VPN Azure and Dynamic DNS could not connect Without Public IP?

[hansen007]

Hi, I Just completed setup of Softether VPN Server in Windows Server 2019.
The type of server is Remote Access VPN Server.
After completed step installation and configuration, I could not connect with OpenVPN client method or either with VPN Azure.

I am using ISP provider here without public IP. The network provider in SG could not provide Public IP for SIM card.
Meaning when I check wahtismyIP from google, it will show different IP address compare to my WAN IP in my router.

That's why Softether become my option solution since, it over NAT traversal.
But seems I still not able to connect even I already activated Dynamic DNS and VPN Azure.
Do we really need a public IP to make this VPN work?

[solo]

I could not connect with OpenVPN client method or either with VPN Azure.

You can not use OpenVPN with a VPN Azure destination. You can use VPN Azure with a SoftEther or MS-SSTP client.

[hansen007]

Hi, I am trying 2 method OpenVPN and Azure VPN. Not mixing configuration.
Both method not working in my case. I suspect because of no public IP on my ISP.

[solo]

Please check this topic https://www.vpnusers.com/viewtopic.php?f=7&t=68032

[hansen007]

Hi Solo,

Thank you for the responds, I see in that topic the guy said connected with private IP.
But for me it never work, lets not to talk about azure first.
I am trying use Softether client to connect with NAT-T enable and it also never been connected.
See attach my IP information, dynamic DNS and VPN client config

[solo]

The network provider in SG could not provide Public IP for SIM card.
...
lets not to talk about azure first.

VPN Azure is, realistically, the only option to talk about considering your SIM card mobile connection.

[hansen007]

hi,

Let me confirmed again, for Softether VPN server to be working, it is actually required public IP am I right?
This is the same case when I use OpenVPN or Wireguard solution, without public IP the Client will not able to reach IP behind CGNAT.
Even dynamic DNS has been used, the only option is to have solution like reverse proxy (Astrorelay).

While for Softether, you also have Azure VPN which is seems reliable for above situation.
But I could not make the connection as well, what I have missed here?

[solo]

Initially use SoftEther client for VPN Azure tests. Later you could try out SSTP.

[hansen007]

Hi, try connect Azure VPN with Softether Client and its seems connected (with attach configuration).
but after connected I m not sure where my client network has been assigned, as I could not Ping or remote to local IP of my VPN Server.
(attach also my VPN server IP)

[solo]

- enable SecureNAT (with all defaults at this stage) on the VPN hub
- connect the SE client form a different network/ISP than your SE server

[hansen007]

Hi,

I enable secure NAT and from my Softether client I able to ping to LAN network and remote connection is working.
But Secure NAT is somehow slow the internet access, everytime client get connected the speed test will reduce to less then 1MB.
So i decided to disabled secure NAT and got my internet speed back to 20-40MB.
But the problem without secure NAT I am not able to reach the LAN even its been registered in IP table of VPN hub.
Client mode i have change to bridge mode as well. What else setting to route the VPN client IP to LAN ?

[solo]

Re-enable SecureNAT, remove default gateway from it and push a static route to your LAN from vDHCP.

[hansen007]

Hi,

After push a static route it working, but not stable, ping status up and down.
is My push table correctly define?

[solo]

Ping on VPN Azure may be unstable indeed because your connection takes a round trip via JP servers. For better performance you'd have to establish a SE server gateway on a cloud near you.