Access to network behind the SSTP-client

[pronix]

Good day!

I have the following topology:

Diagram2.png

securenat is disabled.

I can successfully ping 192.168.33.35 from SoftEther server(Debian) and
192.168.33.1 from Microtik.
so they are able to ping each other.

1) When I try to ping smth behind SoftEher server from 192.168.114/24 (localnet)
I see outgoing pings on Microtik but don't see them on the TUN interface on Debian.
2) On the other side I've added the route on Debian to localnet
ip r a 192.168.114/24 via 192.168.33.35
and when I try to ping 192.168.114.1 for example
I see outgoing pings on Debian at the TUN interface but don't see them on Microtik.

What may be wrong?

Thanks!

[solo]

To ping something behind SoftEther server, simply SE bridge vhub with ethx.

To ping something behind SoftEther server and the server too, you need a TAP interface with Linux bridge to ethx and SE bridge to the tap.

Either way, "Access to network behind the SSTP-client" will be resolved.

[pronix]

Some more details.
On Linux I've:
1) SE vhub bridged to the TAP

tap.png

2) Route to Microtik
192.168.114.0/24 via 192.168.33.35 dev tap_sstp

When I try to
ping 192.168.114.1
tcpdump gives

tcpdump.png

But I don't see these pings on the Microtik SSTP interface.

From the other side, when I disable maqsuerade on Microtik and try to ping 8.8.8.8 for example
I see outgoing pings on the Microtik SSTP interface from 192.168.114.*
but don't see anything from 192.168.114/24 on the "tap_sstp".
On the "tap_sstp" I'm able to see packets only from 192.168.33.35, not from 192.168.114/24.

[eddiewu]

Try enabling router mode on the server. I am not sure if it works for SSTP though.

[pronix]

I have replaced Microtik with a router with OpenWrt and SoftEther client on it. It works great!
So the deal was in Microtik.
Maybe someone faced a similar problem?