Remote desktop (RDP) through VPN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
sirjamie
Posts: 5
Joined: Mon Oct 21, 2019 2:45 pm

Remote desktop (RDP) through VPN

Post by sirjamie » Mon Oct 21, 2019 3:34 pm

Hi, I am a new SoftEther user. I have setup the VPN server and client. I am able to use the VPN and make a connection. But I have an issue once I have a connection, my VPN IP address becomes a 172.20.10.2 address (my current local network is 192.168.x.x) and I am unable to RDP to my local network computers once I have VPN connection. How do I set it up so I can RDP to the local computers in my network? Any help would be appreciated.

ozone
Posts: 62
Joined: Thu Sep 19, 2019 7:18 pm

Re: Remote desktop (RDP) through VPN

Post by ozone » Mon Oct 21, 2019 8:14 pm

Hi,

Could you post a "ipconfig /all" and a "route print" (windows) on the client after connecting to the vpn?

It should actually work.... unless.... there is something weird. Often it's in there.

Oz

sirjamie
Posts: 5
Joined: Mon Oct 21, 2019 2:45 pm

Re: Remote desktop (RDP) through VPN

Post by sirjamie » Tue Oct 22, 2019 3:08 pm

Hi Oz, thanks for your message. Below is the ipconfig/all and tracert information:

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-IJKRVRN
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Unknown adapter VPN4 - VPN Client:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VPN Client Adapter - VPN4
Physical Address. . . . . . . . . : 5E-BB-8C-E0-F7-92
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2604:3d08:2683:2a00:ac8e:9ae0:525a:7990(Preferred)
Temporary IPv6 Address. . . . . . : 2604:3d08:2683:2a00:7d57:a5f6:1a67:6e1c(Preferred)
Link-local IPv6 Address . . . . . : fe80::ac8e:9ae0:525a:7990%19(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.152(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : October 22, 2019 7:48:53 AM
Lease Expires . . . . . . . . . . : October 22, 2019 9:48:53 AM
Default Gateway . . . . . . . . . : fe80::5e76:95ff:fed2:1c72%19
192.168.0.151
DHCP Server . . . . . . . . . . . : 192.168.0.151
DHCPv6 IAID . . . . . . . . . . . : 324975500
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-D3-F4-82-68-07-15-88-99-9C
DNS Servers . . . . . . . . . . . : 64.59.160.13
2001:4e8:0:400b::11
2001:4e8:0:400c::11
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 1:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 68-07-15-88-99-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 6A-07-15-88-99-9C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 3165
Physical Address. . . . . . . . . : 68-07-15-88-99-9C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::892d:db11:71ee:8849%12(Preferred)
IPv4 Address. . . . . . . . . . . : 172.20.10.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Lease Obtained. . . . . . . . . . : October 22, 2019 7:48:36 AM
Lease Expires . . . . . . . . . . : October 23, 2019 7:34:12 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 172.20.10.1
DHCPv6 IAID . . . . . . . . . . . : 124258069
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-D3-F4-82-68-07-15-88-99-9C
DNS Servers . . . . . . . . . . . : 172.20.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 68-07-15-88-99-A0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

tracert 192.168.0.206

Tracing route to WIN-2F0VO8AGOB2 [192.168.0.206]
over a maximum of 30 hops:

1 DESKTOP-IJKRVRN [192.168.0.152] reports: Destination host unreachable.

Trace complete.

