How does SoftEther VPN bypass iptables policy?

[newlimon]

Greetings to all! 😀 I recently started learning Ubuntu v20.04 on a remote VPS and the first thing I did was set up SoftEther VPN. Everything works, but there is one question left.

My rules in iptables are configured so that access to the server is possible only from one IP address - my home PC, other packets are dropped (iptables -P INPUT DROP). However, when I connect from my home PC via a smartphone, with a different IP address, the connection to SoftEther VPN is established I came to the conclusion that SoftEther VPN somehow bypasses the iptables -P INPUT DROP policy. The secure NAT function is disabled.

Please explain how SoftEther VPN bypasses iptables rules and what function is responsible for this?🧐

My current configure iptables:

Code:

*nat:PREROUTING ACCEPT [388279:32491353]
:INPUT ACCEPT [76:5325]
:OUTPUT ACCEPT [1229654:85012121]
:POSTROUTING ACCEPT [1229654:85012121]
-A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Mar 29 11:28:57 2024
# Generated by iptables-save v1.8.4 on Fri Mar 29 11:28:57 2024
*filter
:INPUT DROP [320941:22029232]
:FORWARD DROP [31:1240]
:OUTPUT ACCEPT [1337846:142005046]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.10.0/24 -i tap_tap_virtual -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -s 81.13.109.166/32 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tap_tap_virtual -o eth0 -m conntrack --ctstate NEW -j ACCEPT
COMMIT
# Completed on Fri Mar 29 11:28:57 2024
# Generated by iptables-save v1.8.4 on Fri Mar 29 11:28:57 2024
*mangle
:PREROUTING ACCEPT [1829367:275301518]
:INPUT ACCEPT [1646946:213985426]
:FORWARD ACCEPT [123654:52097274]
:OUTPUT ACCEPT [1339335:142123644]
:POSTROUTING ACCEPT [1463185:194236762]
COMMIT # Completed on Fri Mar 29 11:28:57 2024```