You are on page 1of 6


On physical server, local bridge will perform better than SecureNAT DO NOT enable BOTH LOCAL BRIDGE and SecureNAT at the same time !! Packets will loop infinitly and make your server 100% CPU usage.
Local bridge Setup Softether On CENTOS ! Network setup VPN Server IP: VPN Client IP Range: (40 Clients ) Tap Device name: tap_soft From here we go to the Local Bridge Setting

First we choose the Virtual Hub. It should be only one for normal setup. Then we check the tap device box. After that we type in the name of the tap device(I use soft here for simplicity). Create Local Bridge

After the creation of the local bridge we jump back to our server. And run cd /usr/local/vpnserver ifconfig tap_soft

It should show you something similar to this

INSTALL DHCP on your VPS ---------------------------------------- yum y install dnsmasq

now, we have to configure the dhcp server on our vps nano /etc/dnsmasq.conf NOTE : If you have VPN over DNS like picture below, input this lines, to the end of page interface=tap_soft dhcp-range=tap_soft,,,12h dhcp-option=tap_soft,3, port=0 dhcp-option=option:dns-server,

IF you have VPN OVER DNS DISABLED please just input this : interface=tap_soft dhcp-range=tap_soft,,,12h dhcp-option=tap_soft,3,

EDIT STARTUP We Have to edit the start up code, to be syncronized with tap_soft nano /etc/init.d/vpnserver

clear the all the lines on page and insert this following lines : #!/bin/sh ### BEGIN INIT INFO # Provides: vpnserver # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start daemon at boot time # Description: Enable Softether by daemon. ### END INIT INFO DAEMON=/usr/local/vpnserver/vpnserver LOCK=/var/lock/subsys/vpnserver TAP_ADDR= test -x $DAEMON || exit 0 case "$1" in start) $DAEMON start touch $LOCK sleep 1 /sbin/ifconfig tap_soft $TAP_ADDR ;; stop) $DAEMON stop rm $LOCK ;; restart) $DAEMON stop sleep 3 $DAEMON start sleep 1 /sbin/ifconfig tap_soft $TAP_ADDR ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 esac exit 0 Then we need to enable NAT on linux server.

nano /etc/sysctl.conf

See The Picture Below :

======= CHANGE

0 TO 1

Apply the sysctl run sysctl -n -e system

Then we add a POSTROUTING rule to iptables iptables -t nat -A POSTROUTING -s -j SNAT --to-source [YOUR VPS IP ADDRESS] service iptables save

After all the above setting, restart the vpnserver then we are good to go. service vpnserver restart service dnsmasq restart

DONE !!! ================================================ Original Source for Debian Family from :

join us on : modified by : hisyam kholid kleib // @groundmandive