Hi.
I have a SoftEther server set up on an Ubuntu VPS. I've succeded in connecting my Mikrotik router to the VPN using an SSTP client. I can ping the VPN's gateway from the router, as well as ping the router's tunnel endpoint IP address from other devices in the VPN.
Next I'd like to route traffic between a physical subnet accessible to the router and the SoftEther hub, so that devices in the two networks can talk to each other. The two networks have different network addresses.
The routing I've set up on the router seems to work fine. If I put a masquerade NAT on the tunnel interface, I can successfully ping devices in the VPN from the physical subnet. However, without the NAT no traffic from the physical network comes through. The router's packet sniffer can see ping requests being sent on the tunnel interface, but SoftEther's packet log doesn't show them (I have enabled ICMP logging and verified that it works).
My understanding then is that packets with a different source address to that of the tunnel endpoint get rejected. Or perhaps packets originating from a different subnet. What do I need to do to get this setup to work?
LAN to VPN routing with Mikrotik SSTP client
-
solo
- Posts: 1292
- Joined: Sun Feb 14, 2021 10:31 am
Re: LAN to VPN routing with Mikrotik SSTP client
Unfortunately the SSTP issue is still work in progress.
Meanwhile, apart from the above-linked solution, your other options:
- go L2 on an OpenWrt router and SoftEther protocol, not SSTP
- or use a different VPS server, eg. https://www.vpnusers.com/viewtopic.php? ... 633#p96369
Meanwhile, apart from the above-linked solution, your other options:
- go L2 on an OpenWrt router and SoftEther protocol, not SSTP
- or use a different VPS server, eg. https://www.vpnusers.com/viewtopic.php? ... 633#p96369
-
Foxner
- Posts: 2
- Joined: Mon Apr 22, 2024 7:20 pm
Re: LAN to VPN routing with Mikrotik SSTP client
Thank you for your quick reply. I am new to networking, so I wished to ease my way into it by using the SSTP VPN I already had running and in working order. Is this solvable by creating another hub with a matching subnet, and routing between the two hubs? I made a quick attempt that failed, but I'm not convinced I didn't perhaps just misconfigure my router. Is the issue limited to SSTP or all layer 3 protocols supported by SoftEther?
If layer 2 is a solution (my understanding is that layer 2 tunnels don't care about IP addresses), are SoftEther implementations of L2TPv2 and OpenVPN viable solutions? I have no experience with them, but I've read that they can tunnel layer 2 traffic.
Finally, if I need to use a different VPN server, I'll still want to keep SoftEther's SSTP functionality (I would like to stay with Ubuntu for now), and route between the two VPNs. Do I need to configure a SoftEther client to create a virtual interface on the VPS, or is it possible to do this with the server directly?
If layer 2 is a solution (my understanding is that layer 2 tunnels don't care about IP addresses), are SoftEther implementations of L2TPv2 and OpenVPN viable solutions? I have no experience with them, but I've read that they can tunnel layer 2 traffic.
Finally, if I need to use a different VPN server, I'll still want to keep SoftEther's SSTP functionality (I would like to stay with Ubuntu for now), and route between the two VPNs. Do I need to configure a SoftEther client to create a virtual interface on the VPS, or is it possible to do this with the server directly?
-
solo
- Posts: 1292
- Joined: Sun Feb 14, 2021 10:31 am
Re: LAN to VPN routing with Mikrotik SSTP client
SoftEther's "virtual L2/L3 layer-transformation adapter" is no router, either enable SecureNAT or use L3 protocols on the same subnet, including L2TP. While it also offers L2TPv3 for true L2, not many devices/clients support this protocol. SoftEther-only solution involves simply a connection of SoftEther bridge to the VPS using L3 switch, whereas SoftEther+SSTP server requires tapping and passing this traffic to Ubuntu host for re-routing ...and you're on your own.