Route Specfic Traffic to The VPN Server

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
mgeorge46
Posts: 6
Joined: Mon Feb 15, 2021 6:47 pm

Route Specfic Traffic to The VPN Server

Post by mgeorge46 » Thu Feb 18, 2021 10:53 am

Hello Team ,

When the user connects to the VPN Server it creates a layer two connection between the client and the site (Office), But I would like to see if it's possible that I only route specific traffic to the office (VPN Server) the rest of public Internet traffic should go via their independent break or their home break out

Regards,

nobody12
Posts: 139
Joined: Sat Feb 13, 2021 10:22 pm

Re: Route Specfic Traffic to The VPN Server

Post by nobody12 » Thu Feb 18, 2021 11:26 am

If you check the the dont change routing table option in the advanced options of the client.
But then no routes will be pushed. If your client is in the correct network, then, thats fine. if you need routes you have to insert these yourself.
Or use a Layer3 connection together with a separate virtual network connected to a virtual switch There you can static routes for the client but omit the default gateway in the DHCP options of the virtual network.

mgeorge46
Posts: 6
Joined: Mon Feb 15, 2021 6:47 pm

Re: Route Specfic Traffic to The VPN Server

Post by mgeorge46 » Thu Feb 18, 2021 1:57 pm

Hello Nobody,

When I check that of Option of No Adjustments to the routing table still all the traffic is routed to the VPN Server. That means the only way to have this working is by adding manual static routes that might not be feasible to change the routing table of over 200 Users manually

nobody12
Posts: 139
Joined: Sat Feb 13, 2021 10:22 pm

Re: Route Specfic Traffic to The VPN Server

Post by nobody12 » Fri Feb 19, 2021 8:09 am

Strange, because this was one of the first things I tried out. But maybe I tested not correct.

However what works is the proposal with the virtual L3 switch. Lock all VPN users in an extra subnet. There you can just omit the default gateway in the virtual dhcp servers options. Works fine for me. I like it better anyway to have an extra subnet for the VPN clients.

lawsangel
Posts: 15
Joined: Fri Feb 19, 2021 6:04 pm

Re: Route Specfic Traffic to The VPN Server

Post by lawsangel » Fri Feb 19, 2021 6:49 pm

Hi
First off i'm new here, and so far i've been really impressed with SoftEther.

When i first started playing about with it, the first thing i did notice was how the traffic was being routed.
I tried enabling "No Adjustments to the routing table" but it didn't seem to work for me.

The only way i can get this to work is to manually change the metric on the virtual network adapter from 1 to 200.

Right Click on the virtual network adapter.
Properties.
TCP/IPv4 > Properties
Advanced
Interface metric = 200

I can now connect to the VPN and access data on my network whilst my internet traffic was being routed locally.

Hope that helps.

Edit: Maybe worth noting i'm doing this via a local bridge, not SecureNAT (Virtual DHCP Server)

elheho
Posts: 23
Joined: Thu Jan 07, 2021 1:50 pm

Re: Route Specfic Traffic to The VPN Server

Post by elheho » Thu Feb 25, 2021 4:26 pm

Hello team,

i would like some help if that possible

here is what i complished so far

1. I'm using an OVH cloud vps on a linux OS as the main softether vpn server
2. On my local site (SITE1) I'm using a windows 10 as a server manager and another pc as a bridge that cascading to a hub that I create on the server and the same configuration on the other site (SITE2).

Here is my configuration that i make so far

On The server side:
1. Virtual hubs :

1.1 for the virtual hub (SITE1)

* SECURENAT :Enabled
* ip address : 192.168.30.1/24
* DHCP range : 192.168.30.10/24 TO 200
* Lease time : 7200
* default Gateway : 192.168.30.1
* DNS server : 192.168.30.1
* MTU : 1500
* TCP session : 1800
* UDP session : 60
And for static route table to push i did add 192.168.40.0/255.255.255.0/192.168.30.254

1.2 for the virtual hub (SITE2)
* SECURENAT :Enabled
* ip address : 192.168.40.1/24
* DHCP range : 192.168.40.10/24 TO 200
* Lease time : 7200
* default Gateway : 192.168.40.1
* DNS server : 192.168.40.1
* MTU : 1500
* TCP session : 1800
* UDP session : 60
And for static route table to push i did add 192.168.30.0/255.255.255.0/192.168.40.254, 198.168.1.0/255.255.255.0/192.168.40.253

2. In Layer 3 switching setting i created one virtual layer 3 switch with two virtual interfaces for each virtual hub

* Virtual interface site 1 : 192.168.30.254/24
* Virtual interface site 2 : 192.168.40.254/24

with no routing table

3. for the local bridge setting i haven't add anything,

4. VPN azure is disable,

5. DDNS it enable,

6. IPsec / L2TP are enable

On the bridges side:
ON SITE1 :

1. Cascading :

On the bridge one virtual hub is created by default and i cascade from the virtual hub on bridge to the virtual hub that i create already on the server side
the configuration like this
* Setting name : site012hq
* Host name : SERVER IP
* Port number : 443
* virtual hub name : HQ
* user authentication : user created on the server site

The status is online

2. SECURENAT setting :

SECURENAT :Disabled
* ip address : 192.168.30.1/24
* DHCP range : 192.168.30.10/24 TO 200
* Lease time : 7200
* default Gateway : 192.168.30.1
* DNS server : 192.168.30.1
* MTU : 1500
* TCP session : 1800
* UDP session : 60

And for static route table to push i haven't add any static route table

3. LOCAL BRIDGE settings:

For the local bridge settings I add an usb network adapter and connect it to the internet, and the integrated adapter on the pc is connected from the pc to a switch POE and from that switch to the clients.

That all the configuration that i make i haven't add any port forward or static route on the router or the clients also on the firewall.
i think a least it should ping between two sites and i work for 1 day but sometimes i get ip address of my ISP not VPN IP i don't know why that happened and other problem is when the clients are connect to vpn i can't access to my local device like i can't access to my router or printer ... but when i activate SECURENAT on bridge i can access to it but the IP address i get ISP address.
I really need help.

Here is some pictures : https://imgur.com/a/tNYnsAk

Thank you
REGRADS

Post Reply