Hi all!
I am setting up Softether VPN for remote work in my company, it is running on an ubuntu 20 machine.
The setup went well and I can connect from the windows clients to the server and access all resources on the company network except for the services running on the same machine as the Softether VPN.
Let's say the Company network has 192.168.0.1 - 255 ip range and we have a HTML webserver running on 192.168.0.100 -> i can reach that one fine from outside the company via the VPN connection. Also network printers, etc. are all reachable.
However, we also have a HTML webserver running on the same machine as the Softether VPN server. That one is on 192.168.0.54. I can't reach that one. Is there a way to make it accessable?
Since the server is just a "normal" PC with one ethernet connection, I have set up a local bridge to a virtual tap device.
I also enabled SecureNAT and added a static route to the routing table, so only the traffic dedicated to the company network goes over the VPN.
Any help would be greatly appreciated.
Thanks!
Cannot connect to other servers running on same machine as VPN Server
-
schlatte
- Posts: 3
- Joined: Thu Jan 04, 2024 9:19 am
-
solo
- Posts: 1284
- Joined: Sun Feb 14, 2021 10:31 am
-
schlatte
- Posts: 3
- Joined: Thu Jan 04, 2024 9:19 am
Re: Cannot connect to other servers running on same machine as VPN Server
Thanks for the hint!
Since I don't want all traffic to go through the VPN, the bridging option seems not to work for me.
With the proposed steps I could get it working, by setting
however, now the mentioned problem with 100% cpu load arises.
So I would need to switch to the development build of SE. Asked plain and simple: is that too risky for a company environment?
Or is there a way using the bridging method and the latest "official" release of SE (I'm using 4.43, Build 9799) to get only the "relevant" traffic through the VPN?
Thanks!
Since I don't want all traffic to go through the VPN, the bridging option seems not to work for me.
With the proposed steps I could get it working, by setting
Code: Select all
bool DisableIpRawModeSecureNAT true
bool DisableKernelModeSecureNAT true
So I would need to switch to the development build of SE. Asked plain and simple: is that too risky for a company environment?
Or is there a way using the bridging method and the latest "official" release of SE (I'm using 4.43, Build 9799) to get only the "relevant" traffic through the VPN?
Thanks!
-
solo
- Posts: 1284
- Joined: Sun Feb 14, 2021 10:31 am
Re: Cannot connect to other servers running on same machine as VPN Server
- assess DE risks on https://github.com/SoftEtherVPN/SoftEtherVPN/issues
- you can use bridging method and have a complete control of VPN with a SE soft tap + iptables' NAT + dnsmasq
- you can use bridging method and have a complete control of VPN with a SE soft tap + iptables' NAT + dnsmasq
-
schlatte
- Posts: 3
- Joined: Thu Jan 04, 2024 9:19 am
Re: Cannot connect to other servers running on same machine as VPN Server
Alright, thanks!
I've set it up with local bridge and iptables now, everything is running well.
Thank you!
I've set it up with local bridge and iptables now, everything is running well.
Thank you!