Table of contents
- 1.10.11.1 Utilizing SecureNAT to Make Things More Convenient
- 1.1.About SecureNAT
- 1.2.Accessing an Extremely Secure LAN Via Remote Access That Was Not Possible With Previous Technologies
- 2.10.11.2 Using SecureNAT For Amazingly Simple, Secure Remote Access With No Administrator Rights
- 3.10.11.3 A Practical Example Network
- 3.1.Network Layout Example
- 3.2.Purpose
- 3.3.Preliminary Preparation
- 4.10.11.4 Starting Up VPN Bridge on the Remote LAN
- 4.1.Configuring and Starting Up VPN Bridge
- 4.2.Beginning the Initial Configuration of VPN Bridge
- 4.3.Enabling SecureNAT
- 4.4.Configuring the Cascade Connection to the VPN Server On the Internet
- 4.5.Starting the Cascade Connection
- 5.10.11.5 Using Remote Access
- 6.10.11.6 SecureNAT and Security
- 7.10.11.7 The Dangers of Misusing SecureNAT
So, the MNE 4.1.0 release package includes the Mac OS X 4.0.0 client and DEGO software packages. 9: This release package now includes the Mac OS X 4.1.0 client and DEGO software packages to support Mac OS X Sierra 10.12.0. The Windows client packages have not been updated in this release. Explore the best Network software for Mac. Browse our catalog of over 50 000 mac apps. MacUpdate is serving app downloads since 1997.
Before, administrator rights were a necessity when setting up a remote access VPN. But by using the SecureNAT capability built in to SoftEther VPN Server and SoftEther VPN Bridge you can build a remote access VPN that does not require administrator rights but retains all of the same functionality. This section will explain how to use SecureNAT to enable you to access your LAN from a remote location.
10.11.1 Utilizing SecureNAT to Make Things More Convenient
About SecureNAT
As explained in section 3.7 Virtual NAT & Virtual DHCP Servers, SecureNAT consists of the TCP/IP stack operated in user mode and Virtual NAT/Virtual DHCP Server. In particular, when IP access via Virtual NAT is performed the data is automatically relayed to the host using Socket API at the user level. This is a very advanced and intriguing technology.
Accessing an Extremely Secure LAN Via Remote Access That Was Not Possible With Previous Technologies
As explained in section 10.4 Build a Generic Remote Access VPN, to set up a VPN to allow remote access to an existing LAN from a remote location you must first install VPN Server on the LAN you wish to connect to remotely. In addition, that VPN Server must be able to be seen from the Internet. Finally, use local bridging to connect the Virtual Hub to the physical LAN and your remote access VPN is complete. This type of configuration will allow you to connect to an existing LAN remotely, but you will need system administrator (or network administrator) rights to complete the set-up in the following two locations:
- When using the local bridge functionality to make a bridged connection between the Virtual Hub and the existing LAN you will need system privileges or administrator rights on the computer you install VPN Server to in order to execute the vpnserver process in service mode or user mode.
- To enable access to the VPN Server from the Internet you will need to have a global IP address or configure your NAT or firewall to enable port forwarding to your VPN Server. You will need network administrator privileges to perform this configuration.
Therefore, if you want to enable secure and easy remote access to a device you have installed or are managing on a LAN, you will not be able to use VPN Server to set up a remote access VPN server as you would normally because you will need both system administrator and network administrator privileges on that LAN.
10.11.2 Using SecureNAT For Amazingly Simple, Secure Remote Access With No Administrator Rights
Your network environment must meet the following criteria to set up a remote access VPN using SecureNAT. Please refer to section 3.7 Virtual NAT & Virtual DHCP Servers for more information about the SecureNAT functionality.
- There must be a computer running Windows, Linux, FreeBSD, Solaris, or Mac OS X that you can log on to as at least a general user on the LAN you wish to connect to remotely.
- Also, you should receive confirmation from your network or system administrator that it is OK to access the LAN remotely before you begin setting up anything.
Normally, a LAN that meets the above conditions but consists of private IP addresses behind a NAT, firewall, or proxy server can not be connected to from outside the network. However, by utilizing the revolutionary new SecureNAT technology available only with SoftEther VPN you will be able to connect to even this type of network freely and securely from a remote location.
10.11.3 A Practical Example Network
Network Layout Example
In order to make the explanation in this section easier to understand, the method described here is for the sample network layout shown in the image below.
Network Layout.
First, there is a very secure network protected by a firewall or NAT that can not be accessed from the Internet. For this example, the network's IP address is 192.168.1.0/24. However, web sites can be viewed on the network by routing traffic through the firewall or NAT proxy server first. Also, the computer at IP address 192.168.1.1 is running Linux, although any other operating system that will run VPN Bridge such as Windows or Solaris is also acceptable. Assume that you do not have root access to this computer, but can log on to it as a general user. There is also a laser printer connected to the network at 192.168.1.10 that needs to be maintained.
