Disable NAT for particular routes

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
andrv
Posts: 3
Joined: Thu Apr 18, 2024 10:11 am

Disable NAT for particular routes

Post by andrv » Thu Apr 18, 2024 10:59 am

Hi Community

I’m trying to build a network shown on the diagram.
The issue is that I cannot to install SofthEtherVPN Bridge in Datacenter and Office, I have only IKEv2/IPSEC tunnels there.
softether.jpg
What I managed:
- Users are connected to SoftEther and have access to Internet via WAN
- IPSEC tunnels are working
- IP routing from SoftEther to Datacenter and Office are working

What is the problem:
SoftEther does NAT on all IP packets, even on those that routed to IPsec tunnels and I see source IP in these packets in Datacenter and Office as 123.123.123.123, that does them a bit useless since I cannot identify users and “the traffic from VPN users” in general

I tried all modes in advanced options: Kernel mode, Raw IP mode, User mode. It doesn’t help.

Question:
Is it possible that SoftEther doesn’t do SNAT on packets to IPSec tunnels and keeps source IP addresses from DHCP pool of SecureNAT?
You do not have the required permissions to view the files attached to this post.

solo
Posts: 1349
Joined: Sun Feb 14, 2021 10:31 am

Re: Disable NAT for particular routes

Post by solo » Fri Apr 19, 2024 12:48 am

Fix your iptables, not SoftEther.

andrv
Posts: 3
Joined: Thu Apr 18, 2024 10:11 am

Re: Disable NAT for particular routes

Post by andrv » Fri Apr 19, 2024 11:01 am

solo wrote:
Fri Apr 19, 2024 12:48 am
Fix your iptables, not SoftEther.
what particularly I should fix? as far as understand Softether changes IP headers regardless of iptables settings and BEFORE to pass packets to the system, so all packets source IP is 123.123.123.123 when they come to iptables, what I can to do with this then in iptables? they already don't have information about user IP. I want to know how to keep this information unchanged.

solo
Posts: 1349
Joined: Sun Feb 14, 2021 10:31 am

Re: Disable NAT for particular routes

Post by solo » Fri Apr 19, 2024 1:04 pm

andrv wrote:
Thu Apr 18, 2024 10:59 am
I tried all modes in advanced options: Kernel mode, Raw IP mode, User mode. It doesn’t help.
If you truly had tried "DisableKernelModeSecureNAT = 1", there should be no IP confusion.
Double-check it, set it, restart the process, re-test.

andrv
Posts: 3
Joined: Thu Apr 18, 2024 10:11 am

Re: Disable NAT for particular routes

Post by andrv » Thu May 02, 2024 4:31 pm

Just to close this topic.
Solution was to disable NAT into SecureNAT but leave DHCP working. After that I managed to control traffic with iptables.

Post Reply