SoftEther VPN User Forum

SoftEther VPN User Forum
https://www.vpnusers.com/

Internet access in cluster mode

https://www.vpnusers.com/viewtopic.php?f=7&t=67538

Page 1 of 1

Internet access in cluster mode

Posted: Tue May 10, 2022 9:06 pm
by maxime
I'm testing a cluster configuration and I can't figure out why my users stop having access with dynamic/DHCP hubs.

In standalone, I have a virtual hub with SecureNAT/DHCP enabled. Clients connect to the VPN and the "0.0.0.0/0" routes work through the HUB. I then switch the server to a controller (with VPN traffic enabled) and I test two different combinations:
1) In static mode, the bridge to the local adapter is operational, but without DHCP the users never get an IP.
2) In dynamic mode, I enable DHCP as I figured it was the missing piece. Users get assigned an IP but do not have access to the internet.

Am I missing something in the jump from a standalone to a cluster setup?

Re: Internet access in cluster mode

Posted: Wed May 11, 2022 2:10 am
by eddiewu
Dynamic hub is designed for interconnection between clients, not for internet access.

Re: Internet access in cluster mode

Posted: Wed May 11, 2022 12:41 pm
by maxime
So the only configuration that would support the use case is standalone mode, scale out with new servers as the demand grows?

Re: Internet access in cluster mode

Posted: Wed May 11, 2022 2:07 pm
by eddiewu
What is your use case?

Re: Internet access in cluster mode

Posted: Wed May 11, 2022 2:16 pm
by maxime
Remote access VPN with internet access through the VPN. The aim is both added privacy, but also inter-connection with the users. Think typical nordvpn-like services but where users are able to connect to each other on the virtual LAN.

Re: Internet access in cluster mode

Posted: Fri Oct 20, 2023 8:33 am
by softuser
When in Cluster mode, VPN server disables NAT. What is the correct way to provide NAT and access to the Internet for connected clients with default route to 0.0.0.0/0 via the server while still preserving the load-balancing with multiple member servers?

Re: Internet access in cluster mode

Posted: Fri Oct 20, 2023 1:32 pm
by solo
By configuring a local bridge connection between the physical Network Adapters connected to each of the VPN Servers for each static Virtual Hub instance created in each VPN Server in the cluster, and by connecting all of the local bridging destination physical LANs to the in-house LAN destination to which the remote access is desired (either a direct layer 2 connection or a layer 3 connection using a router and NAT is acceptable), the VPN Client user can remotely access this in-house LAN regardless of which VPN Server the connection is assigned to. This mechanism enables the creation of a large-scale remote access VPN service required to process a large volume of simultaneous connections. Please refer to 10.8 Build a Large Scale Remote Access VPN Service for specific configurations.
The LAN's router does NAT.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/