There are two ways to connect networks with SoftEther VPN.
1) Bridge connection, where the networks are combined into one Ethernet segment. This option is inconvenient, because if both networks have services that require a single instance, then this will lead to conflicts (for example, DHCP). In addition, if there are many nodes in the network, then there will be an increase in broadcast traffic.
2) The second method builds on the first. But here a virtual OSI layer 3 switch is created that manages traffic between networks. An additional virtual hub (concentrator) is also created, to which the remote network is connected. Of the minuses: dynamic routing protocols are not supported, the IGMP protocol is not supported, static routes must be prescribed on nodes with shared resources.

This article discusses the second method.

The advantage of this scheme is that it is unnecessary to spend money on expensive VPN routers, and for paranoids to use the leaky PPTP protocol. Turned on the PC - and the connection automatically rose if the PC on the other end is also turned on. Communication performance depends on the speed of your Internet channel (including the routing performance of the router) and the power of the PC processor, because. traffic encryption is carried out by him.

We have two networks, with central nodes in the form of a router with a DHCP server and a WAN. You need to install SoftEther VPN Server on a PC in one network, and SoftEther VPN Bridge in another network.

Installing a VPN server on Windows

Installing SoftEther VPN Server is quite simple. I will illustrate it with pictures with a few comments. Download the distribution of SoftEther VPN Server from the official website and run it.
Select the installation option - VPN Server and click "Next".

Then we accept the terms of the agreement and select the standard installation.

After starting the VPN server, the administration window will appear, click the "Connect" button. Set the server administrator password.

Specify the server type - Site-to-Site VPN Server. (Center)

Then comes the setting of the dynamic DNS function, click Exit. You can later disable it by changing the line in the configuration file to: “declare DDnsClient ( bool Disabled true “ .

Next, you need to specify a physical network card to connect the virtual hub to the local network. The connection is made at the OSI data link layer, so the virtual hub does not receive any IP address on the network. However, some routers may notice the appearance of the subnet IP address 172.31.0.0/16 on the local network. This address is used to keep track of ARP entries matching IP addresses or something similar.

The next step is to set up L2TP access and enable Azure VPN. Let's skip these steps, because. they do not participate in this scheme. Azure VPN can be disabled if you have a white IP. If the address is grey, then don't disable and use the Azure VPN domain address instead of the IP.

Setting up a VPN server

At the end of the initial setup, we get into the server administration window. First of all, let's remove unnecessary ports (everything except 5555 - it is used to connect to the administration panel). We set some non-standard TCP port to listen on, for example, 7710. If you do not have a white IP address, then you need to listen on port 443 to use Azure VPN.
Now you need to create a second virtual hub to which the remote network will connect. To create a second hub, click the "Create a Virtual Hub" button. Let's name it, for example, by the number of the remote network - 12. It is unnecessary to create a Local Bridge in this virtual hub.

Next, select hub 12 and click "Mange Virtual Hub", then "Manage Users" create a user for the remote network. Let's call it "Network 12", instead of a password, we will use a self-signed certificate with a secret key.

Click "Create Certificate" and fill in the line "Common name".

Select the certificate format - X509 (certificate separately, secret key separately).

The saved certificate and private key will need to be uploaded to the SoftEther VPN Bridge client.
Next, you need to open the port in the router - the one that the server is listening on, and set up port translation on the PC with the server. You can read more about how to open ports in this article. .
For example, in pfSense, the rule for opening a port looks something like this. pfSense - when creating a rule for NAT, it automatically creates a rule for Firewall as well. Other routers may not do this, so you need to create both rules manually.

Also, in the firewall on both routers, it is necessary to allow the passage of traffic between networks. To allow the passage of any traffic, the rule will look like this:

If a firewall is enabled on computers, then it is also necessary to allow traffic for the desired network to pass through there.
Next, you need to create a virtual router. Click the "Layer 3 Switch Settings" button, create a new virtual router and click the "Edit" button. Next, you need to create virtual interfaces for each hub. For the hub with the name 10 we create an interface with the address 192.168.10.100, for the hub with the name 12 - 192.168.12.100. You can come up with your own addresses, the main thing is that they are not busy and each belong to its own subnet. The developers claim that it is not necessary to add routes, but it is better to add them just in case. To start the router, press the "Start" button.

