Unable to access local network resources

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
phantomkunai
Posts: 9
Joined: Thu Jul 07, 2022 10:45 am

Unable to access local network resources

Post by phantomkunai » Thu Jul 07, 2022 11:02 am

Hello!

I used the guide for [Remote Access to LAN][https://www.softether.org/4-docs/2-howt ... VPN_to_LAN] to setup remote access to my LAN. However, if I make a connection from a PC not on the network, the connection succeeds but with this warning.
Inked2022-07-07 16_22_56-Window.jpg
To my understanding, I have ensured that there is a valid local bridge and also taken care to reboot the PC on which the server is present. I have also attempted to disable NAT-T in the connection settings but that connect never succeeds.

Some forums online suggested that I need to either take care of port forwarding or take care to allow the port of the firewall. I have tried both settings to best of my knowledge but to no avail.

Also, I am unable to acquire an IP address on the local network so I cannot access any servers or applications running on the local network. It is my assumption that the warning related to NAT Traversal is responsible for preventing access to local apps.

Are there any steps or hints that I can take a look at to understand and resolve this issue?
You do not have the required permissions to view the files attached to this post.

solo
Posts: 416
Joined: Sun Feb 14, 2021 10:31 am

Re: Unable to access local network resources

Post by solo » Thu Jul 14, 2022 2:49 am

Let's put aside NAT-T for now, network resources should be accessible despite the warning.

Please make a VPN connection and post, as code, the output of:

VPN server
"netstat -r" and "ipconfig /all"
vpncmd localhost /server /password:*** /cmd BridgeDeviceList
vpncmd localhost /server /password:*** /cmd BridgeList

VPN client
"netstat -r" and "ipconfig /all"

phantomkunai
Posts: 9
Joined: Thu Jul 07, 2022 10:45 am

Re: Unable to access local network resources

Post by phantomkunai » Sun Jul 17, 2022 2:03 pm

Outputs as requested.

On Server

Code: Select all

PS C:\Windows\system32> netstat -r
===========================================================================
Interface List
 21...68 05 ca 2d 8c 97 ......Intel(R) Gigabit CT Desktop Adapter
 12...0a 00 27 00 00 0c ......VirtualBox Host-Only Ethernet Adapter
 10...e0 07 1b ff 75 34 ......Hyper-V Virtual Ethernet Adapter #2
  1...........................Software Loopback Interface 1
 25...00 15 5d cc 1c b6 ......Hyper-V Virtual Ethernet Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       11.12.13.1       11.12.13.3     25
       11.12.13.0    255.255.255.0         On-link        11.12.13.3    281
       11.12.13.3  255.255.255.255         On-link        11.12.13.3    281
     11.12.13.255  255.255.255.255         On-link        11.12.13.3    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     192.168.32.0    255.255.240.0         On-link      192.168.32.1   5256
     192.168.32.1  255.255.255.255         On-link      192.168.32.1   5256
   192.168.47.255  255.255.255.255         On-link      192.168.32.1   5256
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    281
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    281
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link        11.12.13.3    281
        224.0.0.0        240.0.0.0         On-link      192.168.32.1   5256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    281
  255.255.255.255  255.255.255.255         On-link        11.12.13.3    281
  255.255.255.255  255.255.255.255         On-link      192.168.32.1   5256
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 12    281 fe80::/64                On-link
 10    281 fe80::/64                On-link
 25   5256 fe80::/64                On-link
 10    281 fe80::6154:a411:2fc0:2522/128
                                    On-link
 12    281 fe80::8897:84ec:b356:197e/128
                                    On-link
 25   5256 fe80::91f3:9c9e:b824:956a/128
                                    On-link
  1    331 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
 25   5256 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

Code: Select all

PS C:\Windows\system32> ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ser-ml11
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Gigabit CT Desktop Adapter
   Physical Address. . . . . . . . . : 68-05-CA-2D-8C-97
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 0A-00-27-00-00-0C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8897:84ec:b356:197e%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 470417447
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-D7-42-72-E0-07-1B-FF-75-34
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (BridgedEth):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : E0-07-1B-FF-75-34
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6154:a411:2fc0:2522%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 11.12.13.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 15 July 2022 16:16:43
   Lease Expires . . . . . . . . . . : 24 August 2158 01:50:22
   Default Gateway . . . . . . . . . : 11.12.13.1
   DHCP Server . . . . . . . . . . . : 11.12.13.1
   DHCPv6 IAID . . . . . . . . . . . : 450889499
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-D7-42-72-E0-07-1B-FF-75-34
   DNS Servers . . . . . . . . . . . : 11.12.13.1
                                       11.12.13.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (Default Switch):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 00-15-5D-CC-1C-B6
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::91f3:9c9e:b824:956a%25(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.32.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 419435869
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-D7-42-72-E0-07-1B-FF-75-34
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Code: Select all

PS C:\Windows\system32> vpncmd localhost /server /password:*** /cmd BridgeDeviceList
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.39 Build 9772   (English)
Compiled 2022/04/26 18:00:50 by buildsan at crosswin
Copyright (c) SoftEther VPN Project. All Rights Reserved.

