VPN lan to lan on same subnet

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Jace-99
Posts: 6
Joined: Sat Sep 25, 2021 9:00 am

VPN lan to lan on same subnet

Post by Jace-99 » Sat Sep 25, 2021 9:28 am

Hi all. I am a complete noob who is trying to create a VPN lan to lan network. I have installed VPN Server on ‘Machine A’ (Win 10), and VPN Bridge on ‘Machine B’ (Win 10). I have managed to create a session and both server and bridge appear to be talking to each other. However, everything slows to a crawl.

I should point out that ‘Machine A’ and ‘Machine B’ are currently connected to the same network, i.e. both physically connected to the same switch and subnet behind my broadband router. This arrangement is for test purposes only. I plan to move the ‘Machine B’ off-site eventually.

Is it ok to try test a setup this way or have I broken some cardinal rule? When the session is running it seems my broadband router is being flooded. Even my home WiFi slows to a halt. Cheers in advance.

solo
Posts: 75
Joined: Sun Feb 14, 2021 10:31 am

Re: VPN lan to lan on same subnet

Post by solo » Sun Sep 26, 2021 9:17 am

You created a network loop with broadcast storm which slows everything down.

Jace-99
Posts: 6
Joined: Sat Sep 25, 2021 9:00 am

Re: VPN lan to lan on same subnet

Post by Jace-99 » Mon Sep 27, 2021 7:38 am

That sounds about right. It is probably pointless in me testing this setup. Or perhaps that proves it works. I will be moving the bridge off-site soon. Cheers

Jace-99
Posts: 6
Joined: Sat Sep 25, 2021 9:00 am

Re: VPN lan to lan on same subnet

Post by Jace-99 » Tue Oct 12, 2021 4:40 pm

So I have finally got the VPN Server and Bridge set up on 2 isolated networks bat separate sites. I am satisfied the remote bridge has established a connected to the server's virtual hub. This is about as far as I can go. I was hoping the local and remote LANs would be as one. I have tried to do a basic communications test like pinging or trying to access a shared folder from one site to the other but I have not had any success. Am I missing a step?

I have attached a screen grab of their Virtual Hub's session IP Table. It list my local subnet (192.168.0.x) and the remote subnet (192.168.1.x). Do I need to 'bond/ bridge' these Lans or setup NAT to establish routing?

Cheers

Image
Capture.PNG
You do not have the required permissions to view the files attached to this post.

solo
Posts: 75
Joined: Sun Feb 14, 2021 10:31 am

Re: VPN lan to lan on same subnet

Post by solo » Tue Oct 12, 2021 11:43 pm

Use Layer 3 switch and static routes as described here https://www.softether.org/4-docs/1-manu ... ork_Layout

Jace-99
Posts: 6
Joined: Sat Sep 25, 2021 9:00 am

Re: VPN lan to lan on same subnet

Post by Jace-99 » Wed Oct 13, 2021 12:22 pm

Thanks for that. It has put me on the right track but I have hit a stumbling block. I have created a Virtual L3 Switch. I have added 2 virtual interfaces in the switch configuration connecting to 2 virtual hubs respectively. But when I try to add a routing table entry, the 'OK' button is greyed out. Any ideas?
Capture.PNG
You do not have the required permissions to view the files attached to this post.

solo
Posts: 75
Joined: Sun Feb 14, 2021 10:31 am

Re: VPN lan to lan on same subnet

Post by solo » Wed Oct 13, 2021 11:36 pm

You need to add static routes to the routers or PCs in the subnets.

Jace-99
Posts: 6
Joined: Sat Sep 25, 2021 9:00 am

Re: VPN lan to lan on same subnet

Post by Jace-99 » Wed Oct 13, 2021 11:38 pm

That is not the screenshot I meant to upload in my last post. I'll try again.
Capture.PNG
The 'OK' button is still greyed out so I can't add a routing entry.
You do not have the required permissions to view the files attached to this post.

solo
Posts: 75
Joined: Sun Feb 14, 2021 10:31 am

Re: VPN lan to lan on same subnet

Post by solo » Thu Oct 14, 2021 8:33 am

No, you need to add static routes to the routers or PCs in the subnets.

Jace-99
Posts: 6
Joined: Sat Sep 25, 2021 9:00 am

Re: VPN lan to lan on same subnet

Post by Jace-99 » Fri Oct 15, 2021 12:16 pm

I'm confused here. The only PCs connected at the moment are the VPN Server (locally) and the VPN Bridge (remotely). The VPN bridge has a virtual hub set up that has established a connection with a virtual hub set up on the VPN Server. The VPN server has a second virtual hub setup that binds to its nic.
topology1.png
The VPN Server is set up locally. It has 2 virtual hubs set up.
(1) Local-Virtual-hub. This is bound to the server nic and local ethernet infrastructure.
(2) Remote-Virtual-hub. This is set up to accept connection from a VPN bridge at the remote site.
(3) A Layer 3 switch attempt to route traffic between local LAN and remote LAN

VPN Bridge is set up at remote site.
(1) It has a single virtual hub which is bound to the nic and ethernet structure and establishes a cascade connection to the VPN server


The VPN Server Layer 3 switch has the following entries.
Capture2.PNG
192.168.0.254 and 192.168.1.254 are presviously non-assigned IP addresses and so are notional/ virtual addresses assigned as gateways to the Layer-3 switch. I think this is what I'm supposed to do.

The next thing I would like to do now is establish a basic ping between 192.168.0.99 and 192.168.1.100 and access shared folders, before I even add more hardware. So do I still need to add static routes? The VPN server can see the local IP table and the remote IP table. Would it not have all it needs to now perform the routing between the 2 subnets, if the entries are added to the Layer-3 switch on the server?
You do not have the required permissions to view the files attached to this post.

solo
Posts: 75
Joined: Sun Feb 14, 2021 10:31 am

Re: VPN lan to lan on same subnet

Post by solo » Sat Oct 16, 2021 12:38 am

Ignore the SE "Add Routing Table Entry" option, it's useless in this particular context.

L3 switch is not a NAT and a ping across subnets will arrive OK but with an unroutable return address, resulting with the "unreachable" error.

Try out whatever you conceive but in the end you WILL...

...add static routes to the routers or PCs in the subnets.

Post Reply