How to configure SoftEther VPN on a dual NAT'd Home network
Posted: Thu May 25, 2023 12:10 pm
Intent: Create VPN connections using SoftEther software ONLY at the Layer-2 level for remote access and control of friends & family computers for troubleshooting, updates and configurations using mostly Windows 10 & 11 Pro Remote Desktop Connection & Remote Assistance vi the SoftEther VPN.
Current setup: Home network: 2 NAT'd networks: Private & Public using 2 different Class C Private address ranges using 2 identical home routers and a cable modem. The ISP assigns a dynamic Global IPV4 to the Public Router to gain Internet access, changing about every 3-4 weeks. The Private router goes through the Public router to gain Internet access. The Private router WAN port connects to the Public router via 1 of the 4 ethernet ports on the back of the Public router. The IP address of the Private router WAN port is statically assigned by the Public router using it's DHCP reserved addressing based on MAC address. Each router has at least 1 24-port GB switch to expand the available ethernet ports. The Cable modem connects to the WAN port of the Public router. This Public WAN IP address is dynamic.
VPN Initial setup: Using a Linux Ubuntu 22.04 LTS laptop with dual hardwired NICs. I have 1 NIC on the Public network. I have 1 NIC on the Private network. I am using the latest full release SoftEther VPN Server. I have the Public NIC as a NOT BRIDGED connection as this is where I want the VPN Clients connecting to the virtual hub Public. I have the Private NIC as a Local BRIDGED connection to the Private network via the virtual hub Private. I have not yet implemented Cascading. I believe I need to.
Configuration Input Please: I'm not sure if this VPN Server is properly configured. I have the SoftEther DDNS and Azure both active. I use their names for the Client's Internet connection since I DO NOT DESIRE TO OPEN ANY FIREWALL PORTS. Hence my path is to use HTTPS to pass through the Cable Router's & PC firewalls WITHOUT OPENING any ports.
I have attached a network diagram to assist understanding & communications.
I hope to receive your guidance in correcting my understanding, setup, configuration and managing this network.
If you would like to talk to save time & typing, please call me at 843-513-5430 at anytime 24 hours per day. English is my only language.
Thanks...Steven
Current setup: Home network: 2 NAT'd networks: Private & Public using 2 different Class C Private address ranges using 2 identical home routers and a cable modem. The ISP assigns a dynamic Global IPV4 to the Public Router to gain Internet access, changing about every 3-4 weeks. The Private router goes through the Public router to gain Internet access. The Private router WAN port connects to the Public router via 1 of the 4 ethernet ports on the back of the Public router. The IP address of the Private router WAN port is statically assigned by the Public router using it's DHCP reserved addressing based on MAC address. Each router has at least 1 24-port GB switch to expand the available ethernet ports. The Cable modem connects to the WAN port of the Public router. This Public WAN IP address is dynamic.
VPN Initial setup: Using a Linux Ubuntu 22.04 LTS laptop with dual hardwired NICs. I have 1 NIC on the Public network. I have 1 NIC on the Private network. I am using the latest full release SoftEther VPN Server. I have the Public NIC as a NOT BRIDGED connection as this is where I want the VPN Clients connecting to the virtual hub Public. I have the Private NIC as a Local BRIDGED connection to the Private network via the virtual hub Private. I have not yet implemented Cascading. I believe I need to.
Configuration Input Please: I'm not sure if this VPN Server is properly configured. I have the SoftEther DDNS and Azure both active. I use their names for the Client's Internet connection since I DO NOT DESIRE TO OPEN ANY FIREWALL PORTS. Hence my path is to use HTTPS to pass through the Cable Router's & PC firewalls WITHOUT OPENING any ports.
I have attached a network diagram to assist understanding & communications.
I hope to receive your guidance in correcting my understanding, setup, configuration and managing this network.
If you would like to talk to save time & typing, please call me at 843-513-5430 at anytime 24 hours per day. English is my only language.
Thanks...Steven