VPN client setup

We start the installation of SoftEther VPN Server, while choosing the option to install SoftEther VPN Bridge. Click "Next" all the time, then set the administrator password.

At this step, we specify a network card to create a bridge with a local network.

After that, we get to the SoftEther VPN Bridge control panel. As you can see, many functions in this mode are disabled.

Next, you need to create a cascading connection to the SoftEther VPN server. Click "Mange Virtual Hub" then "Mange Cascade Connection" and fill in the connection data.
Settings name - connection name.
Host Name - white IP address or domain name of the DDNS router of the network where the server is installed. If you do not have a white IP address, then we use the Azure VPN service and write the domain name obtained in this service (vpn123456789.vpnazure.net). I think it is clear that without a white IP address, it is unnecessary to open ports on the router.
Port Number - the port the server is listening on.
Virtual Hub Name - the name of the virtual hub on the server.
User Authentication Settings - user authentication settings. Since we decided to use a self-signed certificate instead of a password, we select the line "Client Certificate Authentication". We write the username (in the example it is Network 12). Click "Specify Client Certificate", upload the certificate and secret encryption key.

Now you need to configure the connection settings - click “Advanced Settings”. Here you need to set the number of TCP connections, 8 is recommended for a broadband connection.

Routing setup

The setup consists in prescribing static routes in the routers of both subnets.
On the router 192.168.10.1 (see the diagram), we register the route to the network 192.168.12.0. It will look like this: 192.168.12.0 mask 255.255.255.0 gateway 192.168.10.100.
On the router 192.168.12.1, we register the route to the network 192.168.10.0: 192.168.10.0 mask 255.255.255.0 gateway 192.168.12.100.
For reliability, we reboot both PC and router.

Access to shared folders via SoftEther VPN

After the above settings, all computers on the network should normally "ping" each other (unless prohibited by the firewall). However, Windows shared folders cannot be accessed. This problem is solved by writing static routes directly on computers with shared resources. Run the Windows command prompt as an administrator and write the command:
for computers on the 192.168.10.0 network:
route -p add 192.168.12.0 mask 255.255.255.0 192.168.10.100
for computers on the 192.168.12.0 network:
route -p add 192.168.10.0 mask 255.255.255.0 192.168.12.100
This completes the setup. To analyze the traffic route, I advise you to use the Windows command line, the pathping command.

Ask questions in the comments.

Those who are willing to sacrifice essential freedom for a modicum of temporal security deserve neither freedom nor security.

Connecting to the SE VPN server using a graphical manager

We launch the utility for graphical management and connect to the server part. If the connection is made for the first time, then the password can be omitted. The system will ask you to install it in the next step.

Setting a new password for the server

Creating a new user in SE VPN

As a small bonus: SE VPN allows you to allow not only one single administrator to manage the server, but also a number of auxiliary persons. Each Virtual Hub can be connected to individual administrators, who will be limited in the settings to only the selected Hub. Which is very useful when creating and maintaining large networks based on SE VPN.

Peculiarities

But SoftEther VPN, for all its beauty, has some features that you need to understand, otherwise serious configuration problems may arise. The first thing I want to note stems from the fact that SE VPN works in User Space. For the Windows environment, the remark is not important, but for Unix/Linux/MacOS, the operation of the software in user space imposes a certain limitation. No matter how hard you try, you will not be able to reach the Host machine from the tunnel. No, the tunnel, and everything connected with it, will work. But you won’t be able to go through the tunnel to a computer with a VPN server. Nothing can be done here, this is the behavior of By Design. In this case, the developers recommend installing a second physical adapter on the Host and organizing a tunnel to it, and only then, using internal routing, forward the traffic where it should be.

Promiscuous Mode Warning

Another limitation is the need to use the so-called. promiscuous mode for the network adapter. In this mode, the network adapter, or rather its software, will not discard network packets that are not intended directly for this computer, but will transfer them for further processing. In general, the use of promiscuous mode is neither a problem nor a threat. In a “switched” network, and these are the majority now, you don’t receive other people’s packets. However, in cases where the highest performance is required from the network adapter, then promiscuous mode is not used. But in this case, only a single application “spins” on the computer itself, for example, a highly loaded application server or a database server.

Setting up promiscuous mode in Virtual Box

The remark about promiscuous mode is also valid for virtualization environments. For SE VPN to work, you must enable promiscuous mode in the settings of the virtual machine or its virtual network card. For example, in recent versions of VirtualBox, promiscuous mode is enabled in the network settings. In older versions, this procedure is performed via the command line.

