Hi,
I'm making some tests on the SoftEtherVPN Server in a linux debian machine.
I want to provide remote access to a LAN using the SoftEther VPN Server. Attached is a scheme of my simple LAB.
http://www.vpnusers.com/download/file.p ... iew&id=715
I can have access to my server and get an IP address but when I try to ping a machine in the LAN I can't get answers. I analyzed the traffic and I can see that the LAN machine can't answer the ping of the user.
I have tried the Local bridge function but it doesn't seem to be working. Here is my local bridge configuration:
http://www.vpnusers.com/download/file.p ... iew&id=716
Do you have any idea what may be wrong with my configuration??
Is it necessary to have the VPN Server directly connected to the LAN and not seperated by a router or a firewall?
Thank you!!
Problem with Remote LAN Access
-
hatimux
- Posts: 20
- Joined: Fri May 15, 2015 10:20 am
Problem with Remote LAN Access
You do not have the required permissions to view the files attached to this post.
-
exciter0
- Posts: 21
- Joined: Wed Jun 03, 2015 9:03 pm
Re: Problem with Remote LAN Access
If that PC on the LAN network is behind a NAT'd router than of course you can't ping it.
If the router is also your firewall, then you can place it in front of your SE server...but be sure to enable port forwarding or assign the SE server to DMZ on your router.
hatimux wrote:
> Hi,
>
> I'm making some tests on the SoftEtherVPN Server in a linux debian machine.
> I want to provide remote access to a LAN using the SoftEther VPN Server.
> Attached is a scheme of my simple LAB.
> http://www.vpnusers.com/download/file.p ... iew&id=715
>
> I can have access to my server and get an IP address but when I try to ping
> a machine in the LAN I can't get answers. I analyzed the traffic and I can
> see that the LAN machine can't answer the ping of the user.
>
> I have tried the Local bridge function but it doesn't seem to be working.
> Here is my local bridge configuration:
> http://www.vpnusers.com/download/file.p ... iew&id=716
>
> Do you have any idea what may be wrong with my configuration??
> Is it necessary to have the VPN Server directly connected to the LAN and
> not seperated by a router or a firewall?
>
> Thank you!!
If the router is also your firewall, then you can place it in front of your SE server...but be sure to enable port forwarding or assign the SE server to DMZ on your router.
hatimux wrote:
> Hi,
>
> I'm making some tests on the SoftEtherVPN Server in a linux debian machine.
> I want to provide remote access to a LAN using the SoftEther VPN Server.
> Attached is a scheme of my simple LAB.
> http://www.vpnusers.com/download/file.p ... iew&id=715
>
> I can have access to my server and get an IP address but when I try to ping
> a machine in the LAN I can't get answers. I analyzed the traffic and I can
> see that the LAN machine can't answer the ping of the user.
>
> I have tried the Local bridge function but it doesn't seem to be working.
> Here is my local bridge configuration:
> http://www.vpnusers.com/download/file.p ... iew&id=716
>
> Do you have any idea what may be wrong with my configuration??
> Is it necessary to have the VPN Server directly connected to the LAN and
> not seperated by a router or a firewall?
>
> Thank you!!
-
hatimux
- Posts: 20
- Joined: Fri May 15, 2015 10:20 am
Re: Problem with Remote LAN Access
Actually there is no NAT configuration.
I think the local bridge isn't working because I can't even ping the LAN interface (eth1) of the SE server.
Just one thing, I'm using VMware to create my machines. It might be the cause of the problem.
I think the local bridge isn't working because I can't even ping the LAN interface (eth1) of the SE server.
Just one thing, I'm using VMware to create my machines. It might be the cause of the problem.
-
exciter0
- Posts: 21
- Joined: Wed Jun 03, 2015 9:03 pm
Re: Problem with Remote LAN Access
Refer to section 3.6.5 and 3.6.6 here: https://www.softether.org/4-docs/1-manu ... al_Bridges
I'm assuming you mean esxi/esx when you're referring to VMware. By default, esxi port groups has promiscuous mode disabled, enabled it on the port group where eth1 of SE server is connected to.
hatimux wrote:
> Actually there is no NAT configuration.
> I think the local bridge isn't working because I can't even ping the LAN
> interface (eth1) of the SE server.
>
> Just one thing, I'm using VMware to create my machines. It might be the
> cause of the problem.
I'm assuming you mean esxi/esx when you're referring to VMware. By default, esxi port groups has promiscuous mode disabled, enabled it on the port group where eth1 of SE server is connected to.
hatimux wrote:
> Actually there is no NAT configuration.
> I think the local bridge isn't working because I can't even ping the LAN
> interface (eth1) of the SE server.
>
> Just one thing, I'm using VMware to create my machines. It might be the
> cause of the problem.
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Problem with Remote LAN Access
Did you enable SecureNAT?
If so, please disable the function when using localbridge.
If so, please disable the function when using localbridge.