Static IP for Kernel-mode NAT on physical LAN?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
simonb
Posts: 4
Joined: Fri Mar 31, 2017 12:30 pm

Static IP for Kernel-mode NAT on physical LAN?

Post by simonb » Fri Mar 31, 2017 12:44 pm

I would like to assign a static IP to the Kernel mode NAT. This is the physical LAN side address.

Currently, when I activate the Virtual NAT, I see something in the logs like:

2017-03-31 13:28:25.177 [HUB "MGMT-GCH"] SecureNAT: It has been detected that the Kernel-mode NAT for SecureNAT can be run on the interface "eth0". The Kernel-mode NAT is starting. The TCP, UDP and ICMP NA
T processings will be performed with high-performance via Kernel-Mode hereafter. The parameters of Kernel-mode NAT: IP Address = "192.168.0.57", Subnet Mask = "255.255.255.0", Default Gateway = "192.168.0.
253", Broadcast Address = "192.168.0.255", Virtual MAC Address: "DA-17-F0-B1-6F-B0", DHCP Server Address: "192.168.0.10", DNS Server Address: "192.168.0.10"

I would like to be able to assign a static address instead of the Virtual NAT always using the physical LAN-side DHCP server for its settings. Is this possible?

(Note that this is not concerning the Virtual DHCP server)

TPK
Posts: 5
Joined: Wed Dec 23, 2015 5:21 pm

Re: Static IP for Kernel-mode NAT on physical LAN?

Post by TPK » Fri Mar 31, 2017 5:47 pm

I just came across this today and was wondering the same thing...

In my case we are running the windows version of SoftEther server (I believe it is 4.19)...

We have some resources on our network that need IP filters applied, and I would rather not rely on an address that could change based on a DHCP lease...

I can see the address being leased at the DHCP server (of course we are using the Microsoft domain DHCP sever on our network here)... The client name in the lease appears to be in the format of "securenat-<MAC ADDRESS>.<DOMAIN SUFFIX>"..

One possible workaround I suppose would be to use the DHCP server and static assign an IP address using a reservation based on the MAC address being used by the securenat (found in the DHCP lease), however this assumes that the MAC address is static and unchanging (I cannot imagine that this wouldn't be the case)...

IT would be just better if there was a way to configure this with a static IP, or at least tell it which interface to use and have it use the IP address assigned there for the LAN side of of the NAT...

Does anyone know how this is working?? How can we configure a static IP for this??

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Static IP for Kernel-mode NAT on physical LAN?

Post by thisjun » Thu Apr 06, 2017 6:47 am

Please try to disable Kernel mode NAT or use external NAT.

simonb
Posts: 4
Joined: Fri Mar 31, 2017 12:30 pm

Re: Static IP for Kernel-mode NAT on physical LAN?

Post by simonb » Thu Apr 06, 2017 8:18 am

I set DisableKernelModeSecureNAT to 1 and now the behaviour has changed. Instead of picking up an IP address from the LAN it is now picking up an address on the 10.171.7.0 range.

2017-04-06 08:58:14.957 [HUB "MGMT-GCH"] SecureNAT: It has been detected that the Kernel-mode NAT for SecureNAT can be run on the interface "ipv4_rawsocket_virtual_router". The Kernel-mode NAT is starting. The TCP, UDP and ICMP NAT processings will be performed with high-performance via Kernel-Mode hereafter. The parameters of Kernel-mode NAT: IP Address = "10.171.7.254", Subnet Mask = "255.255.255.252", Default Gateway = "10.171.7.253", Broadcast Address = "10.171.7.255", Virtual MAC Address: "DA-14-EB-9B-EB-83", DHCP Server Address: "10.171.7.253", DNS Server Address: "8.8.8.8"

What DHCP server is the Virtual NAT using now? Is there any way to change it?

Otherwise I will try the second option and use an external NAT as suggested.

Would be nice if information was displayed in the Admin GUI about the output port of the NAT. Without looking at the logs its not easy to tell what its doing.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Static IP for Kernel-mode NAT on physical LAN?

Post by thisjun » Wed Apr 19, 2017 6:34 am

RawIP mode and User mode NAT use IP address of the host.

simonb
Posts: 4
Joined: Fri Mar 31, 2017 12:30 pm

Re: Static IP for Kernel-mode NAT on physical LAN?

Post by simonb » Wed Apr 19, 2017 6:59 am

The host has two IP addresses, one internal 192.168.108.132 and one external 31.6.xx.xx. So I am puzzled where the 10.171.7.0 range address is coming from.

Also, switching off kernel mode NAT resulted in DHCP breakthrough onto the LAN. Machines started picking up addresses in the 192.168.40.0 range.

TPK
Posts: 5
Joined: Wed Dec 23, 2015 5:21 pm

Re: Static IP for Kernel-mode NAT on physical LAN?

Post by TPK » Wed Apr 19, 2017 4:38 pm

I did just set the "DisableKernelModeSecureNAT" option in the Virtual Hub Extended options (set it to "1"), and then diabled/enabled securenat and now it seems to be using the host IP now for its NAT...

The "DisableIPRawModeSecureNAT" was already not set (was "0") so I left that alone...

I am not 100% sure what other impact the change will have on the system, but I think it is working at least a little more the way I would like it to for now...

Post Reply