When setting up SE VPN, very often you perform a tunnel health check simply by running the command ping with the address of the machine on the other side of the tunnel. But there is a peculiarity here. If there is a Windows machine on the other side, then when creating an L3 tunnel using different networks, it will not work just to check its availability. The fact is that Windows, by default, using the built-in Firewall, prohibits receiving and sending ICMP packets from networks other than the one in which the machine itself works. Therefore, you will have to shaman with a firewall or with security policies.

Well, the main thing you have to deal with is that when connecting from a mobile device, you need to remember that in this case connections are available either via IPsec or via OpenVPN. There is currently no implementation of SoftEther VPN to run on Android or iOS, at least the official versions.

When installing SE VPN on a Windows operating system, virtual network adapters are installed in the system, with the help of which SE VPN interacts with the outside world. Using standard Windows tools, you can manage these adapters, for example, remove or add the necessary protocols, change their settings. It is important not to overdo it, otherwise inexplicable problems may arise during the operation of SE VPN.

VPN Gate

I especially want to dwell on the VPN-Gate service and technology. VPN-Gate is an affiliate product with SoftEther VPN. It works entirely on SE technologies and is an integral part of the project. But this is de facto, de jure, they are not connected in any way, except that the VPN-Gate project exists under the wing of the same University of Tsukuba in Japan. VPN-Gate brings together volunteers from around the world to provide SE VPN connections for all sufferers from countries with overly controlled VPN traffic. If you cannot get to any of the sites, it is simply blocked in your country, then using VPN-Gate you can get to its content.

The speeds provided by volunteers are certainly not so hot, but such access is better than none. And all those who need high-speed access via VPN can easily buy themselves a paid VPN service in the jurisdiction they are interested in, since all the nooks and crannies of the network are full of such offers. To join the “free VPN cloud”, as it is called on the site, you just need to install SoftEther VPN on your computer and enable just one checkbox. And your server will stand on a par with other daredevils distributing access to the network from their servers. After all, according to the laws of many countries, if a cybercrime is committed through such a good "Samaritan", then he may well go as an accomplice. On the other hand, I can hardly imagine how some bearded ISIS man uses a free VPN cloud from his iPhone somewhere in the middle of the Syrian desert and commits a terrible crime.

However, the VPN-Gate project takes on a very specific role in protecting the privacy of citizens. And everyone who is not indifferent to cracking down on the Internet can join the list of volunteers. At the time of this writing, February 2017, almost 9,000 volunteers offer their services for unregulated access to the network through a VPN cloud on a gratuitous basis. During the existence of the project through the "cloud" users were able to pump more than 67 thousand TB of data over 3 billion connections, and there are 232 countries from .

The presence at the top of the list of China is quite justified. The party leadership protects citizens from the harmful effects of YouTube, Facebook and Google. But I can’t explain the first place in South Korea. And the US is in the top three. Apparently the rule of Obama and the atrocities of the NSA brought a rustle to the network. Russia is in the rightful 12th place in the list, Ukraine is 21st, ahead of Germany by a point, and Kazakhstan is 34th.

You can connect to the VPN-Gate VPN cloud either through the SoftEther VPN product itself, or you can use OpenVPN services, or use the standard L2TP/IPsec, MS-SSTP protocols. By the way, Android or iPhone / iPad users can use standard tools built into operating systems, or use specialized software that facilitates the process of connecting to distribution points in VPN-Gate, for example, this one.

Data protection is a concern for more and more people today. Trends are not only not encouraging, they are simply terrifying - even TVs are starting to follow us. The surest way is to always assume that someone is listening to us and preemptively defend ourselves. You can raise SSH tunnels and SOCKS’ify the necessary traffic through them, you can use HTTPS wherever possible by installing plugins for this. However, the most suitable technology for this was, is and will be VPN for a long time.

Where can I get a VPN to connect securely from various devices on the go and in public places? An easy and quick way is to use one of the many services. But from a security point of view, this method raises questions. Voluntarily let your traffic through the "uncle", and even pay extra for it is not too secure. Yes, and with anonymity, everything is not so good, a large service will hand you over with giblets on the first request, just remember the history of HideMyAss and LulzSec. Small muddy offices can unrestrictedly sniff you themselves. It is impossible to check the inner workings of a VPN service, and relying on assurances that no logs are kept is naive.

