ACLs not working bi-directional

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Posts: 1
Joined: Thu Feb 25, 2021 10:17 am

ACLs not working bi-directional

Post by dwohlhaupter » Thu Feb 25, 2021 10:49 am

Hi all,

I have a question on how access lists work in SE.

Our setup is quite simple:
1. SecureNAT with DHCP and Virtual NAT is enabled for a hub
2. Local network is
3. VNI IP is
4. VPN subnet is

As long as no access lists have been maintained, everything works fine. But to restrict the access to some local subnets, we have created following rules:
1. Allow DHCP
2. Allow access from to
3. Deny all

The result of above ACL is that no access to is possible (no ping possible, DHCP still works). If we create an additional rule for the route back from the local subnet to VPN network, everything works fine again (ping is working):
1. Allow DHCP
2. Allow access from to
3. Allow access from to
4. Deny all

But in my opinion packet filtering doesn't require a rule for both directions and should work bi-directional for already established connections.

Could someone please state how ACLs are working in SE?

Thanks and best regards

Post Reply