Browsing internet is not working as I expected

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
theselby
Posts: 8
Joined: Fri Apr 01, 2022 1:55 pm

Browsing internet is not working as I expected

Post by theselby » Sat Apr 02, 2022 8:10 am

Hello guys,

Here's the scenario i want to achieve. Basically I want to be able to access all LAN devices I have at home when I'm connected to VPN from my laptop or phone from some other place BUT only this, i don't want all internet to go via the VPN.

In human words... Let's say I'm at a coffe-shop with my laptop and I want to access my remote windows machine from home.
I want to be able to RDP to 192.168.1.15 for example.
But also, all internet browsing... to happen via coffess-shop's wireless (and not to be re-routed to my home and back to me)

How could I achieve this?


P.S. As I understood, in the virtual nat settings I only had to disable providing a default gateway or DNS. And so I did. But without a default gateway, all sites throw a DNS PROBE POSSIBLE error (though I provided 8.8.8.8 and 8.8.4.4 as DNS data)
If I use a default gateway with the VPN's internal IP address... browsing internet works... but all traffic gets routed via that VPN interface, and I don't want to do this.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Browsing internet is not working as I expected

Post by solo » Sat Apr 02, 2022 8:58 am

theselby wrote:
Sat Apr 02, 2022 8:10 am
in the virtual nat settings I only had to disable providing a default gateway or DNS.
Hi, you have to disable both a default gateway and DNS - just leave them blank.
Btw is your remote PC is connected with a LAN cable or WiFi to the internet?

theselby
Posts: 8
Joined: Fri Apr 01, 2022 1:55 pm

Re: Browsing internet is not working as I expected

Post by theselby » Sat Apr 02, 2022 9:19 am

Hello,

I've tried also with DNS disabled and still not working

Here's what I see from ipconfig /all

Code: Select all

PPP adapter VPN_36:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VPN_36
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.11.12.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   NetBIOS over Tcpip. . . . . . . . : Enabled
Here is a photo of the SecureNAT Configuration:
Capture.JPG
You do not have the required permissions to view the files attached to this post.

theselby
Posts: 8
Joined: Fri Apr 01, 2022 1:55 pm

Re: Browsing internet is not working as I expected

Post by theselby » Sat Apr 02, 2022 9:31 am

Here's the entire server config, in case it is needed for clarifications:

Code: Select all

declare root
{
	uint ConfigRevision 42
	bool IPsecMessageDisplayed true
	string Region RO
	bool VgsMessageDisplayed false

	declare DDnsClient
	{
		bool Disabled false
		byte Key XXXXXXXXXXXXXXXXXXXXXXXX
		string LocalHostname S2
		string ProxyHostName $
		uint ProxyPort 0
		uint ProxyType 0
		string ProxyUsername $
	}
	declare IPsec
	{
		bool EtherIP_IPsec true
		string IPsec_Secret XXXXXXXXXX
		string L2TP_DefaultHub XXXXXXXXXXVPN
		bool L2TP_IPsec true
		bool L2TP_Raw true

		declare EtherIP_IDSettingsList
		{
		}
	}
	declare ListenerList
	{
		declare Listener0
		{
			bool DisableDos false
			bool Enabled true
			uint Port 443
		}
		declare Listener1
		{
			bool DisableDos false
			bool Enabled true
			uint Port 992
		}
		declare Listener2
		{
			bool DisableDos false
			bool Enabled true
			uint Port 1194
		}
		declare Listener3
		{
			bool DisableDos false
			bool Enabled true
			uint Port 5555
		}
	}
	declare LocalBridgeList
	{
		bool EnableSoftEtherKernelModeDriver true
		bool ShowAllInterfaces false

