SoftEther VPN User Forum

First of all, thanks for the great piece of software. Works really well for me.

I have one question though. When I connect to my VPN server at work, the default route is created at my client PC and all traffic goes throuh the work PC (where the VPN server is). I would like only the server's virtual NAT's subnet added to the routing table.

I've attached screenshot of how my routing table looks like before connecting to the server (before.png) and after connecting (after.png).

I tried checking the "No Adjustments of Routing Table" checkbox in the Client's advanced settings, but without success.

In order to use the VPN I have to manually alter the routing table every time the connection is established. That kind of ruins the experience. Is there any way to disable creation of the default route? Thanks a lot in advance!

Btw. I am using VPN server with virtual NAT and virtual DHCP. Windows 8.1 on the client side.

I am somewhat new to VPN in general and so excuse my ignorance if I ask any stupid questions, but I think this may be the same question I have about SoftEther. I'm going to post my version of the question in a new thread so that more see it and it increases my chances of getting an answer.

I need to connect to my home network from work so that I can remote desktop into my LAN PCs at home so I am using SoftEther in a "Remote Access to LAN" capacity. I'm assuming that's the configuration I need to use.

The issue I'm having is that as soon as I connect to VPN from work, my work PC uses the remote home network for all Internet and network access. A friend at work indicated there is such a thing called "split tunneling" which would allow my work PC to continue to use the work LAN network resources as it usually does and only use the VPN connection for the remote desktop activities. However, I'm unable to find that option anywhere in the client or server. Can someone tell me how I would do this?

check the option "do not modify default route" somewhere in connection advanced properties.

Setting metric to automatic or a high value on the vpn client adapter should solve the problem.

Thank you for the responses. Setting the VPN virtual adapter on the client to a higher value (I set mine to 100) did the trick. Having another issue though, going to start a thread on the main forum. Thanks again.

parkycai wrote:
> check the option "do not modify default route" somewhere in
> connection advanced properties.

Cannot find this setting.. can you please tell me where exactly is it located?

I could not find the option either. I don't think it exists. Use the metric process, worked like a charm for me.

[attachment=0]Untitled.png[/attachment]

I stand corrected. So to make sure I understand, checking this option does the following:

1. Normal Internet communication on the VPN client side continues to flow through the connection used prior to the VPN connection.
2. When connecting to a resource on the VPN server side of things, such as using Remote Desktop to connect to one of the server's network machines or using Windows Explorer to access a drive on one of the server's network machines, it will automagically use the VPN connection. (If this is true, how does this work? What are the limitations? Does the IP range need to be different?)
3. Enabling this option removes the need to modify the metrics on any of the client side network adapters.

As an aside, which would be better, using metrics or this option? Wouldn't using metrics give more control?

At least 1) and therefore 3) did not work for me.

Same here. I just tested it by setting all of my adapters back to automatic metrics, enabling the option, rebooting and testing it, and had the same experience. It seems manually changing the metrics is the only way it really works.

I notice that in the VPN adapter for Windows (7 and others?), there is an option to "Use default gateway on remote network" that can be disabled, and I've seen talk on the Internet of how people are using this option to do what we're wanting to do. Is this option anywhere in SoftEther, can it be implemented in SoftEther, and can you even connect to a SoftEther VPN server using Windows VPN connections?

---edit---
Forget I asked anything above. I've checked out Windows native VPN support and it's a joke, so nevermind.

If you use Virtual DHCP server, you should delete the gateway and dns configuration in Virtual DHCP server in HUB, then need to change the subnet, because sometimes the gateway configuration and dns persist even after removal. I hope you understand what I wrote:)

The Virtual DHCP server actually can solve the problem but could conflict with the internal DHCP server if there is already one on the network, if I understand the warning in SoftEther VPN server correctly.

So when we don't use the Virtual DHCP Server SoftEther VPN Client lacks the ability to disable the default route created.

0.0.0.0 0.0.0.0 192.168.110.254 192.168.110.140 200

I could remove the route manually but that would be devious.

route delete 0.0.0.0 mask 0.0.0.0 192.168.110.254

Can the developers of SoftEther build a disable default route option so users with an internal DHCP server can only send VPN related traffic throught the VPN tunnel?

The default route has nothing to do with DHCP servers.

Yes it does, when using the virtual DHCP you are able to clear the Gateway field thus not giving the client a default gateway and this results in not giving the client a default route.

When using an internal (your own) DHCP server you can of course not give a default gateway but this would affect all local users as well, so this is no option at all.

mesa57 wrote:
> The default route has nothing to do with DHCP servers.

thats not completely true. Most DHCP-Servers send a default-gateway (dhcp-option 3) to the client --> client overrides

I didn't read the other answers, but I will post my solution for this problem. Maybe its helpfull.

My homentwork use the range 10.10.10.0/24. Home DHCP/DNS are installed on 10.10.10.10 and SoftEther runs on a raspberry pi with the IP 10.10.10.100.
On the PI, Softether creates a new tap_device and I add manually the IP 10.10.20.1/24 to it.

Additionally, I installed dnsmasq and add this to the dnsmasq.conf file:

dhcp-range=tap_soft,10.10.20.100,10.10.20.200,12h
dhcp-option=3
dhcp-option=6,10.10.10.10
dhcp-option=121,10.10.10.0/24,10.10.20.1

What it does?
dhcp-range=tap_soft,10.10.20.100,10.10.20.200,12h --> will give IPs to clients on the tap_device (range 10.10.20.100 to 10.10.20.200). This means vpn-clients will have there own subnet and dhcp server.

dhcp-option=3
This will send the "new" default gateway and because its empty --> no new gateway

dhcp-option=6,10.10.10.10
This will send the DNS server. In this case, all DNS request are going through the vpn. So, its a bit slower, but I can use my homenetwork name-resolution. (local name resolutions like Bonjour, LLMNR will not work).
If you don't need your home/work dns server, replace 10.10.10.10 with your normal dns or 8.8.8.8 (google dns)

dhcp-option=121,10.10.10.0/24,10.10.20.1
The dhcp-option 121 will send a new route to the clients. In this example. The subnet 10.10.10.0/24 is routed to 10.10.20.1 (the internal vpn-server-ip)


So, If I connect to my vpn, only dns queries and traffic to 10.10.10.0/24 are going through the vpn. All other use the normal internet connection. And yes, this will NOT work with the included virtual DHCP server, because it has not the option to set special dhcp-options.

Are you using a Windows on client side?
If so, try to increase the interface metric number of the virtual NIC.