What's left for the poor paranoid? Raising a VPN server on your own, fortunately, you don’t need so much for this. Until recently, the most suitable implementation for your own server was OpenVPN. Its tangible minus is a rather complicated setup and unfriendliness to the average user. Only a person experienced in network affairs can install and configure it himself. The presence of a large number of step-by-step manuals on the Web does not help the situation much. In addition, OpenVPN requires access to TUN / TAP devices on the server, so not all VDS / VPS hostings are suitable for it. However, recently a powerful multi-protocol VPN server - SoftEther VPN - has been opened under the GPLv2 license. At first, and at second glance, this server is amazing with its capabilities.

It has its own SSL-VPN protocol, which is indistinguishable from normal HTTPS traffic (OpenVPN traffic can still be isolated using DPI). Declared support for L2TP/IPsec, MS-SSTP, OpenVPN, L2TPv3 and EtherIP, and for L2TP specified strict compatibility with built-in clients in iOS and Android. The server itself has versions for Windows, Linux, OS X, FreeBSD and Solaris and, according to the site, is the best alternative to OpenVPN, and it works faster.

A complete list of all goodies can be found on the official website. I will only highlight the main features. The VPN server can be managed entirely through a very thoughtful graphical interface, and this can be done remotely. Yes, yes, now it is possible to shove the server part on wdsk on Linux and remotely steer them from a nice GUI version for Windows. SoftEther VPN has a built-in NAT and DHCP server, so under Linux and FreeBSD you no longer need to fiddle with iptables and natd settings. In my opinion, creating your own VPN network has never been so easy to implement. The native SSL-VPN protocol can run over TCP, and multiple TCP sessions, UDP, and even ICMP are supported.

Trying

Consider this beauty from a practical point of view. To install, we need a dedicated server or VDS / VPS, SoftEther VPN does not require TUN / TAP devices for operation, so even frail options with any type of virtualization will do. The installation of the server part is quite simple. On the www.softether-download.com page, select the SoftEther VPN Server distribution package for the required operating system and architecture (in *nix, you can find out the OS architecture by using the uname -m command). For example, consider Linux, as the most common option on VDS. Download the distribution to the server in any way possible, then unpack and install:

Tar xzvf softether-vpnserver-v4.05-9416.tar.gz && cd vpnserver && make

We will be asked to confirm that we have read the License Agreement and agree to it. After that, our SoftEther VPN Server will be installed in this directory and ready to start. The documentation optionally advises moving it to /usr/local/vpnserver , but there is no difference, you can even run it from /var/tmp . Do you hear where I'm going? 🙂 Launch

./vpnserver start

That's it, our own VPN server is ready and by default it is waiting for our connection on ports 443, 992, 1194 and 5555. You can manage the server through its configuration file or, which is much more convenient, using management utilities. You can connect to it for management using the vpncmd console utility located in the same directory, or using the Windows GUI called SoftEther VPN Server Manager for Windows. It is included in SoftEther VPN Server for Windows, but you can install it separately by selecting the necessary checkboxes in the installer, or you can download a separate ZIP archive from the download page. Consider it as the most friendly.


To connect in Server Manager, we specify the host and port (any of the listened ones) of our server. When you connect for the first time, you will be asked to set an administrator password. Set your password and start setting up. It makes sense to edit the list of ports so as not to explicitly burn the VPN presence on the server. I leave only 443, and you choose to your liking. SoftEther VPN supports the so-called virtual hubs (Virtual Hubs), in fact, separate virtual VPN servers, each with its own administrators, VPN users, settings and ACL policies. We create such a hub, if it was not there by default, and go to its settings, where we need to create a user in Manage Users . SoftEther VPN supports various authentication methods, including certificate authentication, RADIUS, and NT Domain. To begin with, the usual Password Authentication is enough for us, so we simply set the username and password of the user. You can also look into the Security Policy, where you can limit the user's channel width and prohibit other joys.


In order for users connected to the VPN to have access to the Internet, we use NAT. All settings are located by the corresponding button in the context of the hub, we just need to enable NAT, leaving everything else by default. At this stage, you can already connect to the server using the SoftEther VPN client, which operates using its own SSL-VPN protocol, the setup is trivial and will not cause any difficulties. To connect via L2TP and L2TP/IPsec, you need to enable them on the server, the corresponding options are in IPsec / L2TP Settings . Similarly, support for OpenVPN clients is also enabled, and in this case SoftEther will even offer to generate an .ovpn configuration file for OpenVPN.


