SoftEther VPN User Forum

Hello everyone,

wondering If I could get some helping hand here.

I have server with a /25 subnet

So basically I have 165.XXX.XXX.2 - 165.XXX.XXX.127 available for use on this server (public)

Softether DHCP server assigns 192.168.30.10-192.168.30.200 to connected clients. (private)

Problem is, connected clients get their outbound traffic routed via 165.XXX.XXX.2 which is the primary public IP of my sofether VPN server.

I want to be able to set up a nat rule, that will utilize the entire block for outbound traffic.

In Mikrotik I simply do this with a NAT rule with src-nat as 192.168.30.10-192.168.30.200, action as src-nat and to address as 165.XXX.XXX.2 - 165.XXX.XXX.127 and it simply uses this public range for outbound traffi. And dynamically changes this for vpn client traffic.

How Do I accomplish this on softether?

You need to stop using securenat. Bridge with a tap device instead.
Under securenat the vpn hub is internal and invisible from the system.

Thank you for this feedback.

Could you please provide more information on how to achieve this?

Thanks for this pointer.


Guide says; run: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source VPS.IP.ADDRESS.HERE (for routing the outbound traffic )
In my case will this be a valid rule: (Since I want traffic routed via all available public IPS)

run: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 165.XXX.XXX.2 - 165.XXX.XXX.127

thank you.