Page 1 of 1
Looking for the best configuration
Posted: Fri Feb 03, 2023 4:33 pm
by usbano
Hi everyone, I need to implement the following configuration:
- on a VPS (Windows OS) I have installed a softether VPN server
- on it will converge several networks, scattered in various cities. Each remote network will have its own softether bridge pointing to the VPN server installed on the VPS.
On the VPS I only have the network card with a public ip.
In order to use private addresses and activate DHCP, I used the SecureNAT function on the VPN server (network 192.168.30.0/24).
Everything works, what is missing is that the VPN Server also needs access to the clients on the SecureNAT network.
How can I realise this architecture?
A temporary solution was to also install Softether Client on the VPS and connect it to the localhost VPN server, but I see that it increases CPU load of Softether Server on the VPS, and even if it works, it doesn't seem like a good solution to me.
Re: Looking for the best configuration
Posted: Fri Feb 03, 2023 9:47 pm
by solo
usbano wrote: ↑Fri Feb 03, 2023 4:33 pm
A temporary solution was to also install Softether Client on the VPS and connect it to the localhost...
Good move but if you don't like it, here is another solution:
- install
Microsoft Loopback Adapter
- bridge the vHUB to it
- assign a static IP to it, presumably between 192.168.30.2-192.168.30.9
Re: Looking for the best configuration
Posted: Fri Feb 03, 2023 10:06 pm
by shakibamoshiri
usbano wrote: ↑Fri Feb 03, 2023 4:33 pm
Hi everyone, I need to implement the following configuration:
- on a VPS (Windows OS) I have installed a softether VPN server
- on it will converge several networks, scattered in various cities. Each remote network will have its own softether bridge pointing to the VPN server installed on the VPS.
On the VPS I only have the network card with a public ip.
In order to use private addresses and activate DHCP, I used the SecureNAT function on the VPN server (network 192.168.30.0/24).
Everything works, what is missing is that the VPN Server also needs access to the clients on the SecureNAT network.
How can I realise this architecture?
A temporary solution was to also install Softether Client on the VPS and connect it to the localhost VPN server, but I see that it increases CPU load of Softether Server on the VPS, and even if it works, it doesn't seem like a good solution to me.
Why do you need to connect to the SE sever on your the LAN?
Because it is the SE server private NAT
How to access clients on that SE server private NAT?
Connecting as client to that SE server
How to avoid using the SE client to access other clients?
Setup a Local Bridge (and + a local DHCP) and do not use SecureNAT virtual NAT (or virtual DHCP)
So should be able to access your clients
Re: Looking for the best configuration
Posted: Fri Feb 03, 2023 10:29 pm
by solo
shakibamoshiri wrote: ↑Fri Feb 03, 2023 10:06 pm
Setup a Local Bridge (and + a local DHCP) and do not use SecureNAT virtual NAT (or virtual DHCP)
So should be able to access your clients
I see, now, keep in mind that it is a Windows-based VPS and describe precisely how to perform this magic.
Re: Looking for the best configuration
Posted: Sat Feb 04, 2023 9:41 am
by shakibamoshiri
solo wrote: ↑Fri Feb 03, 2023 10:29 pm
I see, now, keep in mind that it is a Windows-based VPS and describe precisely how to perform this magic.
I came to this first, since did not have experience with Windows but knew the issue, described in general that there is a solution.
But usually my answers take a few hours to be approved by forum's moderator(s) and that is why it came after your answer.
Re: Looking for the best configuration
Posted: Sat Feb 04, 2023 11:24 pm
by solo
shakibamoshiri wrote: ↑Sat Feb 04, 2023 9:41 am
I came to this first, since did not have experience with Windows but knew the issue, described in general that there is a solution. But usually my answers take a few hours to be approved by forum's moderator(s) and that is why it came after your answer.
Very well. Just for the record, note what the OP wrote: "
On the VPS I only have the network card with a public ip" - so there is no trivial Windows way of doing what you had proposed, ie bridge with external dhcp/nat there.