Differences

This shows you the differences between two versions of the page.

--- softether_vpn_server_configuration [21 July 2025 / 20:04:24] – [Config: SecureNAT disable] kadek
+++ softether_vpn_server_configuration [03 October 2025 / 19:37:21] (current) – [Config: Layer 2 VPN Bridge Mode] kadek
@@ Line 42: / Line 42: @@
   exit
-==== Config: SecureNAT disable ====
+==== Config: Layer 2 VPN Bridge Mode ====
-Follow these steps if OS NAT is chosen instead of SecureNAT:
+Follow these steps if Local Bridge Connection is chosen instead of SecureNAT.
   * Disable SecureNAT if it's active:
@@ Line 66: / Line 66: @@
   * On cloud server disable the Reverse Path Filtering (RPF), edit **/proc/sys/net/ipv4/conf/ens3/rp_filter** make sure the value is **0** (0=disable, 1=strict, 2=loose)
-  * add this rule to IPTABLE (only VPN-to-VPN not get NATed):
+  * add this rule to IPTABLE:
-  sudo iptables -t nat -A POSTROUTING -s 192.168.40.0/24 ! -d 192.168.40.0/24 -o ens3 -j SNAT --to-source 10.28.138.200
+  sudo iptables -t nat -A POSTROUTING -s 192.168.40.0/24 -o ens3 -j MASQUERADE
+  sudo iptables -A FORWARD -i tap_vpn -o ens3 -j ACCEPT
+  sudo iptables -A FORWARD -i ens3 -o tap_vpn -j ACCEPT
   * check the IPTABLES rules:
@@ Line 74: / Line 76: @@
   sudo iptables -t nat -L -v -n
+  * Install this to make the IPTABLES rules persistent:
+  sudo apt install netfilter-persistent -y
+  * save the IPTABLES rules:
+  sudo netfilter-persistent save
+----
+   * Remember to enable ICMP on Windows if using Windows as the client for testing the ping!
+   * Some clouds have reverse path filtering activated, check /proc/sys/net/ipv4/conf/tap_vpn/rp_filter
+   * if the value is 2 (STRICT), set this off (temporary):
+  sudo sysctl -w net.ipv4.conf.tap_vpn.rp_filter=0
+  sudo sysctl -w net.ipv4.conf.all.rp_filter=0
+   *  or permanently, by editing /etc/sysctl.conf and change to this:
+  net.ipv4.conf.tap_vpn.rp_filter = 0
+  net.ipv4.conf.all.rp_filter = 0