How to ping clients from server when use SecureNAT?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Posts: 1
Joined: Tue Jun 05, 2018 7:25 am

How to ping clients from server when use SecureNAT?

Post by foxinstone » Tue Jun 05, 2018 7:56 am

I already install SoftEther server on my linux VPS(Ubuntu 16.04), and many clients on my PC(linux,windows,android), Everything looks like OK, So i think it's a amazing VPN software.

However, when i enable the SecureNAT & DHCP, Every client can access internet through SE, "client to client" & "client to server" both OK... Just one problem: I can not ping every client from server by virtual IP address, This means my other service(programs) cannot access them through the virtual IP address.

So, i disable the SecureNAT and install a TAP bridge ( give it Virtual IP address),then i can ping every client from server, but every client can not access internet(freedom) . i know ,may be i need install DNSmasq and set iptables,that may be handle it, but , i think may be Also there's an easier way , so that I can use SecureNAT at the same time can access form server to client?

According my test, SecureNAT's speed is not slower than a local bridge, i like it. On the other hand, I think SE server is not an exclusive one host, In this host, there are a lot of other service, they do not hope SE server change anything(For example, modify the default gateway), they just hope can add a new IP segment, that will be best.

Please help me.

Server & client version: Ver 4.27, Build 9668, beta

In fact,when both TAP bridge and SecureNAT exist,sometimes(few time) can ping through client from server, In one test, three 64B lines took about one hour. please see the screenshot:[attachment=0]ping.JPG[/attachment]

Posts: 4
Joined: Sat Jun 09, 2018 5:37 am

Re: How to ping clients from server when use SecureNAT?

Post by whattheserver » Sat Jun 09, 2018 6:07 am

You should check the VPN hub user's policies. Go to manage virtual hub > manage users' > edit users' > Security Policy

Look for "Privacy Filter Mode"

"All direct communication between sessions with the privacy filter mode policy setting will be filtered."

If that is enabled with the secure nat/DHCP that will make the other users invisible to each other on the hub.
What The Server- Your Privacy Solution Specialist

Posts: 2817
Joined: Mon Feb 24, 2014 11:03 am

Re: How to ping clients from server when use SecureNAT?

Post by thisjun » Thu Jul 12, 2018 5:24 am

I think using TAP mode localbridge and SecureNAT both is a good way.

Please assign the IP address statically when using TAP mode localbridge and SecureNAT at the same time. Because, if the default gateway isn't configured for TAP, the host doesn't work well.

Post Reply