Search found 338 matches

by moatazelmasry
Thu Nov 30, 2017 10:22 pm
Forum: SoftEther VPN General Discussion
Topic: Korean translation of SoftEther on github. Please review
Replies: 0
Views: 633

Korean translation of SoftEther on github. Please review

Hi people, there's a Pull request on github SoftEther project that adds korean translation. Could the Korean people in in this great community please have a look at the PR: https://github.com/SoftEtherVPN/SoftEtherVPN/pull/155 And give it a thumb up or down, and leave a comment if there are stuff to...
by moatazelmasry
Thu Nov 30, 2017 10:18 pm
Forum: SoftEther VPN General Discussion
Topic: Help review Traditional Chinese translation of SoftEther on github
Replies: 0
Views: 519

Help review Traditional Chinese translation of SoftEther on github

Hi people, I'm trying to consolidate many Pull requests on github. One of them adds chinese language translation to SoftEther: https://github.com/SoftEtherVPN/SoftEtherVPN/pull/154 Unfortunately I don't speak chinese. Could the chinese volks among you please help review this change and give it a thu...
by moatazelmasry
Mon Mar 20, 2017 11:49 am
Forum: SoftEther VPN General Discussion
Topic: Redirect Internet Traffic
Replies: 3
Views: 2462

Re: Redirect Internet Traffic

So which traffic should be redirected through the VPN? On SE, if you just want to reach intranet, I think you can leave the gateway field empty From the client you can try to add a route for your traffic, like in this example: https://superuser.com/questions/12022/how-can-i-make-the-windows-vpn-rout...
by moatazelmasry
Mon Mar 20, 2017 11:41 am
Forum: SoftEther VPN General Discussion
Topic: Will Pay for your help for customizing VPN client
Replies: 4
Views: 2057

Re: Will Pay for your help for customizing VPN client

Ok.

I don't know anyone though. Maybe you can try on a freelancing platform or so

Good luck
by moatazelmasry
Mon Mar 20, 2017 11:39 am
Forum: SoftEther VPN General Discussion
Topic: iOS 10 - VPN Connection Issue
Replies: 1
Views: 1950

Re: iOS 10 - VPN Connection Issue

SE does not support IPSec tunneling mode, i.e. "IPSec" in iOS.

It support however IPSec transport mode, and uses it to encrypt L2TP traffic.
Please configure your iOS to use L2TP instead of IPSec
by moatazelmasry
Sun Mar 19, 2017 11:58 am
Forum: SoftEther VPN General Discussion
Topic: Will Pay for your help for customizing VPN client
Replies: 4
Views: 2057

Re: Need help customizing VPN client

It doesn't work this way. If you have a specific problem and you already tried solving it, then describe in details the problems and people will try to help.
by moatazelmasry
Sun Mar 19, 2017 11:57 am
Forum: SoftEther VPN General Discussion
Topic: Location of .ovpn config file in Linux
Replies: 4
Views: 2944

Re: Location of .ovpn config file in Linux

This zip is not located anywhere, it is generated on the fly.

The source of this ovpn file is located at
src/bin/hamcore/openvpn_sample.ovpn

Or if you want to obtain the zip file, you can use the vpncmd and run the command: "OpenVpnMakeConfig"
by moatazelmasry
Sun Mar 19, 2017 11:51 am
Forum: SoftEther VPN General Discussion
Topic: Use softether inside other application as plugin ?
Replies: 4
Views: 2687

Re: Use softether inside other application as plugin ?

Ok Now I understand. From time to time, I play with the source of SE, and send PRs, so this is a pure personal opinion, and not a statement about SE. SE is a strongly coupled project, and it is not easy at all to isolate /export certain functionalities. However this is doable. The following suggesti...
by moatazelmasry
Sun Mar 19, 2017 11:33 am
Forum: SoftEther VPN General Discussion
Topic: Access VPN network from server
Replies: 4
Views: 3049

Re: Access VPN network from server

No, do not assign an IP to the bride. One thing to be aware of, is that the bridge tun/tap documentation is talking about Linux, not FreeBSD, so this might not be tested. I don't fully understand your environment. You have SE installed on FreeBSD on DigitalOcean. You have a VPN Server at Home, which...
by moatazelmasry
Fri Mar 17, 2017 10:00 pm
Forum: SoftEther VPN General Discussion
Topic: LOG file parser fields
Replies: 1
Views: 1612

Re: LOG file parser fields

For this task you don't need to parse the log file. you can just retrieve the individual sessions info.

You can do that from the UI, or through the vpncmd
by moatazelmasry
Fri Mar 17, 2017 9:59 pm
Forum: SoftEther VPN General Discussion
Topic: Redirect Internet Traffic
Replies: 3
Views: 2462

Re: Redirect Internet Traffic

Which vpn protocol are you using?

If you are using OpenVPN, you can achieve what you need through the client configurations
by moatazelmasry
Fri Mar 17, 2017 9:57 pm
Forum: SoftEther VPN General Discussion
Topic: Anybody collect and count TRAFFIC USAGE
Replies: 1
Views: 1463

Re: Anybody collect and count TRAFFIC USAGE

afaik SoftEther reports two things: 1- the total traffic usage by each user 2- the traffic usage by each season For a task I had, I ha d a script running, which would get the details of all open sessions then save this information into a a database. Unfortunately, SE does not support Radius accounti...
by moatazelmasry
Fri Mar 17, 2017 9:53 pm
Forum: SoftEther VPN General Discussion
Topic: Access VPN network from server
Replies: 4
Views: 3049

Re: Access VPN network from server

Yes you can try creating a bridge, or you can try a tap device, but I'm not sure you can do this on digitalocean
by moatazelmasry
Fri Mar 17, 2017 9:50 pm
Forum: SoftEther VPN General Discussion
Topic: Use softether inside other application as plugin ?
Replies: 4
Views: 2687

Re: Use softether inside other application as plugin ?

