SoftEther VPN User Forum

Hello!
I've tried to google my problem multiple times, but I still stuck with my issue. I want to configure my VPN server to have an access to blocked websites. (I would like to have two options: have an ability route all traffic and route only specific ip subnet)
I've installed recently softether vpn on linux.
Secure NAT is enabled (otherwise my router with SSTP support won't connect). Local bridge to the WAN is up.
I have a successful connection from my router (I get an IP address) and on VPN CLient on Windows, but I can't access to the internet from this VPN server.
What should I do?

Hello, you can't use SecNAT and a bridge simultaneously. You don't say much else about the server, I'm assuming it's on a VPS. If so keep SecNAT only. For the optional complex routing you'd need a different config: no SecNAT, instead use a local bridge to tap_soft and iptables nat with dnsmasq for dhcp.

You're right SoftEther on VPS.
oh, I thought I could do the same logic as I have on Openvpn :(
I've got the idea with dhcp and createing a local bridge, but.... How iptables helps to route "blocked-website.xxx" via VPN and "google.com" via own client internet provider?

For this routing keep SecNAT, remove its default gateway and push a static route with the IP of "blocked-website.xxx" to clients.

how to push this ip?
I need to pass about 100 ips of blocked websites

It's in SecNAT's GUI options. I don't see a CLI equivalent but if you stop the server and edit its config, DhcpPushRoutes is here: That said, it can accept only 64 entries, so back to the "local bridge to tap_soft and iptables nat with dnsmasq for dhcp" option as dnsmasq can handle all your 100 IPs.

I'm sorry, I still don't understand, how to forward e.g. 8.8.8.8 from client to the internet via vpn , but 1.1.1.1 not. And how to forwad all traffic via vpn with this setting.
I can run a GUI via VM.

The GUI will show you a routing example. To forward all traffic via vpn simply re-insert the removed default gateway.