SoftEther VPN User Forum

Hi I have Softether running on a PC in the network and its going fine.
The VPN clients are hitting my office dhcp server so I enabled the Secure NAT which worked fine too.
But PCs in the office started hitting that DHCP server.

What is the best option to have secureNAT and not have the office client PCs hitting virtual DHCP in softether.

I see several posts on this issue but none have a solution to solve it.

Do I need a second nic, should there be a virtual NIC or do I need the local bridge and securenat on 2 seperate PCs or whats required.

thanks

If your VirtualHub has a localbridge to your physical interface, this is supposed to happen. SoftEther even warns you about this when turning on SecureNAT... Remember, the virtualhub itself is literally a switch, and if you bind it to your physical network interface, it will be like connecting two switches together, making it one broadcast domain...

Broadcasts coming from your VirtualHub can not be blocked from passing on to your LAN, unless YOUR VPN server host is connected to Managed physical switch that you can configure to deny DHCP broadcasts coming from the port it is connected to, OR by creating a VLAN to isolate the broadcasts from the rest of the ports.

If THAT is not your case, you will need to either unbind your virtual Hub from your physical interface (remove localbridge), OR, keep localbridge but turn off SecureNAT's DHCP server function ONLY and allow remote clients to be assigned an IP address by the DHCP server in your network.

Also, keep in mind that localbridging is an optional thing, secureNAT does not need this in order to work.

thanks oliver.

If I remove local bridge will the softether and securenat still work ?

Will this stop the DHCP on the office network ?

allaboutthebase wrote: ↑

Tue Apr 14, 2020 9:20 am

thanks oliver.

If I remove local bridge will the softether and securenat still work ?

Will this stop the DHCP on the office network ?

Yes, you can safely remove the localbridge when secureNAT is being used. That is because secureNAT is basically a virtual router that will use your computer's local IP address to NAT everything for remote VPN users.

Removing the localbridge will result in DHCP unreachable by the physical network, yes.

Cheers!

Cheers..

I have a static IP on the Softether PC physical IP.
Should this be OK ?

allaboutthebase wrote: ↑

Tue Apr 14, 2020 9:51 am

Cheers..

I have a static IP on the Softether PC physical IP.
Should this be OK ?

Yes, secureNAT is not affected by your computer's addressing. SecureNAT will route you to whatever network your computer belongs to, and will use your computer's default gateway for any internet traffic.