Page 1 of 1

Layer 3 routing: What am I doing wrong?

Posted: Tue Jun 22, 2021 9:12 pm
by abcym
I have a SoftEther VPN server on a VPS at Vultr. I have connected 2 x separate Windows machines in different subnets:

Machine 1 - 10.3.50.1 / 255.255.255.0 (Hub - VPN)
Machine 2 - 10.3.51.1 / 255.255.255.0 (Hub - VPN51)

I am trying to configure layer 3 switching between the subnets. I have set up virtual interfaces in both hubs on xx.254

I attached a screenshot showing my Layer 3 switch settings.

Both machines can ping their own switch - i.e. Machine 1 can ping 10.3.50.254 - but neither machine can ping each other.

I've spent about 8 hours trying to work this out and I am sure it is very obvious, but my head hurts!

Do you have any ideas what I might be doing wrong?

Re: Layer 3 routing: What am I doing wrong?

Posted: Tue Jun 22, 2021 10:29 pm
by solo
You are not doing anything wrong but you need to do more. Preset static routes either on the router or LAN PCs.

Re: Layer 3 routing: What am I doing wrong?

Posted: Wed Jun 23, 2021 2:51 am
by eddiewu
yeah you need to add routes on subnet routers or push routes from dhcp servers (adding routes on individual clients is not recommended)
and the two entries in your routing table settings are not needed

Re: Layer 3 routing: What am I doing wrong?

Posted: Wed Jun 23, 2021 6:49 pm
by abcym
Thank you for your replies, that's been very helpful and I've been able to ping one way... but I think the other way is a Windows firewall issue.

Hoping I can ask for some more advice... I have a situation where I have 35 x Cisco RV042 routers at sites across the country. Each router is on 10.x.x.1 and has a DHCP range of 10.x.x.100-200. Subnet on all is 255.255.255.0. The routers are pretty old and support IKEv1.

I need to get to a position where each of these 35 sites is connected to a single SoftEther server hosted in Vultr. They don't need to be able to access any other site, but headquarters must be able to access any device in any network.

What's the best way of setting this up in SoftEther? I considered having a switch in SoftEther for every site but this would need me to have a hub for each site, so it seems a little excessive (also not sure if this is possible as there is only one pre-shared key per SoftEther server). Unless that is required? I guess I would need to define a 'HQ' network (which does not yet exist) in a similar range?

I'm incredibly grateful for your advice.

Re: Layer 3 routing: What am I doing wrong?

Posted: Fri Jun 03, 2022 5:47 am
by pandichamyc
I too see the same problem. Dhcp related routes are already added. Do we need to add any routeritf routing in the vpn client. Please let me know what is the static routes added to made works for you.

Re: Layer 3 routing: What am I doing wrong?

Posted: Fri Jun 03, 2022 8:06 am
by solo
You can add it to a VPN client but adding to routers is easier eg like here.