connect to only one PC in a LAN from WLAN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Hanzie87
Posts: 6
Joined: Mon Mar 16, 2020 4:12 pm

connect to only one PC in a LAN from WLAN

Post by Hanzie87 » Mon Mar 16, 2020 4:26 pm

Hi,

I have a Notebook running a network server dongle for a "CAD" like software package.
I want this computer/dongle accessible thru the internet for my students (@ school and @ home).
I use softhether on the pc with de dongle attached. All my students are able to establish a connection to that pc. Great...

BUT, and here come's the question.
How can I limit the access to this computer only and not my entire home network?
How can I limit my students so they aren't using my internet for browsing/downloading/streaming...

HELP A Teacher with basic network skills out of this mess...

Thanks in advance.

ddunston
Posts: 22
Joined: Fri Mar 13, 2020 11:33 pm

Re: connect to only one PC in a LAN from WLAN

Post by ddunston » Mon Mar 16, 2020 5:16 pm

Hanzie87 wrote:
Mon Mar 16, 2020 4:26 pm
Hi,

I have a Notebook running a network server dongle for a "CAD" like software package.
I want this computer/dongle accessible thru the internet for my students (@ school and @ home).
I use softhether on the pc with de dongle attached. All my students are able to establish a connection to that pc. Great...

BUT, and here come's the question.
How can I limit the access to this computer only and not my entire home network?
How can I limit my students so they aren't using my internet for browsing/downloading/streaming...

HELP A Teacher with basic network skills out of this mess...

Thanks in advance.
What is the brand and model for your router? Some have a DMZ option or you can put it on a Guest Wifi network so it is separate from your main network.

Hanzie87
Posts: 6
Joined: Mon Mar 16, 2020 4:12 pm

Re: connect to only one PC in a LAN from WLAN

Post by Hanzie87 » Tue Mar 17, 2020 9:06 am

Hi, my router is my broadband connection. It has a DMZ function, but I can't use the dmz simultaneous with other port forwarding rulez.

It is also necessary to leave the pc with the dongle on Lan.

Any solutions???

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: connect to only one PC in a LAN from WLAN

Post by centeredki69 » Tue Mar 17, 2020 8:56 pm

Set a static IP on the Notebook so the "SE-server and CAD" resources are always found at that IP address. Setup SE " local bridge" if you haven't already. In the SE server manager do as follows. ** Server Manager => highlight Virtual HUB => "manage virtual HUB" => "manage access list"=>new IPv4
I have created pics with the setting you need based on my home IP address range (192.168.69.0/24). However, yours most likely is different (192.168.1.0/24 or 192.168.0.0/24)What ever it is you will need to match your network subnet.
access list 1.jpg
access list 2.jpg
access list 3.jpg
You do not have the required permissions to view the files attached to this post.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: connect to only one PC in a LAN from WLAN

Post by centeredki69 » Tue Mar 17, 2020 8:57 pm

access list 4.jpg
Please Note your student will not be able to browse the Internet when connected to the VPN unless they make changes on the client side.
You do not have the required permissions to view the files attached to this post.

Hanzie87
Posts: 6
Joined: Mon Mar 16, 2020 4:12 pm

Re: connect to only one PC in a LAN from WLAN

Post by Hanzie87 » Wed Mar 18, 2020 1:17 pm

Thanks,

Can you tell me what I have (They have) to do on the client side for acces to the internet?
I read somewhere / something like sending a routing table???

Kind regards

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: connect to only one PC in a LAN from WLAN

Post by centeredki69 » Wed Mar 18, 2020 4:15 pm

Please verify the settings I posted work with your setup. I tested them on my own network and they seem to achieve your needs. As far as the cilent settings a split tunneling setup would most likely be best. This would direct the student Internet traffic out their own ISP gateway but allow them access to the Notebook resources at your location via the VPN using the SE server settings previously posted. This possibly could be done from the serve side but I don't know how. I can help with the clients though. Are the Students using the "softether client" or MS native clients or another type. The settings depend on the client.

Hanzie87
Posts: 6
Joined: Mon Mar 16, 2020 4:12 pm

Re: connect to only one PC in a LAN from WLAN

Post by Hanzie87 » Thu Mar 19, 2020 9:48 am

The students all have to use SoftEther as client service.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: connect to only one PC in a LAN from WLAN

