softether have user based ip?
branch keenetics get ip from main keenetic by their username and have static routings between them
does softether have user based ip?
-
- Posts: 1433
- Joined: Sun Feb 14, 2021 10:31 am
Re: Using VPN server for multiple routers as Site to Site VPN
No user-based IP but if you bridge SE vHUB to LAN then you could have MAC-based IP. If your LAN has no decent DHCP server, use dnsmasq (Linux) or "Open DHCP Server" (Windows).
-
- Posts: 286
- Joined: Wed Nov 25, 2020 9:10 am
Re: Using VPN server for multiple routers as Site to Site VPN
Softether has user-based MAC for L2TP users and you can bind the MAC with IP.
https://www.softether.org/5-download/hi ... enVPN%20L3.
-
- Posts: 1433
- Joined: Sun Feb 14, 2021 10:31 am