Can't access the internet (simple question)

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
saturn
Posts: 4
Joined: Sun Oct 02, 2022 9:22 am

Can't access the internet (simple question)

Post by saturn » Sun Oct 02, 2022 9:54 am

Hello!
I've tried to google my problem multiple times, but I still stuck with my issue. I want to configure my VPN server to have an access to blocked websites. (I would like to have two options: have an ability route all traffic and route only specific ip subnet)
I've installed recently softether vpn on linux.
Secure NAT is enabled (otherwise my router with SSTP support won't connect). Local bridge to the WAN is up.
I have a successful connection from my router (I get an IP address) and on VPN CLient on Windows, but I can't access to the internet from this VPN server.
What should I do?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Can't access the internet (simple question)

Post by solo » Sun Oct 02, 2022 11:11 am

Hello, you can't use SecNAT and a bridge simultaneously. You don't say much else about the server, I'm assuming it's on a VPS. If so keep SecNAT only. For the optional complex routing you'd need a different config: no SecNAT, instead use a local bridge to tap_soft and iptables nat with dnsmasq for dhcp.

saturn
Posts: 4
Joined: Sun Oct 02, 2022 9:22 am

Re: Can't access the internet (simple question)

Post by saturn » Sun Oct 02, 2022 12:45 pm

You're right SoftEther on VPS.
oh, I thought I could do the same logic as I have on Openvpn :(
I've got the idea with dhcp and createing a local bridge, but.... How iptables helps to route "blocked-website.xxx" via VPN and "google.com" via own client internet provider?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Can't access the internet (simple question)

Post by solo » Sun Oct 02, 2022 1:59 pm

For this routing keep SecNAT, remove its default gateway and push a static route with the IP of "blocked-website.xxx" to clients.

saturn
Posts: 4
Joined: Sun Oct 02, 2022 9:22 am

Re: Can't access the internet (simple question)

Post by saturn » Sun Oct 02, 2022 3:05 pm

how to push this ip?
I need to pass about 100 ips of blocked websites

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Can't access the internet (simple question)

Post by solo » Mon Oct 03, 2022 12:25 am

It's in SecNAT's GUI options. I don't see a CLI equivalent but if you stop the server and edit its config, DhcpPushRoutes is here:

Code: Select all

			declare SecureNAT
			{
				bool Disabled false
				bool SaveLog false

				declare VirtualDhcpServer
				{
					string DhcpDnsServerAddress 192.168.30.1
					string DhcpDnsServerAddress2 0.0.0.0
					string DhcpDomainName $
					bool DhcpEnabled true
					uint DhcpExpireTimeSpan 7200
					string DhcpGatewayAddress 192.168.30.1
					string DhcpLeaseIPEnd 192.168.30.200
					string DhcpLeaseIPStart 192.168.30.10
					string DhcpPushRoutes $
					string DhcpSubnetMask 255.255.255.0
				}
That said, it can accept only 64 entries, so back to the "local bridge to tap_soft and iptables nat with dnsmasq for dhcp" option as dnsmasq can handle all your 100 IPs.

saturn
Posts: 4
Joined: Sun Oct 02, 2022 9:22 am

Re: Can't access the internet (simple question)

Post by saturn » Mon Oct 03, 2022 6:54 am

I'm sorry, I still don't understand, how to forward e.g. 8.8.8.8 from client to the internet via vpn , but 1.1.1.1 not. And how to forwad all traffic via vpn with this setting.
I can run a GUI via VM.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Can't access the internet (simple question)

Post by solo » Mon Oct 03, 2022 9:02 am

The GUI will show you a routing example. To forward all traffic via vpn simply re-insert the removed default gateway.

Post Reply