Hello, Apologies if this has been addressed somewhere; I just couldn’t quite find what I was looking for.
I have two related questions I can’t seem to figure out:
I have a single natted segment in one of my datacenter where I host softether.
I build a server that works great in bridged mode for many different scenerios –
SSTP, OpenVPN and L2TP client connections – with DHCP being served by my existing windows DHCP server on that same segment.
First - Has anybody worked out a definitive way (without manual user intervention) for static routes to be pushed out to mac os x l2tp clients in this configuration?
Second - I have certain scenarios where bridged mode would be an issue (for instance if a hardware device such as a router would need to connect via l2tp, ovpn or sstp)
if I had two distinct softether servers , one with securenat and one without, what would be the best method to prevent conflicts with the existing DHCP server on the segment shared by the server? Simply creating (say) a windows firewall rule to block DHCP traffic incoming? (or say block it on the bridged server from the second server..) I found that even enabling the second server in test causes conflicts as the setting page clearly warns….
thanks
two soft ether servers on the same lan segment
-
crypto60
- Posts: 3
- Joined: Fri Feb 20, 2015 7:59 pm
-
dajhorn
- Posts: 137
- Joined: Mon Mar 24, 2014 3:59 am
Re: two soft ether servers on the same lan segment
> First - Has anybody worked out a definitive way (without manual user
> intervention) for static routes to be pushed out to mac os x l2tp clients
> in this configuration?
Nope.
> if I had two distinct softether servers , one with securenat and one
> without, what would be the best method to prevent conflicts with the
> existing DHCP server on the segment shared by the server?
First, instead of more than one SoftEther instance, try to do this using more than one Virtual Hub and/or more than one TAP interface on the host. (eg: Create a new SecureNAT hub, create a new tuntap interface on the server, bridge that tuntap interface into the SecureNAT hub, and configure the tuntap interface to be a DHCP client with an appropriate metric.)
Second, remember that that SoftEther can route between virtual hubs and has ACLs and other policy settings that can block or manipulate DHCP traffic.
> intervention) for static routes to be pushed out to mac os x l2tp clients
> in this configuration?
Nope.
> if I had two distinct softether servers , one with securenat and one
> without, what would be the best method to prevent conflicts with the
> existing DHCP server on the segment shared by the server?
First, instead of more than one SoftEther instance, try to do this using more than one Virtual Hub and/or more than one TAP interface on the host. (eg: Create a new SecureNAT hub, create a new tuntap interface on the server, bridge that tuntap interface into the SecureNAT hub, and configure the tuntap interface to be a DHCP client with an appropriate metric.)
Second, remember that that SoftEther can route between virtual hubs and has ACLs and other policy settings that can block or manipulate DHCP traffic.
-
crypto60
- Posts: 3
- Joined: Fri Feb 20, 2015 7:59 pm
Re: two soft ether servers on the same lan segment
hello, this is where my confusion comes in. when a remote client attempts to connect to such a server, how would it differentiate as to which virtual hub to connect to? am I understanding correctly that I would need a 2nd externally accessible IP ? even the various ports that can be configured to accept connections seem to be shared among all the virtual hubs (with the exception of the openvpn instances)
thank you
thank you
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: two soft ether servers on the same lan segment
Append '@' and virtual hub name after username.
Ex.
Virtual hub name: default
Username: bob
bob@default
Ex.
Virtual hub name: default
Username: bob
bob@default