Post by centeredki69 » Thu Mar 19, 2020 11:05 am

On Windows Client Machine Install SE-client software. Create the connection to the server. This process will require the user to create a “virtual network adaptor” default name is “VPN”
Next you need to change the interface Metric on the network adapters. The metric sets the priority of which network settings to use over the other. The lower the number the higher the priority.
To view all adapters. Press the Windows key and the R key at the same time to open the Run box. Type ncpa.cpl and hit Enter.
NICS.jpg
Highlight the chosen adapter and Right mouse, choose properties > highlight - tcp/ip v4 > properties > advanced > uncheck " automatic metric" > set metric to " 1, 5 or 10 (SEE BELOW) " > ok >ok > ok
metric.jpg
On the “Ethernet” hardwired (RJ45) physical NIC (not virtual NIC) uncheck automatic metric and set it to "1" and save
On any “Wi-Fi” physical NICs uncheck automatic metric and set it to "5" and save
On the Virtual "VPN" NIC uncheck automatic metric and set it to " 10 " and save
Reboot the PC Connect to the VPN.
You do not have the required permissions to view the files attached to this post.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: connect to only one PC in a LAN from WLAN

Post by centeredki69 » Thu Mar 19, 2020 11:09 am

On Windows Client Machine Install SE-client software. Create the VPN connection to the VPN server. This process will require the user to create a “virtual network adaptor” default name is “VPN”----Next you need to change the interface Metric on the network adapters. The metric sets the priority of which network settings to use over the other. The lower the number the higher the priority. ----- To view all adapters. Press the Windows key and the R key at the same time to open the Run box. Type ncpa.cpl and hit Enter.
NICS.jpg
You do not have the required permissions to view the files attached to this post.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: connect to only one PC in a LAN from WLAN

Post by centeredki69 » Thu Mar 19, 2020 11:12 am

Highlight the chosen adapter and Right mouse, choose properties > highlight - tcp/ip v4 > properties > advanced > uncheck " automatic metric" > set metric to " 1, 5 or 10 (SEE BELOW) " > ok >ok > ok
A) On the “Ethernet” hardwired (RJ45) physical NIC (not virtual NIC) uncheck automatic metric and set it to "1" and save. B) On any “Wi-Fi” physical NICs uncheck automatic metric and set it to "5" and save. C)On the Virtual "VPN" NIC uncheck automatic metric and set it to " 10 " and save.
Reboot the PC Connect to the VPN.
metric.jpg
You do not have the required permissions to view the files attached to this post.

Hanzie87
Posts: 6
Joined: Mon Mar 16, 2020 4:12 pm

Re: connect to only one PC in a LAN from WLAN

Post by Hanzie87 » Thu Mar 19, 2020 3:11 pm

Thanks a lot already,

The first set of option works almost perfect. The students still be able to use my network printer (strange). They still can reach the dongle (Great).
They can't connect to the internet like you said.

When apply the non automatic metric setting, For test I applied to Lan 1 and Virtual 10. SE still connects but dongle can't be found anymore. Internet is back.
When the Lan adapter is set back to automatic. The dongle is again reachable. Internet is gone...

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: connect to only one PC in a LAN from WLAN

Post by centeredki69 » Thu Mar 19, 2020 3:38 pm

Is the dongle being accessed as a share on the NoteBook?
When applying the interface metric settings can you see the Notebook under "network" in file manager.
Can you ping the Notebook IP address?

Hanzie87
Posts: 6
Joined: Mon Mar 16, 2020 4:12 pm

Re: connect to only one PC in a LAN from WLAN

Post by Hanzie87 » Tue Mar 24, 2020 2:16 pm

Hi,

The computer is responding to ping messages. If the Metric options are set 1, 5, 10.

Meanwhile I took some time to play with a few of the settings.
What I changed is the blocking rule to all incoming and outgoing packets. So no IP adress is given. This will block really everything.
Then I added 2 more rules to the acces list. for allowing broadcast packets. The first pol of the software is always broadcast.
The only 2 things I changed on the client side is the metric setting for the Virtual adapter from 1 to 10 so i'ts most likely that the automatic settings have a higher priority for internet. And a static IP adress cause this is no longer available from the dhcp server (blocked by acces list).

I want to thank Centeredki69 for pointing me in the right direction. With a few days of trail and error I made something that works for me.

Even if the client side doesn't make changes they are able to use the software, they only have no internet anymore.

hankr123
Posts: 1
Joined: Sat Sep 12, 2020 3:16 pm

Re: connect to only one PC in a LAN from WLAN

Post by hankr123 » Sat Sep 12, 2020 3:24 pm

Kindly check the settings I posted work with your arrangement. I tried them on my own organization and they appear to accomplish your necessities. To the extent the customer settings, a split burrowing arrangement would probably be ideal. This would coordinate the understudy Internet traffic out their own ISP entryway yet permit them admittance to the Notebook assets at your area through the VPN utilizing the SE worker settings recently posted. This should be possible from the worker side yet I don't know-how. I can help with the customers, however. Are the Students utilizing the "softer customer" or MS local customers or another sort? The settings rely upon the customer.

Post Reply