Page 1 of 1
VPN only for subnet access
Posted: Sun Oct 04, 2015 8:00 pm
by ofeikes
Hi all.
I have not yet installed, but would like to understand generally if a specific setup is possible:
On the client I would like to configure SoftEther in such a way that the client PC will still route all general (internet) traffic over the local client's LAN.
Only traffic that is destined for a specific subnet (say 10.xx.xx.xx) should go via the VPN tunnel into the far LAN
Would such a setup be possible? How to configure in the client software?
Note: I did try to connect with Windows 10 native VPN client, which worked o.k., however than all network traffic is routed through the VPN tunnel
Thanks!
Oliver
Re: VPN only for subnet access
Posted: Thu Oct 08, 2015 12:50 am
by exciter0
see mesa57's answer regarding changing the client's metric number
http://www.vpnusers.com/viewtopic.php?f ... lit=metric
Re: VPN only for subnet access
Posted: Thu Oct 08, 2015 1:13 am
by theodisbutler
Leave the default gateway off on the VPN Server SecureNAT configuration, VirtualDHCP Server... if you look at the bottom you'll see that the default gateway is optional.
No default gateway, no way to route to internet using vpn connection (simply subnet access).
Re: VPN only for subnet access
Posted: Thu Oct 15, 2015 7:32 am
by thisjun
You can use split tunneling.
Re: VPN only for subnet access
Posted: Thu Oct 15, 2015 7:32 am
by thisjun
You can use split tunneling on DHCP.
Re: VPN only for subnet access
Posted: Thu Oct 15, 2015 4:23 pm
by ofeikes
Where and how do I set splitt tunnelling? I have trawled through quite some setting screens so far, but I am quite sure that term did not catch my eye yet?
Re: VPN only for subnet access
Posted: Thu Oct 29, 2015 5:31 am
by thisjun
If you use virtual DHCP of SoftEther, you can find split tunneling configuration in SecureNAT configuration window.
If not, you can configure split tunneling in your DHCP server configuration.
Re: VPN only for subnet access
Posted: Thu Oct 29, 2015 7:56 pm
by ofeikes
Thanks for all the hints, I have used some of them to piece my solution together.
I do not use the SoftEther SecureNAT, as I want to link directly into my LAN, consequently I use the DHCP of my LAN - which is the routers DHCP ->no advanced config chances there.
What I did:
1) On the client, set a fixed IP ( v4) address of the remote LAN, but outside of the LAN's DHCP server range
2) Set the DNS server to the remote LAN's DNS, to enable name resolve within the LAN
3) Do NOT set a default gateway
4) In the advanced tab of the IPv4 settings, set the the metric on the protocol "high". I used 50 w/o issues so far
All set!
:-)