site-to-site VPN between AWS VPC and Office Network

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
johnfolia
Posts: 2
Joined: Sat Jan 30, 2021 8:19 am

site-to-site VPN between AWS VPC and Office Network

Post by johnfolia » Thu Feb 11, 2021 5:35 pm

Need Help

How to do site-to-site VPN between AWS VPC and Office Network using SoftEther vpn so that windows on private subnet (10.0.0.x) can join AD in office network (172.16.7.x) through VPN server on AWS?

On AWS:

1. Softether VPN server is on Amazon Linux EC2 is in Public Subnet with private ip (10.0.0.x), windows(2016) with private ip (10.0.10.x)
2. Created 2 Virtual hubs on VPN Server. One for AWS subnet and second for Office subnet, created user for bridge in office for cascade connection.
AWS hub is bridge to eth0 NIC on EC2
3. Created L3 switch with 2 virtual interfaces, one for AWS virtual Hub with IP 10.0.0.250 and second for office virtual hub with IP 172.16.7.250,
Added Rote entries as shown below and started switch
L3- AWS-Office.PNG
4. Created SG to Allow All inbound from 10.0.0.0/16 and 172.16.7.0/24 and attached to windows instance ( by default machine on 10.0.x.x should be able to connect to 10.0.0.x through Route table entry 10.0.0.0/16 --> local)
5. Added Persistence Route on windows machine as,
route -p add 172.16.7.0 mask 255.255.255.0 10.0.0.250 metric 1
6. Added Route Entry on ALL subnets
172.16.7.0/24 --> 10.0.0.7 (VPN Server IP)
7. For testing disabled windows firewall.
8. Can not ping 172.16.7.250 from Windows machine.
9. Can not ping 10.0.0.250 from Windows machine.
10. Can ping 10.0.0.x from Windows machine.
11. Route trace on windows machine
routetr 172.16.7.250
* * *

On Office:

1. Installed Bridge only
2. Created Hub
3. Configured cascading by connecting VPN Server on AWS (DDNS) on port 5555using bridge user on VPN server
Bridge in Office.PNG
4. Added persistence route on AD
route -p add 10.0.0.0 mask 255.255.255.0 172.16.7.250 metric 1
Persistant Route.PNG
5. From AD machine able to ping 10.0.0.250

What am I missing?

Ref:

https://www.softether.org/4-docs/1-manu ... P_Routing)
You do not have the required permissions to view the files attached to this post.

Post Reply