VPN client acquires incorrect subnet mask
Posted: Sat Apr 18, 2015 1:55 am
I'm using this IP block on my LAN: 10.10.8.0/22, i.e. my subnet mask is 255.255.252.0
DHCP server hands out 10.10.10.xx IP addresses on the LAN and the correct /22 subnet mask above. It definitely works on the LAN.
SoftEther is set up to offer L2TP / IPSec VPN services. It resides at 10.10.8.10.
My VPN client (Mac OS X 10.8.5. built in), acquires a 10.10.10.xx IP address as expected, however, routing tables look like this:
10.10.10/24 ppp0 # i.e. incorrect /24 subnet mask.
I have read this page of manual: https://www.softether.org/index.php?tit ... d-in_Users
The above page says:
An IP address will be leased from the DHCP server, and the IP address will be assigned on the L2TP VPN client session. Default gateway, subnet mask, DNS address and WINS address will be also applied on the L2TP VPN client. So if no DHCP server, no login successes.
Therefore I expect /22 to be applied to VPN client route.
Is this a bug or incorrect setup? Has anyone seen this as well? Does anyone have advice about how to fix?
I guess I can probably fix via SecureNAT implementation, but is this the only way? I would like to keep setup as simple as possible and prefer a single network over a separate subnet for VPN clients, which I would end up with if I used SecureNAT.
Any feedback appreciated!
DHCP server hands out 10.10.10.xx IP addresses on the LAN and the correct /22 subnet mask above. It definitely works on the LAN.
SoftEther is set up to offer L2TP / IPSec VPN services. It resides at 10.10.8.10.
My VPN client (Mac OS X 10.8.5. built in), acquires a 10.10.10.xx IP address as expected, however, routing tables look like this:
10.10.10/24 ppp0 # i.e. incorrect /24 subnet mask.
I have read this page of manual: https://www.softether.org/index.php?tit ... d-in_Users
The above page says:
An IP address will be leased from the DHCP server, and the IP address will be assigned on the L2TP VPN client session. Default gateway, subnet mask, DNS address and WINS address will be also applied on the L2TP VPN client. So if no DHCP server, no login successes.
Therefore I expect /22 to be applied to VPN client route.
Is this a bug or incorrect setup? Has anyone seen this as well? Does anyone have advice about how to fix?
I guess I can probably fix via SecureNAT implementation, but is this the only way? I would like to keep setup as simple as possible and prefer a single network over a separate subnet for VPN clients, which I would end up with if I used SecureNAT.
Any feedback appreciated!