Now you can connect to the VPN both from desktop operating systems and from mobile devices, instructions for setting up a connection can be found on the network, they are no different from ordinary ones. Manuals with illustrations are also available at www.softether.org. It's time to feel like a proud owner of a VPN server or even, having bought a dozen servers in different countries, open your own VPN service :).

Unconventional VPN

Sometimes it happens that a direct connection between the client and the VPN server is difficult or impossible for some reason (local network, the exit from which is strictly firewalled on the edge router, or the server does not have an external IP and is behind NAT or has a dynamic address). A common case is that we have installed a VPN server at home and want to get home via a secure channel, but the trouble is, the home provider does not give us a valid IP address. But you never know for what reasons there may not be a direct line of sight to the server. And here SoftEther VPN has something to show us. The proprietary SSL-VPN protocol has a number of interesting techniques for overcoming network barriers. Moreover, they will not require any effort from us, everything works literally on the machine. In addition to the usual SOCKS / proxy support, which is no longer surprising after OpenVPN, SoftEther VPN can:

  • DDNS service;
  • NAT Traversal;
  • VPN over ICMP;
  • VPN over DNS;
  • Azure Cloud VPN.

If the server does not have a permanent IP or we just want convenience, SoftEther VPN will kindly provide us with a third-level domain in the *.softether.net domain. You do not even need to register, all that is required is to choose a subdomain to your liking, and it will work and update on its own. The functions of NAT penetration, ICMP and DNS tunneling are still poorly documented and not configured in any way. Therefore, to make sure they work, you may need Wireshark. However, by default, everything works more than fine. The NAT Traversal technique successfully pierced my firewall on my router, on which I blocked outgoing packets to the VPN server for the test, and was equally successful in connecting to the VPN server, which was located behind Full-Cone NAT. The problem of connecting to the home server is solved for me forever :). Keep in mind that NAT Traversal requires a third host, which is currently provided by SoftEther VPN.

It is impossible to influence which technique will be used in the current version. SoftEther VPN Client tries them one by one if the direct connection "on the forehead" failed. Connections are tried on the 137th and 53rd server ports, NAT Traversal is enabled, ICMP packets are sent. For VPN over ICMP, ICMP ECHO is used, or, in other words, a regular ping.

Conclusion

SoftEther VPN is developing very dynamically, and by the time you read this article, the functionality may become even more delicious. There has never been such a powerful and at the same time friendly open source solution. The project definitely deserves attention.

How soon can I interest you if I say that in this article we will talk about a VPN server that can raise L2TP / IPsec, OpenVPN, MS-SSTP, L2TPv3, EtherIP servers, and also has its own SSL-VPN protocol ”, which is indistinguishable from regular HTTPS traffic (which cannot be said about OpenVPN handshake, for example), can work not only via TCP / UDP, but also via ICMP (like pingtunnel, hanstunnel) and DNS (like iodine), works faster (by developers) of current implementations, builds L2 and L3 tunnels, has a built-in DHCP server, supports both kernel-mode and user-mode NAT, IPv6, shaping, QoS, clustering, load balancing and fault tolerance, can be run under Windows , Linux, Mac OS, FreeBSD and Solaris and is an Open-Source project under GPLv2?

That's it. This cannot be missed.

