Help needed: Configuring Softether VPN so client PCs can see VPN server host PC fully
Posted: Mon Oct 14, 2019 7:47 am
Hello all,
I'm trying to do a PC to LAN VPN using SoftEther to set up a remote access system and could use some assistance in doing it properly.
My network layout is as follows:
VPN client PC -> Internet -> Company broadband router -> office switch -> firewall -> Softether/remote software server -> private LAN switch
With the Softether server, I have a virtual hub configured. On the DDNS settings, I use <computername>.vpnazure.net so that my client devices connect more reliably to the Softether VPN. On my Softether client PC, I have a virtual ethernet interface with a static IP of 10.28.235.11 configured (and mask of 255.255.0.0).
Now for the system I want to set up, and the issue I am encountering:
When a client PC or mobile device connects to the VPN, I want it to be able to access the VPN server (because of the remote access software that is installed also on the VPN server). The remote access software must also have access to network resources on the private LAN.
Following standard Softether procedure, I have done local bridging the virtual hub with the VPN server's private LAN ethernet port. Because of the remote access software that I need to access on the VPN, I did not disable all the protocols on the private LAN ethernet port. While local bridged to my private LAN ethernet port, my connected client PC can ping other computers that are on the private LAN, but not the VPN server's private LAN IP address. My client PC can RDP into the VPN server though, as well to other RDP-allowed computers on the Private LAN.
However, when trying to use the remote access software that's also installed on the VPN server computer, it has trouble contacting. Even with Windows firewall disabled, the software can't contact the VPN server computer. If I connect the client PC directly to the private LAN switch however, I have no issue with the remote access software.
Because of the observed connection issue, I suspect that the local bridge connection doesn't allow certain protocols. I have to keep the Softether VPN server on the same machine as this remote access software, so how should I configure my Softether VPN so that my VPN-connected client PCs can fully see the VPN server computer as if they were all on the same private LAN?
I'm trying to do a PC to LAN VPN using SoftEther to set up a remote access system and could use some assistance in doing it properly.
My network layout is as follows:
- My Softether VPN server is a workstation with 2 ethernet ports. One is connected to a private LAN and the other is connected directly to the LAN port of a firewall.
- The company software I am using for remote access is also installed on the workstation hosting the Softether VPN server.
- The firewall's WAN port is connected to the company's corporate network to have internet access from company broadband router.
- Firewall LAN port has static IP configuration and WAN port has DHCP IP configuration from company router.
- The VPN server computer's ethernet port connected to the firewall LAN port is configured with the following IP setting:
Code: Select all
IP: 10.28.238.21 (static IP) Mask: 255.255.0.0 Gateway: 10.28.236.240 (IP address of firewall LAN port) DNS server: 192.168.1.1 (the local IP of the company router) - The VPN server computer's ethernet port connected to the private LAN switch is configured with the following IP setting:
Code: Select all
IP: 10.28.235.21 (static IP) Mask: 255.255.0.0 Gateway: blank DNS server: blank - For testing purposes, the firewall is configured to allow any inbound or outbound TCP or IP connection to my Softether VPN computer at 10.28.238.21. With the firewall configured as such and my VPN server computer's IP settings, it has internet access.
- On my Softether server computer's Windows firewall, I have allowed inbound connections to 443 (https protocol, which I use as the Softether listening port for client connections).
VPN client PC -> Internet -> Company broadband router -> office switch -> firewall -> Softether/remote software server -> private LAN switch
With the Softether server, I have a virtual hub configured. On the DDNS settings, I use <computername>.vpnazure.net so that my client devices connect more reliably to the Softether VPN. On my Softether client PC, I have a virtual ethernet interface with a static IP of 10.28.235.11 configured (and mask of 255.255.0.0).
Now for the system I want to set up, and the issue I am encountering:
When a client PC or mobile device connects to the VPN, I want it to be able to access the VPN server (because of the remote access software that is installed also on the VPN server). The remote access software must also have access to network resources on the private LAN.
Following standard Softether procedure, I have done local bridging the virtual hub with the VPN server's private LAN ethernet port. Because of the remote access software that I need to access on the VPN, I did not disable all the protocols on the private LAN ethernet port. While local bridged to my private LAN ethernet port, my connected client PC can ping other computers that are on the private LAN, but not the VPN server's private LAN IP address. My client PC can RDP into the VPN server though, as well to other RDP-allowed computers on the Private LAN.
However, when trying to use the remote access software that's also installed on the VPN server computer, it has trouble contacting. Even with Windows firewall disabled, the software can't contact the VPN server computer. If I connect the client PC directly to the private LAN switch however, I have no issue with the remote access software.
Because of the observed connection issue, I suspect that the local bridge connection doesn't allow certain protocols. I have to keep the Softether VPN server on the same machine as this remote access software, so how should I configure my Softether VPN so that my VPN-connected client PCs can fully see the VPN server computer as if they were all on the same private LAN?