Hello. I'm new to SoftEther. I've installed the server on a Linux (Ubuntu) EC2 VM and a client on a Windows machine. I'm using the SecureNAT (since it appears to be the only way to expose the entire EC2 subnet to the clients, as promiscuous mode isn't supported by EC2, so there is no local bridge--I assume this is correct?). So far, all of this works fine. I'm able to establish the VPN and I can ping from the client to any VM on the EC2 subnet (I had to add "172.30.0.0/255.255.0.0/192.168.30.1" to the "push static route" list in the SecureNAT configuration, so the client's route table would provide a path to the EC2 subnet).
The one thing that's missing is the ability for the VPN server and/or other VMs on the EC2 subnet to ping (or otherwise connect to) the connected clients. I feel like some combination of additional routes to the Linux route tables on these VMs and/or a SoftEther Layer3 router is needed, but I'm not quite sure where to go from here.
I've searched for information and read everything that seemed relevant in the on-line documentation, but I'm still stumped. Any guidance would be much appreciated.
Question about VPN Server Setup on Amazon EC2 VM
-
eric24
- Posts: 6
- Joined: Wed Jul 27, 2016 3:31 am
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Question about VPN Server Setup on Amazon EC2 VM
Ping doesn't reach to inside of NAT.
If you need it, try ad-hoc VPN.
http://www.softether.org/4-docs/2-howto ... Ad-hoc_VPN
If you need it, try ad-hoc VPN.
http://www.softether.org/4-docs/2-howto ... Ad-hoc_VPN
-
eric24
- Posts: 6
- Joined: Wed Jul 27, 2016 3:31 am
Re: Question about VPN Server Setup on Amazon EC2 VM
OK. I don't necessarily need ping (although it works fine from client to EC2 VMs on the server's subnet). Are you saying that it should work for something like an SSH session or HTTP request? I'll try that and see.
But I'm curious--why would ping not work in the server to client direction?
But I'm curious--why would ping not work in the server to client direction?
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Question about VPN Server Setup on Amazon EC2 VM
>it should work for something like an SSH session or HTTP request?
Any TCP or UDP session can't establish from outside of NAT.
>why would ping not work in the server to client direction?
Because usermode SecureNAT is a kind of transparent proxy.
Any TCP or UDP session can't establish from outside of NAT.
>why would ping not work in the server to client direction?
Because usermode SecureNAT is a kind of transparent proxy.
-
eric24
- Posts: 6
- Joined: Wed Jul 27, 2016 3:31 am
Re: Question about VPN Server Setup on Amazon EC2 VM
Is there any way other than SecureNAT to expose the EC2 subnet to the VPN clients, since promiscuous mode isn't supported by EC2?
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Question about VPN Server Setup on Amazon EC2 VM
Please build adhoc style VPN.
http://www.softether.org/4-docs/2-howto ... Ad-hoc_VPN
http://www.softether.org/4-docs/2-howto ... Ad-hoc_VPN