How to configure SoftEther VPN on a dual NAT'd Home network

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
s6suther8and
Posts: 2
Joined: Sat May 13, 2023 12:01 pm
Location: North Charleston, SC 29406

How to configure SoftEther VPN on a dual NAT'd Home network

Post by s6suther8and » Thu May 25, 2023 12:10 pm

Intent: Create VPN connections using SoftEther software ONLY at the Layer-2 level for remote access and control of friends & family computers for troubleshooting, updates and configurations using mostly Windows 10 & 11 Pro Remote Desktop Connection & Remote Assistance vi the SoftEther VPN.

Current setup: Home network: 2 NAT'd networks: Private & Public using 2 different Class C Private address ranges using 2 identical home routers and a cable modem. The ISP assigns a dynamic Global IPV4 to the Public Router to gain Internet access, changing about every 3-4 weeks. The Private router goes through the Public router to gain Internet access. The Private router WAN port connects to the Public router via 1 of the 4 ethernet ports on the back of the Public router. The IP address of the Private router WAN port is statically assigned by the Public router using it's DHCP reserved addressing based on MAC address. Each router has at least 1 24-port GB switch to expand the available ethernet ports. The Cable modem connects to the WAN port of the Public router. This Public WAN IP address is dynamic.

VPN Initial setup: Using a Linux Ubuntu 22.04 LTS laptop with dual hardwired NICs. I have 1 NIC on the Public network. I have 1 NIC on the Private network. I am using the latest full release SoftEther VPN Server. I have the Public NIC as a NOT BRIDGED connection as this is where I want the VPN Clients connecting to the virtual hub Public. I have the Private NIC as a Local BRIDGED connection to the Private network via the virtual hub Private. I have not yet implemented Cascading. I believe I need to.

Configuration Input Please: I'm not sure if this VPN Server is properly configured. I have the SoftEther DDNS and Azure both active. I use their names for the Client's Internet connection since I DO NOT DESIRE TO OPEN ANY FIREWALL PORTS. Hence my path is to use HTTPS to pass through the Cable Router's & PC firewalls WITHOUT OPENING any ports.

I have attached a network diagram to assist understanding & communications.

I hope to receive your guidance in correcting my understanding, setup, configuration and managing this network.

If you would like to talk to save time & typing, please call me at 843-513-5430 at anytime 24 hours per day. English is my only language.

Thanks...Steven
You do not have the required permissions to view the files attached to this post.
Last edited by s6suther8and on Fri May 26, 2023 11:53 pm, edited 1 time in total.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: How to configure SoftEther VPN on a dual NAT'd Home network

Post by solo » Fri May 26, 2023 2:53 am

s6suther8and wrote:
Thu May 25, 2023 12:10 pm
Intent: Create VPN connections using SoftEther software ONLY at the Layer-2 level for remote access and control of friends & family computers for troubleshooting, updates and configurations using mostly Windows 10 & 11 Pro Remote Desktop Connection & Remote Assistance vi the SoftEther VPN...
But unless you remove the bridge, you have created access to your own LAN for your friends. Regardless, this config is OK, it'll always work on VPN Azure address. Does it work on DDNS address?

If not, AND you do not like the slow and limited VPN Azure performance, then you need to establish a SE gateway server on a VPS.
https://www.vpnusers.com/viewtopic.php? ... 157#p98420
https://www.vpnusers.com/viewtopic.php? ... 247#p98907
https://www.vpnusers.com/viewtopic.php? ... 180#p98572

s6suther8and
Posts: 2
Joined: Sat May 13, 2023 12:01 pm
Location: North Charleston, SC 29406

Re: How to configure SoftEther VPN on a dual NAT'd Home network

Post by s6suther8and » Fri May 26, 2023 11:43 pm

Solo: Thanks for your timely reply about my VPN Home Network setup. From your comment about removing the bridge I have to my Private network via the Hub-Private and Private NIC:

1. Can I still access and remotely control their remote end-point PCs using MS RDP, VNC, etc... from the Private Network software via the SoftEther VPN just like I was on their local network segment if I remove the Local Bridge on the Private NIC? Or must I use the Public Network only to control their PCs Is this the correct understanding of removing the bridge between the physical NIC and the virtual Hub-Private?

2. By removing the bridge, would I also lose my ability to access my Private network resources (printers, servers, etc...) when I attach to my Public network? My permitted users (name & password) on both Public & Private and the VPN hubs are just myself currently and will be each permitted user to connect to my location when I have the VPN Server Hub online. With no troubleshooting or control needed the Server Service Hub will be off-line.

3. I have not yet tried the DDNS service provided by SoftEther services.

Thanks for your timely inputs.

Steven

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: How to configure SoftEther VPN on a dual NAT'd Home network

Post by solo » Sat May 27, 2023 1:32 am

For security reasons keep the bridged hub for your own exclusive use and add another isolated hub for remote access of other PCs. If you do not worry about security, then it's OK as is. However, do test DDNS first because if your ISP does not allow incoming connections, "AND you do not like the slow and limited VPN Azure performance", this network topology is useless.

Post Reply