Using VPN server for multiple routers as Site to Site VPN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
atasoyk
Posts: 10
Joined: Wed Oct 19, 2016 8:09 am
Location: Ankara, Turkey
Contact:

Using VPN server for multiple routers as Site to Site VPN

Post by atasoyk » Mon May 23, 2022 5:45 pm

Hello,
I have 3 routers (LAN block 192.168.11.0/24, 192.168.12.0/24, 192.168.13.0/24) and they can get IP from VPN server (172.17.10.0/24) . Connection type is L2TP/IPSec but can't route traffic between them. I tried following steps
1- Enabled DHCP server with gateway, clients have IP from server and added static route to SecureNAT (192.168.11.0/255.255.255.0/172.17.10.11, 192.168.12.0/255.255.255.0/172.17.10.12, 192.168.13.0/255.255.255.0/172.17.10.13)
2- Enabled DHCP server without gateway address, clients have IP from server and added static route same as above
3- While DHCP server is enabled gave static IP to clients from device settings but couldn't give gateway, added static route same as above
4- Disabled DHCP server and gave static IP but VPN server would reject connection even there was no security policy like enforce DHCP IP pool...
5- When IP is taken from DHCP server, default gateway shows 1.0.0.1 but there is nothing like this in configuration
6- While DHCP server is enabled gave static IP to clients from device settings, removed static route from SecureNAT, and gave static routes from routers like above
7- Just for try, I connected all 3 routers to a router and routed traffic between them without any issues but I would like to use SoftEther for this
Can't think anything about more what to do
Thank you for help

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Using VPN server for multiple routers as Site to Site VPN

Post by solo » Mon May 23, 2022 11:32 pm

- on SE vHUB disable SecureNAT
- on router A add static routes to routers B and C
- on router B add static routes to routers A and C
- on router C add static routes to routers B and A

atasoyk
Posts: 10
Joined: Wed Oct 19, 2016 8:09 am
Location: Ankara, Turkey
Contact:

Re: Using VPN server for multiple routers as Site to Site VPN

Post by atasoyk » Tue May 24, 2022 4:22 am

When I disable securenat and give static ip to routers they cant connect to server and have logs like server refused client ip

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Using VPN server for multiple routers as Site to Site VPN

Post by solo » Tue May 24, 2022 8:24 am

3- While DHCP server is enabled gave static IP to clients from device settings
Since they connect OK this way then try a workaround:
- on SE vHUB keep vDHCP on but give static IPs to the clients
- on router A add static routes to routers B and C
- on router B add static routes to routers A and C
- on router C add static routes to routers B and A

atasoyk
Posts: 10
Joined: Wed Oct 19, 2016 8:09 am
Location: Ankara, Turkey
Contact:

Re: Using VPN server for multiple routers as Site to Site VPN

Post by atasoyk » Tue May 24, 2022 7:18 pm

I tried everything, with or without gateway, with or without dhcp can't see gateway address in routing table. only 1.0.0.1/32 0.0.0.0 which is softether's main problem. I added routes to securenat but doesn't work. when I trace other router lan ip it goes to 0.0.0.0 (wan). looks like there is no solution with this vpn server. I can ping other router from vpn thats all. traffic doesn't route across. looks like 1.0.0.1 is the main problem which I don't understand where its getting this from. there is no config about this ip. routers model are keenetic

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Using VPN server for multiple routers as Site to Site VPN

Post by solo » Tue May 24, 2022 10:46 pm

atasoyk wrote:
Tue May 24, 2022 7:18 pm
...I added routes to securenat but doesn't work
...routers model are keenetic
You keep adding routes to SecureNAT over and over but it is useless. They must be added to the routers manually. There is no SoftEther problem, it merely facilitates a "transparent" Layer 2 vhub and has nothing to do with the reported "1.0.0.1" outcome.

Look, here are keenetic instructions on where to add static routes to the routers.

atasoyk
Posts: 10
Joined: Wed Oct 19, 2016 8:09 am
Location: Ankara, Turkey
Contact:

Re: Using VPN server for multiple routers as Site to Site VPN

Post by atasoyk » Wed May 25, 2022 5:57 am

I have 3 keenetics and they are connected each other. 1 keenetic works as vpn server. all keenetics can reach networks between them. I am trying to do the same thing over softether due to good bandwith
branch keenetics get ip from main keenetic by their username and have static routings between them
does softether have user based ip?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Using VPN server for multiple routers as Site to Site VPN

Post by solo » Wed May 25, 2022 8:26 am

No user-based IP but if you bridge SE vHUB to LAN then you could have MAC-based IP. If your LAN has no decent DHCP server, use dnsmasq (Linux) or "Open DHCP Server" (Windows).

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Using VPN server for multiple routers as Site to Site VPN

Post by eddiewu » Wed May 25, 2022 10:31 am

solo wrote:
Wed May 25, 2022 8:26 am
No user-based IP but if you bridge SE vHUB to LAN then you could have MAC-based IP. If your LAN has no decent DHCP server, use dnsmasq (Linux) or "Open DHCP Server" (Windows).
Softether has user-based MAC for L2TP users and you can bind the MAC with IP.

https://www.softether.org/5-download/hi ... enVPN%20L3.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Using VPN server for multiple routers as Site to Site VPN

Post by solo » Wed May 25, 2022 2:03 pm

eddiewu wrote:
Wed May 25, 2022 10:31 am
Softether has user-based MAC for L2TP users and you can bind the MAC with IP.
Great observation, indeed the "Note" field edit is necessary to ensure non-random MAC assignments.

Post Reply