Enabling Virtual NAT & Virtual DHCP on SoftEther VPN Server Print

Hello there! I’m Corels from Emmanuel Corels Creatives, and today we’re going to explore a powerful feature in SoftEther VPN that many users find incredibly useful: Virtual NAT and Virtual DHCP Server. These features let your SoftEther VPN Server provide NAT and IP address assignment to connected VPN clients without requiring additional physical devices. This is especially handy when you want to create a complete, self-contained VPN environment where remote users can access the internet or internal resources seamlessly.

What Are Virtual NAT and Virtual DHCP?

• Virtual NAT:
  Virtual NAT (Network Address Translation) allows your SoftEther VPN Server to translate private VPN client IP addresses into the public IP address of the server. This lets VPN clients access the internet through the VPN tunnel as if they were on a local network.

• Virtual DHCP Server:
  Virtual DHCP Server automatically assigns IP addresses, DNS servers, and gateway settings to VPN clients. With this feature, you can manage IP address allocation entirely within SoftEther without relying on external DHCP servers.

Together, these features create a fully self-contained network environment within your SoftEther VPN Server, making it ideal for remote access, branch connectivity, or even lab environments.

Step 1: Prepare Your SoftEther VPN Server

Before you begin, ensure that:

• Your SoftEther VPN Server is installed and running (on Linux, Windows, etc.).
• You have created a Virtual Hub (for example, named “MyVPNHub”) and set an administrator password.
• You’re connected to the VPN Server via vpncmd or the SoftEther VPN Server Manager.

To start, launch vpncmd:

sudo /usr/local/softether/vpncmd

Then, select 1 for VPN Server mode, and connect locally. Once connected, enter your Virtual Hub:

Hub MyVPNHub

Step 2: Enabling Virtual DHCP Server

Virtual DHCP allows your VPN clients to obtain IP addresses automatically.

1. Enable Virtual DHCP Server:
   At the vpncmd prompt, type:

   DHCPEnable
   

   You will be prompted to specify parameters for the DHCP server. Follow these steps:

   • IP Address Range: Define the IP address range for VPN clients. For example, if you want clients to receive addresses in the 10.10.10.0/24 subnet, you might set the gateway to 10.10.10.1 and allocate addresses from 10.10.10.2 to 10.10.10.254.
   • DNS Server: Specify the DNS servers you want VPN clients to use (e.g., 8.8.8.8,8.8.4.4).
   • Lease Time: Set a suitable lease time (in seconds) for the DHCP leases. For instance, 3600 seconds (1 hour) is a common starting point.

2. Confirm Configuration:
   To review your Virtual DHCP settings, you can use:

   DHCPInfoGet
   

   This command displays the current DHCP configuration for your Virtual Hub.

Note: If you’re using the SoftEther VPN Server Manager GUI, look for the “Virtual DHCP Server” option in your Virtual Hub settings and configure the same parameters via the interface.

Step 3: Enabling Virtual NAT

Virtual NAT enables VPN clients to access external networks using the VPN Server’s public IP address.

1. Enable Virtual NAT:
   At the vpncmd prompt, type:

   NATEnable
   

   This command activates the Virtual NAT function on your Virtual Hub.

2. Configure NAT Parameters (if needed):
   By default, Virtual NAT translates VPN client IP addresses to the VPN Server’s external IP. In most cases, the default settings are sufficient. However, if you need to customize the NAT behavior (for instance, if you have multiple external IP addresses), consult the SoftEther documentation for advanced configuration options.

3. Verify NAT Status:
   To ensure Virtual NAT is active, use:

   NATStatusGet
   

   This displays the current NAT configuration and status.

Note: Virtual NAT works in tandem with Virtual DHCP. Once enabled, VPN clients receiving an IP from the Virtual DHCP Server will automatically have their traffic NATed to the VPN Server’s public IP, allowing internet access.

Step 4: Testing Your Virtual NAT and DHCP Setup

1. Connect a VPN Client:
   Configure your VPN client (using SoftEther VPN Client or an OpenVPN-compatible client, if you generated such a configuration) to connect to your SoftEther VPN Server.

2. Check IP Assignment:
   Once connected, verify that the client receives an IP address within your designated range (e.g., an address in the 10.10.10.0/24 subnet). You can usually check this in your client’s network settings.

3. Test Internet Access:
   Open a browser on the VPN client and visit a website to ensure that traffic is correctly NATed through the VPN Server.

4. Ping the Gateway:
   On the client, open a terminal or command prompt and run:

   ping 10.10.10.1
   

   Confirm that the VPN gateway (set in your Virtual DHCP configuration) is reachable.

Final Thoughts

Enabling Virtual NAT and Virtual DHCP on your SoftEther VPN Server creates a self-sufficient network environment for your VPN clients. They’ll automatically receive IP addresses and have their traffic translated for internet access—all without the need for external hardware or separate DHCP servers.

This setup is ideal for remote workers, branch office connectivity, or even lab environments where you want a complete, centralized VPN solution. Take your time to test and fine-tune the settings based on your network requirements, and feel free to reach out if you have any questions.

Happy VPN-ing, and here’s to seamless connectivity!

Explained with clarity by
Corels – Admin, Emmanuel Corels Creatives