Hi, this is a quite vague requirement, but I'll give it a shot. You can directly use the vpncmd to interact with the server or the client. If you want an API for the server, you can try https://github.com/mindcollapse/SoftEtherPy I also wrote a nodejs wrapper around the vpncmd, but it is just a toy ...
by moatazelmasry
Sat Mar 04, 2017 10:39 am
Forum: SoftEther VPN General Discussion
Topic: DDNS and IPv4 issue
Replies: 4
Views: 3049

Re: DDNS and IPv4 issue

Please have a look at server_log and paste it here if necessary
by moatazelmasry
Fri Mar 03, 2017 2:54 pm
Forum: SoftEther VPN General Discussion
Topic: Unable to access server through local IP address
Replies: 13
Views: 10232

Re: Unable to access server through local IP address

What is the difficulty, what is your environment, what have you tried?
by moatazelmasry
Thu Mar 02, 2017 6:48 pm
Forum: SoftEther VPN General Discussion
Topic: Virtual NAT timeout setting
Replies: 3
Views: 2184

Re: Virtual NAT timeout setting

I'd say no. Not a known bug
But anyway 4.22 and source code checkout are very stable compared to earlier versions
by moatazelmasry
Thu Mar 02, 2017 6:42 pm
Forum: SoftEther VPN General Discussion
Topic: sslv3 question when compiling in archlinux on raspberry pi.
Replies: 2
Views: 2412

Re: sslv3 question when compiling in archlinux on raspberry

I think you need to install the package libssl-dev
This is the package name on ubuntu/debian. You need to find out its name on archlinux
by moatazelmasry
Mon Feb 27, 2017 10:52 pm
Forum: SoftEther VPN General Discussion
Topic: ASUS tinker board and Softether?
Replies: 3
Views: 2605

Re: ASUS tinker board and Softether?

It is quite difficult to answer that question, without actually owning similar hardware.
Did you try to install it yourself? what problems did you have?
by moatazelmasry
Sun Feb 26, 2017 8:35 pm
Forum: SoftEther VPN General Discussion
Topic: Configuration of VPN
Replies: 1
Views: 1393

Re: Configuration of VPN

You either need to have own SE server
by moatazelmasry
Fri Feb 24, 2017 8:56 pm
Forum: SoftEther VPN General Discussion
Topic: Best method to restrict access to one IP address on LAN side
Replies: 2
Views: 1651

Re: Best method to restrict access to one IP address on LAN

Add your rules to the access list:

Allow destination 10.0.0.6
Allow destination 10.0.0.56
DENY DESTINATION 10.0.0.2/24
by moatazelmasry
Fri Feb 24, 2017 1:17 pm
Forum: SoftEther VPN General Discussion
Topic: OpenVPN Clone Server - Cipher Suites and Authentication
Replies: 3
Views: 2882

Re: OpenVPN Clone Server - Cipher Suites and Authentication

As far as I understand now, TLS is not supported in the OpenVPN server functionality. So no ciphers could be added. While tinkering with OpenVPN, I added SHA2 implementation and CAMELLIA cipher suite support https://github.com/SoftEtherVPN/SoftEtherVPN/pull/309 I still think it would be really nice ...
by moatazelmasry
Fri Feb 24, 2017 12:06 pm
Forum: SoftEther VPN General Discussion
Topic: SSL-VPN
Replies: 17
Views: 9611

Re: SSL-VPN

There are netcat similar tools for windows, just a quick google search:
https://eternallybored.org/misc/netcat/
by moatazelmasry
Fri Feb 24, 2017 10:46 am
Forum: SoftEther VPN General Discussion
Topic: L2TP Certificate Authentication
Replies: 1
Views: 1911

Re: L2TP Certificate Authentication

Hello,

as far as I know, there is no certificate authentication support for L2TP in SE, but only in SE ssl-vpn protocol.

I think this could be done using xl2tpd with strongswan, where you configure strongswan IPSec to use certificates
by moatazelmasry
Fri Feb 24, 2017 10:15 am
Forum: SoftEther VPN General Discussion
Topic: Adding DHCP server to SE vpn
Replies: 8
Views: 7036

Re: Adding DHCP server to SE vpn

This is an interesting problem actually :)

I need to tinker around myself and try to find a solution. let me know if you found a workaround
by moatazelmasry
Fri Feb 24, 2017 8:36 am
Forum: SoftEther VPN General Discussion
Topic: SSL-VPN
Replies: 17
Views: 9611

Re: SSL-VPN

as fenice said, it is a linux command

could be installed via package name "netcat"

This is like telnet but for sending UDP packets and it would show whether you can reach port 443 on your machine via UDP
by moatazelmasry
Fri Feb 24, 2017 12:00 am
Forum: SoftEther VPN General Discussion
Topic: VPN going down Configuratiuon issue
Replies: 7
Views: 3420

Re: VPN going down Configuratiuon issue

There is no such feature in SE unfortunately. Although I think it is useful.

