SoftEther VPN User Forum

Hello SoftEther team,
I had issue after VPN client connection established with VPN Server. VPN client cannot connect to local resource at physical site that VPN client reside.
Eg:
+ Physical site A:
+ Web A
+ VPN client
+ Physical site B:
+ Web B
+ VPN Server
After VPN client established VPN connection. VPN client cannot connect to Web A.
All VMs in Azure. Pls help me to resolve it.

What is web A and B? Browsers?

Hi Team,
Thank for quick response. It is Web Server.

This is normal and reason to use vpn.

What you need in your case you must change ip route table according to your non standard needs

You need to not have the SE client change the routing tables (there's a checkbox for it), otherwise the entire traffic goes over the VPN connection and the far end doesn't know how to get back to your LAN subnet, so it then sends your traffic requests out to the internet. If you need a custom routing table, there are a few things that can be done, such as defining it in an OpenVPN client config and using OpenVPN to make the VPN connection, or SoftEther's SecureNAT static routing table push to the client. That will establish where certain subnets are accessed (nexthop/gateway).

Thanks @Sky59 and @ethanolson. I want VPN client to connect with Local Resource after establishing VPN connection. Can you send me the detail document to configure? Im newbie on these.
Warmest regards,

Hi @Sky59 and @ethanolson,
It worked well. Thank you so much. I did:
***On VPN client
- No change anything.
***On SoftEther VPN Server
- Configure static routing from SoftEther's SecureNAT to push to VPN client.

Warmest regards,
Steven

I am at this moment on holidays in Phuket Thailand.
So if I remember correctly using securenat is not stable. I think
also warning window with this message is coming out when selecting
securenat. And I did have a problem so I could not use it. It was dropping
connection within minutes sometimes seconds.
For me the only option was to adapt ip route table

Hi @Sky59,
Thank you so much. You mean, we should modify Routing table at Client site? If so, lets me do testing on this.

I would say yes.

I needed opposite situation to force all trafic to vpn.
Though i do not have exactly your experience it must be possible to do.

I just guess that subnet where was client before vpn client started must remain to be directed to original gateway

I guess now at the client the 0.0.0.0 is probably redirected to vpn server ip address

I can speak for Windows clients. If the local subnet range is unique then routing all traffic through the VPN will still allow for the local subnet to be accessed locally. It works that way because of routing metrics. Since the subnet addresses can't be found through the primary gateway, the client moves down the metric ladder until it can access the address. The bigger issue is DNS.