Table of contents
Combined revision comparison
...
To build a LAN-to-LAN VPN you will need to utilize both local bridges (see section #3.6 Local Bridges#) ) and cascade connections (andcascadeconnections(#3.4.11#).3.4 Virtual Hub Functions).
Local bridging, which appeared in section #10.4 Build a Generic Remote Access VPN#, , is a feature that allows you to make an Ethernet connection between a Virtual Hub and a physical network adapter. A cascade connection is a feature that allows you to connect Virtual Hubs running on different computers together at the Ethernet level. These two features allow you to use SoftEther VPN to build an extremely flexible VPN.
...
If you believe the cons listed above would result in problems for your network, we recommend connecting your LANs via layer 3 routing. This method is introduced in section #10.6#.
10.6 Build a LAN-to-LAN VPN (Using L3 IP Routing).
...
10.5.5 Calculating the Number of Required Licenses
Let's calculate how many licenses will be needed to set up this example network. You will definitely need a VPN Server product license to receive incoming connections from VPN Bridges. This example only deals with a small number of connections and does not require clustering capabilities. Thus, the Standard Edition license will provide all the functionality you need for this type of setup.
Finally, you only have 1 VPN Bridge connecting to the VPN Server, so you will need a 1 bridge connection license.
A single bridge license is sufficient regardless of the number of computers on the two networks.
Thus, the required product licenses and connection licenses are as shown below. Please refer to section #1.3# for more information about the licensing system.
VPN Server Standard Edition License x 1 VPN Server Bridge Connect License (1 Site) x 1
10.5.6 Installing VPN Server On the Main LAN
...
Because the VPN Server must receive incoming VPN connections from the VPN Bridges over the Internet, it must have a public IP address or be able to receive TCP/IP communication through NAT, a firewall, or a reverse proxy system as described in section #10.2.1#.10.2 Common Concepts and Knowledge. Please consult with your network administrator if you are unsure about any of these issues.
...
10.5.610.5.7 Installing VPN Bridge to the Sub-LAN
...
10.5.710.5.8 Configuring the Local Bridges
Local bridges will be configured at both the VPN Server in Tokyo, and the VPN Bridge in Osaka. Refer to section # 3.6 Local Bridges# and create a local bridge connection from the Virtual Hub to the LAN.
...
- As explained in detail in section
#3.6.3#,3.6 Local Bridges, if possible, try to set aside network adapters strictly for local bridging when making your local bridge connection. We recommend that you do not use a protocol stack for your local bridge network adapters, and do not assign TCP/IP IP addresses to them. - We also recommend that you use a high quality network adapter from a trusted maker for your local bridge connections. For more information please refer to
#3.6.5#3.6 Local Bridgesand #3.6.6#..
10.5.810.5.9 Configuring Cascade Connections
...
10.5.910.5.10 Connecting to the LAN-to-LAN VPN/Performing a Communication Test
...
10.5.1010.5.11 Supplementary Information
...
- The multiple LANs that make up the LAN-to-LAN VPN will be logically connected as a single Ethernet network (broadcast domain segment) once they are connected via bridge connections. Thus, they will be able to communicate with each other as such. Therefore, computers will use the VPN to communicate between these networks exactly as if they were connected together as one big physical LAN.
- If there are DHCP servers running on the original LANs then once they are logically connected as a single segment it will be as if multiple DHCP servers are running on the same Ethernet network. As explained in section
#10.2.9#,10.2 Common Concepts and Knowledge, this causes protocol conflicts and overall network instability. - When dealing with LANs that already have a fairly large amount of computers on them, you may have to make some changes to the network layout when building them into a LAN-to-LAN VPN using only bridge connections. (Especially when each computer is being assigned a static IP address.) If you are dealing with multiple LANs made up of multiple IP networks, we recommend also using IP routing (explained in section
#10.6Build a LAN-to-LAN VPN (Using L3 IP Routing)#)) when setting up your LAN-to-LAN VPN.
Version from 19:11, 3 Mar 2013
...
To build a LAN-to-LAN VPN you will need to utilize both local bridges (see section #3.6#) and cascade connections (#3.4.11#).
Local bridging, which appeared in section #10.4#, is a feature that allows you to make an Ethernet connection between a Virtual Hub and a physical network adapter. A cascade connection is a feature that allows you to connect Virtual Hubs running on different computers together at the Ethernet level. These two features allow you to use SoftEther VPN to build an extremely flexible VPN.
...
If you believe the cons listed above would result in problems for your network, we recommend connecting your LANs via layer 3 routing. This method is introduced in section #10.6#.
...
10.5.5 Calculating the Number of Required Licenses
Let's calculate how many licenses will be needed to set up this example network. You will definitely need a VPN Server product license to receive incoming connections from VPN Bridges. This example only deals with a small number of connections and does not require clustering capabilities. Thus, the Standard Edition license will provide all the functionality you need for this type of setup.
Finally, you only have 1 VPN Bridge connecting to the VPN Server, so you will need a 1 bridge connection license.
A single bridge license is sufficient regardless of the number of computers on the two networks.
Thus, the required product licenses and connection licenses are as shown below. Please refer to section #1.3# for more information about the licensing system.