Connection has been established with VPN Server "localhost" (port 443).

You have administrator privileges for the entire VPN Server.

VPN Server>BridgeDeviceList
BridgeDeviceList command - Get List of Network Adapters Usable as Local Bridge
Intel(R) Ethernet Connection (2) I219-LM (ID=2208426442)
Intel(R) Gigabit CT Desktop Adapter (ID=0744876599)
Microsoft Corporation (ID=2703062860)
Microsoft Corporation (2) (ID=2495363438)
Oracle (ID=0279987490)
The command completed successfully.

Code: Select all

PS C:\Windows\system32> vpncmd localhost /server /password:*** /cmd BridgeList
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.39 Build 9772   (English)
Compiled 2022/04/26 18:00:50 by buildsan at crosswin
Copyright (c) SoftEther VPN Project. All Rights Reserved.

Connection has been established with VPN Server "localhost" (port 443).

You have administrator privileges for the entire VPN Server.

VPN Server>BridgeList
BridgeList command - Get List of Local Bridge Connection
Number|Virtual Hub Name|Network Adapter or Tap Device Name                      |Status
------+----------------+--------------------------------------------------------+---------
1     |test-vpn         |Intel(R) Ethernet Connection (2) I219-LM (ID=2208426442)|Operating
The command completed successfully.
------------------------------------------------------------------------------------------------------------------------

On Client

Code: Select all

PS C:\Windows\system32> netstat -r
===========================================================================
Interface List
  5...5e c9 8e 6a 1a ab ......VPN Client Adapter - VPN
 75...00 15 5d 7e c8 36 ......Hyper-V Virtual Ethernet Adapter
  6...98 43 fa e3 cf 88 ......Hyper-V Virtual Ethernet Adapter #2
 30...00 1e 10 1f 00 00 ......Hyper-V Virtual Ethernet Adapter #4
 28...56 91 39 cf cf 4c ......Hyper-V Virtual Ethernet Adapter #3
 33...0a 00 27 00 00 21 ......VirtualBox Host-Only Ethernet Adapter
 22...98 43 fa e3 cf 89 ......Microsoft Wi-Fi Direct Virtual Adapter
 16...9a 43 fa e3 cf 88 ......Microsoft Wi-Fi Direct Virtual Adapter #2
  9...98 43 fa e3 cf 8c ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.170.176   192.168.170.10     25
    49.205.37.233  255.255.255.255  192.168.170.176   192.168.170.10     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
    130.158.6.114  255.255.255.255  192.168.170.176   192.168.170.10     25
      169.254.0.0      255.255.0.0         On-link    169.254.76.239    257
   169.254.76.239  255.255.255.255         On-link    169.254.76.239    257
  169.254.255.255  255.255.255.255         On-link    169.254.76.239    257
      172.25.16.0    255.255.240.0         On-link       172.25.16.1    271
      172.25.16.1  255.255.255.255         On-link       172.25.16.1    271
    172.25.31.255  255.255.255.255         On-link       172.25.16.1    271
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    281
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    281
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    281
    192.168.170.0    255.255.255.0         On-link    192.168.170.10    281
   192.168.170.10  255.255.255.255         On-link    192.168.170.10    281
  192.168.170.255  255.255.255.255         On-link    192.168.170.10    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link    169.254.76.239    257
        224.0.0.0        240.0.0.0         On-link    192.168.170.10    281
        224.0.0.0        240.0.0.0         On-link       172.25.16.1    271
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    281
  255.255.255.255  255.255.255.255         On-link    169.254.76.239    257
  255.255.255.255  255.255.255.255         On-link    192.168.170.10    281
  255.255.255.255  255.255.255.255         On-link       172.25.16.1    271
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 28     41 ::/0                     fe80::7417:eeff:fe7e:1757
  1    331 ::1/128                  On-link
 28     41 2409:4073:91:5ae1::/64   On-link
 28    281 2409:4073:91:5ae1:f126:6a53:8e59:4ae4/128
                                    On-link
 28    281 2409:4073:91:5ae1:f5d5:9901:9664:e3a7/128
                                    On-link
 33    281 fe80::/64                On-link
  5    291 fe80::/64                On-link
 28    281 fe80::/64                On-link
 75    271 fe80::/64                On-link
 75    271 fe80::1cef:28db:35ff:4ebc/128
                                    On-link
 33    281 fe80::34b6:cc46:a743:c51a/128
                                    On-link
  5    291 fe80::7929:cacf:396c:4cef/128
                                    On-link
 28    281 fe80::f5d5:9901:9664:e3a7/128
                                    On-link
  1    331 ff00::/8                 On-link
 33    281 ff00::/8                 On-link
  5    291 ff00::/8                 On-link
 28    281 ff00::/8                 On-link
 75    271 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

