I got two Raspberry Pi 2 and I wanted to set up a L3 bridge between them, one positioned at my location, the other at my girlfriends.

The network schematics
network

I chose Softether VPN software as it looked promising. It has a lot of features, and is cross platform.

Their site has a lot of tutorials, the documentation is great, but everything is written for machines with two network adapters, and RPi has only one network adapter. So I started setting things up, and ran into a lot of problems. The best I could get it to work by their tutorials is that the L3 Bridge was up and running, and I could ping and access devices across both networks, but I couldn’t access the RPi on the other network, and neither could the RPi’s access each other.

The documentation for L2 Bridge and L3 Bridge.

I went to their forums, and got some helpful information from several topics, but nothing solid and no examples, so I searched for a lot of things on Google. Eventually I figured out I needed to set up network bridging withing linux with bridge-utils, and after several different configurations finally got it to work.

The schematics and configurations
setup

Location 1
Softether VPN Server
2 Virtual Hubs – Location1 and Location2
Virtual Hub Location1 – Local Bridge to virtual adapter tap_soft
Virtual Hub Location2 – no Local Bridge

Virtual L3 Switch – 2 Virtual interfaces:
VHub Location1 IP 192.168.5.254 Mask 255.255.255.0
VHub Location2 IP 192.168.1.254 Mask 255.255.255.0

User for cascade connection

Linux
Installed bridge-utils

sudo apt-get install bridge-utils

Added script to create br0 network bridge at VPN server startup

cat /usr/local/vpnserver/bridge-up.sh #!/bin/bash ################################# # Set up Ethernet bridge on Linux # Requires: bridge-utils ################################# # Define Bridge Interface br="br0" # Define list of TAP interfaces to be bridged, # for example tap="tap0 tap1 tap2". tap="tap_soft" # Define physical ethernet interface to be bridged # with TAP interface(s) above. eth="eth0" eth_ip="192.168.5.145" eth_netmask="255.255.255.0" eth_broadcast="192.168.5.255" gw="192.168.5.1" brctl addbr $br brctl addif $br $eth brctl addif $br $tap ifconfig $tap 0.0.0.0 promisc up ifconfig $eth 0.0.0.0 promisc up ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast route add default gw $gw

Added script to delete bridge after VPN server shutdown

cat /usr/local/vpnserver/bridge-down.sh #!/bin/bash #################################### # Tear Down Ethernet bridge on Linux #################################### # Define Bridge Interface br="br0" eth="eth0" eth_ip="192.168.5.145" eth_netmask="255.255.255.0" eth_broadcast="192.168.5.255" gw="192.168.5.1" tap="tap_soft" ifconfig $br down brctl delbr $br ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast route add default gw $gw

Modified the init.d script to incorporate bridge scripts and added LSB tags

cat /etc/init.d/vpnserver #!/bin/sh ### BEGIN INIT INFO # Provides: vpnserver # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Should-Start: $network $time # Should-Stop: $network $time # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start and stop the Softether VPN Server # Description: Controls the main VPN Server server ### END INIT INFO # # chkconfig: 2345 99 01 # description: SoftEther VPN Server DAEMON=/usr/local/vpnserver/vpnserver LOCK=/var/lock/vpnserver BRUP=/usr/local/vpnserver/bridge-up.sh BRDOWN=/usr/local/vpnserver/bridge-down.sh test -x $DAEMON || exit 0 case "$1" in start) $DAEMON start touch $LOCK sleep 5 $BRUP ;; stop) $DAEMON stop rm $LOCK $BRDOWN ;; restart) $DAEMON stop $BRDOWN sleep 3 $DAEMON start sleep 5 $BRUP ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 esac exit 0

Router
Added port forwarding

config redirect option target 'DNAT' option src 'wan' option dest 'lan' option proto 'tcp udp' option src_dport '5555' option dest_ip '192.168.5.145' option dest_port '5555' option name 'SoftEther Bridge'

Added static route:

config route option interface 'lan' option target '192.168.1.0' option netmask '255.255.255.0' option gateway '192.168.5.254'

Added static DNS entries (/etc/hosts) for equipment in other network

Location 2
Softether VPN Bridge
1 Virtual Hub – BRIDGE (default)
Virtual Hub BRIDGE – Local Bridge to virtual adapter tap_soft
Cascade connection to server on Location 1

Linux
Installed bridge-utils

sudo apt-get install bridge-utils

Added script to create br0 network bridge at VPN server startup

cat /usr/local/vpnserver/bridge-up.sh #!/bin/bash ################################# # Set up Ethernet bridge on Linux # Requires: bridge-utils ################################# # Define Bridge Interface br="br0" # Define list of TAP interfaces to be bridged, # for example tap="tap0 tap1 tap2". tap="tap_soft" # Define physical ethernet interface to be bridged # with TAP interface(s) above. eth="eth0" eth_ip="192.168.1.120" eth_netmask="255.255.255.0" eth_broadcast="192.168.1.255" gw="192.168.1.1" brctl addbr $br brctl addif $br $eth brctl addif $br $tap ifconfig $tap 0.0.0.0 promisc up ifconfig $eth 0.0.0.0 promisc up ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast route add default gw $gw

Added script to delete bridge after VPN server shutdown

cat /usr/local/vpnserver/bridge-down.sh #!/bin/bash #################################### # Tear Down Ethernet bridge on Linux #################################### # Define Bridge Interface br="br0" eth="eth0" eth_ip="192.168.1.120" eth_netmask="255.255.255.0" eth_broadcast="192.168.1.255" gw="192.168.1.1" tap="tap_soft" ifconfig $br down brctl delbr $br ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast route add default gw $gw

Modified the init.d script to incorporate bridge scripts and added LSB tags

cat /etc/init.d/vpnbridge #!/bin/sh ### BEGIN INIT INFO # Provides: vpnbridge # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Should-Start: $network $time # Should-Stop: $network $time # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start and stop the Softether VPN Bridge # Description: Controls the main VPN Bridge server ### END INIT INFO # # chkconfig: 2345 99 01 # description: SoftEther VPN Bridge DAEMON=/usr/local/vpnbridge/vpnbridge LOCK=/var/lock/vpnbridge BRUP=/usr/local/vpnbridge/bridge-up.sh BRDOWN=/usr/local/vpnbridge/bridge-down.sh test -x $DAEMON || exit 0 case "$1" in start) $DAEMON start touch $LOCK sleep 5 $BRUP ;; stop) $DAEMON stop rm $LOCK $BRDOWN ;; restart) $DAEMON stop $BRDOWN sleep 3 $DAEMON start sleep 5 $BRUP ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 esac exit 0

Router
Added static route:

config route option interface 'lan' option target '192.168.5.0' option netmask '255.255.255.0' option gateway '192.168.1.254'

Added static DNS entries (/etc/hosts) for equipment in other network

After that, everything works as planned. 🙂
Also, if you are wondering why I used scripts to create a bridge, it is because the network is initialized before the VPN server/bridge is started. The VPN software creates the tap_soft adapter upon startup.

EDIT: If you have trouble with accessing the other location from devices, apart from the router, you need to change a setting in the firewall settings for that router (/etc/config/firewall):

config zone option name 'lan' ... option forward 'ACCEPT'

You need to change the option forward ‘REJECT’ to ‘ACCEPT’.