VPNsrvr: how to set VPN clients to use their local gateways?

[Marwyn]

Hi, I installed SE VPN Server on my PC (Windows x64), created Virtual Hub, created users and granted access to 2-3 friends, they can connect OK and we see each others' shared folders, everything is fine. Except, when they connect, all of their internet traffic is routed through my PC, and they get my own public IP address.

Is it possible anywhere in settings for the SE VPN Server to specify that all incoming VPN connections should use their own default gateways, and not use the default gateway of my own PC ("gateway of remote network" from their point of view)? So that only traffic between us is our VPN traffic, and not internet traffic for their PCs routed through my router?

Or if not on Server, is it possible to specify so on SoftEther VPN Client settings? We tried looking through SoftEther settings, or even VPN network adapter settings, but we cannot find the usual tickbox in TCP/IP properties to UNtick - "Use default gateway on remote network", and UNtick it, like on the screenshot here:

http://www.fatcow.com/images/screenshot ... Step13.jpg

We have found one approach on this forum, on the topic

http://www.vpnusers.com/viewtopic.php?f=7&t=2476

Which suggests to switch on Automatic Gateway Metric on the adapter of the VPN client in Network Connections, and do manually

add route 0.0.0.0 mask 0.0.0.0 192.168.0.1

(where 192.168.0.1 is client's defautl gateway before connection)

But is there no easier option? Can this not be set somewhere on SoftEther VPN Server/Virtual Hub/Manage Users settings? Or somewhere on SoftEther VPN Client settings?


Thanks

[Napsterbater]

I was hoping for something like this as well.

In my setup I have a few computers connecting via VPN and then being bridged to the main network but I don't want their default gateway to be set to the bridged network.

I had to set them to a reserved DHCP address on the 2 Windows DHCP servers that had no default gateway.

It would be nice if there was an option to block DHCP from crossing the bridge so you could use SoftEther's DHCP for the VPN users but not let it leak to the bridged network.

[inten]

Marwyn wrote:

> But is there no easier option? Can this not be set somewhere on SoftEther
> VPN Server/Virtual Hub/Manage Users settings? Or somewhere on SoftEther VPN
> Client settings?

Remove default gateway from vDHCP settings and disable vNAT.

[attachment=0]Screenshot 2013-12-11 15.26.27.png[/attachment]

[mesa57]

Setting metric to automatic is all you have to do. No route changes.
Works here like a charm.

[inten]

btw, on Windows automatic metric is enabled by default.

[mesa57]

It was not in my client, where is was set to 1, making it the route with the highest priority. Btw, this is required for vpngate.

[Marwyn]

inten wrote:
>
> Remove default gateway from vDHCP settings and disable vNAT.
>
> [attachment=0]Screenshot 2013-12-11 15.26.27.png[/attachment]

Thanks Inten, I'll give this a shot over the next day or so.

[Marwyn]

mesa57 wrote:
> Setting metric to automatic is all you have to do. No route changes.
> Works here like a charm.

Hi Mesa, thanks, but what setting are you talking about precisely? Do you mean just setting "on" the Automatic Gateway Metric on the adapter of the VPN client in Network Connections?

Thx

[mesa57]

Yes. If that does not work, you can enter a high value in the metric input box (like 999).

[Marwyn]

Cheers, I'll give both those options a shot.

[inten]

mesa57 wrote:
> It was not in my client, where is was set to 1, making it the route with
> the highest priority. Btw, this is required for vpngate.

What do you mean saying "required"?

[mesa57]

I mean that if you want the softether client to route all you're internet trafic over the vpnserver, as is the goal of vpngate, it should be placed as gateway with the highest priority in the route table. This is achieved by setting (default) the metric to 1.

[Marwyn]

Hi again,

Mesa - ticking on "Automatic Gateway metric" did not do it I'm afraid, but switching it off and setting it to 999 or something high did the trick, thanks :-)



Inten - I also tried your suggestion, and it sort of worked - but I'm sure I'm missing a step or two. I made the screen settings look exactly the same as yours (the only difference is that it inclided my MAC address in the very first field), and a friend of mine was able to connect.

However, he got IP 192.168.30.10 as specified in DHCP, and I could see him quite clearly in "Manage sessions" and "Session info". He was connected, he still had his own public IP, and there was traffic between us, not a lot, but network activity for sure. However, he could not ping me at all (I am still on my local 192.168.0.2, as my router is 192.168.0.1), nor I could ping him on 192.168.30.10, and we could not see each other's shared documents through Windows Explorer?

This is the first time I am trying anything like this, so sorry if it's a stupid question, but is there anything else that we needed to do? Do I need to download SoftEther VPN Client as well, and connect to the VPN that's running locally on my machine so that I can get a 192.168.30.x address or something else?


Thanks

[mesa57]

I had exactly the same problem with secure nat. If you search the forum you will find a topic from me about that subject.
Apparently softether is not really fit for peer-to-peer connections. There is always need for 1 node who plays the server role.
However, if you instead of secure nat use the bridge option and bridge the virtual node, the client PC becomes part of the server network. It then gets the IP address of the server network DHCP server. That also means that they can ping each other.
Drawback however is that then the client indeed has access to the whole server network, including all other devices, not the server alone.

For a company that could be preferred, but when doing peer-to-peer networking probably not. Until now I only can recommend other solutions like Hamachi or Comodo unite (both free) which do provide in the wanted functionality.

[renanmoreira]

Follow:
Manage Virtual Hub >
Virtual NAT and Virtual DHCP server (SecureNAT) >
Enabel SecureNAT >
SecureNAT Configuration (Here you set your preferences, but not set default gateway on virtual dhcp server e get the ip address from "Virtual host's network Interface Settings" >
Edit the static routing table to push >
insert "remote network addr/netmask/ ip address from "Virtual host's network Interface Settings".

Disconnect all clients and reconnect.