Code: Select all

PS C:\Windows\system32> ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : test-lt7
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Unknown adapter VPN - VPN Client:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VPN Client Adapter - VPN
   Physical Address. . . . . . . . . : 5E-C9-8E-6A-1A-AB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7929:cacf:396c:4cef%5(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.76.239(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 660523406
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-FC-9A-35-98-43-FA-E3-CF-88
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (Default Switch):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 00-15-5D-7E-C8-36
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1cef:28db:35ff:4ebc%75(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.25.16.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 1258296669
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-FC-9A-35-98-43-FA-E3-CF-88
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (External):

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 98-43-FA-E3-CF-88
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter vEthernet (Dongle):

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #4
   Physical Address. . . . . . . . . : 00-1E-10-1F-00-00
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter vEthernet (MobHotspot):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #3
   Physical Address. . . . . . . . . : 56-91-39-CF-CF-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2409:4073:91:5ae1:f5d5:9901:9664:e3a7(Preferred)
   Temporary IPv6 Address. . . . . . : 2409:4073:91:5ae1:f126:6a53:8e59:4ae4(Preferred)
   Link-local IPv6 Address . . . . . : fe80::f5d5:9901:9664:e3a7%28(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.170.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 17 July 2022 13:27:55
   Lease Expires . . . . . . . . . . : 17 July 2022 19:59:49
   Default Gateway . . . . . . . . . : fe80::7417:eeff:fe7e:1757%28
                                       192.168.170.176
   DHCP Server . . . . . . . . . . . : 192.168.170.176
   DHCPv6 IAID . . . . . . . . . . . : 894865721
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-FC-9A-35-98-43-FA-E3-CF-88
   DNS Servers . . . . . . . . . . . : 2409:4071:d0c:598d::79
                                       192.168.170.176
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 0A-00-27-00-00-21
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::34b6:cc46:a743:c51a%33(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 973733927
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-FC-9A-35-98-43-FA-E3-CF-88
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 98-43-FA-E3-CF-89
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 10:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 9A-43-FA-E3-CF-88
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

phantomkunai
Posts: 9
Joined: Thu Jul 07, 2022 10:45 am

Re: Unable to access local network resources

Post by phantomkunai » Sun Jul 17, 2022 4:51 pm

I did some small checks and this is what I found.

I am able to find a local print server that's on my network. But I have a web app running on an ip address 11.12.13.5 that I'm not able to access via VPN.

Not sure if it's got something to do with the web app but I can access it when connected directly.

solo
Posts: 416
Joined: Sun Feb 14, 2021 10:31 am

Re: Unable to access local network resources

Post by solo » Mon Jul 18, 2022 11:40 am

On PC server in "Advanced Features" of the "Hyper-V Virtual Ethernet Adapter #2" network adapter enable "MAC Address Spoofing".
On SE server remove the existing bridge and bridge the hub to "Microsoft Corporation (2) (ID=2495363438)".
Connect the client, try the app on 11.12.13.5, if still unsuccessful, please re-post only the client's "ipconfig /all"

phantomkunai
Posts: 9
Joined: Thu Jul 07, 2022 10:45 am

Re: Unable to access local network resources

Post by phantomkunai » Mon Jul 18, 2022 5:41 pm

I did both the settings as suggested and rebooted the server just to be sure. Still unable to access the local web app running on my LAN.

The outputs as requested.

