Access VPN Client Adapter on PC from Internet

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
mindbender
Posts: 2
Joined: Wed Apr 05, 2023 9:12 am

Access VPN Client Adapter on PC from Internet

Post by mindbender » Wed Apr 05, 2023 9:39 am

I'm trying to setup a scenario where my local VPN Client adapter can be reached from the Internet via the VPN Server running on AWS.

I have set up two interfaces on the instance(eth0 and eth1) and bridged eth1 to a Hub. I connect to the Hub from eth0. The Hub sees my client(softeth1) with static IP and the bridge(MAC address even though it has a private IP and an elastic IP associated) but I can't ping eth1 from my client adapter.

I will like to be able to access services on my client adapter(softeth1) from the internet via the public IP on eth1.

I'm stuck around this point. What is the best way to go about this?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Access VPN Client Adapter on PC from Internet

Post by solo » Wed Apr 05, 2023 10:12 am

If you intend to connect as follows, then you do not need the bridge.

[client A] ===> [AWS VPN server] <=== [client B]

VPN server
- no bridge
- yes SecureNAT with all defaults (although vNAT is optional in your context)
- no L3
- no VPN Azure
- no/yes IPsec/L2TP
- no/yes OpenVPN/MS-SSTP
- add 2 VPN users

As for the client-server no-ping issue, it's a Linux kernel limitation, don't worry about it. VPN clients will be able to ping each other.

mindbender
Posts: 2
Joined: Wed Apr 05, 2023 9:12 am

Re: Access VPN Client Adapter on PC from Internet

Post by mindbender » Wed Apr 05, 2023 6:23 pm

solo wrote:
Wed Apr 05, 2023 10:12 am
If you intend to connect as follows, then you do not need the bridge.

[client A] ===> [AWS VPN server] <=== [client B]

VPN server
- no bridge
- yes SecureNAT with all defaults (although vNAT is optional in your context)
- no L3
- no VPN Azure
- no/yes IPsec/L2TP
- no/yes OpenVPN/MS-SSTP
- add 2 VPN users

As for the client-server no-ping issue, it's a Linux kernel limitation, don't worry about it. VPN clients will be able to ping each other.
Almost but not exactly.

[client A] ===> [VPN Hub on AWS server] <=== [client B(either NAT or Bridge or veth) with public IP port forwards packet to client A] <===== [Random user connecting to services on client A]


Something like the above. The idea is to expose services running on client A to the world

Thanks

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Access VPN Client Adapter on PC from Internet

Post by solo » Thu Apr 06, 2023 1:07 am

mindbender wrote:
Wed Apr 05, 2023 6:23 pm
Almost but not exactly.
Why not? As promised above, "VPN clients will be able to ping each other" and more as they are on Layer 2. They may be "clients" on VPN but on application layer they are server/client both ways. Just enable SE vDHCP, or soft tap the hub to dnsmasq, or set static IPs, and you're good to go.

Post Reply