SoftEther VPN User Forum

I'm doing some volunteer work for an organization with really zero IT support. I have a small NUC running Windows 10 Pro I need to reach from something like an Intel based Macbook. I've following the instructions to setup a SoftEther VPN Azure connection, but can't get it to work.

* VPN Azure is enabled and shows as connectred
* I can ping the xx.vpnazure.net IP
* I've enabled all options in L2TP

When I try using the built in Mac VPN client with L2TP, I'm told it can't reach the server
When I try using iSstp on a Mac, it says it can't reach the server
When I try using Window's VPN (as the per the instructions) it says it can't connect to the server

I can ping my vpnazure.net ddns name on all these machines, so I'm unsure what the hang up is!

Is there a way to connect an Intel based Macbook (so not an M1 machine that might run an iOS SSTP client like SSTP Connect) which can connect to a SoftEther VPN server on a Windows box behind some kind of NAT?

Thanks!

bentwookie wrote: ↑

Thu Feb 10, 2022 8:07 pm

Is there a way to connect an Intel based Macbook (so not an M1 machine that might run an iOS SSTP client like SSTP Connect) which can connect to a SoftEther VPN server on a Windows box behind some kind of NAT?

Yes, here is MacOS SoftEther VPN Intel Client

BTW
- L2TP does not work via VPN Azure
- SSTP client requires server certificate import (aka "When I try using Window's VPN")
- DDNS operates on x.softether.net domain, not x.vpnazure.net

Thanks for the reply!

I built the two tools and then tried connecting like so:
On the server side, it shows that the vpn server is connected to the relay at stawpcat.vpnazure.net, but I can't seem to reach it from my Mac.

In the Server's Encryption and Network Settings, I see a server certificate has been created for my server. Do I need to install that someplace else as well? In Windows someplace on the server or on my Mac?

Thanks for any help you can provide!

Incorrect, go vpncmd > #2 > localhost
Just follow this guide.

This is getting too complicated to hand over to a bunch of volunteers. I'm going to have to come up with something different. However, thanks for taking the time to answer my questions!

If you believe that the NAT is impenetrable and you have to use the Azure, try this:
- get another small NUC with WiFi for the client
- install Windows SE client on it
- bridge SE VPN adapter to LAN adapter on the NUC
- connect the Mac or any PC with a LAN cable to the NUC
- connect NUC SE client via the Azure using WiFi

If the NAT is penetrable and you can forward ports, then you can easily and directly use on the Mac either L2TP or OpenVPN clients with your SE server.

The challenge I have is that the clients have MacBooks at their house. If I'm understanding correctly, I'd need to drop a NUC off at all their houses. I don't mind some upfront work in the office to support them, but any work done on the Macs is going to have to be pretty simple.

The 2x NUCs SE network scenario can serve multiple Mac clients if they are on the same LAN, otherwise it does not scale-up well.

Consider a different VPN network, where the NAT-limited server and all clients connect to another, interconnecting, server which can be accessed with port forwarding. Perhaps one of the clients can 'donate' their internet connection for this purpose?

I think I'm just going to bite the bullet and take on ownership of whatever is routing internet into the place. With that, I can just forward through the right ports and call it a day. The cost being that whenever anything goes wrong with, well anything internet related, it will become my problem ;)

Such is volunteer work. Thanks again for all your advice!