Page 1 of 1

unable to ping or connect after connecting over VPN Azure

Posted: Thu May 16, 2019 6:37 pm
by albell
Running on Windows 10 VM in Azure

server: Softether VPN 4.0 , v4.29, build 9680
client: same version

Server NIC IP 10.0.0.4

VPN server IP ( SecureNat)10.0.0.5

Client assigned IP: 10.0.0.10

Client connects with no issues. Client can ping SecureNET IP

Client cannot ping 10.0.0.4

Added static route to client manually, no difference

What is missing?

Re: unable to ping or connect after connecting over VPN Azure

Posted: Thu May 16, 2019 6:54 pm
by albell
to expand on the scenario:

After the client connects, its routing table is changed:

Before

default route is local interface, metric 25


after vpn
default route is vpn interface, metric 2

this should allow traffic to/from 10.0.0.4, but it does not

Re: unable to ping or connect after connecting over VPN Azure

Posted: Thu May 16, 2019 10:09 pm
by centeredki69
SecureNAT works like a Virtual SOHO router. When activated, it's like having a Router behind the Physical networks Router. Like being (double NATed), In your case the Azure system issued you the 10.0.0.0/24 subnet when you created your Win10 VM and gave it 10.0.0.4. The Azure DHCP server is also assigning the SecureNAT'S virtual """External""" interface a 10.0.0.something IP """this is not displayed in the SE settings""" (This is what happens on my home network anyway. With Azure I'm not sure how its happening ). However, you also gave SecureNAT's """internal LAN"""" the same 10.0.0.0/24 subnet. The secureNAT's NAT does not know what to do with the packets because it is looking for 10.0.0.4 on its internal Network. You need to set the SecureNAt's subnet to something different then the Upstream 10.0.0.0/24 network. The VPN clients will then have access to anything in the (10.0.0.0/24) because it is upstream.