Differences

This shows you the differences between two versions of the page.

--- softether_vpn_server_configuration [21 July 2025 / 20:19:20] – [Config: SecureNAT disable] kadek
+++ softether_vpn_server_configuration [03 October 2025 / 19:37:21] (current) – [Config: Layer 2 VPN Bridge Mode] kadek
@@ Line 66: / Line 66: @@
   * On cloud server disable the Reverse Path Filtering (RPF), edit **/proc/sys/net/ipv4/conf/ens3/rp_filter** make sure the value is **0** (0=disable, 1=strict, 2=loose)
-  * add this rule to IPTABLE (only VPN-to-VPN not get NATed):
+  * add this rule to IPTABLE:
-  sudo iptables -t nat -A POSTROUTING -s 192.168.40.0/24 ! -d 192.168.40.0/24 -o ens3 -j SNAT --to-source 10.28.138.200
+  sudo iptables -t nat -A POSTROUTING -s 192.168.40.0/24 -o ens3 -j MASQUERADE
+  sudo iptables -A FORWARD -i tap_vpn -o ens3 -j ACCEPT
+  sudo iptables -A FORWARD -i ens3 -o tap_vpn -j ACCEPT
   * check the IPTABLES rules:
@@ Line 76: / Line 78: @@
   * Install this to make the IPTABLES rules persistent:
-  sudo apt install iptables-persistent
+  sudo apt install netfilter-persistent -y
   * save the IPTABLES rules:
-  sudo iptables-save > /etc/iptables/rules.v4
+  sudo netfilter-persistent save
-  * Or...:
+----
+   * Remember to enable ICMP on Windows if using Windows as the client for testing the ping!
+   * Some clouds have reverse path filtering activated, check /proc/sys/net/ipv4/conf/tap_vpn/rp_filter
+   * if the value is 2 (STRICT), set this off (temporary):
+  sudo sysctl -w net.ipv4.conf.tap_vpn.rp_filter=0
+  sudo sysctl -w net.ipv4.conf.all.rp_filter=0
+   *  or permanently, by editing /etc/sysctl.conf and change to this:
+  net.ipv4.conf.tap_vpn.rp_filter = 0
+  net.ipv4.conf.all.rp_filter = 0
-  sudo netfilter-persistent save