Code: Select all

PS C:\Windows\system32> ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : test-lt7
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Unknown adapter VPN - VPN Client:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VPN Client Adapter - VPN
   Physical Address. . . . . . . . . : 5E-FD-DD-1C-41-F1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::140c:1413:ca8d:754a%5(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.117.74(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 90111453
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-FC-9A-35-98-43-FA-E3-CF-88
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (Default Switch):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 00-15-5D-17-C4-C3
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b13f:ddb0:2d31:f70f%75(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.25.16.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 1258296669
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-FC-9A-35-98-43-FA-E3-CF-88
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (External):

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 98-43-FA-E3-CF-88
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter vEthernet (Dongle):

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #4
   Physical Address. . . . . . . . . : 00-1E-10-1F-00-00
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter vEthernet (MobHotspot):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #3
   Physical Address. . . . . . . . . : 56-91-39-CF-CF-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2409:4073:91:5ae1:f5d5:9901:9664:e3a7(Preferred)
   Temporary IPv6 Address. . . . . . : 2409:4073:91:5ae1:f50d:fd4a:397c:3256(Preferred)
   Link-local IPv6 Address . . . . . : fe80::f5d5:9901:9664:e3a7%28(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.170.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 18 July 2022 22:38:21
   Lease Expires . . . . . . . . . . : 18 July 2022 23:38:20
   Default Gateway . . . . . . . . . : fe80::641c:cdff:fefe:9750%28
                                       192.168.170.176
   DHCP Server . . . . . . . . . . . : 192.168.170.176
   DHCPv6 IAID . . . . . . . . . . . : 894865721
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-FC-9A-35-98-43-FA-E3-CF-88
   DNS Servers . . . . . . . . . . . : 2409:4071:d0c:598d::79
                                       192.168.170.176
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 0A-00-27-00-00-21
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::34b6:cc46:a743:c51a%33(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 973733927
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-FC-9A-35-98-43-FA-E3-CF-88
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 98-43-FA-E3-CF-89
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 10:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 9A-43-FA-E3-CF-88
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Honestly, I was looking to accomplish the following where the client acquires an IP on the LAN. It seems pretty straightforward from there that I would be able to access local resources such as web apps and print servers.
1_remote1.jpg
Please do let me know if I have to take care of anything such as port forwarding for some specific ports or if there are any specific firewall rules to be applied.
You do not have the required permissions to view the files attached to this post.

solo
Posts: 416
Joined: Sun Feb 14, 2021 10:31 am

Re: Unable to access local network resources

Post by solo » Mon Jul 18, 2022 11:34 pm

For the duration of these tests please disable firewalls. Let's try something different:
- remove local bridge
- enable SecureNAT with all defaults
- connect the client and check LAN access
- also can you ping 192.168.30.1 ?

If your VPN client still gets no IP from DHCP, try it on a public SE server https://www.vpngate.net/en/
No need to install "SoftEther VPN Client + VPN Gate Client Plug-in", simply pick a host from the list and enter config directly.

I use this one for testing:
host: public-vpn-185.opengw.net/tcp
port: 443
vhub: VPNGATE
user: vpn
pass: vpn

phantomkunai
Posts: 9
Joined: Thu Jul 07, 2022 10:45 am

Re: Unable to access local network resources

Post by phantomkunai » Tue Jul 19, 2022 9:24 am

Went through with everything you mentioned above, while mixing and matching settings. I also made sure to reboot the server in case there were any issues with the network card.

Finally it hit me that my router has a mac address filtering enabled. Thus the router refused connections from a random mac of the VPN adapter, we weren't able to access the local network resources.

Now I can access all the network resources after I made an exclusion to allow the MAC of the current VPN adapter.

That aside, this NAT-T thing is slightly bothering me. I cannot say to what extent it is actually affecting connection stability, but I do face a bunch of reconnects often enough to disrupt testing.

I wonder how that maybe fixed in this situation.

solo
Posts: 416
Joined: Sun Feb 14, 2021 10:31 am

Re: Unable to access local network resources

Post by solo » Tue Jul 19, 2022 10:00 am

Thanks for the update, it's a very interesting case. Did you go with a bridge or SecureNAT?

As for NAT-T alternative, you have to forward a SE port on your server's router.

phantomkunai
Posts: 9
Joined: Thu Jul 07, 2022 10:45 am

Re: Unable to access local network resources

Post by phantomkunai » Tue Jul 19, 2022 11:22 am

On PC server in "Advanced Features" of the "Hyper-V Virtual Ethernet Adapter #2" network adapter enable "MAC Address Spoofing".
On SE server remove the existing bridge and bridge the hub to "Microsoft Corporation (2) (ID=2495363438)".
These settings mentioned by you, along with the inclusion of the MAC in the filter allows me to access all my network resources.

