SoftEther VPN User Forum

I have Softether Server setup on an Azure VM. (latest build, server is MS Server 2016)

The setup worked PERFECTLY except that our server cannot talk BACK to the laptops in the field.
The laptops can communicate to the server, but the server cannot communicate back to the laptops.

What seems to be happening is that traffic coming in to the server is appearing to our software with the IP of the Softether instance, and when it responds to those packets they go back to the IP of the Softether server, which then doesn't know where to route it.

I may have missed something during setup, but I've been back through the installation instructions and can't find anything specific.

NOTE: Because it's an Azure VM I have to use the SecureNAT setup. I can't use a bridge because Azure won't allow the network adapter to operate in promiscuous mode.

I found that SecureNAT works like a Virtual SOHO router. When activated, it's like having a Router behind the Physical networks Router or in your case the Azure network. Like being (double NATed). The SecureNats (NAT)seems to block the Azure network from communicating into the SecureNAt network. But the secureNat network can communicate with the upstream Azure network and also use the Azure internet gateway.

The only solution I found which is also mention in the link below is to ALSO install the "SE-CLIENT software" on the same machine running the "SE-SERVER software" and connect it to the same Server "virtual HUB" the latops are connecting to. The SE-client will create a Virtual VPN NIC.

https://www.softether.org/4-docs/2-howt ... _Two_Users

*************NOTE: Before connecting the client to the HUB. Please set the NIC card IPv4 Interface metric on VMs native NIC (Microsoft Hyper-V Network Adapter) to "" 1 ""and set the Virtual VPN NIC to "" 5 "". I found if this step is not done access to the server will be staled if not lost.*********

I will give that a try today and report back. Thank you, this actually makes sense as a step to try. That extra virtual NIC is vital, I think.

A bit late reporting back, but good news and bad news.

The good news is is that KINDA worked.

I can now ping back and forth between devices.

However our software is written in such a way that it is reading the packet in a non-standard manner and still picks up the IP of the server Softether is running on as the originating IP address.

The flaw is now on our end, and I have to get our developers to try and fix it.

*sigh

But no issue with Softether. That's a plus.