Which VPN protocol/ wwhich OS do you use? In Linux you can write a script that will turn off your network card, wheneber the vpn connection is down
by moatazelmasry
Thu Feb 23, 2017 11:58 pm
Forum: SoftEther VPN General Discussion
Topic: SSL-VPN
Replies: 17
Views: 9611

Re: SSL-VPN

I can only imagine that this problem is related somehow to the firewall. Could you try the following: nc -z -v [HOME_IP] 443 It could be that your work is monitoring HTTPS connections. I know of some practices where companies/countries allow https communication to big sites like ebay,facebook etc..,...
by moatazelmasry
Thu Feb 23, 2017 9:51 pm
Forum: SoftEther VPN General Discussion
Topic: IPv6 Leak?!
Replies: 7
Views: 4514

Re: IPv6 Leak?!

hmm, I think did_ifconfig_ipv6_setup=1 means it failed to setup ipv6 Also the next lines show that SE is failing to add ipv6 routes. SE is just failing at creating necessarz steps for ipv6. This is acceptable. Why do you think that the traffic is leaking? Just to make sure, try to catch the traffic ...
by moatazelmasry
Thu Feb 23, 2017 7:48 pm
Forum: SoftEther VPN General Discussion
Topic: SSL-VPN
Replies: 17
Views: 9611

Re: SSL-VPN

Just to avoid any misunderstanding: You setup SE on a PC at home. Then forwarded port 443 on the router to this PC When you are outside, using another PC/Laptop, you can connect to your home server Only when you are at the office, you can not connect to your SE server? So this problem is only relate...
by moatazelmasry
Thu Feb 23, 2017 7:44 pm
Forum: SoftEther VPN General Discussion
Topic: Cannot compile client under Kubuntu 16.10
Replies: 3
Views: 2663

Re: Cannot compile client under Kubuntu 16.10

Please make sure that the following libraries are installed:
cmake libncurses-dev libc-bin libc-dev-bin libc6 libc6-dbg libc6-dev libc6-pic multiarch-support nscd libnss3-dev libreadline-dev libssl-dev

As described in this post
http://moatazthenervous.com/how-to-debug-softethervpn/

Cheers
by moatazelmasry
Thu Feb 23, 2017 7:41 pm
Forum: SoftEther VPN General Discussion
Topic: Openssl 'too old?' issue: Fixed
Replies: 1
Views: 2103

Re: Openssl 'too old?' issue: Fixed

Hi, i haven't had this issue on ubuntu 16.04, but I think this is a very good catch. You should create a pull request on github and use 2048 as a value. According to the documentation, anything < 1024 is considered insecure. https://www.netsoup.net/docs/man/RSA_generate_key.3 Or if you want, I can c...
by moatazelmasry
Thu Feb 23, 2017 7:28 pm
Forum: SoftEther VPN General Discussion
Topic: Can't create certificates (makecert)
Replies: 6
Views: 3362

Re: Can't create certificates (makecert)

Could you please try this command on another machine? local or remote. I suspect this has to do with file permission.

Out curiosity, could you also keep an eye on server\_log directory while doing this (I'm not sure whether anything is written, but still)
by moatazelmasry
Thu Feb 23, 2017 5:05 pm
Forum: SoftEther VPN General Discussion
Topic: Adding DHCP server to SE vpn
Replies: 8
Views: 7036

Re: Adding DHCP server to SE vpn

Sorry to get back late to you regarding this issue. I think you need to bind the dhcp to the tap device, not to NIC1. I found some nice discussion and blog: http://forum.vpngate.net/viewtopic.php?t=2832&p=14273 http://blog.lincoln.hk/blog/2013/05/17/softether-on-vps-using-local-bridge/ This blog use...
by moatazelmasry
Tue Feb 21, 2017 3:40 pm
Forum: SoftEther VPN General Discussion
Topic: Can't create certificates (makecert)
Replies: 6
Views: 3362

Re: Can't create certificates (makecert)

Are you sure you are allowed to write into the given directory?

Example: You are a normal user, then you "cd /root", then issue the vpncmd command, you will receive an error.

Also of fun, could you please give the full file path, instead of just the file name when generating the certificate
by moatazelmasry
Tue Feb 21, 2017 12:01 pm
Forum: SoftEther VPN General Discussion
Topic: Adding DHCP server to SE vpn
Replies: 8
Views: 7036

Re: Adding DHCP server to SE vpn

I haven't done it myself, so I'll try to just guess here :) My guess is that you have to configure DHCP to listen on NIC1. Since this is the default gateway, so this should be safer than other options. Here's a tutorial on how to use dhcp and isc-dhcp-relay agent. https://help.ubuntu.com/community/i...
by moatazelmasry
Tue Feb 21, 2017 11:43 am
Forum: SoftEther VPN General Discussion
Topic: Mobile & wifi usage of Android client connected to Softether
Replies: 1
Views: 1735

Re: Mobile & wifi usage of Android client connected to Softe

IP/User yes. Per Site No There are many ways to monitor the amount of data consumed. SoftEther can not differentiate between Mobile and WiFi traffic. This is something to be done on the OS level (i.e. android) When a VPN session is established, you can see in SoftEther how much data consumed by that...
by moatazelmasry
Tue Feb 21, 2017 11:33 am
Forum: SoftEther VPN General Discussion
Topic: Can't create certificates (makecert)
Replies: 6
Views: 3362

Re: Can't create certificates (makecert)

As the error says:
"You cannot make a blank certificate"

I think you need to fill out some of those fields, at least the first 3-4 fields
by moatazelmasry
Fri Feb 17, 2017 5:53 pm
Forum: SoftEther VPN General Discussion
Topic: how to build softether under debian 9?
Replies: 13
Views: 10559

Re: how to build softether under debian 9?

