New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Softether local bridge no internet access
http://blog.lincoln.hk/blog/2013/05/17/softether-on-vps-using-local-bridge/
I used this guide to setup Softether using local bridge on a clean debian install, but I'm not getting internet access after connecting to the VPN. However, everything works fine when I enable SecureNAT.
http://image.prntscr.com/image/827268783c2443b58fd736b93170f38a.png
http://image.prntscr.com/image/d6e95e42988249448e0928779ce45a14.png
How do I fix it? I'd just use SecureNAT, but from what I read, using local bridge is better.
Thanked by 1deadbeef
Comments
did you make sure to enable ip forwarding and run that iptables rule?
also it wont work with natted vps.
iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j SNAT --to-source [VPS IP ADDRESS]
I did this, but how to confirm?
I tried iptables -S and got this only
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
EDIT: yea its not a nat vps.
I also have net.ipv4.ip_forward = 1 in /etc/sysctl.d/ipv4_forwarding.conf
sysctl -p
yea I did sysctl --system
Are you getting IP?
I'm getting this
Doesn't seem right. Did you modify the dnsmasq file?
Really sounds like you missed a small thing? I followed both tutorials a lot and can tell it is working... Mind sharing ifconfig from your vm?
as others have said please share ifconfig (you can remove most of the IP with XX)
yea I did, these are the last three lines
Yea I've missed something for sure, but I don't know what is it.
Re-installed the VPS few times and followed that tutorial again, but still getting the same result.
http://pastebin.com/raw/vyS3CtsQ
okay
your problem is you appear to have a NAT vps will only work on pub ip's
inet addr:172.20.13.79
It's not NAT though. I'm using lunanode.com.
it clearly is. (notice the 172 part) which is nat
https://whois.domaintools.com/172.20.13.79
IP Location Private Ip Address Lan
it may not be large scale nat but a sticky IP type but it's still NAT
to confirm the entry is there you need to specify the table when listing, so
should be the command you're looking for...
for the rest of it, let's try to narrow it down somehow ;-)
what protocol and client are you using to connect?
is this an OVZ or KVM VPS?
do you have any other firewall-rules or filters in place?
just for protocol: you deactivated securenat before trying localbridge?
if anything fails, feel free to shoot me a PM if you want me to have a look at it...
I get this now
http://pastebin.com/raw/ykWUjH00
Also, I've sent you a pm. Thank you.
looks right to me, just like the other things you posted above... I'll see how I can help you any further ;-)
as i said above you wont be able to fix this as OP is using NAT you need a public IP only for SE bridge.
you may be right ;-)
I am looking into it right now, and it seems I have missed @Four20 posting the full ifconfig via pastebin before. finally your answer above makes sense ^^
yet I'd say it depends on the whole network configuration lunanode is using on these, may be some kind of full 1:1 forwarding - seen something like this on hetzner VMs before.
so I do think it may work if the iptables nat rule is set to the IP given for eth0 instead of the external, only problem is this may change on a reboot or at least on a reinstall (it now is .13.80).
will try to get it working and report back later ;-)
EDIT: indeed just changing the IPtables nat rule to that local IP of eth0 instead of that real public one made it working correctly ;-)
PM'ed with @Four20 so he hopefully can try himself and confirm if this will work.
Thanks for the help everyone.
@Falzo was more than helpful and he fixed it for me, thanks mate!
Awesome, I've always had the same issue and was just enabling SecureNAT as a workaround. Great to know, thank you guys!
the problem was on the iptable, you needed to use your internal IP instead of the public one. This is for NAT