unable to ping or connect after connecting over VPN Azure

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
albell
Posts: 2
Joined: Thu May 16, 2019 6:32 pm

unable to ping or connect after connecting over VPN Azure

Post by albell » Thu May 16, 2019 6:37 pm

Running on Windows 10 VM in Azure

server: Softether VPN 4.0 , v4.29, build 9680
client: same version

Server NIC IP 10.0.0.4

VPN server IP ( SecureNat)10.0.0.5

Client assigned IP: 10.0.0.10

Client connects with no issues. Client can ping SecureNET IP

Client cannot ping 10.0.0.4

Added static route to client manually, no difference

What is missing?

albell
Posts: 2
Joined: Thu May 16, 2019 6:32 pm

Re: unable to ping or connect after connecting over VPN Azure

Post by albell » Thu May 16, 2019 6:54 pm

to expand on the scenario:

After the client connects, its routing table is changed:

Before

default route is local interface, metric 25


after vpn
default route is vpn interface, metric 2

this should allow traffic to/from 10.0.0.4, but it does not

centeredki69
Posts: 126
Joined: Wed Sep 18, 2013 1:49 pm

Re: unable to ping or connect after connecting over VPN Azure

Post by centeredki69 » Thu May 16, 2019 10:09 pm

SecureNAT works like a Virtual SOHO router. When activated, it's like having a Router behind the Physical networks Router. Like being (double NATed), In your case the Azure system issued you the 10.0.0.0/24 subnet when you created your Win10 VM and gave it 10.0.0.4. The Azure DHCP server is also assigning the SecureNAT'S virtual """External""" interface a 10.0.0.something IP """this is not displayed in the SE settings""" (This is what happens on my home network anyway. With Azure I'm not sure how its happening ). However, you also gave SecureNAT's """internal LAN"""" the same 10.0.0.0/24 subnet. The secureNAT's NAT does not know what to do with the packets because it is looking for 10.0.0.4 on its internal Network. You need to set the SecureNAt's subnet to something different then the Upstream 10.0.0.0/24 network. The VPN clients will then have access to anything in the (10.0.0.0/24) because it is upstream.

Post Reply