		declare LocalBridge0
		{
			string DeviceName XXXXXXXXXX
			string HubName XXXXXXXXXXVPN
			bool LimitBroadcast false
			bool MonitorMode false
			bool NoPromiscuousMode false
		}
	}
	declare ServerConfiguration
	{
		bool AcceptOnlyTls true
		uint64 AutoDeleteCheckDiskFreeSpaceMin 8589934592
		uint AutoDeleteCheckIntervalSecs 300
		uint AutoSaveConfigSpan 300
		bool BackupConfigOnlyWhenModified true
		string CipherName AES128-SHA
		uint CurrentBuild 9760
		bool DisableCoreDumpOnUnix false
		bool DisableDeadLockCheck false
		bool DisableDosProction false
		bool DisableGetHostNameWhenAcceptTcp false
		bool DisableIntelAesAcceleration false
		bool DisableIPsecAggressiveMode false
		bool DisableIPv6Listener false
		bool DisableJsonRpcWebApi false
		bool DisableNatTraversal false
		bool DisableOpenVPNServer false
		bool DisableSessionReconnect false
		bool DisableSSTPServer false
		bool DontBackupConfig false
		bool EnableVpnAzure true
		bool EnableVpnOverDns false
		bool EnableVpnOverIcmp false
		byte HashedPassword XXXXXXXXXX=
		string KeepConnectHost keepalive.softether.org
		uint KeepConnectInterval 50
		uint KeepConnectPort 80
		uint KeepConnectProtocol 1
		uint64 LoggerMaxLogSize 1073741823
		uint MaxConcurrentDnsClientThreads 512
		uint MaxConnectionsPerIP 256
		uint MaxUnestablishedConnections 1000
		bool NoDebugDump false
		bool NoHighPriorityProcess false
		bool NoSendSignature false
		string OpenVPNDefaultClientOption dev-type$20tun,link-mtu$201500,tun-mtu$201500,cipher$20AES-128-CBC,auth$20SHA1,keysize$20128,key-method$202,tls-client
		string OpenVPN_UdpPortList 1194
		bool SaveDebugLog false
		byte ServerCert XXXXXXXXXX=
		byte ServerKey XXXXXXXXXX=
		uint ServerLogSwitchType 4
		uint ServerType 0
		bool StrictSyslogDatetimeFormat false
		bool Tls_Disable1_0 false
		bool Tls_Disable1_1 false
		bool Tls_Disable1_2 false
		bool Tls_Disable1_3 false
		bool UseKeepConnect true
		bool UseWebTimePage false
		bool UseWebUI false

		declare GlobalParams
		{
			uint FIFO_BUDGET 10240000
			uint HUB_ARP_SEND_INTERVAL 5000
			uint IP_TABLE_EXPIRE_TIME 60000
			uint IP_TABLE_EXPIRE_TIME_DHCP 300000
			uint MAC_TABLE_EXPIRE_TIME 600000
			uint MAX_BUFFERING_PACKET_SIZE 2560000
			uint MAX_HUB_LINKS 1024
			uint MAX_IP_TABLES 65536
			uint MAX_MAC_TABLES 65536
			uint MAX_SEND_SOCKET_QUEUE_NUM 128
			uint MAX_SEND_SOCKET_QUEUE_SIZE 2560000
			uint MAX_STORED_QUEUE_NUM 1024
			uint MEM_FIFO_REALLOC_MEM_SIZE 655360
			uint MIN_SEND_SOCKET_QUEUE_SIZE 320000
			uint QUEUE_BUDGET 2048
			uint SELECT_TIME 256
			uint SELECT_TIME_FOR_NAT 30
			uint STORM_CHECK_SPAN 500
			uint STORM_DISCARD_VALUE_END 1024
			uint STORM_DISCARD_VALUE_START 3
		}
		declare ServerTraffic
		{
			declare RecvTraffic
			{
				uint64 BroadcastBytes 3397539
				uint64 BroadcastCount 37968
				uint64 UnicastBytes 53131148725
				uint64 UnicastCount 145964517
			}
			declare SendTraffic
			{
				uint64 BroadcastBytes 3596891
				uint64 BroadcastCount 41005
				uint64 UnicastBytes 27114181
				uint64 UnicastCount 52708
			}
		}
		declare SyslogSettings
		{
			string HostName $
			uint Port 514
			uint SaveType 0
		}
	}
	declare VirtualHUB
	{
		declare XXXXXXXXXXVPN
		{
			uint64 CreatedTime 1648764089003
			byte HashedPassword XXXXXXXXXX=
			uint64 LastCommTime 1648859046460
			uint64 LastLoginTime 1648858452348
			uint NumLogin 8
			bool Online true
			bool RadiusConvertAllMsChapv2AuthRequestToEap false
			string RadiusRealm $
			uint RadiusRetryInterval 0
			uint RadiusServerPort 1812
			string RadiusSuffixFilter $
			bool RadiusUsePeapInsteadOfEap false
			byte SecurePassword XXXXXXXXXX=
			uint Type 0

