Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Does anyone have Softether + DnsMasq running on a NAT server?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Does anyone have Softether + DnsMasq running on a NAT server?

foxezfoxez Member
edited June 2015 in Help

Really curious if anyone have a Nat server running Softether + Dnsmasq at this very moment, working. I have no problems setting it up on "normal" servers but when it comes to Nat its impossible :p

Comments

  • TarZZ92TarZZ92 Member
    edited June 2015

    No. secure NAT is the only option for NAT'ted vps

  • guyz92guyz92 Member
    edited June 2015

    @foxez said:
    Really curious if anyone have a Nat server running Softether + Dnsmasq at this very moment, working. I have no problems setting it up on "normal" servers but when it comes to Nat its impossible :p

    I have 5 NAT VPS with EvoBurst with SoftEther + local bridge.

    SSL VPN, OpenVPN and SSTP is working.

    All you have to do is to redirect your ports on iptable.

    For example, you are allocated 16200-16220, on iptable, you have to do port redirect to the original port softether is listening. After that you should be able to connect via eg 16218 as your OpenVPN port.

    Meaning client connect to 16218, server redirect to port 1194.

    Another way is to configure SoftEther to listen on the forwarded ports.

    For SNAT address, use the IP address you have on ifconfig venet0:0 not the shared public address.

    Good luck.

    Thanked by 1Chuck
  • foxezfoxez Member

    @guyz92 this is how my iptables look like, im listening to one of my open ports:

    Assign $TAP_ADDR to our tap interface

    /sbin/ifconfig $TAP_INTERFACE $TAP_ADDR
    #

    Forward all VPN traffic that comes from VPN_SUBNET through $NET_INTERFACE interface for outgoing packets.

    iptables -t nat -A POSTROUTING -o $NET_INTERFACE -s $VPN_SUBNET -j SNAT --to-source $YOUREXTERNALIP

    Alternate rule if your server has dynamic IP

    iptables -t nat -A POSTROUTING -s $VPN_SUBNET -o $NET_INTERFACE -j MASQUERADE

    #

    Allow VPN Interface to access the whole world, back and forth.

    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    iptables -A INPUT -s $VPN_SUBNET -m state --state NEW -j ACCEPT
    iptables -A OUTPUT -s $VPN_SUBNET -m state --state NEW -j ACCEPT
    iptables -A FORWARD -s $VPN_SUBNET -m state --state NEW -j ACCEPT

  • guyz92guyz92 Member
    edited July 2015

    iptables -t nat -A POSTROUTING -s $VPN_SUBNET -j SNAT --to-source $YOUREXTERNALIP

    $YOUREXTERNALIP = venet0:0 ip address

    NOT YOUR "SHARED IPv4 Address"

Sign In or Register to comment.