Hello
Cannot get virtual nat working.
The softether is a windows machine and behind NAT.
No port forwardings.
No problems accessing the Internet.
The client , also windows, is on the Internet, also behind NAT.
I have the default Hub named VPN.
Have tried enabling SecureNAT and also without SecureNAT.
The client cannot see the HUB and cannot connect.
Also tried the other way around in case the problem was with the specific NAT firewall (different firewalls on both ends), but that didn't help.
What I'd like is to be able to connect without configuring any port forwardings on the NAT firewalls.
I don't want to use Azure because that is a bottleneck (I got around 500ms ping rtt).
So from clean install, what are the steps to get this Secure NAT / Virtual NAT firewall penetration working?
Virtual Nat advice please
-
syd
- Posts: 5
- Joined: Mon Dec 05, 2016 7:04 pm
Re: Virtual Nat advice please
Ok so I finally took the time and installed Centos (VM).
Now the client can see and connect to the hub.
I'm using local bridge and I have a dhcp server on the server side.
However the client doesn't aquire an ip-address.
If I set a static IP on the client, I can ping the server-side lan just fine.
Gonna search the forum some more to see if I can find the answer to this one.
Now the client can see and connect to the hub.
I'm using local bridge and I have a dhcp server on the server side.
However the client doesn't aquire an ip-address.
If I set a static IP on the client, I can ping the server-side lan just fine.
Gonna search the forum some more to see if I can find the answer to this one.
-
syd
- Posts: 5
- Joined: Mon Dec 05, 2016 7:04 pm
Re: Virtual Nat advice please
So I didn't get any further with the VM.
Instead I installed SE server on a physical Centos.
Still, after establishing VPN from a windows client, no IP was aquired.
Tried both dnsmaq on the Centos machine and internal DHCP on the vpnserver side LAN.
Running dnsmasq -d I see indeed the client is requesting a ip address, The server offers one, but the client fails to update it's interface.
Just for kicks, I tried a ipconfig /renew on the client.
Now it got IP! Both when testing with dnsmasq and the internal DHCP (router on server side).
So it seems the client cannot update the VPN interface? But manual ipconfig /renew works?
Anyone got any ideas why?
I'm using the RTM client right now, gonna try the beta later.
Instead I installed SE server on a physical Centos.
Still, after establishing VPN from a windows client, no IP was aquired.
Tried both dnsmaq on the Centos machine and internal DHCP on the vpnserver side LAN.
Running dnsmasq -d I see indeed the client is requesting a ip address, The server offers one, but the client fails to update it's interface.
Just for kicks, I tried a ipconfig /renew on the client.
Now it got IP! Both when testing with dnsmasq and the internal DHCP (router on server side).
So it seems the client cannot update the VPN interface? But manual ipconfig /renew works?
Anyone got any ideas why?
I'm using the RTM client right now, gonna try the beta later.
-
syd
- Posts: 5
- Joined: Mon Dec 05, 2016 7:04 pm
Re: Virtual Nat advice please
Ok finally working.
Seems to be a couple of issues here.
1. Serverside firewall was OpenBSD based first. Could not connec to SE server trough that, nothing worked.
2. Moved to different firewall and the client could then see the SE server.
3. Client (2012 R2) didn't get a IP address (DHCP on SE server LAN)
4. Tried different client, Win7, which did get IP address.
Next replaced PC based CentOS SE with Raspberry.
Installation and configuration was fast and troublefree. Everything worked on first try.
Seems to be a couple of issues here.
1. Serverside firewall was OpenBSD based first. Could not connec to SE server trough that, nothing worked.
2. Moved to different firewall and the client could then see the SE server.
3. Client (2012 R2) didn't get a IP address (DHCP on SE server LAN)
4. Tried different client, Win7, which did get IP address.
Next replaced PC based CentOS SE with Raspberry.
Installation and configuration was fast and troublefree. Everything worked on first try.