VPN Server Standard Edition License x 1VPN Server Bridge Connect License (1 Site) x 1
...
10.5.6 Installing VPN Server On the Main LAN
...
Because the VPN Server must receive incoming VPN connections from the VPN Bridges over the Internet, it must have a public IP address or be able to receive TCP/IP communication through NAT, a firewall, or a reverse proxy system as described in section #10.2.1#. Please consult with your network administrator if you are unsure about any of these issues.
...
10.5.7 Installing VPN Bridge to the Sub-LAN
...
10.5.8 Configuring the Local Bridges
Local bridges will be configured at both the VPN Server in Tokyo, and the VPN Bridge in Osaka. Refer to section #3.6# and create a local bridge connection from the Virtual Hub to the LAN.
...
- As explained in detail in section
#3.6.3#,if possible, try to set aside network adapters strictly for local bridging when making your local bridge connection. We recommend that you do not use a protocol stack for your local bridge network adapters, and do not assign TCP/IP IP addresses to them. - We also recommend that you use a high quality network adapter from a trusted maker for your local bridge connections. For more information please refer to
#3.6.5#and #3.6.6#.
...
10.5.9 Configuring Cascade Connections
...
10.5.10 Connecting to the LAN-to-LAN VPN/Performing a Communication Test
...
10.5.11 Supplementary Information
...
- The multiple LANs that make up the LAN-to-LAN VPN will be logically connected as a single Ethernet network (broadcast domain segment) once they are connected via bridge connections. Thus, they will be able to communicate with each other as such. Therefore, computers will use the VPN to communicate between these networks exactly as if they were connected together as one big physical LAN.
- If there are DHCP servers running on the original LANs then once they are logically connected as a single segment it will be as if multiple DHCP servers are running on the same Ethernet network. As explained in section
#10.2.9#,this causes protocol conflicts and overall network instability. - When dealing with LANs that already have a fairly large amount of computers on them, you may have to make some changes to the network layout when building them into a LAN-to-LAN VPN using only bridge connections. (Especially when each computer is being assigned a static IP address.) If you are dealing with multiple LANs made up of multiple IP networks, we recommend also using IP routing (explained in section
#10.6#)when setting up your LAN-to-LAN VPN.
Version as of 18:03, 4 Mar 2013
...
To build a LAN-to-LAN VPN you will need to utilize both local bridges (see section 3.6 Local Bridges) and cascade connections (3.4 Virtual Hub Functions).
Local bridging, which appeared in section 10.4 Build a Generic Remote Access VPN, is a feature that allows you to make an Ethernet connection between a Virtual Hub and a physical network adapter. A cascade connection is a feature that allows you to connect Virtual Hubs running on different computers together at the Ethernet level. These two features allow you to use SoftEther VPN to build an extremely flexible VPN.
...
If you believe the cons listed above would result in problems for your network, we recommend connecting your LANs via layer 3 routing. This method is introduced in section 10.6 Build a LAN-to-LAN VPN (Using L3 IP Routing).
...
Because the VPN Server must receive incoming VPN connections from the VPN Bridges over the Internet, it must have a public IP address or be able to receive TCP/IP communication through NAT, a firewall, or a reverse proxy system as described in section 10.2 Common Concepts and Knowledge. Please consult with your network administrator if you are unsure about any of these issues.
...
10.5.6 Installing VPN Bridge to the Sub-LAN
...
10.5.7 Configuring the Local Bridges
Local bridges will be configured at both the VPN Server in Tokyo, and the VPN Bridge in Osaka. Refer to section 3.6 Local Bridges and create a local bridge connection from the Virtual Hub to the LAN.
...
- As explained in detail in section 3.6 Local Bridges, if possible, try to set aside network adapters strictly for local bridging when making your local bridge connection. We recommend that you do not use a protocol stack for your local bridge network adapters, and do not assign TCP/IP IP addresses to them.
- We also recommend that you use a high quality network adapter from a trusted maker for your local bridge connections. For more information please refer to 3.6 Local Bridges.
10.5.8 Configuring Cascade Connections
...
10.5.9 Connecting to the LAN-to-LAN VPN/Performing a Communication Test
...
10.5.10 Supplementary Information
...
- The multiple LANs that make up the LAN-to-LAN VPN will be logically connected as a single Ethernet network (broadcast domain segment) once they are connected via bridge connections. Thus, they will be able to communicate with each other as such. Therefore, computers will use the VPN to communicate between these networks exactly as if they were connected together as one big physical LAN.
- If there are DHCP servers running on the original LANs then once they are logically connected as a single segment it will be as if multiple DHCP servers are running on the same Ethernet network. As explained in section 10.2 Common Concepts and Knowledge, this causes protocol conflicts and overall network instability.
- When dealing with LANs that already have a fairly large amount of computers on them, you may have to make some changes to the network layout when building them into a LAN-to-LAN VPN using only bridge connections. (Especially when each computer is being assigned a static IP address.) If you are dealing with multiple LANs made up of multiple IP networks, we recommend also using IP routing (explained in section 10.6Build a LAN-to-LAN VPN (Using L3 IP Routing)) when setting up your LAN-to-LAN VPN.
