Use VPN for specific IP range only

[Jafo]

How can I restrict the SoftEther client to only be used for IP's 10.0.0.1 - 10.255.255.255 and all other traffic will go through my normal internet connection (Windows 7)?

[qupfer]

set IP for the VPN-Adapter manually (Win+R --> enter ncpa.cpl --> right click on VPN - VPN Client --> Properties --> IPv4 ) and do not set a gateway. Only IP+Mask (and optionally DNS). (works only, if your VPN-IP is also from the 10.0.0.0/8 range)

Alternativ, you can read some information about the route command and set your routes as you need it.


Edit: IP should be in your case something like 10.x.x.x (like 10.10.10.123) and Mask 255.0.0.0 and DNS your DNS-Server-IP (mostly the router IP)
With set the DNS, all dns-queries will go through the vpn. But I would say, this is negligible.

[Jafo]

Hmm, okay, here is what I have (see attached). Now I am getting everything from my internal IP, but cannot connect to anything on the VPN network..

[qupfer]

What are the IPs of the other devices? Just ask because SoftEther set by default the Netmask to 255.255.255.0 (Capture3.JPG). If your other Devices have IPs outside the range (all not start with 10.0.0.x) it will not work. Then you have to change the subnetmask to 255.0.0.0.

If this is not the problem, I'm sorry. Can't see anything wrong. But I never used SecureNat.....

It can be helpful, if you explain your network as detailed as possible. Router, Devices etc. with all (local) IPs. Also the OS of your server and any stuff like this.

[Jafo]

The IP ranges of the other devices are 10.100.x.x -> 10.255.x.x I believe. Basically the other end is DigitalOceans (DO) private network. No idea what routers they are using. My router on my end is a Netgear.

I haven't had much luck. I am so close, grr this is frustrating lol. I am a programmer, not a network guy lol. We are just trying to basically figure out a way where me and my 2 other teammates can VPN into the DO private network to manage the droplets (servers) there without having to open SSH to the world or use any kind of whitelisting system. I don't want the VPN to be used for other traffic, just traffic on the DO network.

I was able to do it with ptpp, but that is pretty insecure.

[inten]

Jafo wrote:

> We are just trying to basically figure out a way
> where me and my 2 other teammates can VPN into the DO private network to manage the
> droplets (servers) there without having to open SSH to the world or use any kind of
> whitelisting system. I don't want the VPN to be used for other traffic, just traffic
> on the DO network.

Guys, you should have started from explaining of your needs but not your ideas to implement something.
Now, when you declared what you want I can say that you need to bridge the DO private network to an SE hub, and after establish a VPN connection to the hub. And fire up a DHCP in the DO private network (to your taste) That's all.

Moreover, generally, bridging of DO's virtual adapter is not a good idea. I would recommend you a tap device for that purpose. PM if you still need an advice ;-)

[Jafo]

Hmm, I'm sorry, here is what I have:

[thisjun]

Do not use localbridge and Secure-NAT at the same time.
Your Secure-NAT DHCP provide IPs to DO network.

Anyway, what netmask is used in DO network?