Page 1 of 1

On EC2 with bridge rather than SNAT

Posted: Thu Nov 15, 2018 8:13 pm
by joedb

I am trying to setup Softether on EC2 but without using the Secure NAT (ie. using local bridge).

I have a public subnet in a VPC where I am running an EC2 instance with Softether. That EC2 instance actually has two interfaces; one has the public IP address and is how a client would initiate connection to the instance (eth0). I have attached a second elastic network interface (eth1), and this interface is in a second subnet. I want to allow access only to the second subnet for any client that connects to Softether.

I have setup a bridge using the vpncmd, and clients are able to connect to the VPN OK. I have enabled the DHCP server functionality of Softether but have disabled the Virtual NAT. Routes for the target networks have been configured and are making it to the client fine using PUSHROUTE. However, it seems that no traffic makes it into the second subnet from the clients.

Could anyone offer guidance as to what I might be doing wrong?

Thank you.

Re: On EC2 with bridge rather than SNAT

Posted: Tue Dec 11, 2018 1:58 am
by thisjun
Why did you push the route, even though you enable localbridge?
What the route did you push?

I recommend confirming whether MAC spoofing is allowed in EC2.