Bind cascade connection to a specific IP

SoftEther VPN に関するご質問はこのフォーラムにお気軽にご投稿ください。
Post Reply
sars_rec
Posts: 11
Joined: Sun Dec 11, 2022 6:46 pm

Bind cascade connection to a specific IP

Post by sars_rec » Thu Apr 13, 2023 11:05 pm

my interface has three IP addresses. Is there a way to select specific IP addresses for cascading?
instead of using the default one i want to have a cascade connection with the second IP on the interface

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Bind cascade connection to a specific IP

Post by cedar » Fri Apr 14, 2023 10:10 am

VPN サーバーに割り当てられている IP アドレスを1つ開放して、VPN クライアントの仮想LANカードに割り当てて下さい。

sars_rec
Posts: 11
Joined: Sun Dec 11, 2022 6:46 pm

Re: Bind cascade connection to a specific IP

Post by sars_rec » Fri Apr 14, 2023 10:38 am

cedar wrote:
Fri Apr 14, 2023 10:10 am
VPN サーバーに割り当てられている IP アドレスを1つ開放して、VPN クライアントの仮想LANカードに割り当てて下さい。
unfortunately Data-center doesn't allow me to have the connection with new mac address.

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Bind cascade connection to a specific IP

Post by cedar » Fri Apr 14, 2023 11:02 pm

それなら、VPN Server にルーティングを設定するか、ポートフォワードアプリケーションを使用する方法もあります。

hiura
Posts: 143
Joined: Wed Mar 10, 2021 1:56 am

Re: Bind cascade connection to a specific IP

Post by hiura » Sun Apr 16, 2023 10:46 am

1.You can specify IP address on which VPN server listens for Developer Edition.

(1)Binding cascade connection to a specific IP address is available for VPN Server Developer Edition V5.02.
"ListenIP" is found in "vpn_server.config"

https://github.com/SoftEtherVPN/SoftEtherVPN/issues/193

(2)Binding cascade connection to a specific IP address is not available for VPN Server Stable Edition V4.38.
"ListenIP" is not found in "vpn_server.config"

(3)Edit "ListenIP" in "vpn_server.config" indicated below.
"vpn_server.config" (Configuration File for VPN Server Developer Edition V5.02 )

Code: Select all

declare root
{
	declare ServerConfiguration
	{
		string ListenIP 192.168.0.222	<---This is a listening IP address


2.Changing source IP address on which VPN client establishes connection.

If you would like to change the source IP address for outgoing connection of VPN Client,
Change "SkipAsSource" flag of IP addresses. This might work for Win10.
https://superuser.com/questions/1439333 ... erver-have
https://midene-sr.hatenablog.com/entry/ ... /29/162411

sars_rec
Posts: 11
Joined: Sun Dec 11, 2022 6:46 pm

Re: Bind cascade connection to a specific IP

Post by sars_rec » Sun Jun 04, 2023 1:21 pm

Actually, I want to have a cascade connection with a specific source IP address for outgoing connection for each hub.
i have three IP address on the interface 45.1.1.1,45.1.1.2 and 45.1.1.3 and three hub (hub1,hub2 and hub3) on the SoftEther

HUB 1 --> CASCADING via 45.1.1.1 -->
HUB 2 --> CASCADING via 45.1.1.2 -->
HUB 3 --> CASCADING via 45.1.1.3 -->

I can't achieve this by "ListenIP" in vpn_server config. I have linux server ubuntu 22.04

hiura
Posts: 143
Joined: Wed Mar 10, 2021 1:56 am

Re: Bind cascade connection to a specific IP

Post by hiura » Mon Jun 05, 2023 4:29 am

Unfortunately "ListenIP" in vpn_server config is for incoming connection when accepting a connection.

The function of binding outgoing connection to a specific source IP address is not supported by Softether VPN.
So, I modified the Softether Developer Edition to bind outgoing connection to a specific source IP address for Windows 10.

I am not sure that whether or not there is another way except for changing source code.

Mr.cedar may have good solution about this.
Last edited by hiura on Tue Jun 06, 2023 12:49 am, edited 1 time in total.

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Bind cascade connection to a specific IP

Post by cedar » Mon Jun 05, 2023 10:30 am

What you are trying to do is a process called NAPT.
SecureNAT provides a simple NAPT function, but it cannot meet your requirements because there is no way to fix the IP address on the WAN side.

In order to achieve this, I think it would be better to use a third-party NAPT processing application on the virtual LAN card connected to each Virtual Hub.

sars_rec
Posts: 11
Joined: Sun Dec 11, 2022 6:46 pm

Re: Bind cascade connection to a specific IP

Post by sars_rec » Tue Jun 06, 2023 7:30 pm

Mr.cedar could you please add this option to SoftEther?

