Communicate with VPN server with private LAN ip

[moriose]

I have a seemingly simple problem but it created a lot of incontinence for me.
Suppose I have one and only one Windows computer with one ethernet card.
I have SoftEther VPN server and a HTTP proxy server running on the computer on private IP 192.168.1.100.
My router only allow VPN server related ports, the HTTP proxy port 8080 is not allowed because my HTTP Proxy server doesn't have authentication and I don't want to have the Proxy server exposed.
I use Local Bridge, so when remote computer connect to the VPN hub, it works great and act as if it is physically in the LAN network. But, my problem is, the remote computer cannot communicate with VPN server via 192.168.1.100, I will get timeout error as if 192.168.1.100 doesn't exists. It seems since the computer is the VPN server, I can not connect to it via its private address.
Is this a feature or limitation? Can I work around it?

[mbrcomp]

can you post the results of the "print route" command ? Windows right ?

[moriose]

Sure, this the partial result from route print on my remote computer when it is connected to the VPN.

===========================================================================
Interface List
58...........................connection
23...a2 56 f2 98 1d 2d ......Microsoft Virtual WiFi Miniport Adapter
15...80 56 f2 98 1d 2e ......Bluetooth Device (Personal Area Network)
12...80 56 f2 98 1d 2d ......Dell Wireless 1703 802.11b/g/n (2.4GHz)
11...f8 b1 56 a6 37 9a ......Realtek PCIe GBE Family Controller
18...08 00 27 00 28 af ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.102.0.1 10.102.77.77 4491
0.0.0.0 0.0.0.0 On-link 192.168.31.30 11
10.102.0.0 255.255.0.0 On-link 10.102.77.77 4491
10.102.77.77 255.255.255.255 On-link 10.102.77.77 4491
10.102.255.255 255.255.255.255 On-link 10.102.77.77 4491
[VPN Server IP Here] 255.255.255.255 10.102.0.1 10.102.77.77 4236
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
169.254.0.0 255.255.0.0 On-link 169.254.195.74 4501
169.254.195.74 255.255.255.255 On-link 169.254.195.74 4501
169.254.255.255 255.255.255.255 On-link 169.254.195.74 4501
192.168.31.0 255.255.255.0 On-link 192.168.31.30 11
192.168.31.30 255.255.255.255 On-link 192.168.31.30 266
192.168.31.255 255.255.255.255 On-link 192.168.31.30 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 169.254.195.74 4502
224.0.0.0 240.0.0.0 On-link 10.102.77.77 4492
224.0.0.0 240.0.0.0 On-link 192.168.31.30 11
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 169.254.195.74 4501
255.255.255.255 255.255.255.255 On-link 10.102.77.77 4491
255.255.255.255 255.255.255.255 On-link 192.168.31.30 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.102.0.1 Default


mbrcomp wrote:
> can you post the results of the "print route" command ? Windows
> right ?

[mbrcomp]

Is your VPN server firewall correctly configured ? Please scan the server open ports from the client with either zenmap or angryip scanner (I work with the first) and see what ports respond.

[mbrcomp]

Don't forget to set the scan ports, it does not do this by default.

[moriose]

The VPN server doesn't have any firewall. If I try to use Private LAN address to access the VPN server, no matter it is Ping or anything, it looks as if the IP is incorrect. as if nobody is using that IP.
IMHO, I tend to think this is a feature or a limitation instead of human error of firewall, port, or something.

[mbrcomp]

moriose wrote:
> The VPN server doesn't have any firewall. If I try to use Private LAN
> address to access the VPN server, no matter it is Ping or anything, it
> looks as if the IP is incorrect. as if nobody is using that IP.
> IMHO, I tend to think this is a feature or a limitation instead of human
> error of firewall, port, or something.

Please check for open ports with one of the portscan apps I recommended and let me know the results.

[moriose]

So, do you you mean scanning ports of the server from a remote computer? Should the remote computer connect to VPN before scan? Should I scan the public IP address of the router or scan private address of the server? Scan port only 1-1000?

I used Angry IP Scanner to scan private address of the server when I am connect to the server. Angry IP Scanner says the server is is not alive.

mbrcomp wrote:
> Please check for open ports with one of the portscan apps I recommended and let me
> know the results.

[mbrcomp]

Yes, use nmap with the switch -Pn to avoid a "no ping no deal" issue.

nmap -Pn -p1-1000,8080 192.168.1.100

[thisjun]

Please disable SecureNAT.