sirjamie
Posts: 5
Joined: Mon Oct 21, 2019 2:45 pm

Re: Remote desktop (RDP) through VPN

Post by sirjamie » Tue Oct 22, 2019 7:23 pm

I realized you wanted the "route print" results (not the tracert). Here are those results:

route print
===========================================================================
Interface List
19...5e bb 8c e0 f7 92 ......VPN Client Adapter - VPN4
5...68 07 15 88 99 9d ......Microsoft Wi-Fi Direct Virtual Adapter
17...6a 07 15 88 99 9c ......Microsoft Wi-Fi Direct Virtual Adapter #2
12...68 07 15 88 99 9c ......Intel(R) Dual Band Wireless-AC 3165
14...68 07 15 88 99 a0 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.151 192.168.0.152 2
70.66.129.159 255.255.255.255 172.20.10.1 172.20.10.2 55
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
130.158.6.73 255.255.255.255 172.20.10.1 172.20.10.2 55
172.20.10.0 255.255.255.240 On-link 172.20.10.2 311
172.20.10.2 255.255.255.255 On-link 172.20.10.2 311
172.20.10.15 255.255.255.255 On-link 172.20.10.2 311
192.168.0.0 255.255.255.0 On-link 192.168.0.152 257
192.168.0.152 255.255.255.255 On-link 192.168.0.152 257
192.168.0.255 255.255.255.255 On-link 192.168.0.152 257
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 172.20.10.2 311
224.0.0.0 240.0.0.0 On-link 192.168.0.152 257
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 172.20.10.2 311
255.255.255.255 255.255.255.255 On-link 192.168.0.152 257
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
19 291 ::/0 fe80::5e76:95ff:fed2:1c72
1 331 ::1/128 On-link
19 291 2604:3d08:2683:2a00::/64 On-link
19 291 2604:3d08:2683:2a00:153c:3f7b:e2f0:19b/128
On-link
19 291 2604:3d08:2683:2a00:ac8e:9ae0:525a:7990/128
On-link
12 311 fe80::/64 On-link
19 291 fe80::/64 On-link
12 311 fe80::892d:db11:71ee:8849/128
On-link
19 291 fe80::ac8e:9ae0:525a:7990/128
On-link
1 331 ff00::/8 On-link
12 311 ff00::/8 On-link
19 291 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

ozone
Posts: 62
Joined: Thu Sep 19, 2019 7:18 pm

Re: Remote desktop (RDP) through VPN

Post by ozone » Tue Oct 22, 2019 7:43 pm

Thank you for sending the info.

Unfortunately "traceroute" and "route print" are not the same thing.

With route print you get a table explaining which address can be reached "how" (as in: "via which router" and/or "interface')
With that info I hoped to see if there was a discrepancy between the devices you tried to reach and the current ip-configuration.

With traceroute, I cannot draw any conclusions, it just shows that you <can> reach something, and via which path.

That said, I see in ipconfig some things that confuse me in relation to your original post.
In your original post you mention that your local address range is 192.168.x.x, yet I see here that your local wifi link is on 172.20.10.2.
And the VPN is at 192.168.0.152, a 1/256 subset of the range you called "local".
Also that there is NO default gateway on the wifi-link. That means that if the local RDP-targets are not in the range of 172.20.10.1-14 (which is surprisingly small), they cannot be reached 'at all'.
I'm sure this is just a misunderstanding, but maybe a bit more clarification is in order.


Also noted:
1) That you also have IPV6 <enabled> (I assume you are using IPV4, since you mention only those addresses in the original post);
2) And have a "public" DNS server defined on the VPN, which will not know your rdp-targets names (when rdp-ing based on a Devicename).
Both these can make a successful rdp-attempt fail.

For 1) you could temporarily disable IPV6, since it can do basically everything IPV4 can, and therefore screw things up if not set-up correctly.
And for 2) test if you can reach the device on its IPV4-address in stead of <name>.

(btw, temporarily disabling the windows firewall during testing is also often helpfull :)

Oz

ozone
Posts: 62
Joined: Thu Sep 19, 2019 7:18 pm

Re: Remote desktop (RDP) through VPN

Post by ozone » Tue Oct 22, 2019 7:48 pm

Unfortunately "traceroute" and "route print" are not the same thing.
Sorry, I see that you added it already, but our posts crossed.

I'll take a look at it.

