Internet access in cluster mode

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
maxime
Posts: 5
Joined: Tue May 10, 2022 2:32 pm

Internet access in cluster mode

Post by maxime » Tue May 10, 2022 9:06 pm

I'm testing a cluster configuration and I can't figure out why my users stop having access with dynamic/DHCP hubs.

In standalone, I have a virtual hub with SecureNAT/DHCP enabled. Clients connect to the VPN and the "0.0.0.0/0" routes work through the HUB. I then switch the server to a controller (with VPN traffic enabled) and I test two different combinations:
1) In static mode, the bridge to the local adapter is operational, but without DHCP the users never get an IP.
2) In dynamic mode, I enable DHCP as I figured it was the missing piece. Users get assigned an IP but do not have access to the internet.

Am I missing something in the jump from a standalone to a cluster setup?

eddiewu
Posts: 287
Joined: Wed Nov 25, 2020 9:10 am

Re: Internet access in cluster mode

Post by eddiewu » Wed May 11, 2022 2:10 am

Dynamic hub is designed for interconnection between clients, not for internet access.

maxime
Posts: 5
Joined: Tue May 10, 2022 2:32 pm

Re: Internet access in cluster mode

Post by maxime » Wed May 11, 2022 12:41 pm

So the only configuration that would support the use case is standalone mode, scale out with new servers as the demand grows?

eddiewu
Posts: 287
Joined: Wed Nov 25, 2020 9:10 am

Re: Internet access in cluster mode

Post by eddiewu » Wed May 11, 2022 2:07 pm

What is your use case?

maxime
Posts: 5
Joined: Tue May 10, 2022 2:32 pm

Re: Internet access in cluster mode

Post by maxime » Wed May 11, 2022 2:16 pm

Remote access VPN with internet access through the VPN. The aim is both added privacy, but also inter-connection with the users. Think typical nordvpn-like services but where users are able to connect to each other on the virtual LAN.

softuser
Posts: 1
Joined: Fri Oct 20, 2023 8:29 am

Re: Internet access in cluster mode

Post by softuser » Fri Oct 20, 2023 8:33 am

When in Cluster mode, VPN server disables NAT. What is the correct way to provide NAT and access to the Internet for connected clients with default route to 0.0.0.0/0 via the server while still preserving the load-balancing with multiple member servers?

solo
Posts: 1104
Joined: Sun Feb 14, 2021 10:31 am

Re: Internet access in cluster mode

Post by solo » Fri Oct 20, 2023 1:32 pm

By configuring a local bridge connection between the physical Network Adapters connected to each of the VPN Servers for each static Virtual Hub instance created in each VPN Server in the cluster, and by connecting all of the local bridging destination physical LANs to the in-house LAN destination to which the remote access is desired (either a direct layer 2 connection or a layer 3 connection using a router and NAT is acceptable), the VPN Client user can remotely access this in-house LAN regardless of which VPN Server the connection is assigned to. This mechanism enables the creation of a large-scale remote access VPN service required to process a large volume of simultaneous connections. Please refer to 10.8 Build a Large Scale Remote Access VPN Service for specific configurations.
The LAN's router does NAT.

Post Reply