Scenario / Questions

My intention is to route all Internet traffic via a remote machine behind multiple NATs. The ISP’s NAT servers are not under my control. I do control my own NAT server, which is a local router. Both server and client are running Windows 7 (client – x64 and server – x86).

For this purpose, I’ve set up a SoftEther VPN server and connect to it via a SoftEther VPN client. The server is configured to use VPN Azure because it is not able to “punch” a hole in my ISP’s NAT. This excludes the possibility of using the built-in IPSec/L2TP VPN on the client as it doesn’t understand VPN Azure.

By running a few tests I have discovered, however, this with this setup my client’s Internet traffic still goes via a local Internet gateway. I’ve studied the route tables on the client and found out that the SoftEther has only set up routes for a few remote LAN IPs and not for all Internet IPs. I’ve tried to fix this by manually adding a new route:

route add 0.0.0.0 mask 0.0.0.0 0.0.0.0 metric 2 if 22

where 22 – is the an interface created by the SoftEther client. However, it seems that the server drops any packets which are not addressed to the remote LAN (I am not sure about this).

How can I configure the SoftEther client to automatically create routes for all IPs and SoftEther server to route all Internet packets via a remote gateway? Or is there an alternative solution for such a task?

P.S. I’ve tried using NAT32, but it appears to somehow mingle with Internet connection on the server making it unusable for local users.

Find below all possible solutions or suggestions for the above questions..

Suggestion: 1

First of all, I have to say that I don’t know SoftEther at all. But I will post you some general hints to think about.

1.) You should not add manual routes with a default gateway of “0.0.0.0”. This will lead to nothing.

Try it with:

route add 0.0.0.0 mask 0.0.0.0 192.168.0.1 metric 2 if 22

Where 192.168.0.1 is the internal IP of your SoftEther VPN server. But this could source for other problems: For example, the public IP of you VPN server will not be reachable then, so you would have to add a manual route for this, too. It all together is presumably not worth the effort.

2.) Instead, you should look for a setting called “Split-Tunnel” which is available with the most VPN solutions. This setting, if disabled, makes the VPN client route every traffic through the tunnel but ensures its own connectivity.

I hope this helps a little bit.

Regards