Oz

ozone
Posts: 62
Joined: Thu Sep 19, 2019 7:18 pm

Re: Remote desktop (RDP) through VPN

Post by ozone » Tue Oct 22, 2019 8:23 pm

Still assuming you intend to use IPV4.
I see only 2 connected subnets: 172.20.10.0/28 (wifi) and 192.168.0.0/24 (vpn).
I also see 2 wan-ips reachable via 172.20.10.1 (the latter therefore likely to be the default gateway before the vpn-connection)
And also there is currently only 1 gateway defined for routing <anything> outside the 2 above subnets (or the standard stuff (loopback/link-local))
This gateway (the 0.0.0.0 entry) is 192.168.0.151 on the vpn link.
So all traffic not going to 172.20.10.0/28 (wifi) and 192.168.0.0/24 will go over the vpn, including internet traffic.

So next question would be: What are the ip addresses you want to RDP?
Are they within 192.168.0.1-254 or 172.20.10.1-14 ranges??

Oz

sirjamie
Posts: 5
Joined: Mon Oct 21, 2019 2:45 pm

Re: Remote desktop (RDP) through VPN

Post by sirjamie » Tue Oct 22, 2019 8:59 pm

The IP I am trying to RDP to is 192.168.0.206. I have not configured anything to use 172.20.10.0/28, I figured that was a default IP with SoftEther? I will do more testing based on your information you have provided.

ozone
Posts: 62
Joined: Thu Sep 19, 2019 7:18 pm

Re: Remote desktop (RDP) through VPN

Post by ozone » Wed Oct 23, 2019 7:32 pm

Hi,

172.20.10.0/28 is the network you are/were on before you started connecting to the vpn. It is on the Wifi interface, nothing to do with SE.

So you try to connect to a device on a network that has 192.168.0.0/24. And you DO get a valid ip.
Apparently this is also the range you expect to find devices on. (not automatically the case)

Can you go on the internet when connected to VPN?

edit: do a "tracert 8.8.8.8"
..See how it travels towards the internet over the vpn (8.8.8.8 is a google dns, easy to remember)

sirjamie
Posts: 5
Joined: Mon Oct 21, 2019 2:45 pm

Re: Remote desktop (RDP) through VPN

Post by sirjamie » Thu Oct 24, 2019 11:08 pm

Perhaps it has something to do with the 'SecureNAT Configuration' in SoftEther VPN configuration?
Also when I connect to the VPN, I can surf the internet, but I noticed when I mouse over my wifi symbol it shows 'No internet access' for the VPN adapter.
Here is the tracert info:

Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:

1 55 ms 48 ms 50 ms 192.168.0.151
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 106 ms 113 ms 127 ms dns.google [8.8.8.8]

Another thing is I can simply re-set up from scratch. Do you have any instructions from the internet or YouTube with the way to setup vpn when I want to connect to my local network like this?

ozone
Posts: 62
Joined: Thu Sep 19, 2019 7:18 pm

Re: Remote desktop (RDP) through VPN

Post by ozone » Sat Nov 02, 2019 10:37 pm

Hi,

Sorry for the late reply, was out of town last week.

The "excalmation mark" on the wifi is "normal" while on VPN sometimes.
Via that interface, there is no longer direct internet access anymore, it is routed over vpn.

Unfortunately the trace isn't really helpfull, as it doesn't show in-between hops.
But that sometimes happens.

I'll try to dig up the first manual I used to setup my first SE setup.
If I can't find it anymore, I'll try to explain it myself....

To be continued...

Oz

ozone
Posts: 62
Joined: Thu Sep 19, 2019 7:18 pm

Re: Remote desktop (RDP) through VPN

Post by ozone » Wed Nov 06, 2019 12:42 am

I promised looking up the tutorial.

This was the tutorial I used the very first time, it is still online.

https://www.digitalocean.com/community/ ... -softether

Note1: everything from step 6 onward, I did through the gui for convenience.
Note2: tutorial is from 2013, some details might have changed over time.

Oz

Post Reply