SoftEther VPN User Forum

Hello. I'm new to SoftEther. I've installed the server on a Linux (Ubuntu) EC2 VM and a client on a Windows machine. I'm using the SecureNAT (since it appears to be the only way to expose the entire EC2 subnet to the clients, as promiscuous mode isn't supported by EC2, so there is no local bridge--I assume this is correct?). So far, all of this works fine. I'm able to establish the VPN and I can ping from the client to any VM on the EC2 subnet (I had to add "172.30.0.0/255.255.0.0/192.168.30.1" to the "push static route" list in the SecureNAT configuration, so the client's route table would provide a path to the EC2 subnet).

The one thing that's missing is the ability for the VPN server and/or other VMs on the EC2 subnet to ping (or otherwise connect to) the connected clients. I feel like some combination of additional routes to the Linux route tables on these VMs and/or a SoftEther Layer3 router is needed, but I'm not quite sure where to go from here.

I've searched for information and read everything that seemed relevant in the on-line documentation, but I'm still stumped. Any guidance would be much appreciated.

Ping doesn't reach to inside of NAT.
If you need it, try ad-hoc VPN.
http://www.softether.org/4-docs/2-howto ... Ad-hoc_VPN

OK. I don't necessarily need ping (although it works fine from client to EC2 VMs on the server's subnet). Are you saying that it should work for something like an SSH session or HTTP request? I'll try that and see.

But I'm curious--why would ping not work in the server to client direction?

>it should work for something like an SSH session or HTTP request?

Any TCP or UDP session can't establish from outside of NAT.


>why would ping not work in the server to client direction?

Because usermode SecureNAT is a kind of transparent proxy.

Is there any way other than SecureNAT to expose the EC2 subnet to the VPN clients, since promiscuous mode isn't supported by EC2?

Please build adhoc style VPN.
http://www.softether.org/4-docs/2-howto ... Ad-hoc_VPN