SRC-NAT Private To Multiple Public

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
corecreativesca
Posts: 3
Joined: Thu Jun 16, 2022 7:19 am

SRC-NAT Private To Multiple Public

Post by corecreativesca » Thu Jun 16, 2022 7:28 am

Hello everyone,

wondering If I could get some helping hand here.

I have server with a /25 subnet

So basically I have 165.XXX.XXX.2 - 165.XXX.XXX.127 available for use on this server (public)

Softether DHCP server assigns 192.168.30.10-192.168.30.200 to connected clients. (private)

Problem is, connected clients get their outbound traffic routed via 165.XXX.XXX.2 which is the primary public IP of my sofether VPN server.

I want to be able to set up a nat rule, that will utilize the entire block for outbound traffic.

In Mikrotik I simply do this with a NAT rule with src-nat as 192.168.30.10-192.168.30.200, action as src-nat and to address as 165.XXX.XXX.2 - 165.XXX.XXX.127 and it simply uses this public range for outbound traffi. And dynamically changes this for vpn client traffic.

How Do I accomplish this on softether?

eddiewu
Posts: 253
Joined: Wed Nov 25, 2020 9:10 am

Re: SRC-NAT Private To Multiple Public

Post by eddiewu » Thu Jun 16, 2022 8:06 am

You need to stop using securenat. Bridge with a tap device instead.
Under securenat the vpn hub is internal and invisible from the system.

corecreativesca
Posts: 3
Joined: Thu Jun 16, 2022 7:19 am

Re: SRC-NAT Private To Multiple Public

Post by corecreativesca » Thu Jun 16, 2022 8:39 am

Thank you for this feedback.

Could you please provide more information on how to achieve this?

eddiewu
Posts: 253
Joined: Wed Nov 25, 2020 9:10 am

Re: SRC-NAT Private To Multiple Public

Post by eddiewu » Thu Jun 16, 2022 8:59 am


corecreativesca
Posts: 3
Joined: Thu Jun 16, 2022 7:19 am

Re: SRC-NAT Private To Multiple Public

Post by corecreativesca » Thu Jun 16, 2022 9:49 am

Thanks for this pointer.


Guide says; run: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source VPS.IP.ADDRESS.HERE (for routing the outbound traffic )
In my case will this be a valid rule: (Since I want traffic routed via all available public IPS)

run: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 165.XXX.XXX.2 - 165.XXX.XXX.127

thank you.

Post Reply