Connecting a Local Virtual Machine Directly to a SoftEtherVPN Server
With SoftEtherVPN Client you can create Layer 2 (L2) connections between the client and server. Since SoftEther creates a "Virtual NIC" which emulates a physical NIC you can pass it through to a Virtual Machine like any other network adapter. This allows your VM to think it has an Ethernet Cable connected directly to the VPN server without having to install or configure a VPN client on the VM itself. This is a great solution for creating Virtual or even Mobile "clouds"
Coming Soon...
Please refer to the VPN Server setup here
You will need sudo or root access
Compile SoftEtherVPN on your host. Start the VPN server and configure a client with a virtual NIC (I call it vps
for this article) and Account for the VPN server. Once the client is connected DO NOT obtain an IP Address for the NIC. Run ip a
and copy the MAC address for the Virtual Adapter. Open up Virt-Manager and delete your current NAT network adapter. Add a new NIC and set the following settings
-
In
/etc/sysctl.conf
insertnet.ipv6.conf.vpn_vps.disable_ipv6=1
and reboot. This disables the pass-through adapter's ability to obtain an un-needed IPv6 address that would just cause issues on your host. If you have IPv4 issues, try throwing innet.ipv4.conf.vpn_vps.disable_ipv4=1
too and reboot. Changevpn_vps
to what you called your Virtual NIC. -
Set the bridge adapter to
vpn_vps
or whatever it is called
- Change the mode to passthrough
- Set the MAC address to match the one you got from
ip a
- Set the type to
VirtIO
(needed for IPv6)
Here is the above configuration in XML format for CLI users.
<interface type="direct">
<source dev="vpn_vps" mode="passthrough"/>
<mac address="5e:32:ff:01:07:1b"/>
<model type="virtio"/>
</interface>
-
Boot the machine and test for network connection. Install VirtIO drivers if needed on Windows.
-
Disable Temporary IPv6 address on Windows Guests via command prompt. Some Linux Guests will require DCHPv6 to be disabled (such as Ubuntu) or IPv6 autoconfiguration to be disabled such as in CentOS/RHEL/Rocky/openSUSE
Windows 10 has been tested. Windows Server 2019 and 2022 have been tested. Ubuntu, Rocky, Debian, and openSUSE have been tested.
Some operating systems such as Fedora and Windows 7 (and possibly 8/8.1) have IPv6 issues where in order to get access to the IPv6 internet you will need to manually configure the addresses through the system's network settings. It's less complicated than you may think. In the case of Windows, the IPv6 address should be in ipconfig. Just copy it into the manual settings, set the network bits to 64
, and set the default gateway (and DNS servers if you like) to the IPv6 address of the tap_vpn
adapter on the VPS (Frontend VPN Server). Operating Systems such as Rocky Linux or OpenSUSE may need to have an extra IPv6 address that needs to be removed. You can do that with the ip addr del _address_ dev _deviceName_
command. The IPv6 you should keep should be the one with the mngtmpaddr
next to it.
Download SoftEtherVPN Client Developer Edition Installer from our Azure pipelines Click on the latest run, Windows_x64 -> 2 artifacts. Once there go to the installer on the list, click the menu button on the left of the item, click "Download Artifacts" Once downloaded unzip the file and run the Client installer for x64. The installer works the same as the Stable version. You need Administrator Access to install and configure the software.
- Create a NIC in SoftetherVPN
- Set up an account in SoftEtherVPN and assign the VPN NIC to it
- In network and sharing center, change the Adapter settings and disable everything except for "VMware Bridge Protocol"
- Configure your VM's network settings to look like the following.
- Match the MAC address from the VPN adapter on the host to the VM's bridged NIC to create a network passthrough
- Boot the VM and test as needed. When it comes to IPv6, VMware Guests seem to work fine out of the box.