Purpose
The reasons for using SecureNAT in the example network layout above are the following:
- You will be able to perform remote maintenance on the laser printer at 192.168.1.10 on the network 192.168.1.0/24 which normally blocks all connections from the Internet.
- If you explain to the administrator of 192.168.1.0/24 the situation and receive permission to set up such a VPN, but are worried about costs or the difficulty of changing the network's firewall settings, you can still set up the VPN without modifying the firewall.
Now we will explain in detail how to perform remote maintenance on the laser printer at 192.168.1.10 once you have reached this point in setting up the VPN.
Preliminary Preparation
The computer you set up with VPN Server beforehand at the IP address 130.158.6.51 is the VPN Server computer. Create a Virtual Hub on this VPN Server (the default Virtual Hub 'DEFAULT' will do) and create a user so that you can connect to that Virtual Hub later through VPN Bridge (assume you make the user 'test' with password authentication for this example). Please refer to section 3. SoftEther VPN Server Manual for more information about configuring VPN Server.
10.11.4 Starting Up VPN Bridge on the Remote LAN
Configuring and Starting Up VPN Bridge
First, you will need to physically visit the remote LAN (in this case, the LAN that contains the laser printer for remote maintenance at 192.168.1.10) at least once for the initial configuration process.
What you will need to do here is to log in as a general user to the Linux computer with the IP address 192.168.1.1 and install SoftEther VPN Bridge.
VPN Bridge is free to use if you just want to use it to connect to VPN Server. After unpacking the VPN Bridge Linux install package's tar.gz file and installing VPN Bridge on the computer at 192.168.1.1, the executable file vpnbridge will be created.
Assuming that you can only log on to 192.168.1.1 as a general user, you will have to run VPN Bridge in user mode. As shown below, run vpnbridge with the start option. Please refer to section 5.2 Operating Modes for more detailed configuration information.
This will launch VPN Bridge on the computer at 192.168.1.1. To launch VPN Bridge under Windows, use the /usermode option, not the start option.
Beginning the Initial Configuration of VPN Bridge
Next you will configure VPN Bridge using VPN Server Manager or the command line management utility vpncmd. If there is a Windows machine elsewhere on the network but an explanation is not given on how to configure something with VPN Server Manager, you can perform the same methods as described for vpncmd on a UNIX machine. Please refer to section 6. Command Line Management Utility Manual for more information about vpncmd.
First, launch VPN Server Manager.
VPN Server Manager.
Bwanadik 4.1.0 10.11.5 For Mac High Sierra
Next, when you click [Create New Setting], the [Create New Connection Setting] window will appear. In the [Host Name] field of this window, input 192.168.1.1, the IP address of the computer you ran VPN Bridge on earlier. Click [OK].
Creating a VPN Bridge Connection Configuration.
If you double-click the connection configuration you just made, an administrative connection will be made to the VPN Bridge and the administration window will be displayed. If this is the first time you have connected to the VPN Bridge, a message asking you if you would like to set an administrator password will appear. Set a password at this time.
Connection to the VPN Bridge Completed.
Enabling SecureNAT
Clicking the [Manage Virtual Hub] button on the administration window will display a window labeled [Management of Virtual Hub - 'BRIDGE'].
![Bwanadik 4.1.0 10.11.5 For Mac Bwanadik 4.1.0 10.11.5 For Mac](/uploads/1/1/9/6/119618569/400118287.jpg)
The Virtual Hub Administration Window.
On this window, click the [Virtual NAT and Virtual DHCP Server (SecureNAT)] button. This will display the [Virtual NAT and Virtual DHCP Function (SecureNAT) Setting] window. After reading the notices on this window carefully, click the [Enable SecureNAT] button.
Enabling SecureNAT.
Now click the [Exit] button. This will take you back to the [Management of Virtual Hub - 'BRIDGE'] window.
Configuring the Cascade Connection to the VPN Server On the Internet
Next click the [Manage Cascade Connections] button. Then click [Create]. A window labeled [New VPN Connection Setting Properties] such as the one below will be displayed.
Configuring the Cascade Connection to the VPN Server On the Internet.
You will input the following items in the [New VPN Connection Setting Properties] window:
[Setting Name]
Designate some arbitrary name such as 'Bridge'.
[Host Name]
Input the IP address of the computer that you installed VPN Server on beforehand. (In this example, 130.158.6.51.)
[Port Number]
Input one of the listener ports of the computer that you installed VPN Server on beforehand. We recommend using port number 443 if you have to go through any firewalls or proxy servers.