SoftEther VPN User Forum

Hi, im not admin. Can some one help me?


I have vServer with SoftEther VPN server (SRV1).

User (PC) and remote office lan (hardware router with build-in vpn client) must connect to SRV1 and use local resources (shares, local web site, business apps etc).


SRV1 has 2 adapters. One with static white IP (name WAN) for accsess from internet, and one local (name LAN).

After setup and settings SoftEther VPN server :

One virtual hub with enabled secureNAT ( name HUB1)
One local bridge HUB1<--->LAN

VPN clients use build-in windows vpn and connect to server. They can use local res but all client's internet traffic routed by VPN server. Is bad because VPN server has limited bandwith.

1. I try disable "use remote gateway" option on client side connection's setting. But after it vpn-users cant accsess to LAN on server.
2. I try disable SecureNAT (only DHCP enabled). Same. LAN reses missed
3. I try full disable SecureNAT and use only local bridge with enabled third-part DHCP. But vpn clients dont get IPs from LAN DHCP. (dhcp work fine, SRV1 get IP on LAN adapter from him)

what wrong? How to allow vpn clients use only LAN resources, communicate between VPN clients and remoute lans and deny use VPN server for accsess to internet (they must use selfown internet)?

Use the access control list feature!
Set up a rule with low priority (a great number).
The rule should always be applied at last.

Then you need a rule with high priority (a small number) which allows access to your lan.

Solved.

1. Use local bridge only
2. Disable VPN-client option "Use remote gateway"
3!!!! Enable Promiscuous mode for virtual machine


P.S Maybe any solution for setting deny "use remote gateway" on server side. Is not easy task for more users change vpn settings on client side.

P.P.S Access list is not solution. Because vpn clients still route internet traffic to VPN server, but server start block - now user lose internet after he connect to server :)

vizary wrote:
> Solved.
OK.
>
> 1. Use local bridge only
> 2. Disable VPN-client option "Use remote gateway"
> 3!!!! Enable Promiscuous mode for virtual machine
I didn't get the server runs as a virtual machine.
>
>
> P.S Maybe any solution for setting deny "use remote gateway" on
> server side. Is not easy task for more users change vpn settings on client
> side.
>
> P.P.S Access list is not solution. Because vpn clients still route internet
> traffic to VPN server, but server start block - now user lose internet
> after he connect to server :)
IMHO I thought that was what you wanted to have. Only VPN access and no internet through VPN.
Then ACL seems to be the best solution at least for me. :-)

VPN Adapter Properties - General - Advanced
Uncheck
Use Default Gateway on remote Network