Hi there

i've been strugling with softether as a vpn server on a virtual windows server on azure (some "pro-bono" work i am doing for an ONG, i got them an azure sponsorship and moved their pretty bad administration software to the cloud during the pandemic).

https://www.vpnusers.com/viewtopic.php?f=7&t=66587

There i mention my strugles, but no i want to focus on my probable incompetency on the mikrotik side (since its "working worse" than the softether <> softether setup i tried before).

Writing that post, i learnt how to force the local ip of the l2tp dynamic interface in the PPP profile.

After reading a ton of posts/documentation and watching a good deal of videos, i tried a lot, but sitll i only get conectivity from/to the SE VPN ip range (10.0.2.0/24). I can't get the azure server to reach anything on the local ip of the office.

Just before reading all this, i restored the initial config that had all the different points using the same 10.0.0.0/24 range, and enable proxy-arp, and now the server can ping the mikrotik/SE cascade server pc using their "softether ips" but not their "local" ones.
I managed to get the mikrotik l2tp client to the same functionality as the SE cascade server, but no to the point where the azure server can reach the network printer in the office.

Any tips for routes/firewall/other setting that might be missing to allow traffic between the office and the server and not just to allow the office to RDP to the server?

I'm attaching the old heX config i just exported (hopefully with nothing important left there).

This config was taken from my home device, which has been modified overtime with lots of stuff i found online, so some stuff might be wrong/weird for an office device :P

There i mention my strugles, but no i want to focus on my probable incompetency on the mikrotik side (since its "working worse" than the softether <> softether setup i tried before).

I've used softether before, but not with MikroTik.

The issue is probably actually on the softether side - you somehow need to tell softether what subnet the office is on so that when the office connects via L2TP it adds a route to its routing table to get to the office subnet via L2TP. Once you do this, you probably do not need proxy arp at all.

That's the thing, softether, AFAIK has one place to declare routes, that are only shared via the DHCP.
That's in the securenat function (which has secure nat and dhcp as 2 options).
Declaring rutes there did nothing.

I also tried declaring routes in windows command line, to no avail.

This happened both with mikrotik as l2tp client and with a local SE server conected to the cloud one using the cascade function.

Right now both options give me access to the SE ip range (or particular IPs if i use the same range for both local cloud/office network and SE. (this requieres particular routes on the mikrotik for SE ips, or it tries to reach them by itself and fails).

I can't use SE local bridge option, because the office "server" has only 1 network card and Azure has no support for mac spoofin or somethin else thats needed for local bridging.

I did try SE L3 virtual switch, with no success, but im not well versed on that.

SE forum is kinda dead for me, or i am making hard questions, i tried 4 different doubts there, with 0 answers :P

That's the thing, softether, AFAIK has one place to declare routes, that are only shared via the DHCP.

Then you probably just cannot use SoftEther for this use case. Run MikroTik CHR virtual machine in Azure instead.

That's the thing, softether, AFAIK has one place to declare routes, that are only shared via the DHCP.

Then you probably just cannot use SoftEther for this use case. Run MikroTik CHR virtual machine in Azure instead.

After a ton of reading it seems that for what I needed, I had to use local bridge in softether.

That is not an option in azure, so I will test with virtual nat.

If performance is not good, I'll try the mikrotik vm and check if I can manage it + my server for a year with the sponsorship.