Could you please use the code version from github instead of the ready download on the SE page?
by moatazelmasry
Fri Feb 17, 2017 12:24 pm
Forum: SoftEther VPN General Discussion
Topic: Can I disable the "ECHO" packet when using SecureNAT?
Replies: 8
Views: 4110

Re: Can I disable the "ECHO" packet when using SecureNAT?

Hi, I just stumbled upon a couple of commands regarding keep-alive in the "vpncmd" tool. Maybe this is what you are looking for: KeepDisable - Disable the Keep Alive Internet Connection Function KeepEnable - Enable the Keep Alive Internet Connection Function KeepGet - Get the Keep Alive Internet Con...
by moatazelmasry
Thu Feb 16, 2017 6:38 pm
Forum: SoftEther VPN General Discussion
Topic: how to build softether under debian 9?
Replies: 13
Views: 10559

Re: how to build softether under debian 9?

Nop. Currently only on Ubuntu.

Generally I try to stick to production popular OSs, like Debian, CentOs etc..
by moatazelmasry
Thu Feb 16, 2017 6:36 pm
Forum: SoftEther VPN General Discussion
Topic: Bonding, aggregating, load balancing multiple softether
Replies: 25
Views: 27514

Re: Bonding, aggregating, load balancing multiple softether

SoftEther is just using Openssl, so.. software encryption. There's Gkrypt, but I'm not sure whether they support many encryption algorithms http://gkrypt.com/ There's of course some academic work on the subject, for example: https://www.scss.tcd.ie/John.Waldron/owenHarrison/publications/PKonGPU_euro...
by moatazelmasry
Thu Feb 16, 2017 12:47 pm
Forum: SoftEther VPN General Discussion
Topic: Bonding, aggregating, load balancing multiple softether
Replies: 25
Views: 27514

Re: Bonding, aggregating, load balancing multiple softether

Hi there, I think the discussion is more fundamental than that. Basically with Gbps more data are being passed, which means encryption takes longer, which means faster hardware is needed. If security is not an issue, maybe an L2TP connection can be used with minimum encryption or disable encryption ...
by moatazelmasry
Wed Feb 15, 2017 8:10 pm
Forum: SoftEther VPN General Discussion
Topic: how to build softether under debian 9?
Replies: 13
Views: 10559

Re: how to build softether under debian 9?

Don't worry about the multiarch. For a reason I can't remember I needed this for debugging SoftEther. You can also drop the amd64 libs. On a new ubuntu 16.04 instances, I installed the following libs: sudo apt-get install -y cmake libncurses-dev libc-bin libc-dev-bin libc6 libc6-dbg libc6-dev libc6-...
by moatazelmasry
Wed Feb 15, 2017 3:39 pm
Forum: SoftEther VPN General Discussion
Topic: Installation SoftEther using Ubuntu
Replies: 11
Views: 6305

Re: Installation SoftEther using Ubuntu

This is still not enough. You need to provide the full compilation log
by moatazelmasry
Tue Feb 14, 2017 2:05 pm
Forum: SoftEther VPN General Discussion
Topic: Installation SoftEther using Ubuntu
Replies: 11
Views: 6305

Re: Installation SoftEther using Ubuntu

have a look at the info.txt file you attached. It just contains a list of debian packages. Something like the result of an aptitude search command
by moatazelmasry
Tue Feb 14, 2017 1:18 pm
Forum: SoftEther VPN General Discussion
Topic: Installation SoftEther using Ubuntu
Replies: 11
Views: 6305

Re: Installation SoftEther using Ubuntu

There are no useful info in the attached file. Please start a new thread and provide more information
by moatazelmasry
Tue Feb 14, 2017 12:22 pm
Forum: SoftEther VPN General Discussion
Topic: Can I disable the "ECHO" packet when using SecureNAT?
Replies: 8
Views: 4110

Re: Can I disable the "ECHO" packet when using SecureNAT?

Hi, I'm not a project maintainer, but only interested in the project. Anyway I think this is only a minor issue, since it is not causing much trouble. But you should open an issue on github if you think it is important Another idea for now to block those icmp's is to do it on the OS level using ipta...
by moatazelmasry
Tue Feb 14, 2017 10:25 am
Forum: SoftEther VPN General Discussion
Topic: how to build softether under debian 9?
Replies: 13
Views: 10559

Re: how to build softether under debian 9?

