SoftEther VPN User Forum

This is my first post, so "hi" to everybody! :)

Not sure, if this is correct forum, but let's find out.

I have installed VPN SoftEther Server and it works fine. However, I would like to use this as some kind of gate. Is it possible to make it forwarding packets the same way as it is asked? For example, there is a user that is sending request to VPN server on port tcp 6789. VPN forwards this request to my local server to the same port. My local server replies to VPN and VPN forwards it to user.
https://go.gliffy.com/go/share/image/sl ... rce=custom

Sometimes it may happen, that my server will send requests to other servers, and I would like to make that happen through VPN as well. I have a MikroTik router that is directly connected to VPN via L2TP/IPSec,so I think I can manage that by routing these requests through vpn.

Hey,
I cant now answer your question, but you could help me. I cannot connect softether through the internet (between two different networks) - but it works in the same network. I established the server but i am not sure if i am use the client right. So could you explain how to make it step by step? Maybe it is not to much, thanks :)

It's better if you create new topic with that.

What a coincidence! I've also come across this issue and found zero knowledge on the topic in web.
If I understand it correctly, if SoftEther is capable of establishing NAT, it should as well understand forwarding rules like routers do.

My issue is enabling local RDP-like service to be hung out in web - on some random port, of course.

Very good, so we have to work together. I make a new topic on this.

I mean gulipin's issue is closer to mine, not yours. Sorry.

livsi wrote:
> I mean gulipin's issue is closer to mine, not yours. Sorry.
It doesn't matter - nobody replies on that forum...

Any ideas?

As far as I know, softether does not have this kind of traditional routing option, as it's not meant to replace a traditional router. It does nothing but create a layer 2 hardware level link between two networks, with the additional ability to route layer 3 traffic between hubs using an internal virtual layer 3 switch. In both roles it does not act like a gateway device and is not going to handle something like port forwarding. Most gateway devices run port forwarding against their WAN interface, so in regards to your mikrotik, i doubt you can make it do what you are asking for. At the same time, if you have a functioning softether based layer 2 link, why is there a need for port forwarding? do you not already have direct access to the server itself due to the layer 2 link? I am having a hard time seeing what need there is for port forwarding on an internal network.

So, if your vpn server has an active layer 2 ipsec link to the mikrotik, those two networks can be considered physically connected. If, as in your diagram, your mikrotik is in the 10.10.10 subnet but the pc user is 3.3.3 subnet, there is no routable path to your destination without layer 3 routing. So the gateway device of your PC user needs to be configured with a route for 10.10.10 traffic towards an interface that has access to the 10.10.10 network. without knowing more about your environment its hard to give any more advice.