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Bind cascade connection to a specific IP

Post by cedar » Wed Jun 07, 2023 2:30 am

Although it is not impossible to implement SecureNAT with a fixed WAN-side IP address, it is recommended to use an discrete NAPT application because it provides more flexibility in setting.

hiura
Posts: 143
Joined: Wed Mar 10, 2021 1:56 am

Re: Bind cascade connection to a specific IP

Post by hiura » Wed Jun 07, 2023 6:37 am

NAPTを使用すれば送信元IPアドレスを固定化できるという内容ですが、
例えば、WAN側に複数のIPアドレスA,B,Cが設定されている場合、
LAN内の端末Xが発したWANに向けた接続要求の送信元IPアドレスをB(AとかC)に指定できると言うことでしょうか?
Last edited by hiura on Wed Jun 07, 2023 9:53 am, edited 1 time in total.

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Bind cascade connection to a specific IP

Post by cedar » Wed Jun 07, 2023 7:40 am

OSのIPスタックを使用せず、独自のIPスタックを持ったアプリケーションであれば、そのような動作が可能です。
(実際、SecureNAT は OS の設定とは無関係に自身の WAN 側 IP アドレスを取得します。)

hiura
Posts: 143
Joined: Wed Mar 10, 2021 1:56 am

Re: Bind cascade connection to a specific IP

Post by hiura » Wed Jun 07, 2023 9:14 am

今回の場合、NICは一つ(MAC アドレスも当然一つ)しかないと言う制限付きと理解しています。
アプリで仮想NIC(LAN側?)を作り、それと実際のNIC(WAN側?)を接続するイメージでしょうか?
そうであれば、例えば、どんなアプリがあるのでしょうか?。WAN側が複数IP対応しているもので。

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Bind cascade connection to a specific IP

Post by cedar » Wed Jun 07, 2023 10:21 am

例えばSecureNATは(いくつかのモードがありますが)そのように動作します。
https://ja.softether.org/4-docs/3-kb/VPNFAQ036

なお、NIC が 1 つで、MAC アドレスが 1 つの場合でも、普通の OS でも、複数の IP アドレスを持つことは可能です。

hiura
Posts: 143
Joined: Wed Mar 10, 2021 1:56 am

Re: Bind cascade connection to a specific IP

Post by hiura » Wed Jun 07, 2023 12:07 pm

>例えばSecureNATは(いくつかのモードがありますが)そのように動作します。

VPN SERVERのSecureNATは、アプリ例えば、EDGEとか、リモートデスクトップとか、のパケットがVPN通過時にそのアプリの送信元IPアドレス、送信元ポートを変換する機能です。
今回問題になっているのは、VPN SERVER自身が確立するコネクション(カスケードコネクションのパケット)の送信元IPアドレスです。
自分の理解ですが。
したがって、SecureNATは使えないとおもいますが。。。

>なお、NIC が 1 つで、MAC アドレスが 1 つの場合でも、普通の OS でも、複数の IP アドレスを持つことは可能です。

それは理解しています。

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Bind cascade connection to a specific IP

Post by cedar » Wed Jun 07, 2023 9:25 pm

> Is there a way to select specific IP addresses for cascading?

質問では、このように書かれているので、仮想 HUB 内部から発信される通信についての話だと解釈しました。

hiura
Posts: 143
Joined: Wed Mar 10, 2021 1:56 am

Re: Bind cascade connection to a specific IP

Post by hiura » Thu Jun 08, 2023 4:50 am

I would like to make sure.
Which case is your requirement ?

case 1:
How to force Applications to use a specific ip address as source ip address ?

case 2:
How to force Cascade Connection to use a specific ip address as source ip address ?

sars_rec
Posts: 11
Joined: Sun Dec 11, 2022 6:46 pm

Re: Bind cascade connection to a specific IP

Post by sars_rec » Fri Jun 09, 2023 1:21 am

As i mentioned i have three IP addresses on an interface, I want to have cascade connection with a selected IP address

vps1 with three IP addresses (xxx.xxx.xxx.10,xxx.xxx.xxx.11,xxx.xxx.xxx.12) on interface ens33
Three hubs on VPS1 (hub1,hub2,hub3)
Three hubs on VPS2 (hub4,hub5,hub6)

i want to have cascade connection on each hubs with specific IP on interface so:

vps1 (hub1) --> cascading with outgoing IP address xxx.xxx.xxx.10 --> vps2 (hub4)

So hub4 has a session with IP address xxx.xxx.xxx.10

hiura
Posts: 143
Joined: Wed Mar 10, 2021 1:56 am

Re: Bind cascade connection to a specific IP

Post by hiura » Fri Jun 09, 2023 3:01 am

To Mr.cedar
カスケードコネクションを確立するときの話のようですが。。。

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Bind cascade connection to a specific IP

Post by cedar » Thu Jun 15, 2023 10:48 am

なるほど。それは、OS のルーティング処理の問題になると思います。

hiura
Posts: 143
Joined: Wed Mar 10, 2021 1:56 am

Re: Bind cascade connection to a specific IP

Post by hiura » Fri Jun 30, 2023 7:31 am

I have already submitted the pull request below.
https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1867
https://github.com/hiura2023/SoftEtherVPN/tree/master

I think that this pull request meets your requirement.

Post Reply