Both local bridge and SecureNAT

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Oriai
Posts: 6
Joined: Wed Nov 09, 2016 6:17 pm

Both local bridge and SecureNAT

Post by Oriai » Wed Nov 09, 2016 6:30 pm

Hi
I configured SoftEther VPN server and enabled SecureNAT, dhcp i set range 192.168.1.10 - 100
and i enable local bridge function and set created tap adapter ip 192.168.1.5 , all working very good,
but i had seen one page in internet
https://www.scribd.com/doc/187770965/Lo ... -on-CENTOS
where say "DO NOT enable BOTH LOCAL BRIDGE and SecureNAT at the same time !!"

tell me please, enable both this services (local bridge and SecureNAT) is a danger or not?

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Both local bridge and SecureNAT

Post by thisjun » Mon Nov 28, 2016 6:17 am

If the tap device get a default gateway from virtual DHCP, loop can occur.

Oriai
Posts: 6
Joined: Wed Nov 09, 2016 6:17 pm

Re: Both local bridge and SecureNAT

Post by Oriai » Thu Dec 01, 2016 9:06 am

thank you, i set ip and network mask in my tap interface manually, gateway is not set

Can you please tell, when i ping my public ip from its same VPS where installed softether vpn i get duplicate of ping answer

ping 1.1.1.1 (1.1.1.1 for example my public ip)

64 bytes from 1.1.1.1: icmp_seq=18 ttl=64 time=0.049 ms
64 bytes from 1.1.1.1: icmp_seq=18 ttl=128 time=0.227 ms (DUP!)
64 bytes from 1.1.1.1: icmp_seq=19 ttl=64 time=0.064 ms
64 bytes from 1.1.1.1: icmp_seq=19 ttl=128 time=0.272 ms (DUP!)
64 bytes from 1.1.1.1: icmp_seq=20 ttl=64 time=0.070 ms
64 bytes from 1.1.1.1: icmp_seq=20 ttl=128 time=0.258 ms (DUP!)
64 bytes from 1.1.1.1: icmp_seq=21 ttl=64 time=0.063 ms
64 bytes from 1.1.1.1: icmp_seq=21 ttl=128 time=0.248 ms (DUP!)

how it fix?

Oriai
Posts: 6
Joined: Wed Nov 09, 2016 6:17 pm

Re: Both local bridge and SecureNAT

Post by Oriai » Fri Dec 02, 2016 9:32 pm

i fix it! )))

disable secure nat
enable only bridge and set ip for tap adapter
install dhcp server and configure it with tap adapter
configure NAT from iptables
and all work fine )

Post Reply