How can I verify the "Default Gateway IP" at VPN client side?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
chjfth
Posts: 2
Joined: Mon Feb 10, 2020 3:44 pm

How can I verify the "Default Gateway IP" at VPN client side?

Post by chjfth » Mon Mar 02, 2020 9:16 am

I have a very specific and clear question to ask. I'm using SoftEther VPN 4.29, and notice that in Secure NAT functionality, there is a very secret setting called "Default Gateway Address", image below:
Snap0361 SEVPN secureNAT defaultGateway.png
This setting definitely has influence on clients behavior.

If I do not set it to be the same as VPN server Virtual Host's IP(the orange underline, 192.168.17.1), VPN client will not be able to reach(ping) any machine inside VPN server's intranet. In other word, he can only ping other VPN clients dialing into the same VPN server.


Now my question is: From VPN client's side, where can I see this 192.168.17.1 value? Take Windows 7 client(Windows stock VPN client) for example, ipconfig /all does not reveal 192.168.17.1 , but instead displays Default Gateway is 0.0.0.0 .
PPP adapter fjcrux-SSTP:

Connection-specific DNS Suffix . : chjhome
Description . . . . . . . . . . . : fjcrux-SSTP
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.17.153(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 223.5.5.5
NetBIOS over Tcpip. . . . . . . . : Enabled
can someone kindly explain this for me ?
You do not have the required permissions to view the files attached to this post.

centeredki69
Posts: 260
Joined: Wed Sep 18, 2013 1:49 pm

Re: How can I verify the "Default Gateway IP" at VPN client side?

Post by centeredki69 » Tue Mar 03, 2020 1:02 am

Windows native clients never show the default gateway for some reason. I'm not sure why. to verify the gateway follow the steps below.

1. Connect to the VPN server with the client. 2. ON the client do a "tracert" to google.com or any other site on the internet.

Your first hop should be the SE SecureNAT gateway. In your case 192.168.17.1.

chjfth
Posts: 2
Joined: Mon Feb 10, 2020 3:44 pm

Re: How can I verify the "Default Gateway IP" at VPN client side?

Post by chjfth » Tue Mar 03, 2020 4:20 am

Thank you. I'm coming clearer to this question. I think you're right on using tracert to detect the "default gateway".

There is really ambiguity in "default gateway" here.
✳ [Perspective One] From VPN client machine's perspective, the "default gateway" would be the VPN connection itself(as shown in ncpa.cpl).
✳ [Perspective Two] From VPN server machine's perspective, each phantom client instance has its own "default gateway", which has the value 192.168.17.1 in my case.

For each VPN client dialed in, the VPN server creates a phantom client instance to represent a (virtual) machine that emerges into the "corporate intranet". My case of gateway=192.168.17.1, should be the gateway for the phantom client.

And I highly doubt, the 192.168.17.1 value is never passed to VPN client machine, because it is only meaningful for the "phantom client", so real VPN client(Windows 7) never directly knows this.

Post Reply