All the libraries defined in that blog post are 64bit, including libc
by moatazelmasry
Tue Feb 14, 2017 12:08 am
Forum: SoftEther VPN General Discussion
Topic: restric access limit internal IP of VPN
Replies: 4
Views: 3553

Re: restric access limit internal IP of VPN

Step3 is not needed. Sorry, I made a mistake in my last answer. I meant deny all traffic to the rest of 192.168.1.1/24, precisely the rule should look like: deny destination IP 192.168.1.1 / 255.255.255.0 priority 100 source name "utente 1" After applying this rule. Do you see undesired behaviour? i...
by moatazelmasry
Mon Feb 13, 2017 11:56 pm
Forum: SoftEther VPN General Discussion
Topic: SoftEther DHCP Problem
Replies: 3
Views: 3560

Re: SoftEther DHCP Problem

You can have your SE server acting as DMZ. where you create a local bridge. In this case any client connected to your SE server, should be able to access other machines in the same subnet as the SE server Now for the second problem: Assigning static IPs to clients. I can think of two solutions: 1- C...
by moatazelmasry
Mon Feb 13, 2017 11:43 pm
Forum: SoftEther VPN General Discussion
Topic: how to build softether under debian 9?
Replies: 13
Views: 10559

Re: how to build softether under debian 9?

I wrote a post a while ago about compiling SoftEther under Ubuntu. Maybe this will help

http://moatazthenervous.com/how-to-debug-softethervpn/
by moatazelmasry
Mon Feb 13, 2017 11:41 pm
Forum: SoftEther VPN General Discussion
Topic: LDAP Authentication -
Replies: 8
Views: 9568

Re: LDAP Authentication -

The net is full of articles on how to configure this.

http://www.tldp.org/HOWTO/archived/LDAP ... adius.html

They can be on the same server, but not necessary
by moatazelmasry
Mon Feb 13, 2017 11:37 pm
Forum: SoftEther VPN General Discussion
Topic: Can I disable the "ECHO" packet when using SecureNAT?
Replies: 8
Views: 4110

Re: Can I disable the "ECHO" packet when using SecureNAT?

I assume these packets are there because they are part of an RFC (probably ppp) and must be implemented for the protocol to function correctly. What do you mean packet in IPv4 packets? Do you mean in TCP packets?? Whether they are packed as TCP or UDP makes no difference, I think the client makes a ...
by moatazelmasry
Mon Feb 13, 2017 10:58 pm
Forum: SoftEther VPN General Discussion
Topic: VERY WEIRD ISSUE - L2TP getting HORRIBLE results 1mbps
Replies: 11
Views: 5749

Re: VERY WEIRD ISSUE - L2TP getting HORRIBLE results 1mbps

No, you don't need to create a separate L2TP server. I'm talking about confiugrations for the L2TP client

The server will mostly honer what the client suggests, even disabling encryption
by moatazelmasry
Mon Feb 13, 2017 10:55 pm
Forum: SoftEther VPN General Discussion
Topic: Make www.vpnusers.com available over HTTPS
Replies: 3
Views: 2409

Re: Make www.vpnusers.com available over HTTPS

I'm not an admin, so to be honest, I don't know whether/when this will happen.
The best thing to do for now is to give a voice over Github and hope an admin will take the first move
by moatazelmasry
Sun Feb 12, 2017 5:18 pm
Forum: SoftEther VPN General Discussion
Topic: Make www.vpnusers.com available over HTTPS
Replies: 3
Views: 2409

Re: Make www.vpnusers.com available over HTTPS

There have been some discussion on the Github issues section, whether there should be a new forum instead of vpnusers.com
https://github.com/SoftEtherVPN/SoftEtherVPN/issues/268
by moatazelmasry
Sun Feb 12, 2017 5:14 pm
Forum: SoftEther VPN General Discussion
Topic: SoftEther Suspicious Activity?
Replies: 3
Views: 3260

Re: SoftEther Suspicious Activity?

Is this happening on one machine only? Maybe your PC is a part of some botnet. Install wireshark and record the network activity when you are inactive
by moatazelmasry
Thu Feb 09, 2017 10:31 pm
Forum: SoftEther VPN General Discussion
Topic: Problem: no DHCP IP obtained from server
Replies: 22
Views: 14919

Re: Problem: no DHCP IP obtained from server

Cool. Glad that it worked
by moatazelmasry
Thu Feb 09, 2017 10:30 pm
Forum: SoftEther VPN General Discussion
Topic: restric access limit internal IP of VPN
Replies: 4
Views: 3553

Re: restric access limit internal IP of VPN

The priority just mean the order in which those rules are probed. (smaller priority will be tested first) If you want to disable access to all PCs in 192.168.30.1/24 except the the .1 PC, then allow destination 192.168.1.30 (Priorty 1) as you did, then deny 192.168.1.30/24 (Priority 100 or so) All t...
by moatazelmasry
Thu Feb 09, 2017 10:22 pm
Forum: SoftEther VPN General Discussion
Topic: Prevent users from sharing their account?
Replies: 11
Views: 6513

Re: Prevent users from sharing their account?

So you want a credentials to be used only with 1 device??
If this is the case, you can define a MAC address in the user security policy, so that it is coupled to a user credentials

Nevertheless a MAC address can be spoofed
by moatazelmasry
Wed Feb 08, 2017 7:56 pm
Forum: SoftEther VPN General Discussion
Topic: Problem with split tunneling
Replies: 6
Views: 3422

Re: Problem with split tunneling

Could you please provide more details about your setup.
Where is SE installed, what is the gateway and subnet. SecureNAT or local bridge. Which network are you trying to reach etc..
by moatazelmasry
Wed Feb 08, 2017 4:37 pm
Forum: SoftEther VPN General Discussion
Topic: Serial number required
Replies: 2
Views: 2372

Re: Serial number required

This has nothing to do with SoftEther as far as I understand.

