SoftEther VPN User Forum

Hi,

I've followed the 10.11 Exploit SecureNAT for Remote Access into Firewall without Any Permission example.

https://www.softether.org/4-docs/1-manu ... Permission

Is working fine in that the VPN client can connect to the SoftEther VPN Server, gets assigned the default DHCP IP of 192.168.30.10 and can access the services / IP address's of the private network through the cascade to VPN Bridge. (192.168.1.0/24 in the example).
I can browse web interfaces and ping computers on the 192.168.1.0/24 subnet from the VPN Client.

What I would like to do is route a UDP stream from a computer on the 192.168.1.0/24 subnet to the VPN Client.

I don't see any route from the 192.168.1.0/24 subnet to 192.168.30.10 (VPN Client). That is, I can't ping 192.168.30.10 from a computer on the 192.168.1.0/24 subnet. I tried adding a static route to 192.168.30.0/24 via 192.168.30.1 but that didn't work.

My 192.168.1.0/24 subnet does not have a DHCP server if that matters?

Or should I be looking at utilising another method? L3 routing for example bearing in mind the 192.168.1.0/24 subnet is behind a firewall.

Any help appreciated!

Thanks

The nature of NAT is, that all devices behind the NAT device appearing as i they are the NAT Router. There is (besides of port forwarding) no way into the network hiding behind the NAT router.
You need to disable NAT, instead use routing. Also you will need to set the route to the 192.168.30.0 subnet on the PCs in the 192.168.1.0 network.

You can setup a local bridge with physical NIC on the server. Then the vpn client will be in the server side network (192.168.1.0). However that requires privileges.
If you don't have that and your server is Windows desktop (not server edition), you are out of luck. Windows desktop versions don't allow IPv4 forwarding.

nobody12 wrote: ↑

Wed Jul 07, 2021 6:55 am

The nature of NAT is, that all devices behind the NAT device appearing as i they are the NAT Router. There is (besides of port forwarding) no way into the network hiding behind the NAT router.
You need to disable NAT, instead use routing. Also you will need to set the route to the 192.168.30.0 subnet on the PCs in the 192.168.1.0 network.

Hey thanks for pointing out about NAT & the fact it will be blocking packets back to the 192.168.30.0 subnet. Makes sense. I play around a little more later when I get a chance.

eddiewu wrote: ↑

Wed Jul 07, 2021 12:29 pm

You can setup a local bridge with physical NIC on the server. Then the vpn client will be in the server side network (192.168.1.0). However that requires privileges.
If you don't have that and your server is Windows desktop (not server edition), you are out of luck. Windows desktop versions don't allow IPv4 forwarding.

Yeah I have privileges both sides and the server side is linux/ubuntu so can flip on local bridge to the physical NIC or create a tap device.

When I get a chance later I will have a play around and see if I have any luck.

Thanks