Please Help :( [client routing problem]

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
dnzrx
Posts: 5
Joined: Thu Mar 12, 2020 2:06 pm

Please Help :( [client routing problem]

Post by dnzrx » Thu Mar 12, 2020 3:38 pm

So, I've finally established an SSTP connection in my server using SoftEther VPN, and it works. All of the traffics of the connected client (I'm using the built-in SSTP VPN Client from Windows 10) are redirected to my VPN server

I want to make some exclusions to some local networks so its traffics won't pass-thru the VPN server gateway

I'm using Ubuntu 18.04 LTS for the server and using ./vpncmd to manage all of the settings

-------

I've enabled the SecureNat and set the Host with following settings
MAC Address = 5E-4B-98-C5-4D-1F
IP Address = 10.11.12.1
Subnet Mask = 255.255.255.0

And I've created a VirtualHub called "MyHub"

And then I've set DHCP with the following settings

Code: Select all

VPN Server/MyHub> dhcpget
Image


So, because of all of the clients' traffics are redirected thru the VPN server, the resources that are connected with the clients' network became inaccessible. (say the network that I want to access from the client is

Code: Select all

10.22.x.x/16
I know I just need to manually route from the client's PC,
With OpenVPN's configuration, I can put a

Code: Select all

push "route XXXXXXXX"
directive directly into the server's config file.

How do I achieve that in SoftEther

Thank You
P.S. Sorry for the bad english.

dnzrx
Posts: 5
Joined: Thu Mar 12, 2020 2:06 pm

Re: Please Help :( [client routing problem]

Post by dnzrx » Fri Mar 13, 2020 9:25 am

bump

ddunston
Posts: 22
Joined: Fri Mar 13, 2020 11:33 pm

Re: Please Help :( [client routing problem]

Post by ddunston » Fri Mar 13, 2020 11:37 pm

You can also use the Softether Packet filters to block traffic to specific networks or hosts: https://www.softether.org/1-features/3. ... ket_Filter

dnzrx
Posts: 5
Joined: Thu Mar 12, 2020 2:06 pm

Re: Please Help :( [client routing problem]

Post by dnzrx » Mon Mar 16, 2020 6:45 am

ddunston wrote:
Fri Mar 13, 2020 11:37 pm
You can also use the Softether Packet filters to block traffic to specific networks or hosts: https://www.softether.org/1-features/3. ... ket_Filter
Hi,
Thanks for replying.


I've tried your suggestion but it doesn't work :(
Even with splittunneling

I tried to access 10.22.X.X (LAN Resource) but still can't access while connected to VPN

ddunston
Posts: 22
Joined: Fri Mar 13, 2020 11:33 pm

Re: Please Help :( [client routing problem]

Post by ddunston » Mon Mar 16, 2020 3:23 pm

I misunderstood your original post. It seemed like you wanted to block access to specific resources. Is the problem that the clients are not able to gain access to the remote network?

What types of clients are you using? Windows, Linux, Mac?

Have you checked the routing table? I noticed that on my Linux client, when I connected via SSTP, the default gateway was the remote softether VPN server address 192.168.30.1. I deleted that and then my traffic started flowing.

dnzrx
Posts: 5
Joined: Thu Mar 12, 2020 2:06 pm

Re: Please Help :( [client routing problem]

Post by dnzrx » Tue Mar 17, 2020 3:05 am

ddunston wrote:
Mon Mar 16, 2020 3:23 pm
I misunderstood your original post. It seemed like you wanted to block access to specific resources. Is the problem that the clients are not able to gain access to the remote network?
Basically, I want to achieve these 2 things (with SecureNat enabled)
  1. Mask entire connections with VPN's IP.
  2. Access some local networks while connected to the VPN server. *currently it's inaccessible because the all of its traffic are routed through the VPN server.
So here is the topology
Image

before I connect the client to VPN server
10.22.0.0/16 network can be accessed directly from 10.22.66.1 (the client is installed on 10.22.66.141)


Here's my config:
Image

Image

ddunston wrote:
Mon Mar 16, 2020 3:23 pm
What types of clients are you using? Windows, Linux, Mac?
I'm using built-in SSTP Client from windows 10 and linux ubuntu 18.04 as the server

ddunston wrote:
Mon Mar 16, 2020 3:23 pm
Have you checked the routing table? I noticed that on my Linux client, when I connected via SSTP, the default gateway was the remote softether VPN server address 192.168.30.1. I deleted that and then my traffic started flowing.
After I connected to the VPN server

It's very strange, I explicitly put a routing rule 10.22.0.0/16 via 10.22.66.1 into the routing table from the settings above
why It's still routed through the virtual nat's ip (10.11.12.1)
Image

Thank you for replying.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please Help :( [client routing problem]

Post by centeredki69 » Tue Mar 17, 2020 11:14 pm

dnzrx,

On the MS-SSTP client have you tried un-checking the " use remote gateway on remote network"?
no remote GW.jpg
You do not have the required permissions to view the files attached to this post.

dnzrx
Posts: 5
Joined: Thu Mar 12, 2020 2:06 pm

Re: Please Help :( [client routing problem]

Post by dnzrx » Thu Mar 19, 2020 2:03 am

centeredki69 wrote:
Tue Mar 17, 2020 11:14 pm
dnzrx,

On the MS-SSTP client have you tried un-checking the " use remote gateway on remote network"?
no remote GW.jpg
Hi,

The only way I can manage to access the local network is to enable split tunnelling also.

But, by doing so, My traffic into the internet (0.0.0.0/0) won't be masked. *refer to these objectives of mine:
  1. Mask entire connections with VPN's IP.
  2. Access some local networks while connected to the VPN server. *currently it's inaccessible because the all of its traffic are routed through the VPN server.
My current workaround is to enable a custom route thru the "route add" command.

My question still the same. "Can I achieve the same result from the server-end only without its clients have to manually route for each time you connect to the VPN server?"

OpenVPN supports `push route`directive, but too bad, my workplace only allows MS-SSTP protocol. The rest all filtered from Fortinet firewall.

Thank You.

Post Reply