Routing not clear

[dario]

Hello!

I just happily installed my home softether server and I tested it through my mobile: I could access my home IPs (192.168.1.x).

Now I'm on a different public network, the VPN client is connected, but I can't access hone IPs.
I found that I don't have a default gateway for the VPN connection and all traffic is routed through the public net gateway.

Where am I wrong? Why this change?

Thank you!!!!

[designermix]

Hi, i'm not professional but my bet is - try to enable secure nat at server side (all traffic will go through it, not only local ip but interet and everything).
If you neel only local network you should add routes like:
ip_that_you_want_to_reach/mask_that_cover_those_ips/your_vpn_virtual_adapter_ip

for example if i want route only local network through vpn i add 192.168.0.0/255.255.0.0/192.168.30.1 (last one is default gateway of securenat dhcp)

[dario]

But I don't have the default gateway of securenat: will it appear turning SecureNAT on?
Why did it work before? Was I hallucinating?

[designermix]

Why did it work before?

was you connect to vpn through local wifi or mobile network? if it was local wifi this might be the case why local ip was accesseble

But you didn't provide details of your settings and environment so it hard to guess )

[dario]

Ok, let's assume yesterday I was wrong, it does not matter.
If I do not setup SecureNAT, what's the use of SoftEther? If nothing goes through the VPN, what's the usecase.

Now, I would like to have two different setups (I believe I can do this using two different VirtualHubs):

• only the remote IPs (192.168.1.x) are routed through VPN, the remaining IPs goes to the local adapter
• all the IPs goes through VPN, except for a mask (10.0.0.0/255.0.0.0)

Could you help me setting these two?

[dario]

For the first case, I cleared the default gateway section and added a routing rule: it seems to be correct looking at routing tables after connection, but when I try to access webpages the browser remains spinning, there must be something wrong.

For the second case, I don't know how to add a rule "NOT TO" map an IP set.

[designermix]

• only the remote IPs (192.168.1.x) are routed through VPN, the remaining IPs goes to the local adapter

ok...you have something like this?
localhost where server running:
192.168.1.x
255.255.255.0
192.168.1.1 (as getway i bet)

to acess it from client side you have to do securenat like this:
ip address of virtual host (anything you like but you can do like 192.168.1.250 with 255.255.255.0)
use virtual nat - yes
dhcp 192.168.1.200 - 210 (for example) with mask 255.255.255.0
and add static route 192.168.1.0/255.255.255.0/192.168.1.250

so any other requests than 192.168.1.x will be routed through your internet connection.

[designermix]

• all the IPs goes through VPN, except for a mask (10.0.0.0/255.0.0.0)

maybe this what you need?

Снимок экрана 2023-08-31 004037.png

[dario]

• only the remote IPs (192.168.1.x) are routed through VPN, the remaining IPs goes to the local adapter

ok...you have something like this?
localhost where server running:
192.168.1.x
255.255.255.0
192.168.1.1 (as getway i bet)

to acess it from client side you have to do securenat like this:
ip address of virtual host (anything you like but you can do like 192.168.1.250 with 255.255.255.0)
use virtual nat - yes
dhcp 192.168.1.200 - 210 (for example) with mask 255.255.255.0
and add static route 192.168.1.0/255.255.255.0/192.168.1.250

so any other requests than 192.168.1.x will be routed through your internet connection.

So you mean I have to put the server within the same address space of my LAN? I thought that will be create conflicts...

For the second part, I think we're talking of something different: that function seems to block unwanted external networks to connect to the vpn server; what I need, instead, is something like this:
- my PC is on my office network (IP 10.0.0.3, Gateway 10.0.0.1)
- connection to my softether server to access 192.168.1.x from my office
- leave any other network go through 10.0.0.1

THe problem is that I can't know in advance what the gateway will be when "outside" home (it maybe anything else).

And then again: without SecureNAT, what is SoftEther good for? There must be something that I'm missing.

[designermix]

I said you can use any ip you like, ip that i show as example mostly free but if no you can use 10.x.x.x or any ip you like it must still work. Again i just usre this server for 2-nd day and i not professional.