Hi,
I have a setup that's working quite well for translating other language to softether to use softether's flexibility as it uses an ethernet adapter module for the client.
As of now, my client is 192.168.3.6 connecting to vpn server 192.168.3.10 which has a default gateway in a provider's vpn (45.X.X.X).
As of now, I always used securenat for the nat and dhcp which resulted in my client having 192.168.30.10 as local ip and 45.x.x.x on the internet.
I wanted to upgrade my setup to have 4 more server, essentially 1 cluster controller and 3 members.
Everything went quite well changing the setup except when I found out the Virtual NAT feature of SecureNAT isn't compatible with a cluster.
I tried everything I knew to "make the member server nat" for the client to connect to, I can't figure out a way to make this.
Here's my question : Is there a way to make my server nat without securenat so that I could replicate this change on the 3 cluster member.
Here's a text diagram of what I tought originally :
client 192.168.3.6 --> Cluster Controller 192.168.3.11
then connects to one of the following :
--> Cluster Member 192.168.3.12 lan, 45.x.x.x WAN /// (Client would receive a NAT IP)
or
--> Cluster Member 192.168.3.13 lan, 206.x.x.x WAN /// (Client would receive a NAT IP)
or
--> Cluster Member 192.168.3.12 lan, 75.x.x.x WAN /// (Client would receive a NAT IP)
Do I need to use a TAP adapter on Cluster Members for it to work? I'm quite lost here as I don't know a ton about nat ouside of a router environnement.
Thank you a lot!
Need suggestion - Nat in softether cluster
-
- Posts: 32
- Joined: Mon Dec 01, 2014 2:09 am
-
- Posts: 15
- Joined: Thu Aug 03, 2017 9:38 am
Re: Need suggestion - Nat in softether cluster
Hey! Do you work this out already? Cluster + SecureNAT co-exist in the same network. Thanks!
Jet
Jet
-
- Posts: 32
- Joined: Mon Dec 01, 2014 2:09 am
Re: Need suggestion - Nat in softether cluster
Still awaiting for someone's idea to make it work. I'm sure this would be doable with iptables nat, just need confirmation before I try
-
- Posts: 15
- Joined: Thu Aug 03, 2017 9:38 am
Re: Need suggestion - Nat in softether cluster
Maybe this article will help: https://majornetwork.net/2015/05/softet ... ress-pool/.
-
- Posts: 32
- Joined: Mon Dec 01, 2014 2:09 am
Re: Need suggestion - Nat in softether cluster
Thanks a lot for this article. It seemed as something I would need, but it wansn't the case after all. What this guy's doing is more for an entreprise setup with dedicated vpn pool.
After all, I finally managed to make it happenned. It's not bulletproof, but it will do the job nicely.
I removed every cluster feature of my project and went with a different point of view.
I have setup 4 vm who "translates" the provider's vpn and have securenat enabled with nat and dhcp.
As my client who needs the servers will always be inside my network, I have setup a dns round robin pointing on the ip of the servers.
Example :
vpn.domain.com will redirect to one of :
192.168.3.10 (206.x.x.x, country 1, securenat pool 192.168.0.x/24)
192.168.3.11 (45.x.x.x, country 2, securenat pool 192.168.10.x/24)
192.168.3.12 (104.x.x.x, country 3, securenat pool 192.168.20.x/24)
192.168.3.13 (172.x.x.x, country 4, securenat pool 192.168.30.x/24)
The only limitation for me using this technique is if a VM is not accessible but the address is reacheable by the client, it will still try to connect to that non-working server. If the faulty server is powered off completely or it's 192.x.x.x network can't be seen by the client, it will automatically take the next one on the dns round-robin list!
I have found that while dns round-robin isn't a really bulletproof implementation, it was still a lot easier to setup because all the vm aren't on the same IP segment externally and because the clustering feature of softether isn't compatible with securenat. It does the job great for what I needed.
If you have any questions, feel free to ask!
After all, I finally managed to make it happenned. It's not bulletproof, but it will do the job nicely.
I removed every cluster feature of my project and went with a different point of view.
I have setup 4 vm who "translates" the provider's vpn and have securenat enabled with nat and dhcp.
As my client who needs the servers will always be inside my network, I have setup a dns round robin pointing on the ip of the servers.
Example :
vpn.domain.com will redirect to one of :
192.168.3.10 (206.x.x.x, country 1, securenat pool 192.168.0.x/24)
192.168.3.11 (45.x.x.x, country 2, securenat pool 192.168.10.x/24)
192.168.3.12 (104.x.x.x, country 3, securenat pool 192.168.20.x/24)
192.168.3.13 (172.x.x.x, country 4, securenat pool 192.168.30.x/24)
The only limitation for me using this technique is if a VM is not accessible but the address is reacheable by the client, it will still try to connect to that non-working server. If the faulty server is powered off completely or it's 192.x.x.x network can't be seen by the client, it will automatically take the next one on the dns round-robin list!
I have found that while dns round-robin isn't a really bulletproof implementation, it was still a lot easier to setup because all the vm aren't on the same IP segment externally and because the clustering feature of softether isn't compatible with securenat. It does the job great for what I needed.
If you have any questions, feel free to ask!
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Need suggestion - Nat in softether cluster
How about controlling the client by some script?
-
- Posts: 4
- Joined: Wed Jun 06, 2018 9:00 am
Re: Need suggestion - Nat in softether cluster
acampeau wrote:
> If you have any questions, feel free to ask!
actualy im using the round robin too + nat, and the problem is when a client connects to ip after 5 sec disconnect and stucks reconnect..
its because the ip is changing and need to specify connected ip at the time and dont check for new ip for name server.
i really appreciate if one of you guys help me with this
i can provide you details to test and connect ..
email: Dj.Moh3n@gmail.com
skype: Dj.Moh3n
> If you have any questions, feel free to ask!
actualy im using the round robin too + nat, and the problem is when a client connects to ip after 5 sec disconnect and stucks reconnect..
its because the ip is changing and need to specify connected ip at the time and dont check for new ip for name server.
i really appreciate if one of you guys help me with this
i can provide you details to test and connect ..
email: Dj.Moh3n@gmail.com
skype: Dj.Moh3n