Hi!
I have a linux server which hosts three virtual machines. This virtual machines have a static ip address in the 10.0.0.x range. I need to connect my clients over vpn so that they can see this virtual servers, and that the virtual servers can see them.
So far I was able with SecureNAT to see the servers from the clients, but I can't see the clients from the server. I also configured split tunneling to use the local neetwork to go to the internet. The split tunneling is also working fine.
I think, that I have an understanding problem and a misconfiguration. Maybe someone can give me the right hint?
Thanks,
Christian.
What would be the rigth ip configuration.
-
cjs1976
- Posts: 4
- Joined: Sat Sep 26, 2015 8:19 am
What would be the rigth ip configuration.
Last edited by cjs1976 on Wed Nov 04, 2015 2:26 pm, edited 1 time in total.
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: What would be the rigth ip configuration.
If VM and VPN server is on same host, please use user mode NAT.
And, I think 0.0.0.x is not valid IP address.
http://stackoverflow.com/questions/3655 ... ip-address
And, I think 0.0.0.x is not valid IP address.
http://stackoverflow.com/questions/3655 ... ip-address
-
cjs1976
- Posts: 4
- Joined: Sat Sep 26, 2015 8:19 am
Re: What would be the rigth ip configuration.
hi thisjun!
yes, you are right, 0.0.0.x is not a valid ip. It was a typo. correct is 10.0.0.x. i corrected it also in the original posting.
how can i do user mode nat? i can't find anything in the configuration called 'user mode nat'.
at the moment i use securenat. it was very easy to do. but if i change the ip-addresses in the securenat-configuration it doesn't work anymore.
thanks,
christian.
yes, you are right, 0.0.0.x is not a valid ip. It was a typo. correct is 10.0.0.x. i corrected it also in the original posting.
how can i do user mode nat? i can't find anything in the configuration called 'user mode nat'.
at the moment i use securenat. it was very easy to do. but if i change the ip-addresses in the securenat-configuration it doesn't work anymore.
thanks,
christian.
Last edited by cjs1976 on Wed Nov 04, 2015 2:27 pm, edited 1 time in total.
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: What would be the rigth ip configuration.
Set "DisableKernelModeSecureNAT" in Virtual Hub Extended Option List.
-
cjs1976
- Posts: 4
- Joined: Sat Sep 26, 2015 8:19 am
Re: What would be the rigth ip configuration.
hi thisjun,
sorry for the delay... i found the option. it is disabled. the description i found was not very helpful.
which value should i set instead of the 0? and what exactly is this option doing?
thanks,
christian.
sorry for the delay... i found the option. it is disabled. the description i found was not very helpful.
which value should i set instead of the 0? and what exactly is this option doing?
thanks,
christian.
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: What would be the rigth ip configuration.
Please set the value to "1".
Kernelmode NAT uses built-in TCP/IP stack and localbridge.
Usermode NAT uses TCP/IP stack of OS.
Client can't communicate with VPN server itself due to Linux limitation with kernelmode NAT.
Kernelmode NAT uses built-in TCP/IP stack and localbridge.
Usermode NAT uses TCP/IP stack of OS.
Client can't communicate with VPN server itself due to Linux limitation with kernelmode NAT.
-
cjs1976
- Posts: 4
- Joined: Sat Sep 26, 2015 8:19 am
Re: What would be the rigth ip configuration.
hi thisjun,
i changed the configuration like you described, but there is no change. the virtual servers are still not able to see (ping) the connected clients, but the clients can connect and see the servers.
is the ip-adress range also important? do i need to use the same ip-address range on the clients? by devault they are getting somthing like 192.168.30.*
thanks,
christian.
i changed the configuration like you described, but there is no change. the virtual servers are still not able to see (ping) the connected clients, but the clients can connect and see the servers.
is the ip-adress range also important? do i need to use the same ip-address range on the clients? by devault they are getting somthing like 192.168.30.*
thanks,
christian.
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: What would be the rigth ip configuration.
If you use a SoftEther VPN server later build 9582, please disable raw IP mode NAT by "DisableIpRawModeSecureNAT" in Virtual Hub Extended Option.