Hello,
we as an IT service provider have possibly found a bug in the Softether VPN program.
First of all our situation:
Our client has one VPN server as a virtual maschine. The interfaces in that server are one interface in the internal network and four configured bridges for four different VPN-Hubs. Right now, we currently only have one hub in operation. We configured a few Users, who can connect to the Hub. They get an IP-address from an external DHCP-server (not the one in the SecureNAT options).
Our problem:
Our problem is seemingly a routing-problem, because a few accessible webpages cannot be reached or are extremly slow. We checked all routing tables of all servers. The routing to the VPN-network is correct.
Our solution:
If we enable SecureNAT on the Hub and deactivate it directly afterwards, everything is instantly reachable and the VPN-Connections are working just fine. I assume that it should not be so.
If anyone has an idea, please enlighten me.
Greetings from Germany
VPN Routing over Secure NAT
-
centeredki69
- Posts: 329
- Joined: Wed Sep 18, 2013 1:49 pm
Re: VPN Routing over Secure NAT
Dankau, Are you using "secureNAT" and "local bridge" at the same time? If so, only one on a "virtual Hub" should be used at a time , NOT both. When using the "Local bridge" option in a "Virtual Machine" you need to enable "promiscuous mode" (MAC spoofing in hyper-V) for it to work. NOTE : This option is generally not allowed on cloud hosted VM services like Azure & AWS. The "local bridge" option connects VPN client directly to the internal network. The secureNAT option creates a "Vitrual Router" behind/inside the physical router/network.
-
Dankau
- Posts: 7
- Joined: Tue Mar 10, 2020 8:25 am
Re: VPN Routing over Secure NAT
Hello,
thank you for your reply.
No, we are not using "secureNAT". We did activate it because we had routing-problems while connected over the VPN. We disabled "secureNAT" directly and the problem was gone.
We are using a local bridge to the internal network. Every Hub has an own network, which are seperated into different VLANs. The Server has 5 network cards, each in a different VLAN. So every Hub only has one local bridge.
We DO NOT plan to use "secureNAT". It should be working without it. It is just that the seemingly routing-problems comes without a reason and the only solution we found so far is enabling and disabling the "secureNAT"-option. This problem kicks in every now and then.
We will enable the "promiscuous mode" and test it.
thank you for your reply.
No, we are not using "secureNAT". We did activate it because we had routing-problems while connected over the VPN. We disabled "secureNAT" directly and the problem was gone.
We are using a local bridge to the internal network. Every Hub has an own network, which are seperated into different VLANs. The Server has 5 network cards, each in a different VLAN. So every Hub only has one local bridge.
We DO NOT plan to use "secureNAT". It should be working without it. It is just that the seemingly routing-problems comes without a reason and the only solution we found so far is enabling and disabling the "secureNAT"-option. This problem kicks in every now and then.
We will enable the "promiscuous mode" and test it.