Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
softether_vpn_server_configuration [28 May 2025 / 07:21:24] kadeksoftether_vpn_server_configuration [03 October 2025 / 19:37:21] (current) – [Config: Layer 2 VPN Bridge Mode] kadek
Line 42: Line 42:
   exit   exit
  
-==== Config: Virtual Hub ====+==== Config: Layer 2 VPN Bridge Mode ====
  
-Follow these steps if Virtual Hub is chosen instead of SecureNAT:+Follow these steps if Local Bridge Connection is chosen instead of SecureNAT.
  
   * Disable SecureNAT if it's active:   * Disable SecureNAT if it's active:
Line 50: Line 50:
   SecureNatDisable   SecureNatDisable
  
-  * Create the Bridge, EtherSoft will add **tap_** prefix created **tap_vpn** for the tap device:+  * Create the Bridge, EtherSoft will add **tap_** prefix, and created **tap_vpn** for the tap device:
  
   BridgeCreate YOUR_HUB_NAME /DEVICE:vpn /TAP:yes   BridgeCreate YOUR_HUB_NAME /DEVICE:vpn /TAP:yes
  
 +  * Log out from the admin console:
 +
 +  exit
 +
 +  * Assign IP address to the tap device using DHCP, follow this guide: [[DHCP Server]]
 +  * Enable IP Forwarding:
 +
 +  sudo sysctl -w net.ipv4.ip_forward=1
 +
 +  * Make it permanent by ensuring this parameter **net.ipv4.ip_forward=1** on file **/etc/sysctl.conf**
 +  * On cloud server disable the Reverse Path Filtering (RPF), edit **/proc/sys/net/ipv4/conf/ens3/rp_filter** make sure the value is **0** (0=disable, 1=strict, 2=loose)
 +
 +  * add this rule to IPTABLE:
 +
 +  sudo iptables -t nat -A POSTROUTING -s 192.168.40.0/24 -o ens3 -j MASQUERADE
 +  sudo iptables -A FORWARD -i tap_vpn -o ens3 -j ACCEPT
 +  sudo iptables -A FORWARD -i ens3 -o tap_vpn -j ACCEPT
 +
 +  * check the IPTABLES rules:
 +
 +  sudo iptables -t nat -L -v -n
 +
 +  * Install this to make the IPTABLES rules persistent:
 +
 +  sudo apt install netfilter-persistent -y
 +
 +  * save the IPTABLES rules:
 +
 +  sudo netfilter-persistent save
 +
 +----
 +
 +   * Remember to enable ICMP on Windows if using Windows as the client for testing the ping!
 +   * Some clouds have reverse path filtering activated, check /proc/sys/net/ipv4/conf/tap_vpn/rp_filter
 +   * if the value is 2 (STRICT), set this off (temporary):
 +
 +  sudo sysctl -w net.ipv4.conf.tap_vpn.rp_filter=0
 +  sudo sysctl -w net.ipv4.conf.all.rp_filter=0
 +
 +    or permanently, by editing /etc/sysctl.conf and change to this:
 +
 +  net.ipv4.conf.tap_vpn.rp_filter = 0
 +  net.ipv4.conf.all.rp_filter = 0