I'm testing a cluster configuration and I can't figure out why my users stop having access with dynamic/DHCP hubs.
In standalone, I have a virtual hub with SecureNAT/DHCP enabled. Clients connect to the VPN and the "0.0.0.0/0" routes work through the HUB. I then switch the server to a controller (with VPN traffic enabled) and I test two different combinations:
1) In static mode, the bridge to the local adapter is operational, but without DHCP the users never get an IP.
2) In dynamic mode, I enable DHCP as I figured it was the missing piece. Users get assigned an IP but do not have access to the internet.
Am I missing something in the jump from a standalone to a cluster setup?
Internet access in cluster mode
-
- Posts: 286
- Joined: Wed Nov 25, 2020 9:10 am
Re: Internet access in cluster mode
Dynamic hub is designed for interconnection between clients, not for internet access.
-
- Posts: 5
- Joined: Tue May 10, 2022 2:32 pm
Re: Internet access in cluster mode
So the only configuration that would support the use case is standalone mode, scale out with new servers as the demand grows?
-
- Posts: 286
- Joined: Wed Nov 25, 2020 9:10 am
Re: Internet access in cluster mode
What is your use case?
-
- Posts: 5
- Joined: Tue May 10, 2022 2:32 pm
Re: Internet access in cluster mode
Remote access VPN with internet access through the VPN. The aim is both added privacy, but also inter-connection with the users. Think typical nordvpn-like services but where users are able to connect to each other on the virtual LAN.
-
- Posts: 1
- Joined: Fri Oct 20, 2023 8:29 am
Re: Internet access in cluster mode
When in Cluster mode, VPN server disables NAT. What is the correct way to provide NAT and access to the Internet for connected clients with default route to 0.0.0.0/0 via the server while still preserving the load-balancing with multiple member servers?
-
- Posts: 1529
- Joined: Sun Feb 14, 2021 10:31 am
Re: Internet access in cluster mode
The LAN's router does NAT.By configuring a local bridge connection between the physical Network Adapters connected to each of the VPN Servers for each static Virtual Hub instance created in each VPN Server in the cluster, and by connecting all of the local bridging destination physical LANs to the in-house LAN destination to which the remote access is desired (either a direct layer 2 connection or a layer 3 connection using a router and NAT is acceptable), the VPN Client user can remotely access this in-house LAN regardless of which VPN Server the connection is assigned to. This mechanism enables the creation of a large-scale remote access VPN service required to process a large volume of simultaneous connections. Please refer to 10.8 Build a Large Scale Remote Access VPN Service for specific configurations.