			declare AccessList
			{
			}
			declare AdminOption
			{
				uint allow_hub_admin_change_option 0
				uint deny_bridge 0
				uint deny_change_user_password 0
				uint deny_empty_password 0
				uint deny_hub_admin_change_ext_option 0
				uint deny_qos 0
				uint deny_routing 0
				uint max_accesslists 0
				uint max_bitrates_download 0
				uint max_bitrates_upload 0
				uint max_groups 0
				uint max_multilogins_per_user 0
				uint max_sessions 0
				uint max_sessions_bridge 0
				uint max_sessions_client 0
				uint max_sessions_client_bridge_apply 0
				uint max_users 0
				uint no_access_list_include_file 0
				uint no_cascade 0
				uint no_change_access_control_list 0
				uint no_change_access_list 0
				uint no_change_admin_password 0
				uint no_change_cert_list 0
				uint no_change_crl_list 0
				uint no_change_groups 0
				uint no_change_log_config 0
				uint no_change_log_switch_type 0
				uint no_change_msg 0
				uint no_change_users 0
				uint no_delay_jitter_packet_loss 0
				uint no_delete_iptable 0
				uint no_delete_mactable 0
				uint no_disconnect_session 0
				uint no_enum_session 0
				uint no_offline 0
				uint no_online 0
				uint no_query_session 0
				uint no_read_log_file 0
				uint no_securenat 0
				uint no_securenat_enabledhcp 0
				uint no_securenat_enablenat 0
			}
			declare CascadeList
			{
			}
			declare LogSetting
			{
				uint PacketLogSwitchType 4
				uint PACKET_LOG_ARP 0
				uint PACKET_LOG_DHCP 1
				uint PACKET_LOG_ETHERNET 0
				uint PACKET_LOG_ICMP 0
				uint PACKET_LOG_IP 0
				uint PACKET_LOG_TCP 0
				uint PACKET_LOG_TCP_CONN 1
				uint PACKET_LOG_UDP 0
				bool SavePacketLog true
				bool SaveSecurityLog true
				uint SecurityLogSwitchType 4
			}
			declare Message
			{
			}
			declare Option
			{
				uint AccessListIncludeFileCacheLifetime 30
				uint AdjustTcpMssValue 0
				bool ApplyIPv4AccessListOnArpPacket false
				bool AssignVLanIdByRadiusAttribute false
				bool BroadcastLimiterStrictMode false
				uint BroadcastStormDetectionThreshold 0
				uint ClientMinimumRequiredBuild 0
				bool DenyAllRadiusLoginWithNoVlanAssign false
				uint DetectDormantSessionInterval 0
				bool DisableAdjustTcpMss false
				bool DisableCheckMacOnLocalBridge false
				bool DisableCorrectIpOffloadChecksum false
				bool DisableHttpParsing false
				bool DisableIPParsing false
				bool DisableIpRawModeSecureNAT false
				bool DisableKernelModeSecureNAT false
				bool DisableUdpAcceleration false
				bool DisableUdpFilterForLocalBridgeNic false
				bool DisableUserModeSecureNAT false
				bool DoNotSaveHeavySecurityLogs false
				bool DropArpInPrivacyFilterMode true
				bool DropBroadcastsInPrivacyFilterMode true
				bool FilterBPDU false
				bool FilterIPv4 false
				bool FilterIPv6 false
				bool FilterNonIP false
				bool FilterOSPF false
				bool FilterPPPoE false
				uint FloodingSendQueueBufferQuota 33554432
				bool ManageOnlyLocalUnicastIPv6 true
				bool ManageOnlyPrivateIP true
				uint MaxLoggedPacketsPerMinute 0
				uint MaxSession 0
				bool NoArpPolling false
				bool NoDhcpPacketLogOutsideHub true
				bool NoEnum false
				bool NoIpTable false
				bool NoIPv4PacketLog false
				bool NoIPv6AddrPolling false
				bool NoIPv6DefaultRouterInRAWhenIPv6 true
				bool NoIPv6PacketLog false
				bool NoLookBPDUBridgeId false
				bool NoMacAddressLog true
				bool NoManageVlanId false
				bool NoPhysicalIPOnPacketLog false
				bool NoSpinLockForPacketDelay false
				bool RemoveDefGwOnDhcpForLocalhost true
				uint RequiredClientId 0
				uint SecureNAT_MaxDnsSessionsPerIp 0
				uint SecureNAT_MaxIcmpSessionsPerIp 0
				uint SecureNAT_MaxTcpSessionsPerIp 0
				uint SecureNAT_MaxTcpSynSentPerIp 0
				uint SecureNAT_MaxUdpSessionsPerIp 0
				bool SecureNAT_RandomizeAssignIp false
				bool SuppressClientUpdateNotification false
				bool UseHubNameAsDhcpUserClassOption false
				bool UseHubNameAsRadiusNasId false
				string VlanTypeId 0x8100
				bool YieldAfterStorePacket false
			}
			declare SecureNAT
			{
				bool Disabled false
				bool SaveLog true

