which clients do support connecting to SoftEther Server behind NAT?

[genesys]

I'm currently trying to setup a SoftEther server that's behind a NAT, but so far I was not successful (also with vpnazure activated it did not work).

Can native L2TP clients such as Windows 10 built-in or iPhone built in VPN client connect to a SoftEther server that's behind a Nat, or does that only work if the client uses SoftEther too? If so, how can an iPhone connect to a SoftEther server that is behind a NAT?

Also, does connection work if server as well as clients are behind different NATs?

[OliverTejada]

Sorry, If your server is behind a NAT firewall/router, and you want to connect to it directly, port forwarding is mandatory.
You must open UDP ports 500 and 4500 server side, otherwise your connection attempts from the Internet will not arrive destination server.


If port forwarding is impossible for you, you can relay your VPN services on the cloud (e.g. VPN Azure) or any other relay service you may find.

[allaboutthebase]

Oliver then what is this feature for ?
Does this need azure enabled to work ?

NAT Traversal
The NAT Traversal function penetrates firewalls or NATs. This technology is almost same to Skype's NAT Traversal, but SoftEther VPN's NAT Traversal is more optimized for the VPN-use.
Legacy IPsec-based or OpenVPN-based VPN Server cannot placed on behind the NAT, because VPN Clients must reach to the VPN Server through the Internet. Some NATs can be configured to define a "DMZ" or "Port-mapping" to relay any packets toward the outside IP address of NAT to the internal VPN Server. However it has a compatible problems. Moreover it requires a special permission by the administrator of the NAT. If your network administrator of the corporate are not cooperative to you, he hesitates to set up the NAT device to open a hole from the Internet.

Unlike legacy VPNs, SoftEther VPN Server can be set up on a private network behind the NAT. No special configuration on the NAT device is required. You need no permission by your network administrator of the NAT. The built-in NAT Traversal Function opens a "Punched Hole" on the NAT or firewall. When the VPN Client or VPN Bridge attempts to connect to your VPN Server behind the NAT, the connection packets will be lead through the hole. The hole is created by the SoftEther VPN Server automatically, so you need nothing special on the NAT.

https://www.softether.org/4-docs/2-howt ... _Traversal

[genesys]

As I understand both the NAT traversal feature and the VPNAzure feature only help in NAT punch-holing and do NOT reroute any traffic.

I can successfully establish a connection with my SoftEther VPN server which is behind a NAT (over which I have no control) If I use the SoftEther client. But with Windows/iPhone Native clients I have not been able to establish a connection so far

[allaboutthebase]

Sorry hadn't studied your original post properly.

Its with non softether client you want..

My apologies..

[OliverTejada]

Oliver then what is this feature for ?
Does this need azure enabled to work ?

NAT Traversal
The NAT Traversal function penetrates firewalls or NATs. This technology is almost same to Skype's NAT Traversal, but SoftEther VPN's NAT Traversal is more optimized for the VPN-use.
Legacy IPsec-based or OpenVPN-based VPN Server cannot placed on behind the NAT, because VPN Clients must reach to the VPN Server through the Internet. Some NATs can be configured to define a "DMZ" or "Port-mapping" to relay any packets toward the outside IP address of NAT to the internal VPN Server. However it has a compatible problems. Moreover it requires a special permission by the administrator of the NAT. If your network administrator of the corporate are not cooperative to you, he hesitates to set up the NAT device to open a hole from the Internet.

Unlike legacy VPNs, SoftEther VPN Server can be set up on a private network behind the NAT. No special configuration on the NAT device is required. You need no permission by your network administrator of the NAT. The built-in NAT Traversal Function opens a "Punched Hole" on the NAT or firewall. When the VPN Client or VPN Bridge attempts to connect to your VPN Server behind the NAT, the connection packets will be lead through the hole. The hole is created by the SoftEther VPN Server automatically, so you need nothing special on the NAT.

https://www.softether.org/4-docs/2-howt ... _Traversal

NAT Traversal doesn't work well on many routers and firewalls. I've tested this myself and I think your server is behind one of those routers that somehow block this technology. Maybe try disabling the router's firewall to see if you're lucky.

[OliverTejada]

As I understand both the NAT traversal feature and the VPNAzure feature only help in NAT punch-holing and do NOT reroute any traffic.

I can successfully establish a connection with my SoftEther VPN server which is behind a NAT (over which I have no control) If I use the SoftEther client. But with Windows/iPhone Native clients I have not been able to establish a connection so far

L2TP IPsec is not NAT Traversal friendly, so yeah, not going to work for you.

[genesys]

@OliverTejada

my network that runs the VPN server is connecting to the internet through a 4G connection and the ISP is putting all 4G clients behind a virtual NAT - so there's no way I can reconfigure that.

With VPNAzure enabled, I can connect without problem from my Windows laptop if I'm using the SoftEther VPN client software.

However - If L2TP doesn't work, how can I in that case connect to the vpn from my iPhone? Is there some SoftEther app or so for iPhone to use for the VPN tunneling?