Hello!
I've tried to google my problem multiple times, but I still stuck with my issue. I want to configure my VPN server to have an access to blocked websites. (I would like to have two options: have an ability route all traffic and route only specific ip subnet)
I've installed recently softether vpn on linux.
Secure NAT is enabled (otherwise my router with SSTP support won't connect). Local bridge to the WAN is up.
I have a successful connection from my router (I get an IP address) and on VPN CLient on Windows, but I can't access to the internet from this VPN server.
What should I do?
Can't access the internet (simple question)
-
- Posts: 1318
- Joined: Sun Feb 14, 2021 10:31 am
Re: Can't access the internet (simple question)
Hello, you can't use SecNAT and a bridge simultaneously. You don't say much else about the server, I'm assuming it's on a VPS. If so keep SecNAT only. For the optional complex routing you'd need a different config: no SecNAT, instead use a local bridge to tap_soft and iptables nat with dnsmasq for dhcp.
-
- Posts: 4
- Joined: Sun Oct 02, 2022 9:22 am
Re: Can't access the internet (simple question)
You're right SoftEther on VPS.
oh, I thought I could do the same logic as I have on Openvpn :(
I've got the idea with dhcp and createing a local bridge, but.... How iptables helps to route "blocked-website.xxx" via VPN and "google.com" via own client internet provider?
oh, I thought I could do the same logic as I have on Openvpn :(
I've got the idea with dhcp and createing a local bridge, but.... How iptables helps to route "blocked-website.xxx" via VPN and "google.com" via own client internet provider?
-
- Posts: 1318
- Joined: Sun Feb 14, 2021 10:31 am
Re: Can't access the internet (simple question)
For this routing keep SecNAT, remove its default gateway and push a static route with the IP of "blocked-website.xxx" to clients.
-
- Posts: 4
- Joined: Sun Oct 02, 2022 9:22 am
Re: Can't access the internet (simple question)
how to push this ip?
I need to pass about 100 ips of blocked websites
I need to pass about 100 ips of blocked websites
-
- Posts: 1318
- Joined: Sun Feb 14, 2021 10:31 am
Re: Can't access the internet (simple question)
It's in SecNAT's GUI options. I don't see a CLI equivalent but if you stop the server and edit its config, DhcpPushRoutes is here:
That said, it can accept only 64 entries, so back to the "local bridge to tap_soft and iptables nat with dnsmasq for dhcp" option as dnsmasq can handle all your 100 IPs.
Code: Select all
declare SecureNAT
{
bool Disabled false
bool SaveLog false
declare VirtualDhcpServer
{
string DhcpDnsServerAddress 192.168.30.1
string DhcpDnsServerAddress2 0.0.0.0
string DhcpDomainName $
bool DhcpEnabled true
uint DhcpExpireTimeSpan 7200
string DhcpGatewayAddress 192.168.30.1
string DhcpLeaseIPEnd 192.168.30.200
string DhcpLeaseIPStart 192.168.30.10
string DhcpPushRoutes $
string DhcpSubnetMask 255.255.255.0
}
-
- Posts: 4
- Joined: Sun Oct 02, 2022 9:22 am
Re: Can't access the internet (simple question)
I'm sorry, I still don't understand, how to forward e.g. 8.8.8.8 from client to the internet via vpn , but 1.1.1.1 not. And how to forwad all traffic via vpn with this setting.
I can run a GUI via VM.
I can run a GUI via VM.
-
- Posts: 1318
- Joined: Sun Feb 14, 2021 10:31 am
Re: Can't access the internet (simple question)
The GUI will show you a routing example. To forward all traffic via vpn simply re-insert the removed default gateway.