Can you shed some more light on why this worked? Just for me to understand.

Also if I can add a new physical LAN port to the PC, how would my bridge settings look? Can I then bridge to that new physical LAN port and not to "Microsoft Corporation (2) (ID=2495363438)" to be able to access my local network resources?

I understand that it is always better to have 2 LAN ports where a VPN server with a local bridge is concerned. It may help in load balancing, but I don't have such a requirement. Just to test and understand, so to speak.

With respect to the port forwarding, if I am connecting to my VPN with say port 123, then will I have to forward only that port or will have to forward a bunch of other common ports as well, that maybe used by common apps or some such?

solo
Posts: 416
Joined: Sun Feb 14, 2021 10:31 am

Re: Unable to access local network resources

Post by solo » Wed Jul 20, 2022 1:09 am

Ipconfig indicated which NIC connects to the LAN and this one has to be bridged. MAC Address Spoofing is required for VPN's virtual MACs to function on the bridged LAN.

Unless you expect a heavy VPN traffic, no need for another NIC.

To eliminate NAT-T, forward one of SE default listener ports (443, 992, 5555) to SE IP on the LAN and check "Disable NAT-T" on the VPN clients.

phantomkunai
Posts: 9
Joined: Thu Jul 07, 2022 10:45 am

Re: Unable to access local network resources

Post by phantomkunai » Wed Jul 20, 2022 5:21 am

That is informative, thank you.

I checked a few additional things and noticed the following.

The PC on which the SE server is enabled, cannot be pinged from the local network. This seems most odd to me.

Say the client acquires an IP address of 11.12.13.14 and the PC hosting the SE server is 11.12.13.3,

I can ping 11.12.13.14(Client) from 11.12.13.3(SE), but I cannot ping 11.12.13.3(SE) from 11.12.13.14(Client). I also checked to ping 11.12.13.3(SE) from a local PC not connected through VPN and it still doesn't work.

In all likelihood, because of this, any port forwarding I do, doesn't work and I still have to connect via NAT-T.

Any idea what is happening here?

EDIT #1 : Checked by adding another physical NIC to the PC hosting the SE server and giving it a valid IP on the local network. Still unable to ping the server.

EDIT #2 : This seems to an issue with the firewall settings which I enabled back up in one of the trials and forgot about. Pending deeper tests to verify all desired functionality.
Last edited by phantomkunai on Wed Jul 20, 2022 7:22 am, edited 1 time in total.

solo
Posts: 416
Joined: Sun Feb 14, 2021 10:31 am

Re: Unable to access local network resources

Post by solo » Wed Jul 20, 2022 7:20 am

On 11.12.13.3(SE) PC, in the defender firewall's inbound rules enable public/private:
"File and Printer Sharing (Echo Request – ICMPv4-In)"

Similarly, allow your chosen SE port (443, 992, 5555) in the firewall and do the forwarding.

phantomkunai
Posts: 9
Joined: Thu Jul 07, 2022 10:45 am

Re: Unable to access local network resources

Post by phantomkunai » Wed Jul 20, 2022 1:42 pm

As I understand it, from other sources, my ISP is assigning me, an IP that follows the pattern "10.x.x.x". Such IP addresses are not globally routable. Hence, even opening the ports on my router and adding firewall exceptions would still not expose the server port to the internet, forcing me to connect via NAT-T.

Other than getting a globally static IP from my ISP at extra cost, it may seem that I will have to make do with NAT-T.

In that case, I wonder how bad NAT-T actually is and how I may mildly improve the experience?

Edit #1 : I was hoping that using the default DDNS from SE would mitigate any issues I face due to ISP configurations, which I cannot control.
Last edited by phantomkunai on Thu Jul 21, 2022 2:51 am, edited 1 time in total.

solo
Posts: 416
Joined: Sun Feb 14, 2021 10:31 am

Re: Unable to access local network resources

Post by solo » Wed Jul 20, 2022 9:58 pm

Since you are on a private IP your options are limited indeed. Perhaps your ISP supports port forwarding, then you could forward it further on your router.

Another option, if you can tolerate low bandwidth and high latency, is VPN Azure already active on your SE server.

phantomkunai
Posts: 9
Joined: Thu Jul 07, 2022 10:45 am

Re: Unable to access local network resources

Post by phantomkunai » Thu Jul 21, 2022 2:49 am

I'll figure something out in this regard.

Thank you very much for your help! Cheers!

Post Reply