New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
No. secure NAT is the only option for NAT'ted vps
I have 5 NAT VPS with EvoBurst with SoftEther + local bridge.
SSL VPN, OpenVPN and SSTP is working.
All you have to do is to redirect your ports on iptable.
For example, you are allocated 16200-16220, on iptable, you have to do port redirect to the original port softether is listening. After that you should be able to connect via eg 16218 as your OpenVPN port.
Meaning client connect to 16218, server redirect to port 1194.
Another way is to configure SoftEther to listen on the forwarded ports.
For SNAT address, use the IP address you have on ifconfig venet0:0 not the shared public address.
Good luck.
@guyz92 this is how my iptables look like, im listening to one of my open ports:
Assign $TAP_ADDR to our tap interface
/sbin/ifconfig $TAP_INTERFACE $TAP_ADDR
#
Forward all VPN traffic that comes from VPN_SUBNET through $NET_INTERFACE interface for outgoing packets.
iptables -t nat -A POSTROUTING -o $NET_INTERFACE -s $VPN_SUBNET -j SNAT --to-source $YOUREXTERNALIP
Alternate rule if your server has dynamic IP
iptables -t nat -A POSTROUTING -s $VPN_SUBNET -o $NET_INTERFACE -j MASQUERADE
#
Allow VPN Interface to access the whole world, back and forth.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s $VPN_SUBNET -m state --state NEW -j ACCEPT
iptables -A OUTPUT -s $VPN_SUBNET -m state --state NEW -j ACCEPT
iptables -A FORWARD -s $VPN_SUBNET -m state --state NEW -j ACCEPT
iptables -t nat -A POSTROUTING -s $VPN_SUBNET -j SNAT --to-source $YOUREXTERNALIP
$YOUREXTERNALIP = venet0:0 ip address
NOT YOUR "SHARED IPv4 Address"