It is currently Fri Sep 22, 2017 6:18 am

All times are UTC




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Tue Jul 26, 2016 12:42 pm 

Joined: Tue Jul 26, 2016 12:20 pm
Posts: 3
Hi, im not admin. Can some one help me?


I have vServer with SoftEther VPN server (SRV1).

User (PC) and remote office lan (hardware router with build-in vpn client) must connect to SRV1 and use local resources (shares, local web site, business apps etc).


SRV1 has 2 adapters. One with static white IP (name WAN) for accsess from internet, and one local (name LAN).

After setup and settings SoftEther VPN server :

One virtual hub with enabled secureNAT ( name HUB1)
One local bridge HUB1<--->LAN

VPN clients use build-in windows vpn and connect to server. They can use local res but all client's internet traffic routed by VPN server. Is bad because VPN server has limited bandwith.

1. I try disable "use remote gateway" option on client side connection's setting. But after it vpn-users cant accsess to LAN on server.
2. I try disable SecureNAT (only DHCP enabled). Same. LAN reses missed
3. I try full disable SecureNAT and use only local bridge with enabled third-part DHCP. But vpn clients dont get IPs from LAN DHCP. (dhcp work fine, SRV1 get IP on LAN adapter from him)

what wrong? How to allow vpn clients use only LAN resources, communicate between VPN clients and remoute lans and deny use VPN server for accsess to internet (they must use selfown internet)?


Top
 Profile  
Reply with quote  
PostPosted: Tue Jul 26, 2016 1:38 pm 

Joined: Tue Mar 25, 2014 8:29 pm
Posts: 23
Use the access control list feature!
Set up a rule with low priority (a great number).
The rule should always be applied at last.

Then you need a rule with high priority (a small number) which allows access to your lan.


Attachments:
Unbenannt.PNG
Unbenannt.PNG [ 83.86 KiB | Viewed 2577 times ]
Top
 Profile  
Reply with quote  
PostPosted: Tue Jul 26, 2016 1:46 pm 

Joined: Tue Jul 26, 2016 12:20 pm
Posts: 3
Solved.

1. Use local bridge only
2. Disable VPN-client option "Use remote gateway"
3!!!! Enable Promiscuous mode for virtual machine


P.S Maybe any solution for setting deny "use remote gateway" on server side. Is not easy task for more users change vpn settings on client side.

P.P.S Access list is not solution. Because vpn clients still route internet traffic to VPN server, but server start block - now user lose internet after he connect to server :)


Attachments:
2016-07-26_132331.jpg
2016-07-26_132331.jpg [ 135.68 KiB | Viewed 2574 times ]
Top
 Profile  
Reply with quote  
PostPosted: Wed Jul 27, 2016 8:48 am 

Joined: Tue Mar 25, 2014 8:29 pm
Posts: 23
vizary wrote:
> Solved.
OK.
>
> 1. Use local bridge only
> 2. Disable VPN-client option "Use remote gateway"
> 3!!!! Enable Promiscuous mode for virtual machine
I didn't get the server runs as a virtual machine.
>
>
> P.S Maybe any solution for setting deny "use remote gateway" on
> server side. Is not easy task for more users change vpn settings on client
> side.
>
> P.P.S Access list is not solution. Because vpn clients still route internet
> traffic to VPN server, but server start block - now user lose internet
> after he connect to server :)
IMHO I thought that was what you wanted to have. Only VPN access and no internet through VPN.
Then ACL seems to be the best solution at least for me. :-)


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 13, 2017 3:25 pm 

Joined: Wed Sep 13, 2017 3:19 pm
Posts: 1
I know this is old....but this is how you have your users NOT go through VPN for internet access.

On the local machine, you must edit or set up the VPN like this
*In the networking tab, click IPv4 and Properties, click advanced, Uncheck "use default gateway on remote network"

Now your users will use there internet.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group
Return to www.softether.org