SoftEther VPN User Forum

Hi @ all.

I have setup the vpn- server on a Netgear ReadyNAS RN104 with OS6.

The connection of VPN- Clients is successfull and i have access to all computers and routers of the NAS- Network.

But i have no access to the NAS itself over VPN.

Please help me...

Same here.

You can't connect to server's virtual address.
You have to create local bridge on internal netcard and virtual hub.
Than connect to internal real address.

UkrZilla wrote:
> You can't connect to server's virtual address.
> You have to create local bridge on internal netcard and virtual hub.
> Than connect to internal real address.

I have created a Local Bridge on the NAS VPN Server to eth1 where no cable is connected and to eth0 where the LAN cable is connected but i don't have access to the Local Internal IP 192.168.0.2 of the NAS over the VPN connection.

Do you have any idea?

Screenshots below

XxX_Cobra_XxX, where did you get ip address from?
From buid-in DHCP in SoftEther or from you local net connected to eth1?
Anyway ip address on vpn session has to be in same subnet with eth1 - 192.168.0.0

UkrZilla wrote:
> XxX_Cobra_XxX, where did you get ip address from?
> From buid-in DHCP in SoftEther or from you local net connected to eth1?
> Anyway ip address on vpn session has to be in same subnet with eth1 -
> 192.168.0.0

Hi UkrZilla, i get the ip adress from my local net that is connected to eth1 (192.168.0.0) and i can access all other computers in the real local network but not the NAS.

The status of the VPN- Connection shows the ip 192.168.0.4 but the subnetmask is 255.255.255.255

Hi XxX_Cobra_XxX
I think problem not in SothEther Server.
What about firewall?
How do you check access to NAS?
Can you temporary flush iptables rules in all chunks?

UkrZilla wrote:
> Hi XxX_Cobra_XxX
> I think problem not in SothEther Server.
> What about firewall?
> How do you check access to NAS?
> Can you temporary flush iptables rules in all chunks?

I have only enabled the firewall on the router behind the NAS. But i have forwarded all VPN ports to the NAS.
I check the access to the NAS in different ways.

I put the local IP from the NAS (192.168.0.2) in the browser --> no access
I check it with the explorer \\192.168.0.2 --> no access
I ping the ip with cmd of windows ping 192.168.0.2 --> no answere

Sorry, but what do you mean with temporary flush iptables?

1. Try to get adress from build-in in SoftEther DHCP server.
2. Reboot NAS.
3. On Windows Server 2008 SE works very fine, predictable, without surprises.
4. Does your vpn user have any active security policy?
5. Does your virtual hub have any access list?

XxX_Cobra_XxX,

http://www.softether.org/4-docs/1-manua ... _SecureNAT

If you are using Linux or Solaris, you can communicate within the Virtual Hub (VPN) from the network adapter connected to by the local bridge to the LAN, but you can not communicate to the network adapter itself. This is a restriction imposed by the Linux kernel.

UkrZilla wrote:
> XxX_Cobra_XxX,
>
>
> http://www.softether.org/4-docs/1-manua ... _SecureNAT
>
> If you are using Linux or Solaris, you can communicate within the Virtual
> Hub (VPN) from the network adapter connected to by the local bridge to the
> LAN, but you can not communicate to the network adapter itself. This is a
> restriction imposed by the Linux kernel.


Hy UkrZilla,

and there is no way to solve or change this on the linux kernel?

I'll check how to resolve this problem.
I've installed Ubuntu Server and SE works fine.
Now I'm testing this.

UkrZilla wrote:
> I'll check how to resolve this problem.
> I've installed Ubuntu Server and SE works fine.
> Now I'm testing this.

Hy UkrZilla

Wow! You are the best! Thank you very much!!!

So, after small investigation I can say that you have only one workaround:
1. Both cards from your NAS you have to connect to switch/router.
First with assigned address from 192.168.0.0 and second without address - we will use it for local bridge with virtual hub.
2. Make local bridge between virtual hub and second card.
3. Make port redirecting on your router to NAS - tcp:443/5555/1194.

After connect you can access to NAS by address from first netcard.

UkrZilla wrote:
> So, after small investigation I can say that you have only one workaround:
> 1. Both cards from your NAS you have to connect to switch/router.
> First with assigned address from 192.168.0.0 and second without address -
> we will use it for local bridge with virtual hub.
> 2. Make local bridge between virtual hub and second card.
> 3. Make port redirecting on your router to NAS - tcp:443/5555/1194.
>
> After connect you can access to NAS by address from first netcard.

Hy UkrZilla,

i have to assign the ip from the first network card from the router via dhcp and specify the ip from the second card manual in the same subnet, is that right?

Hello XxX_Cobra_XxX!

Second card has to be without any ip. This card you have to use to make local bridge, not first card.

You have to assign the ip from the first network card from the router via static.
So, you can know this address)