Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
softether_vpn_server_configuration [28 May 2025 / 07:24:18] kadeksoftether_vpn_server_configuration [03 October 2025 / 19:37:21] (current) – [Config: Layer 2 VPN Bridge Mode] kadek
Line 42: Line 42:
   exit   exit
  
-==== Config: Virtual Hub ====+==== Config: Layer 2 VPN Bridge Mode ====
  
-Follow these steps if Virtual Hub is chosen instead of SecureNAT:+Follow these steps if Local Bridge Connection is chosen instead of SecureNAT.
  
   * Disable SecureNAT if it's active:   * Disable SecureNAT if it's active:
Line 58: Line 58:
   exit   exit
  
-  * Assign IP address to the new tap device created (this is mandatory before started the DHCP service later):+  * Assign IP address to the tap device using DHCP, follow this guide: [[DHCP Server]] 
 +  * Enable IP Forwarding:
  
-  sudo ip addr add 192.168.30.1/24 dev tap_vpn+  sudo sysctl -w net.ipv4.ip_forward=1 
 + 
 +  * Make it permanent by ensuring this parameter **net.ipv4.ip_forward=1** on file **/etc/sysctl.conf** 
 +  * On cloud server disable the Reverse Path Filtering (RPF), edit **/proc/sys/net/ipv4/conf/ens3/rp_filter** make sure the value is **0** (0=disable, 1=strict, 2=loose) 
 + 
 +  * add this rule to IPTABLE: 
 + 
 +  sudo iptables -t nat -A POSTROUTING -s 192.168.40.0/24 -o ens3 -j MASQUERADE 
 +  sudo iptables -A FORWARD -i tap_vpn -o ens3 -j ACCEPT 
 +  sudo iptables -A FORWARD -i ens3 -o tap_vpn -j ACCEPT 
 + 
 +  * check the IPTABLES rules: 
 + 
 +  sudo iptables -t nat -L -v -n 
 + 
 +  * Install this to make the IPTABLES rules persistent: 
 + 
 +  sudo apt install netfilter-persistent -y 
 + 
 +  * save the IPTABLES rules: 
 + 
 +  sudo netfilter-persistent save 
 + 
 +---- 
 + 
 +   * Remember to enable ICMP on Windows if using Windows as the client for testing the ping! 
 +   * Some clouds have reverse path filtering activated, check /proc/sys/net/ipv4/conf/tap_vpn/rp_filter 
 +   * if the value is 2 (STRICT), set this off (temporary): 
 + 
 +  sudo sysctl -w net.ipv4.conf.tap_vpn.rp_filter=0 
 +  sudo sysctl -w net.ipv4.conf.all.rp_filter=0 
 + 
 +    or permanently, by editing /etc/sysctl.conf and change to this: 
 + 
 +  net.ipv4.conf.tap_vpn.rp_filter = 0 
 +  net.ipv4.conf.all.rp_filter = 0