Either download SE from the official download page, or try to clear this with D-Link

Cheers
by moatazelmasry
Tue Feb 07, 2017 10:15 am
Forum: SoftEther VPN General Discussion
Topic: Problem: no DHCP IP obtained from server
Replies: 22
Views: 14919

Re: Problem: no DHCP IP obtained from server

Where are the IPs of these NICs? Did you run ifconfig? Yes it is possible that SE is using that mentioned IP. But no way that SE just came up with it, it must have been configured somewhere by the user. run: "grep -n "10.171.7" vpn_server.conf" Inside the directory where SE is installed to see if th...
by moatazelmasry
Tue Feb 07, 2017 9:25 am
Forum: SoftEther VPN General Discussion
Topic: A DoS attack on the TCP Listener
Replies: 8
Views: 5592

Re: A DoS attack on the TCP Listener

As far as I can tell from the source code and the configuration, there is no "Whitelisting" of IPs regarding DOS Personally I think it is a healthy thing to detect a DOS when 10 clients are initiating a connection from the same IP. For now, my suggestion would be to increase the time between connect...
by moatazelmasry
Tue Feb 07, 2017 9:17 am
Forum: SoftEther VPN General Discussion
Topic: Problem: no DHCP IP obtained from server
Replies: 22
Views: 14919

Re: Problem: no DHCP IP obtained from server

No. Se can not come up by itself with some random gateway/IP

Do you have a second NIC attached to machine hosting SE. A NIC with a private IP
Alot of VPS/Cloud providers attach two NICs to each machine, one with a public, the other with a private IP
by moatazelmasry
Tue Feb 07, 2017 9:13 am
Forum: SoftEther VPN General Discussion
Topic: VERY WEIRD ISSUE - L2TP getting HORRIBLE results 1mbps
Replies: 11
Views: 5749

Re: VERY WEIRD ISSUE - L2TP getting HORRIBLE results 1mbps

If you are on linux, you can setup up an L2tp using xl2tpd and strongswan. Here's a tutorial using openswan(the predecessor of openswan) http://www.jacco2.dds.nl/networking/linux-l2tp.html https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup To disable the encryption altogether ...
by moatazelmasry
Mon Feb 06, 2017 9:17 pm
Forum: SoftEther VPN General Discussion
Topic: A DoS attack on the TCP Listener
Replies: 8
Views: 5592

Re: A DoS attack on the TCP Listener

tbh I'm not very familiar with that part of the code base, so I can not really tell how SE determines what is DOS and what is innocent traffic.

Could you still try this solution out of fun and see whether it helps

Out of curiosity, how many clients are connecting simultaneously usually?
by moatazelmasry
Mon Feb 06, 2017 5:34 pm
Forum: SoftEther VPN General Discussion
Topic: Problem: no DHCP IP obtained from server
Replies: 22
Views: 14919

Re: Problem: no DHCP IP obtained from server

What if you use a different protocol. Say OpenVPN or L2TP. Can you then access internal resources? And what if you push static routes explicitly to other internal resources, via the SecureNAT window? Say 192.168.0.9 is the machine you want to reach and 192.168.0.3 is the Gateway of the SE server, th...
by moatazelmasry
Mon Feb 06, 2017 3:51 pm
Forum: SoftEther VPN General Discussion
Topic: Problem: no DHCP IP obtained from server
Replies: 22
Views: 14919

Re: Problem: no DHCP IP obtained from server

robertroos wrote: > Weird, I've checked the security policy on the server. But it seems it > isn't set (see attachment). Maybe this is the culprit that packages aren't > forwarded though nat. I've setup multiple VPN clients but all receive the > same settings from the server. So I'm able to reproduc...
by moatazelmasry
Mon Feb 06, 2017 2:11 pm
Forum: SoftEther VPN General Discussion
Topic: A DoS attack on the TCP Listener
Replies: 8
Views: 5592

Re: A DoS attack on the TCP Listener

It depends on how many clients are you serving. Appearantly SE is programmed to recognize many TCP connections simultaneously as DOS. See: https://www.softether.org/4-docs/1-manual/2._SoftEther_VPN_Essential_Architecture/2.1_VPN_Communication_Protocol "If you are about to conducting VPN communicatio...
by moatazelmasry
Mon Feb 06, 2017 2:07 pm
Forum: SoftEther VPN General Discussion
Topic: Android based Java client
Replies: 2
Views: 2280

Re: Android based Java client

This is a noble task, but as far as I know there is none. SoftEther VPN protocol, is a so called SSL VPN (aka Ethernet over SSL), I couldn't find any RFC describing this protocol (please add it here if you find any), but I found some article talking about the protocol: https://www.packtpub.com/sites...
by moatazelmasry
Mon Feb 06, 2017 1:58 pm
Forum: SoftEther VPN General Discussion
Topic: IPv6 Leak?!
Replies: 7
Views: 4514

Re: IPv6 Leak?!

Or did you mean Dual stack leage in VPN??
https://tools.ietf.org/html/rfc7359
by moatazelmasry
Mon Feb 06, 2017 1:46 pm
Forum: SoftEther VPN General Discussion
Topic: IPv6 Leak?!
Replies: 7
Views: 4514

Re: IPv6 Leak?!

Are you talking about memory leak?

