SoftEther VPN User Forum

SoftEther VPN User Forum
https://www.vpnusers.com/

[IPTABLES][SecureNAT][DUP] new mode of nat makes server dup

https://www.vpnusers.com/viewtopic.php?f=7&t=5450

Page 1 of 1

[IPTABLES][SecureNAT][DUP] new mode of nat makes server dup

Posted: Thu Jan 07, 2016 5:39 pm
by Nemesiz
With v4.19-9582-beta version new problems appeared. Turning SecureNAT on any hub Softether creates 2 IPTABLES rules and ping starts DUP.

Example:

Hub 1 configuration:
SecureNat OFF
Bridge tap

Hub 2 configuration:
SecureNat ON
no Bridge

IPTABLES new rules appears after Hub 2 was turned on:

-A OUTPUT ! -s 127.159.195.102/32 ! -d 127.60.251.72/32 -p icmp -m icmp --icmp-type 3/3 -m connmark ! --mark 0x75e87a13 -j DROP
-A OUTPUT ! -s 127.223.44.66/32 ! -d 127.55.3.45/32 -p tcp -m tcp --sport 61001:65535 --tcp-flags RST RST -m connmark ! --mark 0x3de38eb4 -j DROP

Ping result to tap (tap device IP 172.17.1.2, X.X.X.X - public IP):

64 bytes from 172.17.1.2: icmp_seq=178 ttl=64 time=0.045 ms
64 bytes from 172.17.1.2: icmp_seq=179 ttl=64 time=0.052 ms
64 bytes from X.X.X.X: icmp_seq=179 ttl=128 time=0.406 ms (DUP!)
64 bytes from 172.17.1.2: icmp_seq=180 ttl=64 time=0.068 ms
64 bytes from X.X.X.X: icmp_seq=180 ttl=128 time=0.229 ms (DUP!)

Same results come pinging from LAN.

Re: [IPTABLES][SecureNAT][DUP] new mode of nat makes server

Posted: Thu Jan 21, 2016 7:37 am
by thisjun
It's raw mode secureNAT behavior.
If you don't like it, please disable raw mode SecureNAT.
Please read update history of Build 9582.
http://www.softether.org/5-download/history
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/