Cloud to LAN Bridge VPN - SoftEther VPN Project

Cloud to LAN Bridge VPN

    banner2_3.jpgSoftEther VPN keeps a virtual dedicate Ethernet line from the Cloud to the LAN 24h/365d. You can consider remote Cloud private network as a part of your corporate network.

    2_cloud3.jpg

     

    Principles

    If you are using a lot of Cloud VMs, and operating private networks between Cloud VMs, SoftEther VPN can make a bridge between a Cloud-based private network and your corporate network. It means that you can build a virtual dedicated Ethernet line between your company and using Cloud Provider's network.

    After you build a VPN bridging between Cloud network and On-premise network, your Cloud network will be a part of your on-premise network. Then any computers on both cloud and on-premise can now access to any other computers beyond the differences and distances between corporate office and Cloud Service Providers.

    Step 1. Set up SoftEther VPN Server on a Side

    At first you must set up SoftEther VPN Server on either Cloud-side or On-premise side. It is depends on your strategy. If you might move to another cloud provider in future, you should put VPN Server on your corporate network. However if you don't have any stable Internet connections on the corporate-side you should utilize Cloud VM as a stable VPN Server.

    ss5.2.jpg

     

    Step 2. Set up SoftEther VPN Bridge on Another Side

    Set up and install SoftEther VPN Bridge on another side of Step 1.

    ss5.3.jpg

     

    Step 3. Build a LAN-to-LAN Bridge VPN between Cloud and On-premise

    The rest steps are exactly same to "LAN to LAN Bridge VPN" construction process.

    ss2.5_2.jpg

     

     

    Notes

    Note 1. Local Bridge Requires Promiscuous Mode

    Some VMs prohibit the "Promiscuous Mode" (MAC Address Spoofing) on the network adapters by default. If the Promiscuous Mode (MAC Address Spoofing) is administratively disabled, the Local Bridge function between a Virtual Hub on the VPN Server and a physical network adapter on the physical computer does not work well. You should allow the Promiscuous Mode (MAC Address Spoofing) by using the configuration tool of the VM. For details please refer the documents of your VM. If it is a shared-VM and administrated by other person, please request the administrator to permit the use of the Promiscuous (MAC Address Spoofing) Mode to your VM.

    Note 2. Alternative to Promiscuous Mode

    If your Cloud VM doesn't permit you activating promiscuous mode, you cannot use Local Bridge on cloud-side. In that case, as an alternative to promiscuous mode you can use SecureNAT Virtual DHCP and NAT Server Function on SoftEther VPN Server. Since this Virtual NAT function works under user-mode, you need no special permission from the administrators of Cloud VMs. However the performance might be reduced from using promiscuous mode.