Hi Community
I’m trying to build a network shown on the diagram.
The issue is that I cannot to install SofthEtherVPN Bridge in Datacenter and Office, I have only IKEv2/IPSEC tunnels there.
What I managed:
- Users are connected to SoftEther and have access to Internet via WAN
- IPSEC tunnels are working
- IP routing from SoftEther to Datacenter and Office are working
What is the problem:
SoftEther does NAT on all IP packets, even on those that routed to IPsec tunnels and I see source IP in these packets in Datacenter and Office as 123.123.123.123, that does them a bit useless since I cannot identify users and “the traffic from VPN users” in general
I tried all modes in advanced options: Kernel mode, Raw IP mode, User mode. It doesn’t help.
Question:
Is it possible that SoftEther doesn’t do SNAT on packets to IPSec tunnels and keeps source IP addresses from DHCP pool of SecureNAT?
Disable NAT for particular routes
-
- Posts: 3
- Joined: Thu Apr 18, 2024 10:11 am
Disable NAT for particular routes
You do not have the required permissions to view the files attached to this post.
-
- Posts: 1486
- Joined: Sun Feb 14, 2021 10:31 am
Re: Disable NAT for particular routes
Fix your iptables, not SoftEther.
-
- Posts: 3
- Joined: Thu Apr 18, 2024 10:11 am
Re: Disable NAT for particular routes
what particularly I should fix? as far as understand Softether changes IP headers regardless of iptables settings and BEFORE to pass packets to the system, so all packets source IP is 123.123.123.123 when they come to iptables, what I can to do with this then in iptables? they already don't have information about user IP. I want to know how to keep this information unchanged.
-
- Posts: 1486
- Joined: Sun Feb 14, 2021 10:31 am
-
- Posts: 3
- Joined: Thu Apr 18, 2024 10:11 am
Re: Disable NAT for particular routes
Just to close this topic.
Solution was to disable NAT into SecureNAT but leave DHCP working. After that I managed to control traffic with iptables.
Solution was to disable NAT into SecureNAT but leave DHCP working. After that I managed to control traffic with iptables.