SoftEther VPN User Forum

Hi Community

I’m trying to build a network shown on the diagram.
The issue is that I cannot to install SofthEtherVPN Bridge in Datacenter and Office, I have only IKEv2/IPSEC tunnels there.
What I managed:
- Users are connected to SoftEther and have access to Internet via WAN
- IPSEC tunnels are working
- IP routing from SoftEther to Datacenter and Office are working

What is the problem:
SoftEther does NAT on all IP packets, even on those that routed to IPsec tunnels and I see source IP in these packets in Datacenter and Office as 123.123.123.123, that does them a bit useless since I cannot identify users and “the traffic from VPN users” in general

I tried all modes in advanced options: Kernel mode, Raw IP mode, User mode. It doesn’t help.

Question:
Is it possible that SoftEther doesn’t do SNAT on packets to IPSec tunnels and keeps source IP addresses from DHCP pool of SecureNAT?

Fix your iptables, not SoftEther.

solo wrote: ↑

Fri Apr 19, 2024 12:48 am

Fix your iptables, not SoftEther.

what particularly I should fix? as far as understand Softether changes IP headers regardless of iptables settings and BEFORE to pass packets to the system, so all packets source IP is 123.123.123.123 when they come to iptables, what I can to do with this then in iptables? they already don't have information about user IP. I want to know how to keep this information unchanged.

andrv wrote: ↑

Thu Apr 18, 2024 10:59 am

I tried all modes in advanced options: Kernel mode, Raw IP mode, User mode. It doesn’t help.

If you truly had tried "DisableKernelModeSecureNAT = 1", there should be no IP confusion.
Double-check it, set it, restart the process, re-test.

Just to close this topic.
Solution was to disable NAT into SecureNAT but leave DHCP working. After that I managed to control traffic with iptables.