Client connected to VPN Azure host and cannot access Local LAN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
btraill
Posts: 4
Joined: Wed Mar 30, 2022 9:55 pm

Client connected to VPN Azure host and cannot access Local LAN

Post by btraill » Wed Mar 30, 2022 10:04 pm

Good afternoon,

Just wanted to lead by saying this software looks excellent! Once I get it properly configured I'm sure I will be quite happy :)

Current setup:

SoftEther VPN server is setup on a Windows box within my corporate LAN network
  • This server can reach the internet but is behind a corporate firewall
  • Local Bridge is enabled/created within SoftEther
  • Secure NAT is turned on within SoftEther -- DHCP off as I have DHCP on the LAN network it sits on already
  • VPN Azure is enabled
From my limited understanding so far -- I enabled VPN Azure thinking that was the method I could use in order to get my clients to connect from outside of the LAN network. I am able to get a VPN client succesfully authenticated against the virtual hub with a set-up user from a remote network. However, once connected I cannot access or reach any of the resources on the local LAN network that the SoftEther VPN server resides on. I thought with the local bridge + SecureNATing that it would simply NAT the traffic using that computers bridge/NIC. (IE. whatever resources that computer can currently access on the local network would also be facilitated over the VPN -- is that a correct assumption?)

Any help is greatly appreciated in advance!

Thank you very much,
btraill

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Client connected to VPN Azure host and cannot access Local LAN

Post by solo » Wed Mar 30, 2022 11:07 pm

You have to choose either a bridge or Secure NAT (with all options, incl DHCP, on).

If bridging is impossible or ineffective, read Client PC unable to reach shared directory on Server PC.

btraill
Posts: 4
Joined: Wed Mar 30, 2022 9:55 pm

Re: Client connected to VPN Azure host and cannot access Local LAN

Post by btraill » Thu Mar 31, 2022 8:06 pm

solo wrote:
Wed Mar 30, 2022 11:07 pm
You have to choose either a bridge or Secure NAT (with all options, incl DHCP, on).

If bridging is impossible or ineffective, read Client PC unable to reach shared directory on Server PC.
So I turned off the SecureNAT and left the bridge. The bridge is using the NIC that can access the Internet aswell as the LAN network I am trying to reach remotely... However I am still unable to route to resources accesible from the server computer sitting on the LAN from a remote connection. (connecting to the VPN Azure address)

Is there some additional configuration I am missing?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Client connected to VPN Azure host and cannot access Local LAN

Post by solo » Fri Apr 01, 2022 12:51 am

Please make the VPN connection, then run "netstat -r" on both the server and client PCs, and post it, as code, here.

btraill
Posts: 4
Joined: Wed Mar 30, 2022 9:55 pm

Re: Client connected to VPN Azure host and cannot access Local LAN

Post by btraill » Fri Apr 01, 2022 1:34 am

solo wrote:
Fri Apr 01, 2022 12:51 am
Please make the VPN connection, then run "netstat -r" on both the server and client PCs, and post it, as code, here.
I really appreciate your willingness to help. Thank you very much.

I will provide the serverside once I get back on site first thing tomorrow morning. Here is the client side (when "Connected" status in the VPN client is reached via the VPN Azure address):

Code: Select all

===========================================================================
Interface List
 14...5e 59 8c 66 23 77 ......VPN Client Adapter - VPN
  8...64 4b f0 12 db dd ......Intel(R) I210 Gigabit Network Connection
 12...a4 83 e7 c5 c8 5e ......Broadcom 802.11ac Network Adapter
 18...a4 83 e7 d0 e6 52 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.28     25
    66.207.113.35  255.255.255.255      192.168.2.1     192.168.2.28     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     130.158.6.68  255.255.255.255      192.168.2.1     192.168.2.28     25
    130.158.6.123  255.255.255.255      192.168.2.1     192.168.2.28     25
      169.254.0.0      255.255.0.0         On-link    169.254.187.98    257
   169.254.187.98  255.255.255.255         On-link    169.254.187.98    257
  169.254.255.255  255.255.255.255         On-link    169.254.187.98    257
      192.168.2.0    255.255.255.0         On-link      192.168.2.28    281
     192.168.2.28  255.255.255.255         On-link      192.168.2.28    281
    192.168.2.255  255.255.255.255         On-link      192.168.2.28    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.2.28    281
        224.0.0.0        240.0.0.0         On-link    169.254.187.98    257
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.2.28    281
  255.255.255.255  255.255.255.255         On-link    169.254.187.98    257
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  8    281 fe80::/64                On-link
 14    291 fe80::/64                On-link
 14    291 fe80::58a:d102:bac:bb62/128
                                    On-link
  8    281 fe80::1890:b7bf:ce05:2e40/128
                                    On-link
  1    331 ff00::/8                 On-link
  8    281 ff00::/8                 On-link
 14    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Client connected to VPN Azure host and cannot access Local LAN

Post by solo » Fri Apr 01, 2022 3:34 am

Thank you. The client is connected indeed but has not received DHCP config from the remote bridged LAN.
Please disable both firewalls for a brief test and re-try the connection and LAN access.
If it works without a firewall, re-enable it, allow SoftEther as well as pass all ICMP, DHCP and DNS packets in it.

If it still does not work, please post, as code, more logs from both the server and client PCs when connected to VPN:
  • "netstat -r"
  • "ipconfig /all"
  • "dhcptest --quiet --query --wait --timeout 10"

Post Reply