Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Packets forwarding not working with Secure NAT enabled with vDHCP enabled and vNAT disabled #1948

Closed
2 tasks done
CravateRouge opened this issue Feb 2, 2024 · 4 comments
Closed
2 tasks done

[BUG] Packets forwarding not working with Secure NAT enabled with vDHCP enabled and vNAT disabled #1948

CravateRouge opened this issue Feb 2, 2024 · 4 comments

Comments

@CravateRouge
Copy link

CravateRouge commented Feb 2, 2024
edited

Prerequisites

  • Can you reproduce?
  • Are you running the latest version of SoftEtherVPN?

SoftEther version: SoftEther VPN 4.42 Build 9798 RTM (June 30, 2023)
Component: Server
Operating system: Debian 11 on Azure
Architecture: 64 bits

Description

Packets forwarding from the SoftEther virtual network to other networks doesn't work when Secure Nat is enabled with vDHCP enabled and vNAT disabled.

Expected behavior:
Packets forwarding should work with Secure Nat without vNAT

Actual behavior:
Packets forwarding doesn't work with Secure Nat enabled with vNAT disabled

Steps to reproduce

Here is the current configuration:

./vpncmd [...] /CMD BridgeCreate DEFAULT /DEVICE:soft /TAP:yes
./vpncmd [...] /CMD SecureNatEnable
./vpncmd [...] /CMD DhcpEnable
./vpncmd [...] /CMD NatDisable
./vpncmd [...] /CMD DhcpSet /START:192.168.30.10 /END:192.168.30.200 /MASK:255.255.255.0 /EXPIRE:7200 /GW:192.168.30.1 /DNS:192.168.30.1 /DNS2:none /DOMAIN:none /LOG:no /PUSHROUTE:""

sysctl -w net.ipv4.ip_forward=1
sysctl -p
ip addr add 192.168.30.1/24 dev tap_soft
iptables -t nat -A POSTROUTING -s 192.168.30.0/24 -j SNAT --to-source 10.0.0.4

# If I do the command below my clients can access to other networks but L2TP clients are not served by the vDHCP anymore
./vpncmd [...] /CMD SecureNatDisable
@shakibamoshiri
Copy link

I cannot see setting an IP for the hub
try this and report again , if did not work

/CMD SecureNatHostSet /MAC:none /IP:192.168.30.2 /MASK:255.255.255.0;

an IP for the gateway => 192.168.30.1
an IP for the hub => 192.168.30.2
some IPs for clients => 192.168.30.10 ~ 192.168.30.200

@CravateRouge
Copy link
Author

I still have the same issue doing:

/CMD SecureNatHostSet /MAC:none /IP:192.168.30.2 /MASK:255.255.255.0;
# I also tried
/CMD SecureNatHostSet /MAC:none /IP:192.168.30.1 /MASK:255.255.255.0;

I can ping those IPs from my softether clients but I can't reach other networks

@shakibamoshiri
Copy link

this is incorrect ,

/CMD SecureNatHostSet /MAC:none /IP:192.168.30.1 /MASK:255.255.255.0;

here is the full setup

/CMD BridgeCreate VPN /DEVICE:vpn /TAP:yes;
/CMD SecureNatHostSet /MAC:none /IP:192.168.30.2 /MASK:255.255.255.0;
/CMD DhcpEnable;
/CMD DhcpSet /START:192.168.30.10 /END:192.168.30.210 /MASK:255.255.255.0 /EXPIRE:7200 /GW:192.168.30.1 /DNS:8.8.8.8 /DNS2: /DOMAIN: /LOG:yes;
/CMD NatDisable;
/CMD SecureNatEnable;


ip link set tap_vpn up
ip addr add 192.168.30.1/24 brd + dev tap_vpn

then you should be able to ping

  • 192.168.30.1
  • 192.168.30.2

then client can connect

@CravateRouge
Copy link
Author

I can confirm it works now, thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CravateRouge @shakibamoshiri