VPN Site to Site by 3G/4G

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
sistemascg
Posts: 8
Joined: Mon Sep 26, 2022 4:57 pm

VPN Site to Site by 3G/4G

Post by sistemascg » Wed Sep 28, 2022 4:46 pm

Hello everyone,

I am new to Softether but I have the following problem to make a bridge connection between my main site and a branch.

Site1 - Main
192.168.0.2
Windows Server 2016

Site2 - Branch
192.168.1.2
Windows Server 2016

The requirement is that I have to connect the entire main network to at least the server of site 2. Branch 2 needs to be connected via VPN to the main branch via a 3G/4G connection which does not allow to open any ports.

Usually it is through a regular ISP connected by IPSec, but when there are failures with the service we will need to use the 3G/4G connection to access the branch network.

Greetings from Mexico

solo
Posts: 1215
Joined: Sun Feb 14, 2021 10:31 am

Re: VPN Site to Site by 3G/4G

Post by solo » Thu Sep 29, 2022 2:35 am

Hello, please clarify...

"Branch 2 needs to be connected via VPN to the main branch via a 3G/4G connection which does not allow to open any ports"
- can you invest in a VPS with a SE server inter-connecting "gateway" for the sites?
- can you tolerate a low speed, high latency SE VPN Azure option?

"Usually it is through a regular ISP connected by IPSec"
- since the sites are on different subnets, what's the current Layer 3 networking setup?

sistemascg
Posts: 8
Joined: Mon Sep 26, 2022 4:57 pm

Re: VPN Site to Site by 3G/4G

Post by sistemascg » Thu Sep 29, 2022 9:51 pm

Yes, sorry.

Currently branch 2 is connected to 4 other branches in addition to the main office via IPSec VPN. I have the main problem in branch 2 because there is only one WAN in the population. The idea is to connect it through a 3G/4G mobile internet.

I have done the corresponding tests making the connection through the 3G/4G modem with success with the client/server configuration, but the main idea is to do it in LAN to LAN mode so that the computers in Site 1 can see at least Site 2 or the server.

When I do the bridge connection test between two computers with two different networks I only get IPv6 connection. I need them to use IPv4 since the configuration runs on IPv4. and from the main site to the test computer it does give me the IP of the other network but I can't connect the computers.

sistemascg
Posts: 8
Joined: Mon Sep 26, 2022 4:57 pm

Re: VPN Site to Site by 3G/4G

Post by sistemascg » Thu Sep 29, 2022 10:02 pm

Add a configuration images from the actual connection.

Site1 - Main
192.168.0.x

Site2 - Test
192.168.6.x
You do not have the required permissions to view the files attached to this post.

solo
Posts: 1215
Joined: Sun Feb 14, 2021 10:31 am

Re: VPN Site to Site by 3G/4G

Post by solo » Fri Sep 30, 2022 12:25 am

Use Layer 3 switch.

sistemascg
Posts: 8
Joined: Mon Sep 26, 2022 4:57 pm

Re: VPN Site to Site by 3G/4G

Post by sistemascg » Fri Sep 30, 2022 11:15 pm

Thank you @solo.

I already did the configuration via Switch Layer 3 with the instructions and examples in the link, but I still can't connect one network segment to the other.

I attach my screenshots from both the main site and the test site.
Capturasoft5.PNG
Capturasoft4.PNG
Capturasoft3.PNG
You do not have the required permissions to view the files attached to this post.

sistemascg
Posts: 8
Joined: Mon Sep 26, 2022 4:57 pm

Re: VPN Site to Site by 3G/4G

Post by sistemascg » Fri Sep 30, 2022 11:16 pm

Test site
You do not have the required permissions to view the files attached to this post.

solo
Posts: 1215
Joined: Sun Feb 14, 2021 10:31 am

Re: VPN Site to Site by 3G/4G

Post by solo » Sat Oct 01, 2022 12:48 am

All good, now add a few static routes by following this example.

sistemascg
Posts: 8
Joined: Mon Sep 26, 2022 4:57 pm

Re: VPN Site to Site by 3G/4G

Post by sistemascg » Tue Oct 04, 2022 11:32 pm

Thanks for the tip.

I was testing again following the example you mention, but just as it appears there the connection is made but it is not stable.

I changed the interfaces as follows:

Site1-Main
Server 192.168.0.191
Mask 255.255.255.0
Gateway 192.168.0.1
route -p add 192.168.6.0 mask 255.255.255.255.0 192.168.0.254

Site2-Testing
Bridge 192.168.6.70
Mask 255.255.255.255.0
Gateway 192.168.6.1
route -p add 192.168.0.0.0 mask 255.255.255.255.0 192.168.6.254

The virtual interfaces are left as 192.168.6.254 and 192.168.0.254 respectively.

There is nothing in the routing tables section.
For the tests I am currently running I am using different 100Mbps fiber optic connections. The cellular connection I plan to use once everything is working.

I add the pings capture, it is the same for both sites.
You do not have the required permissions to view the files attached to this post.

solo
Posts: 1215
Joined: Sun Feb 14, 2021 10:31 am

Re: VPN Site to Site by 3G/4G

Post by solo » Wed Oct 05, 2022 12:30 am

sistemascg wrote:
Tue Oct 04, 2022 11:32 pm
it appears there the connection is made but it is not stable...

...route -p add 192.168.0.0.0 mask 255.255.255.255.0 192.168.6.254
Yeah, I was debating L3 stability with the OP but he never updated us after improving his comparison method.

You have too many zeros there :-)

Post Reply