Internet through SE

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
cmpts_cpeacock
Posts: 10
Joined: Sun Aug 05, 2018 11:38 am

Internet through SE

Post by cmpts_cpeacock » Fri Jan 18, 2019 9:35 am

Hi,

I've created a local bridge on Ubuntu using these sites as a guide:

http://blog.lincoln.hk/blog/2013/03/19/ ... er-on-vps/
http://blog.lincoln.hk/blog/2013/05/17/ ... al-bridge/

When I connect from Android using VPN Client Pro over SSTP the VPN connects fine, but all Internet is routed through SE too.

I think it's the nat tables, but when they weren't there there was no Intenet at all.

iptables -t nat -A POSTROUTING -s 192.168.30.0/24 -j SNAT --to-source 192.168.0.1
apt-get install -y iptables-persistent


How can I allow VPN clients to connect, but not route Internet through SE and only use their local network for Internet?

Cheers

elmoghazy.omar
Posts: 4
Joined: Thu Jan 17, 2019 10:30 am

Re: Internet through SE

Post by elmoghazy.omar » Fri Jan 18, 2019 1:13 pm

Hi, what you are trying to achieve is called "split tunneling" there's already a good guide on how to implement it on the forum:
viewtopic.php?f=7&t=59975&p=77412&hilit ... ide#p77412
cheers

cmpts_cpeacock
Posts: 10
Joined: Sun Aug 05, 2018 11:38 am

Re: Internet through SE

Post by cmpts_cpeacock » Fri Jan 18, 2019 1:19 pm

Thanks. That's Windows focussed, whereas I'm using Ubuntu.

I'll see if I can find any posts specific to Ubuntu / Linux and split tunnelling.

Cheers

thisjun
Posts: 2300
Joined: Mon Feb 24, 2014 11:03 am

Re: Internet through SE

Post by thisjun » Thu Feb 21, 2019 6:07 am

You can use static route pushing feature.
This is the description of PUSHROUTE option of dhcpset command of vpncmd.

Specify the static routing table to push.
Example: "192.168.5.0/255.255.255.0/192.168.4.254, 10.0.0.0/255.0.0.0/192.168.4.253"
Split multiple entries (maximum: 64 entries) by comma or space characters. Each entry must be specified
in the "IP network address/subnet mask/gateway IP address" format.
This Virtual DHCP Server can push the classless static routes (RFC 3442) with DHCP reply messages to
VPN clients.
Whether or not a VPN client can recognize the classless static routes (RFC 3442) depends on the target
VPN client software. SoftEther VPN Client and OpenVPN Client are supporting the classless static
routes. On L2TP/IPsec and MS-SSTP protocols, the compatibility depends on the implementation of the
client software. You can realize the split tunneling if you clear the default gateway field on the
Virtual DHCP Server options. On the client side, L2TP/IPsec and MS-SSTP clients need to be configured
not to set up the default gateway for the split tunneling usage.
You can also push the classless static routes (RFC 3442) by your existing external DHCP server. In that
case, disable the Virtual DHCP Server function on SecureNAT, and you need not to set up the classless
routes on this command.

cmpts_cpeacock
Posts: 10
Joined: Sun Aug 05, 2018 11:38 am

Re: Internet through SE

Post by cmpts_cpeacock » Thu Feb 21, 2019 9:25 am

Thanks. Will check it out. I've not got round to sorting it yet, but that will help

That said, I am using DNSMASQ for the DHCP element so would it work the same was as you suggest, or do I need to use DNSMASQ and PUSHROUTE together?

Post Reply