VPN port forwarding

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
gulipin
Posts: 4
Joined: Tue Dec 05, 2017 5:41 pm

VPN port forwarding

Post by gulipin » Tue Dec 05, 2017 6:23 pm

This is my first post, so "hi" to everybody! :)

Not sure, if this is correct forum, but let's find out.

I have installed VPN SoftEther Server and it works fine. However, I would like to use this as some kind of gate. Is it possible to make it forwarding packets the same way as it is asked? For example, there is a user that is sending request to VPN server on port tcp 6789. VPN forwards this request to my local server to the same port. My local server replies to VPN and VPN forwards it to user.
https://go.gliffy.com/go/share/image/sl ... rce=custom

Sometimes it may happen, that my server will send requests to other servers, and I would like to make that happen through VPN as well. I have a MikroTik router that is directly connected to VPN via L2TP/IPSec,so I think I can manage that by routing these requests through vpn.

piracik
Posts: 9
Joined: Sat Dec 02, 2017 9:51 am

Re: VPN port forwarding

Post by piracik » Wed Dec 06, 2017 7:27 am

Hey,
I cant now answer your question, but you could help me. I cannot connect softether through the internet (between two different networks) - but it works in the same network. I established the server but i am not sure if i am use the client right. So could you explain how to make it step by step? Maybe it is not to much, thanks :)

gulipin
Posts: 4
Joined: Tue Dec 05, 2017 5:41 pm

Re: VPN port forwarding

Post by gulipin » Wed Dec 06, 2017 7:32 am

It's better if you create new topic with that.

livsi
Posts: 3
Joined: Wed Dec 06, 2017 9:54 am

Re: VPN port forwarding

Post by livsi » Wed Dec 06, 2017 10:07 am

What a coincidence! I've also come across this issue and found zero knowledge on the topic in web.
If I understand it correctly, if SoftEther is capable of establishing NAT, it should as well understand forwarding rules like routers do.

My issue is enabling local RDP-like service to be hung out in web - on some random port, of course.

piracik
Posts: 9
Joined: Sat Dec 02, 2017 9:51 am

Re: VPN port forwarding

Post by piracik » Wed Dec 06, 2017 3:26 pm

Very good, so we have to work together. I make a new topic on this.

livsi
Posts: 3
Joined: Wed Dec 06, 2017 9:54 am

Re: VPN port forwarding

Post by livsi » Mon Dec 11, 2017 9:21 am

I mean gulipin's issue is closer to mine, not yours. Sorry.

gulipin
Posts: 4
Joined: Tue Dec 05, 2017 5:41 pm

Re: VPN port forwarding

Post by gulipin » Mon Dec 11, 2017 2:46 pm

livsi wrote:
> I mean gulipin's issue is closer to mine, not yours. Sorry.
It doesn't matter - nobody replies on that forum...

livsi
Posts: 3
Joined: Wed Dec 06, 2017 9:54 am

Re: VPN port forwarding

Post by livsi » Thu Dec 21, 2017 7:46 am

Any ideas?

Railtracer
Posts: 14
Joined: Sat Dec 23, 2017 7:09 am

Re: VPN port forwarding

Post by Railtracer » Tue Dec 26, 2017 11:28 pm

As far as I know, softether does not have this kind of traditional routing option, as it's not meant to replace a traditional router. It does nothing but create a layer 2 hardware level link between two networks, with the additional ability to route layer 3 traffic between hubs using an internal virtual layer 3 switch. In both roles it does not act like a gateway device and is not going to handle something like port forwarding. Most gateway devices run port forwarding against their WAN interface, so in regards to your mikrotik, i doubt you can make it do what you are asking for. At the same time, if you have a functioning softether based layer 2 link, why is there a need for port forwarding? do you not already have direct access to the server itself due to the layer 2 link? I am having a hard time seeing what need there is for port forwarding on an internal network.

So, if your vpn server has an active layer 2 ipsec link to the mikrotik, those two networks can be considered physically connected. If, as in your diagram, your mikrotik is in the 10.10.10 subnet but the pc user is 3.3.3 subnet, there is no routable path to your destination without layer 3 routing. So the gateway device of your PC user needs to be configured with a route for 10.10.10 traffic towards an interface that has access to the 10.10.10 network. without knowing more about your environment its hard to give any more advice.

Post Reply