On EC2 with bridge rather than SNAT

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
joedb
Posts: 1
Joined: Mon Nov 12, 2018 3:56 pm

On EC2 with bridge rather than SNAT

Post by joedb » Thu Nov 15, 2018 8:13 pm

Hello,

I am trying to setup Softether on EC2 but without using the Secure NAT (ie. using local bridge).

I have a public subnet in a VPC where I am running an EC2 instance with Softether. That EC2 instance actually has two interfaces; one has the public IP address and is how a client would initiate connection to the instance (eth0). I have attached a second elastic network interface (eth1), and this interface is in a second subnet. I want to allow access only to the second subnet for any client that connects to Softether.

I have setup a bridge using the vpncmd, and clients are able to connect to the VPN OK. I have enabled the DHCP server functionality of Softether but have disabled the Virtual NAT. Routes for the target networks have been configured and are making it to the client fine using PUSHROUTE. However, it seems that no traffic makes it into the second subnet from the clients.

Could anyone offer guidance as to what I might be doing wrong?

Thank you.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: On EC2 with bridge rather than SNAT

Post by thisjun » Tue Dec 11, 2018 1:58 am

Why did you push the route, even though you enable localbridge?
What the route did you push?

I recommend confirming whether MAC spoofing is allowed in EC2.

Post Reply