				declare VirtualDhcpServer
				{
					string DhcpDnsServerAddress 0.0.0.0
					string DhcpDnsServerAddress2 0.0.0.0
					string DhcpDomainName $
					bool DhcpEnabled true
					uint DhcpExpireTimeSpan 7200
					string DhcpGatewayAddress 0.0.0.0
					string DhcpLeaseIPEnd 10.11.254.254
					string DhcpLeaseIPStart 10.11.12.10
					string DhcpPushRoutes $
					string DhcpSubnetMask 255.255.0.0
				}
				declare VirtualHost
				{
					string VirtualHostIp 10.11.12.1
					string VirtualHostIpSubnetMask 255.255.0.0
					string VirtualHostMacAddress XX-XX-XX-XX-XX-XX
				}
				declare VirtualRouter
				{
					bool NatEnabled true
					uint NatMtu 1500
					uint NatTcpTimeout 1800
					uint NatUdpTimeout 60
				}
			}
			declare SecurityAccountDatabase
			{
				declare CertList
				{
				}
				declare CrlList
				{
				}
				declare GroupList
				{
					declare XXXXXXXXXX
					{
						string Note $
						string RealName $

						declare Traffic
						{
							declare RecvTraffic
							{
								uint64 BroadcastBytes 255907
								uint64 BroadcastCount 2770
								uint64 UnicastBytes 8212389
								uint64 UnicastCount 8851
							}
							declare SendTraffic
							{
								uint64 BroadcastBytes 36772
								uint64 BroadcastCount 288
								uint64 UnicastBytes 657307
								uint64 UnicastCount 5779
							}
						}
					}
				}
				declare IPAccessControlList
				{
				}
				declare UserList
				{
					declare XXXXXXXXXX
					{
						byte AuthNtLmSecureHash XXXXXXXXXX=
						byte AuthPassword XXXXXXXXXX=
						uint AuthType 1
						uint64 CreatedTime 1648790523982
						uint64 ExpireTime 0
						string GroupName XXXXXXXXXX
						uint64 LastLoginTime 1648840334233
						string Note $
						uint NumLogin 4
						string RealName XXXXXXXXXX
						uint64 UpdatedTime 1648790523982

						declare Traffic
						{
							declare RecvTraffic
							{
								uint64 BroadcastBytes 255907
								uint64 BroadcastCount 2770
								uint64 UnicastBytes 8212389
								uint64 UnicastCount 8851
							}
							declare SendTraffic
							{
								uint64 BroadcastBytes 36772
								uint64 BroadcastCount 288
								uint64 UnicastBytes 657307
								uint64 UnicastCount 5779
							}
						}
					}
				}
			}
			declare Traffic
			{
				declare RecvTraffic
				{
					uint64 BroadcastBytes 3397539
					uint64 BroadcastCount 37968
					uint64 UnicastBytes 53131148725
					uint64 UnicastCount 145964517
				}
				declare SendTraffic
				{
					uint64 BroadcastBytes 3596891
					uint64 BroadcastCount 41005
					uint64 UnicastBytes 27114181
					uint64 UnicastCount 52708
				}
			}
		}
	}
	declare VirtualLayer3SwitchList
	{
	}
	declare VPNGate
	{
		string Abuse $
		bool IsEnabled false
		bool LogPermanent false
		string Message $
		bool NoLog false
		string Owner XXXXXXXXXX
	}
}

