Connecting to other services on the SofEther system

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Timboxyz
Posts: 3
Joined: Wed Oct 13, 2021 2:44 pm

Connecting to other services on the SofEther system

Post by Timboxyz » Wed Oct 13, 2021 3:00 pm

I have SoftEther set up on my Netgear NAS box with L2TP passed through my router. SoftEther is configured to bridge to my first ethernet card on the NAS box.

External L2TP clients on the internet can successfully connect to SoftEther and I can see and connect to all connected other devices on my LAN. I cannot, however, see the NAS box that SoftEther is running on. Whist I can ping any other device on my LAN, if I try and ping the I.P. address of the NAS box itself I get no response. I have even tried adding in the second NIC from the box to the LAN. Other devices on the LAN can then ping this NIC as well as the first, but not a VPN client.

I am assuming this is some sort of config issue. I have poked around a bit but have failed to make any impact. Can anyone suggest what needs doing, either in the SoftEther config, or adding some routing in the NAS box itself (I have SSH access)?

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Connecting to other services on the SofEther system

Post by eddiewu » Wed Oct 13, 2021 3:41 pm

This is a Linux kernel restriction. If you bridge a physical Nic to the virtual hub, you can’t access that particular Nic from that hub (including the client), that is to say it becomes a pure bridge.
Solution 1: Make a TAP device and route with the LAN
Solution 2: Setup NAT and routing table so that the traffic from the client to the box is routed via the router in both directions.
Whether to use a second Nic is up to you. The key part is you can’t send the traffic over the bridge. It has to be routed.

Timboxyz
Posts: 3
Joined: Wed Oct 13, 2021 2:44 pm

Re: Connecting to other services on the SofEther system

Post by Timboxyz » Fri Oct 15, 2021 4:14 pm

Thanks for that it is helpful and a clear explanation. What I don't get is why I couldn't even see the second NIC when I plugged it into the network which I would expect to be able to do from what you say.

I tried setting up a TAP device but couldn't get it to work. Can you point me at a good guide for this as it's at the limit of my current expertise?

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Connecting to other services on the SofEther system

Post by eddiewu » Sat Oct 16, 2021 12:33 am

Search for softether setup with local bridge.
I forgot to say that there is a simpler setup that doesn’t need any bridges called secure nat. Remove any bridges and enable secure Nat and secure DHCP and you are good to go.
Note that with either secure Nat or tap device setup the vpn is routed (L3) so that the client can’t see other computers. It can, however, connect to them by directly using their IPs.

Timboxyz
Posts: 3
Joined: Wed Oct 13, 2021 2:44 pm

Re: Connecting to other services on the SofEther system

Post by Timboxyz » Sat Oct 16, 2021 12:35 pm

Hmm. Tried Secure NAT and it certainly works. However, although I can connect to any other device whose IP I know I still cannot connect to the IP of the box SoftEther is on. In that respect, it is identical to the bridged mode, although of course more secure for other devices on the LAN.

Will prod some more with the TAP method. Thanks for your input.

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Connecting to other services on the SofEther system

Post by eddiewu » Sat Oct 16, 2021 1:24 pm

Secure nat does not block you from accessing the host.
Make sure you access it via its original IP (not the one assigned by secure DHCP such as 192.168.30.1). If it does not work something else might be broken.

Post Reply