Hello there! I’m Corels from Emmanuel Corels Creatives. In today’s guide, we’re going to explore how to connect two separate networks using SoftEther VPN in a site-to-site configuration. This setup allows you to bridge remote offices or branch locations, so devices on one network can communicate with those on another—as if they were on the same local network. Let’s walk through the process step by step.
What Is Site-to-Site Connectivity with SoftEther VPN?
Site-to-site connectivity lets you create a secure tunnel between two networks. Instead of having individual clients connect to a central VPN server, the networks themselves are connected. SoftEther VPN supports multiple protocols and can bridge these networks seamlessly, enabling unified resource access, file sharing, and centralized management across distant sites.
Step 1: Prepare Your SoftEther VPN Servers
You’ll need a SoftEther VPN Server running at each site. Ensure that:
- Each server is installed (on Linux, Windows, etc.) and reachable over the internet.
- You have a Virtual Hub created on each server (for example, “BranchHub1” and “BranchHub2”).
- Administrative access is available via vpncmd or the SoftEther VPN Server Manager.
For example, on each server:
-
Launch vpncmd:
sudo /usr/local/softether/vpncmd -
Connect to the VPN Server (choose option 1) and then enter your Virtual Hub by typing:
Hub BranchHub1(Do the equivalent on the second site with “BranchHub2”.)
-
Set a strong administrator password if you haven’t already:
ServerPasswordSet
Step 2: Configure Virtual Hubs for Bridging
On both VPN servers, you will set up the Virtual Hubs to support bridging the two networks.
-
Create the Virtual Hubs (if not already created):
- On Site 1:
HubCreate BranchHub1 - On Site 2:
HubCreate BranchHub2
- On Site 1:
-
Enter Each Hub:
- On Site 1:
Hub BranchHub1 - On Site 2:
Hub BranchHub2
- On Site 1:
-
Set Up a Bridge Within Each Hub: SoftEther VPN Server can internally bridge connections. Although Virtual Hubs act like virtual switches by default, you may wish to create a bridge if you plan to merge the VPN with a local physical network. In many cases, simply connecting the hubs with the correct routing suffices.
Step 3: Establishing the Site-to-Site VPN Link
To connect the two networks, you will configure a site-to-site connection between the Virtual Hubs. SoftEther offers a feature called “Cascade Connections” that is ideal for this purpose.
-
Create a Cascade Connection on Site 1: While in the vpncmd prompt for “BranchHub1”, type:
CascadeCreate BranchToSite2 /SERVER:Site2_Public_IP:Port /HUB:BranchHub2- BranchToSite2: A descriptive name for the connection.
- /SERVER: Replace
Site2_Public_IP:Portwith the public IP address (or DDNS hostname) and port of the SoftEther VPN Server at Site 2. - /HUB: Specify the Virtual Hub name at Site 2, e.g.,
BranchHub2.
-
Configure the Cascade Connection: After creating the connection, you can adjust parameters such as:
- Cascade Password: Set a password that will be used for mutual authentication between the sites.
Follow the prompts to set a strong password.CascadePasswordSet BranchToSite2 - Virtual Network Settings: Optionally, define IP address ranges if you want the sites to share a common subnet or use routing between them.
- Cascade Password: Set a password that will be used for mutual authentication between the sites.
-
Confirm the Cascade Connection: Use:
CascadeStatusGet BranchToSite2This command displays the status of the cascade connection, confirming that the tunnel is established.
Note: On Site 2, you should see the incoming cascade connection reflected in the Virtual Hub’s connection list. SoftEther automatically handles the bidirectional link, so you typically only need to configure it on one side, ensuring that the corresponding settings match.
Step 4: Routing and Network Integration
With the cascade connection in place, devices at both sites can now communicate. Depending on your network design, you have two main approaches:
-
Bridging:
Merge the remote network with your local LAN so that they operate as one broadcast domain. This is ideal if you need seamless connectivity for applications like file sharing or remote desktop. -
Routing:
Maintain separate subnets at each site and configure static or dynamic routes so that traffic between sites is directed through the VPN tunnel. In vpncmd, you can set up routing policies or use external routers to manage inter-site traffic.
For a basic configuration, you might set up static routes on each SoftEther VPN Server:
- On Site 1:
RouteCreate /DESTINATION:Site2_Subnet /NEXT_HOP:BranchToSite2 - On Site 2:
RouteCreate /DESTINATION:Site1_Subnet /NEXT_HOP:BranchToSite2
Replace Site2_Subnet and Site1_Subnet with the respective LAN IP ranges for each site.
Step 5: Testing the Site-to-Site Connection
-
Check Cascade Status: Use
CascadeStatusGet BranchToSite2on Site 1 to ensure the connection is active. -
Ping Between Sites: From a device on Site 1, ping an IP address from Site 2’s LAN (and vice versa). This confirms that the tunnel is routing traffic correctly.
-
Verify Routing: Ensure that the routes you created are active and that traffic is flowing through the cascade connection by checking the routing table on each server.
Final Thoughts
By setting up a site-to-site VPN using SoftEther’s cascade connections, you can securely link remote networks as if they were a single local network. This configuration is perfect for extending your network across branch offices or remote sites without complicated hardware installations.
Take your time to configure each step, test connectivity, and adjust routing as needed. With SoftEther’s flexible multi-protocol support and cascade functionality, your site-to-site connectivity becomes both secure and efficient.
If you have any questions or need further assistance, feel free to reach out. Enjoy the power of connected networks, and happy VPN-ing!
Explained with clarity by
Corels – Admin, Emmanuel Corels Creatives