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Browsing internet is not working as I expected

Post by solo » Sat Apr 02, 2022 10:10 am

Connect the client and post the output of "netstat -r"

Is your remote server connected with a LAN cable or WiFi to the internet?

theselby
Posts: 8
Joined: Fri Apr 01, 2022 1:55 pm

Re: Browsing internet is not working as I expected

Post by theselby » Sat Apr 02, 2022 10:17 am

Computer is connected via LAN

Here's output of netstat:

Code: Select all

netstat -r
===========================================================================
Interface List
  2...xx xx xx xx xx xx ......Realtek PCIe GbE Family Controller
 31...........................VPN_36
  7...00 ff 7d 49 43 21 ......TAP-Windows Adapter V9
  8...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 18...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.192   4250
          0.0.0.0          0.0.0.0         On-link       10.11.12.10     26
        10.11.0.0      255.255.0.0         On-link       10.11.12.10     26
      10.11.12.10  255.255.255.255         On-link       10.11.12.10    281
    10.11.255.255  255.255.255.255         On-link       10.11.12.10    281
     89.xx.xx.xx255.255.255.255      192.168.1.1    192.168.1.192   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      169.254.0.0      255.255.0.0         On-link       169.254.6.4   4516
      169.254.0.0      255.255.0.0         On-link   169.254.217.177   4516
      169.254.6.4  255.255.255.255         On-link       169.254.6.4   4516
  169.254.217.177  255.255.255.255         On-link   169.254.217.177   4516
  169.254.255.255  255.255.255.255         On-link       169.254.6.4   4516
  169.254.255.255  255.255.255.255         On-link   169.254.217.177   4516
      192.168.1.0    255.255.255.0         On-link     192.168.1.192   4506
    192.168.1.192  255.255.255.255         On-link     192.168.1.192   4506
    192.168.1.255  255.255.255.255         On-link     192.168.1.192   4506
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link     192.168.1.192   4506
        224.0.0.0        240.0.0.0         On-link   169.254.217.177   4516
        224.0.0.0        240.0.0.0         On-link       169.254.6.4   4516
        224.0.0.0        240.0.0.0         On-link       10.11.12.10     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link     192.168.1.192   4506
  255.255.255.255  255.255.255.255         On-link   169.254.217.177   4516
  255.255.255.255  255.255.255.255         On-link       169.254.6.4   4516
  255.255.255.255  255.255.255.255         On-link       10.11.12.10    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  2    281 fe80::/64                On-link
 18    291 fe80::/64                On-link
  8    291 fe80::/64                On-link
  2    281 fe80::80ab:96c2:94c1:7bb2/128
                                    On-link
  8    291 fe80::8959:6ec7:3df8:604/128
                                    On-link
 18    291 fe80::cd47:d8e6:bbc0:d9b1/128
                                    On-link
  1    331 ff00::/8                 On-link
  2    281 ff00::/8                 On-link
 18    291 ff00::/8                 On-link
  8    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Browsing internet is not working as I expected

Post by solo » Sat Apr 02, 2022 11:17 am

On the client's vNIC switch from DHCP to static 10.11.12.10 and blank DG/DNS.

theselby
Posts: 8
Joined: Fri Apr 01, 2022 1:55 pm

Re: Browsing internet is not working as I expected

Post by theselby » Sat Apr 02, 2022 11:56 am

Is there no solution to make it work via DHCP?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Browsing internet is not working as I expected

Post by solo » Sat Apr 02, 2022 12:08 pm

Your client's PC networking is messed up, hence the workaround. There is no issue with SoftEther's vDHCP.

With DHCP you also could try:
SE Client - Advanced - No adjustments of routing table: ON
in the vNIC - Advanced - UNCHECK “Use default gateway on remote network”
tmp disable the "VMware Virtual Ethernet Adapters"

theselby
Posts: 8
Joined: Fri Apr 01, 2022 1:55 pm

Re: Browsing internet is not working as I expected

Post by theselby » Sat Apr 02, 2022 12:30 pm

Many thanks solo.

Disabling “Use default gateway on remote network” did the trick.

Post Reply