SoftEther VPN User Forum

I have read several posts about not combining SecureNAT and local bridge.

I have both but can not get it to work without Secure NAT. And anyway, I get private ip addresses from the DHCP so address translation has to occur somehow.

My setup:

Internet <--> external NIC | Softether server | internal NIC <--> swith etc

The internal NIC is set up with only the softhether lightweight stack (as per manual).

Change the default gateway to your own router.

I am doing similar thing by changing the default gateway from the default one to the IP address of the tap device and do NAT with iptables in the OS. You can disable virtual NAT feature in SecureNAT if you want but you will need to provide another IP address of the DNS in the DHCP Settings.

As picture
[attachment=0]19.png[/attachment]

Does that mean I need a router between internet and my softether server?

I tried to give the default GW my ISP gives the softether server and Google DNS:s.

My softether server takes to my switch with my external NIC. The switch is connected to the media converter my ISP has installed.

The outer NIC is connected to my inside at the (two) sites. Second site used 3G modem.

Thanks,

kh_tsang wrote:
> Change the default gateway to your own router.
>
> I am doing similar thing by changing the default gateway from the default
> one to the IP address of the tap device and do NAT with iptables in the OS.
> You can disable virtual NAT feature in SecureNAT if you want but you will
> need to provide another IP address of the DNS in the DHCP Settings.

No need if your ISP is giving you a static IP subnet. Actually, I assume your local bridge is under NAT in the previous reply, not connecting directly to the ISP.

kh_tsang wrote:
> No need if your ISP is giving you a static IP subnet. Actually, I assume
> your local bridge is under NAT in the previous reply, not connecting
> directly to the ISP.

No basically I have one NIC connected to the internet. That NIC get a public ip but it is DHCP assigned.

The outer NIC is locally bridged to the virtual HUB. That NIC only have softether lightweight stack. That NIC also have a physical ethernet segment in the form of a switch and some terminals.

The bridged site has the same setup but connects over 3G so it gets "NAT"ed adress.

So all traffic goes through the two softhether "servers".

So is this your setup? In this case, you don't need SecureNAT because the external DHCP server will assign IP for you. However, not all ISPs assign additional IPs when you connect more devices to it.