Site2Site vpn (either softether<>Softether or Mikrotik<>Softether)

[rcocchiararo]

Hi!

I managed to make a windows 2019 server in AZURE (ONG sponsorship) run Softether server + local softether client connected to itself. (local bridge is not possible with azure, i understand). I used securenat DHCP function (but not the virtual nat one).

Azure Network: 10.0.0.0/24 (10.0.0.4 for the local adapter)
SE adapter: tried both 10.0.0.253 (everything worked fine) and 10.0.2.253 (had to add routes once we got back to the office).

Clients CAN reach the server on the virtual adapter IP, but NOT on the 10.0.0.4 ip/adapter.

The 2 employees were fine with it during the home office period.

When they went back to the office, they could not use the network printer (bad software that fails to use RDP shared printers unless they are USB..)

So i made an old computer run SE server and made a cascade connection to the Azure one.
I also connected the 2 employees computers to the local SE server so that we had only one connection between Azure and the Office.

At first, i used the same 10.0.0.0/24 ip range for the local server and virtual adapter, and all was fine (in terms of 10.0.0.0/24 conectivity, i still could not reach 10.0.0.4).
The azure server was also unable to reach the local network (192.168.0.0/24).

Since i had to privide a solution, i installed the SE client and localy connected to the local office server, and shared the NETWORK printer via windows printer sharing and installed it on the Azure Server.

---

My problem is kind of solved, but i want to make the local network and azure server see eachother in order to install the printer directly.

I modified the Local SE server IP range and also the remote one to 10.0.3.0/24 (local) and 10.0.2.0/24 (azure). After doing these changes, and seeing that routes set on the virtualnat section kind of did nothing, i manually added the routes both in Azure and localy and i was on the same spot as when 10.0.0.0/24 was shared on both sites.

Before giving up, i tried replacing the office tplink basic router with a mikrotik (some 750 old model i had laying arround).

On this device, i configured L2TP client, some filer, NAT rules and a static route for reaching 10.0.3.0/24.

Now, without needing the local SE server, i ONCE again, can reach the SE Azure ip range, but not 10.0.0.4 (i also added the route).
The server can't reach anything from the local network (neither on SE ip range or the local network range).

So, wen i go SE <> SE i am missing something to make the local network reachable.

When i go mikrotik <> SE i can RDP to the server, but i can't even share the printer.

Any idea what i might be missing in terms of routes or firewall rules (mikrotik side, on the server i tried disabling it altogether), or some other configuration?

On each site i always configured the routes to the other networks, always using the SE Virtual adapter ip as gateway, or when using the mikrotik, the L2tp interface.

[rcocchiararo]

After reading a TON more than i already had, i went back to understanding that what's happening here is whats should happen.

Since i can't use local bridge, i can't interconnect both networks

I can do it with virtual nat.

Since we only use the VPN for RDP, i will test if performance is good or bad with virtual nat.