LAN to VPN routing with Mikrotik SSTP client
Posted: Mon Apr 22, 2024 8:05 pm
Hi.
I have a SoftEther server set up on an Ubuntu VPS. I've succeded in connecting my Mikrotik router to the VPN using an SSTP client. I can ping the VPN's gateway from the router, as well as ping the router's tunnel endpoint IP address from other devices in the VPN.
Next I'd like to route traffic between a physical subnet accessible to the router and the SoftEther hub, so that devices in the two networks can talk to each other. The two networks have different network addresses.
The routing I've set up on the router seems to work fine. If I put a masquerade NAT on the tunnel interface, I can successfully ping devices in the VPN from the physical subnet. However, without the NAT no traffic from the physical network comes through. The router's packet sniffer can see ping requests being sent on the tunnel interface, but SoftEther's packet log doesn't show them (I have enabled ICMP logging and verified that it works).
My understanding then is that packets with a different source address to that of the tunnel endpoint get rejected. Or perhaps packets originating from a different subnet. What do I need to do to get this setup to work?
I have a SoftEther server set up on an Ubuntu VPS. I've succeded in connecting my Mikrotik router to the VPN using an SSTP client. I can ping the VPN's gateway from the router, as well as ping the router's tunnel endpoint IP address from other devices in the VPN.
Next I'd like to route traffic between a physical subnet accessible to the router and the SoftEther hub, so that devices in the two networks can talk to each other. The two networks have different network addresses.
The routing I've set up on the router seems to work fine. If I put a masquerade NAT on the tunnel interface, I can successfully ping devices in the VPN from the physical subnet. However, without the NAT no traffic from the physical network comes through. The router's packet sniffer can see ping requests being sent on the tunnel interface, but SoftEther's packet log doesn't show them (I have enabled ICMP logging and verified that it works).
My understanding then is that packets with a different source address to that of the tunnel endpoint get rejected. Or perhaps packets originating from a different subnet. What do I need to do to get this setup to work?