Hello
I've done several lan-to-lan vpns to connect two different sites using two identical devices (draytek routers). The configuration is easy and straightforward. One site uses the network 192.168.100.0/24 the other 192.168.200.0/24. A device on network 1 can ping network 2 and vice versa. Any L2TP client can also ping both networks.
Now the problem:
This costumer uses a ISP provided router that can't be managed by me. I can only request to open specific ports via email and pray that they do it correctly.
So, because I've used softether before to remote-to-lan connections, I thought that I could make a draytek to softether ipsec tunnel and route the traffic between two networks.
Softether is running on a windows computer with IP 192.168.11.10 (gateway 192.168.11.254).
Draytek is the gateway on the other site with IP 192.168.10.1
I've created a user and password on the softether server and to test if everything is OK I've remotely connected to the VPN using my phone LTE connection and I was able to ping devices on the 192.168.11.0/24 network.
Now, I've created a lan-to-lan access on draytek using the same user name and password combination. The vpn connects successfully but I can't ping any device. After reading the manual, I noticed that I should use the softether "EtherIP/L2TPv3 over IPsec Server Function" for a site-to-site vpn connection. Now I can see that softether lists 192.168.10.1 as connected and draytek can ping the softether server but I can't ping the draytek router.
So I though that something is wrong with the routing tables. On the windows machine I did "route add 192.168.10.0 mask 255.255.255.0 192.168.11.10" and now I can access the draytek admin page from the 192.168.11.0/24 network BUT I can't ping any other device. Note: Draytek lists 192.168.11.0/24 via VPN on the routing table.
There is not a lot of information on the internet, I've tried to create a L3 virtual switch but maybe I did something wrong.
I kindly ask for an advice from an expert as I can't connect and route between both networks.
No comments:
Post a Comment