No Local Bridge - Secure Nat Traffic Traverse question

[tjhunt]

Hi Everyone, i would appreciate some experienced help! I've read many different conflicting information on the forums.

Lets say i have a network 192.168.30.0/24

I setup softether Server to use Secure nat which is using 192.168.32.0/24 (Virtual DHCP - Secure nat setting) to hand out IP addresses (not using local bridge)

(done this way for split tunnel on mobile devices)

VPN Clients on network 192.168.32.0/24 (VPN Client Network) can ping clients on 192.168.30.0/24 (Home LAN Network aka VPN Server network)
but in reverse 192.168.30.0/24 cannot ping clients on 192.168.32.0/24.

Is this because of the split tunnel? While using split tunnel will traffic only travel one way?

to clear all the basic issues. Ive disabled all firewalls and tested pinging via other methods. Ive tried everything under the moon for firewall routing rules to get local traffic to communicated with 192.168.32.0/24 to no success.

Here are my static route rules in Softether SecureNat - 192.168.30.0/255.255.255.0/192.168.32.254

Am i missing a static route in the softether software preventing traffic from clients from coming back into the network? Or is this simply by design?

[solo]

I've read many different conflicting information on the forums.

You clearly have missed the "I cannot access a VPN client computer from other LAN clients" topic which answers this exact question.

[tjhunt]

You clearly are a Dick. I guess i did miss it among the other 25+ posts with inaccurate information! I really do appreciate the link info. Just not the attitude.

*** For anyone with PFSense what you need to do is add the VPN server as a gateway. In my case the Server is 192.168.30.112 So i would add that as a gateway on the vlan30 Interface. Then what you would do is go to static routes (in PFSense) and push your (secure nat DHCP) through that gateway. So it would look like 192.168.32.0/24 to IP 192.168.30.112. Make sure you get the correct firewall rules and you are good to go!

My Static Routes for Secure Nat (Soft Ether) are as Follows
192.168.30.0/255.255.255.0/192.168.32.254, 192.168.5.0/255.255.255.0/192.168.32.254

192.168.32.254 being the DHCP Server for (Secure Nat) in SoftEther

[tjhunt]

- install MLA https://learn.microsoft.com/en-us/troub ... ck-adapter
- bridge SoftEther's hub to it
- assign a static IP to it, presumably the vacant 192.168.30.2
- start the "Routing and Remote Access" service
- run: netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes


VPN Server Physical IP - 192.168.30.112
SecureNat DHCP Range - 192.168.32.0/24 (should secure nat be disabled?)


Completed this. There is some clarification needed that is not on that post.

1. Should Secure nat be enabled?
2. Should IP for loopback look like this
192.168.30.230 (Physical VPN Server IP = 192.168.30.112)
255.255.255.0
(Blank Gateway, Blank DNS)
Or
(For Secure Nat) Or should i be using a different subnet?
192.168.32.230 (Physical VPN Server IP = 192.168.30.112)
255.255.255.0

I have bridged the loopback adapter through the softether software.

Should i also Bridge the loopback from 192.168.30.112 (through windows with the loopback adapter) ?

Problem is i only have the loopback bridge and of course its not accepting incoming connections because its a "loopback." I feel like i have missed a step somewhere?