Uh-oh, what is this thing?
Most likely, you have not heard about this project before. The fact is that Daiyu Nobori (登大遊) started developing it as soon as he went to Tsukuba University, and PPTP did not work from the campus network. In 2003, when he was 18 years old, he released the first version of SoftEther, and he was attacked by the Japanese government, who believed that this project could be regarded as almost like malware, because. it allows you to bypass firewalls (OpenVPN was just emerging at the time), and can also "damage the image of other VPN products" and banned distribution of the program. He tried to explain himself, but because because of this, he could possibly be expelled from the university, he did not insist much and removed the program from free access. Some time passes, and Mitsubishi Materials Corporation offers to buy SoftEther 1.0 from him and sign a contract for 10 years (April 2004-April 2014), which gives the corporation the right to sell SoftEther and prohibits Daiyu Nobori from selling the program and / or based on it, but in March 2013 he starts distributing SoftEther for free, and just recently (January 4, 2014) it was opened under GPLv2. Unfortunately, there are still some problems with copyright right now, so some important features will probably not be seen in SoftEther until April 2014: Radius / Active Directory authentication, RSA key authentication, DoS protection, Source IP ACL, Syslog transfer and deep-inspect packet logging.
Description
A little more detail about the capabilities of the server:
  • Lots of virtual hubs. Those. not every server instance serves only its clients, but everything within the same server.
  • Remote-Access (client-to-LAN) and Site-to-Site (combining two or more LANs into one) tunnels.
  • Support for L2TP/IPsec, OpenVPN, MS-SSTP, L2TPv3, EtherIP and custom protocol
  • VPN over ICMP and over DNS (only through custom protocol)
  • Dynamic DNS and NAT Traversal via free relay ( yes, you can raise a VPN server with a gray IP!)
  • Logging
  • Built-in firewall
  • Support for IPv6 in L3 mode (well, in L2, of course, too)
  • Traffic shaping by user groups or specific users
  • SecureNAT (user-space NAT and DHCP server). Handy on non-server Windows
  • VLAN support
  • QoS support with automatic prioritization

The software consists of a server, bridge server, client, GUI (Windows only) and CUI administration utilities. A client is needed to connect one computer to a LAN (Remote Access VPN), and a bridge server is needed to connect two or more networks (Site-to-Site VPN). Unfortunately, the CUI is not very well documented yet and I was not able to start the server only from the CUI, I had to use the Windows version of the server and the GUI utility. It should be noted that the GUI utility can work not only with the local server, i.e. you can run the server itself on Linux, and administer it through a GUI utility under Windows. The GUI has only basic settings, to change advanced settings you will have to go into the config or use the CUI.

Here are some GUI screenshots to give you an idea of ​​what the server can do and how easy it is to set up.

Server management window

Hub management window

User editing

ACL with the ability to simulate packet loss and jitter

User Security Policy

Configuring SecureNAT

Configuring L2TP/IPSec

Configuring OpenVPN and SSTP

Consider installing and configuring the SoftEther VPN VPN server on Windows. SoftEther VPN allows you to network various devices, as it supports almost all popular network protocols.

Setting up SoftEther VPN client-server topology.

The VPN server here will be the central node to which clients will connect to gain access to the internal network. Download the latest RTM version and run the installation. Select the line SoftEther VPN Server and click next.


Here we tick the Remote Access VPN Server.

Then enter the name of the virtual hub.

The next step is to configure the dynamic DNS feature, you can turn it off later.

Then, if necessary, we set up an L2TP connection, specify the IPsec shared key.

Next is setting up Azure VPN - this is a free cloud service that allows you to establish a VPN connection to the server in the absence of an external ip address and open ports. To connect through it, you must specify the Azure VPN domain ID and port 443.

The last step is to specify the physical network interface that is connected to the local network.

Now you can configure accounts and TCP listening ports in the virtual hub. Port 5555 cannot be deleted, because a local server management client is connected through it. You can read about how to open the necessary ports in the router in the article.







In order to set up accounts, click Manage Virtual Hub, then Manage Users, create a new user. Enter a name, and also set the type of authentication. The following authentication types are supported: anonymous, password, individual certificate, signed certificate, RADIUS server authentication, and Windows NT domain controller. For example, let's create a user Test with password protection.



Setting up VPN clients.

Let's set up a L2TP/IPsec connection with a shared key on the client computer.

By default, clients are assigned IP addresses in the same range of the DHCP server to which the VPN server is connected.

It should be noted that SoftEther VPN has its own VPN client, which, according to the developer, is faster and encrypts traffic using SSL. Thus, it is difficult to distinguish it from HTTPS, hence the VPN will work even on networks where other protocols are blocked.
Installing and configuring your own client is quite simple. After the standard installation of the client, click the Add VPN Connection item and agree to create a virtual network adapter.




Next, write the name of the adapter.




Then a window for creating a new VPN connection will appear, specify here the server address, port, virtual hub name on the server and user credentials.



If suddenly, when connecting a VPN connection, the local network becomes unrecognized, then you need to click Advanced Settings (see the picture above) and check the box No Adjustments of Route Table. You can also change the priorities of network connections, more details in the article.




That's all, thanks for your attention.