Could you please explain how to reproduce this behavior?
by moatazelmasry
Sun Feb 05, 2017 5:56 pm
Forum: SoftEther VPN General Discussion
Topic: Problem: no DHCP IP obtained from server
Replies: 22
Views: 14919

Re: Problem: no DHCP IP obtained from server

Deny Bridge Operations, Deny Routing Operations are definitely wrong. Please remove both
by moatazelmasry
Fri Feb 03, 2017 4:31 pm
Forum: SoftEther VPN General Discussion
Topic: Problem: no DHCP IP obtained from server
Replies: 22
Views: 14919

Re: Problem: no DHCP IP obtained from server

ok. One more idea: - Do a tcptraceroute from the SE Host machine to some other machine X in the same subnet. This should work and you get the route - Do a tcptraceroute from an SE client to the machine X. This won't work, but at least you'll see the first node(s) hiy - Compare the routes. Anything w...
by moatazelmasry
Fri Feb 03, 2017 11:44 am
Forum: SoftEther VPN General Discussion
Topic: Problem: no DHCP IP obtained from server
Replies: 22
Views: 14919

Re: Problem: no DHCP IP obtained from server

Two ideas: - Have a look at the server_log of SE when trying to create a local bridge for a more detailed error description. - Try a different Hoster for your SE server, I use digitalocean for example. Sometimes the VPS providers do weird stuff to their linux images to get them running on their lame...
by moatazelmasry
Fri Feb 03, 2017 11:42 am
Forum: SoftEther VPN General Discussion
Topic: MultiLan VPN client
Replies: 4
Views: 2814

Re: MultiLan VPN client

Hmm, if you are on linux, you can change the routing metrics on each network, and give the card you want to use the lowest cost http://superuser.com/questions/331720/how-do-i-set-the-priority-of-network-connections-in-ubuntu In windows you can change the NIC priority/metric as well Then hopefully SE...
by moatazelmasry
Fri Feb 03, 2017 10:53 am
Forum: SoftEther VPN General Discussion
Topic: Problem: no DHCP IP obtained from server
Replies: 22
Views: 14919

Re: Problem: no DHCP IP obtained from server

Where is SE installed? Is this a bare metal, AWS, VPS, etc..?
by moatazelmasry
Fri Feb 03, 2017 10:51 am
Forum: SoftEther VPN General Discussion
Topic: MultiLan VPN client
Replies: 4
Views: 2814

Re: MultiLan VPN client

What do you mean by a virtual network adapter? A tap device created in the local bridge functionality?
by moatazelmasry
Fri Feb 03, 2017 10:49 am
Forum: SoftEther VPN General Discussion
Topic: Can I disable the "ECHO" packet when using SecureNAT?
Replies: 8
Views: 4110

Re: Can I disable the "ECHO" packet when using SecureNAT?

Most probably this is used to determine whether is the client is still alive. From the Manual: https://www.softether.org/index.php?title=4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.7_Virtual_NAT_%26_Virtual_DHCP_Servers " When virtual NAT is enabled, sending ICMP packets via IP addresses assign...
by moatazelmasry
Fri Feb 03, 2017 10:45 am
Forum: SoftEther VPN General Discussion
Topic: VERY WEIRD ISSUE - L2TP getting HORRIBLE results 1mbps
Replies: 11
Views: 5749

Re: VERY WEIRD ISSUE - L2TP getting HORRIBLE results 1mbps

Freeradius would help, if you disable DHCP in SE and use the static IP allocation of freeradius. This way you need only 1 hub and one local bridge where all users are defined and their authentication is delegated to to freeradius. I'm not sure though that SE supports this kind of radius attributes (...
by moatazelmasry
Fri Feb 03, 2017 1:59 am
Forum: SoftEther VPN General Discussion
Topic: VERY WEIRD ISSUE - L2TP getting HORRIBLE results 1mbps
Replies: 11
Views: 5749

Re: VERY WEIRD ISSUE - L2TP getting HORRIBLE results 1mbps

Ok. Obviously, the more users you have, the less throughput per user, especially that there's alot of encryption decryption going around. But you mentioned that SoftEther PVN protocol is working fine, so we will have to discard that fact for now. A solution I can think of is to delegate the IP alloc...
by moatazelmasry
Fri Feb 03, 2017 12:30 am
Forum: SoftEther VPN General Discussion
Topic: VERY WEIRD ISSUE - L2TP getting HORRIBLE results 1mbps
Replies: 11
Views: 5749

Re: VERY WEIRD ISSUE - L2TP getting HORRIBLE results 1mbps

Two questions:

- How much CPU of the server is being used?
- Why do you need 400 Hubs and local bridges? I hope you are not creating a Hub and a brige for each user
by moatazelmasry
Thu Feb 02, 2017 5:15 pm
Forum: SoftEther VPN General Discussion
Topic: SSL-VPN on iOS using NETunnelProvider
Replies: 9
Views: 10501

Re: SSL-VPN on iOS using NETunnelProvider

Hi Cuckoo,

no, I'm still working on it in my free time and created two pull requests that paves the road for IPSec implementation. However I haven't heard from the project maintaner(s) so far.

