Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
softether_vpn_server_configuration [21 July 2025 / 20:02:42] kadeksoftether_vpn_server_configuration [03 October 2025 / 19:37:21] (current) – [Config: Layer 2 VPN Bridge Mode] kadek
Line 42: Line 42:
   exit   exit
  
-==== Config: SecureNAT disable ====+==== Config: Layer 2 VPN Bridge Mode ====
  
-Follow these steps if OS NAT is chosen instead of SecureNAT:+Follow these steps if Local Bridge Connection is chosen instead of SecureNAT.
  
   * Disable SecureNAT if it's active:   * Disable SecureNAT if it's active:
Line 64: Line 64:
  
   * Make it permanent by ensuring this parameter **net.ipv4.ip_forward=1** on file **/etc/sysctl.conf**   * Make it permanent by ensuring this parameter **net.ipv4.ip_forward=1** on file **/etc/sysctl.conf**
-  * On cloud server disable the Reverse Path Filtering (RPF), edit **/proc/sys/net/ipv4/conf/ens3/rp_filter** make sure the value is **0** +  * On cloud server disable the Reverse Path Filtering (RPF), edit **/proc/sys/net/ipv4/conf/ens3/rp_filter** make sure the value is **0** (0=disable, 1=strict, 2=loose) 
-(1=strict, 2=loose)+ 
 +  * add this rule to IPTABLE: 
 + 
 +  sudo iptables -t nat -A POSTROUTING -s 192.168.40.0/24 -o ens3 -j MASQUERADE 
 +  sudo iptables -A FORWARD -i tap_vpn -o ens3 -j ACCEPT 
 +  sudo iptables -A FORWARD -i ens3 -o tap_vpn -j ACCEPT
  
   * check the IPTABLES rules:   * check the IPTABLES rules:
Line 71: Line 76:
   sudo iptables -t nat -L -v -n   sudo iptables -t nat -L -v -n
  
-  * add this rule to IPTABLE (only VPN-to-VPN not get NATed):+  * Install this to make the IPTABLES rules persistent: 
 + 
 +  sudo apt install netfilter-persistent -
 + 
 +  * save the IPTABLES rules: 
 + 
 +  sudo netfilter-persistent save 
 + 
 +---- 
 + 
 +   * Remember to enable ICMP on Windows if using Windows as the client for testing the ping! 
 +   * Some clouds have reverse path filtering activated, check /proc/sys/net/ipv4/conf/tap_vpn/rp_filter 
 +   * if the value is 2 (STRICT), set this off (temporary): 
 + 
 +  sudo sysctl -w net.ipv4.conf.tap_vpn.rp_filter=0 
 +  sudo sysctl -w net.ipv4.conf.all.rp_filter=0
  
-  sudo iptables -t nat -A POSTROUTING -s 192.168.40.0/24 ! -d 192.168.40.0/24 -o ens3 -j MASQUER+    or permanently, by editing /etc/sysctl.conf and change to this:
  
 +  net.ipv4.conf.tap_vpn.rp_filter = 0
 +  net.ipv4.conf.all.rp_filter = 0