Cheers
by moatazelmasry
Thu Feb 02, 2017 3:23 pm
Forum: SoftEther VPN General Discussion
Topic: SoftEther L2TP on iPhone not working
Replies: 3
Views: 3797

Re: SoftEther L2TP on iPhone not working

@cybrute What you are talking about is NOT the port number 50, but protocol number 50 (ESP). See this list http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml I also agree it is not related to the problem @OP you need to look at the output logs of the iphone. If you have a macboo...
by moatazelmasry
Wed Feb 01, 2017 2:10 pm
Forum: SoftEther VPN General Discussion
Topic: How to edit the Product Name within the Server Status window
Replies: 4
Views: 3195

Re: How to edit the Product Name within the Server Status wi

It is an OpenSource project under GPLV2 Licence.

Read the LICENSE file in the main directory.

Please don't rebrand this project as your own. Don't rebrand any open source project as your own for that matter
by moatazelmasry
Wed Feb 01, 2017 2:01 pm
Forum: SoftEther VPN General Discussion
Topic: Problem: no DHCP IP obtained from server
Replies: 22
Views: 14919

Re: Problem: no DHCP IP obtained from server

Please disable the local bridge for now.

Also look at the server_logs and see whether SE is trying to assign an IP to the client

Also use version 4.22
by moatazelmasry
Wed Feb 01, 2017 1:04 pm
Forum: SoftEther VPN General Discussion
Topic: IPsec from Android can't reach SE Host computer (Ubuntu)
Replies: 16
Views: 9857

Re: IPsec from Android can't reach SE Host computer (Ubuntu)

Just to answer the second part: The virtual DHCP inside SE, is not a separate program/process and won't compete/clash with an external DHCP server, it only assigns IPs to VPN clients. Ideally you configure it with a different subnet. So about your local bridge: - It connects between the correct virt...
by moatazelmasry
Wed Feb 01, 2017 11:16 am
Forum: SoftEther VPN General Discussion
Topic: Access Multiple Private Subnet
Replies: 14
Views: 11141

Re: Access Multiple Private Subnet

although your settings are not wrong, for safety reasons, do not give SE same subnet as your eth0 and risking IP clash So if your eth0 has: eth0 is 172.17.7.108/255.255.255.192 gateway 172.17.7.65 Then in SE make the virtual host for example: 192.168.30.1 DHCP 192.168.30.10-192.168.30.254 I assume t...
by moatazelmasry
Wed Feb 01, 2017 2:09 am
Forum: SoftEther VPN General Discussion
Topic: IPsec from Android can't reach SE Host computer (Ubuntu)
Replies: 16
Views: 9857

Re: IPsec from Android can't reach SE Host computer (Ubuntu)

tbh I wouldn't trust ipv6 on SE much. As far as I know not everything related to ipv6 is implemented yet, the problem is I don't know which bits are missing. So let us stick to ipv4 >> If you want to use SecureNAT, then please enable the DHCP functionality. > This is not good option I thing because ...
by moatazelmasry
Wed Feb 01, 2017 2:05 am
Forum: SoftEther VPN General Discussion
Topic: Access Multiple Private Subnet
Replies: 14
Views: 11141

Re: Access Multiple Private Subnet

Hmm, according to this https://www.softether.org/index.php?title=4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.7_Virtual_NAT_%26_Virtual_DHCP_Servers It is possible to use the virtual DHCP server functionality WITHOUT turning on the SecureNAT. "Of the SecureNAT functions, it is possible to enable...
by moatazelmasry
Tue Jan 31, 2017 1:28 pm
Forum: SoftEther VPN General Discussion
Topic: Cisco PIX
Replies: 4
Views: 2483

Re: Cisco PIX

No. It means I have no idea about Cisco Routers. But the link is running an IPSec L2TP implementation compatible with cisco IPsec VPN. Give it a try and see if you can mimic the cisco VPN protocol Here's one more article for you https://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_So...
by moatazelmasry
Tue Jan 31, 2017 12:49 pm
Forum: SoftEther VPN General Discussion
Topic: Cisco PIX
Replies: 4
Views: 2483

Re: Cisco PIX

Read this article and give it a try

https://www.softether.org/4-docs/2-howt ... uter_Setup
by moatazelmasry
Tue Jan 31, 2017 12:18 pm
Forum: SoftEther VPN General Discussion
Topic: IPsec/L2TP IOS and Android
Replies: 2
Views: 2119

Re: IPsec/L2TP IOS and Android

This does not help since no one has actual access to your server.

First you need to see whether this server is reachable at all.
Try

nc -zv -u 84.22.97.47 500
Same for ports: 4500, 1701
by moatazelmasry
Tue Jan 31, 2017 12:15 pm
Forum: SoftEther VPN General Discussion
Topic: Access Multiple Private Subnet
Replies: 14
Views: 11141

Re: Access Multiple Private Subnet

Yes you can disable SecureNAT. Use a local bridge. In this case the default gateway (eth0 for example) will be asked to provide an IP. The DHCP can then be configured on an OS level, local DHCP, forward the request somewhere else etc.. Yes for the sake of this experiment, do not use external authent...
by moatazelmasry
Tue Jan 31, 2017 12:09 pm
Forum: SoftEther VPN General Discussion
Topic: Port change and still being hit
Replies: 7
Views: 4588

Re: Port change and still being hit

Interesting. I just configured SE to connect on port 13333 and tried with an SE client. It worked fine. No other ports are being hit. I examined this through iptables logging on PREROUTING, POSTROUTING etc.. Everything is working fine, and no unexpected ports are being hit by the client, i.e. I'm no...