problem: Cannot connect bridge machine

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
sirase
Posts: 28
Joined: Mon May 20, 2013 6:06 am

problem: Cannot connect bridge machine

Post by sirase » Mon May 20, 2013 4:41 pm

Hi.
I setup VPN Server bridge mode.
I connect VPN Server, no problem.
Test ping or ssh bridged LAN's machines.
The result is success, no problem.

But, cannot connect VPN Server itself.
The VPN server's IP address is 192.168.1.40.
I tested
$ ping 192.168.1.41 -> ok
$ ping 192.168.1.42 -> ok
$ ping 192.168.1.101 -> ok ....

$ ping 192.168.1.40 -> ng!!

p.s.
from 192.168.1.41 to 192.168.1.40 ping test is success.
Only cannot connect via VPN bridge connection.

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: problem: Cannot connect bridge machine

Post by cedar » Thu May 23, 2013 12:53 pm

Do you use the UNIX OS?
Except in Windows, the local-bridge function can't communicate with the host itself.

If you use Linux OS, you can use TAP mode local-bridge instead of normal mode.

sirase
Posts: 28
Joined: Mon May 20, 2013 6:06 am

Re: problem: Cannot connect bridge machine

Post by sirase » Sun May 26, 2013 3:27 pm

Thank you for reply.
You sed,
> TAP mode local-bridge instead of normal mode

Please tell me detail.
"normal mode" means SoftEther VPN Server's feature ?
"TAP mode" means Linux util(bridge-utils) feature ?(make br0 interface include eth0).

SoftEther VPN Server's OS is Debian GNU/Linux Wheezy.

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: problem: Cannot connect bridge machine

Post by cedar » Mon May 27, 2013 9:32 am

Both of modes are VPN Server's feature.
These mode can be selected when you create the local-bridge.

sirase
Posts: 28
Joined: Mon May 20, 2013 6:06 am

Re: problem: Cannot connect bridge machine

Post by sirase » Mon May 27, 2013 9:42 am

I can't select bridge mode.
This is my operation log
--
VPN Server>bridgelist
BridgeList command - Get List of Local Bridge Connection
Number|Virtual Hub Name|Network Adapter or Tap Device Name|Status
------+----------------+----------------------------------+------
The command completed successfully.

VPN Server>bridgecreate
BridgeCreate command - Create Local Bridge Connection
Virtual Hub Name to Create Bridge: VPN

Bridge Destination Device Name: eth0

While in the condition that occurs immediately after a new bridge connection is made when bridging to a physical network adapter, depending on the type of network adapter, there are cases where it will not be possible to communicate using TCP/IP to the network adapter using a bridge connection from a computer on the virtual network.
(This phenomenon is known to occur for Intel and Broadcom network adapters.)


If this issue arises, remedy the situation by restarting the computer on which VPN Server / Bridge is running. Normal communication will be possible after the computer has restarted.


Also many wireless network adapters will not respond to the sending of packets in promiscuous mode and when this occurs you will be unable to use the Local Bridge. If this issue arises, try using a regular wired network adapter instead of the wireless network adapter.

Instructions for Local Bridge on VM
It has been detected that the VPN Server might be running on a VM (Virtual Machine) suchlike VMware or Hyper-V. Read the following instructions carefully. If you are not using a VM, please ignore this message.
Some VMs prohibit the "Promiscuous Mode" (MAC Address Spoofing) on the network adapters by default.

If the Promiscuous Mode (MAC Address Spoofing) is administratively disabled, the Local Bridge function between a Virtual Hub on the VPN Server and a physical network adapter on the physical computer does not work well. You should allow the Promiscuous Mode (MAC Address Spoofing) by using the configuration tool of the VM.

For details please refer the documents of your VM. If it is a shared-VM and administrated by other person, please request the administrator to permit the use of the Promiscuous (MAC Address Spoofing) Mode to your VM.

The command completed successfully.

VPN Server>bridgelist
BridgeList command - Get List of Local Bridge Connection
Number|Virtual Hub Name|Network Adapter or Tap Device Name|Status
------+----------------+----------------------------------+---------
1 |VPN |eth0 |Operating
The command completed successfully.

VPN Server>
--

I mistake ?

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: problem: Cannot connect bridge machine

Post by cedar » Mon May 27, 2013 9:47 am

Please refer online manual or online help.

bridgecreate /help

http://www.softether.org/4-docs/1-manua ... Connection

sirase
Posts: 28
Joined: Mon May 20, 2013 6:06 am

Re: problem: Cannot connect bridge machine

Post by sirase » Mon May 27, 2013 9:59 am

Thank you reply.

I am tryed it.
VPN Server>bridgecreate VPN /DEVICE:eth0 /TAP:yes

Success create bridge.
I can connect VPN Server itself.
But, can't connect other VPN internal machine.
I hope I can connect VPN Server itself and VPN internal machine.

Can not ?

sirase
Posts: 28
Joined: Mon May 20, 2013 6:06 am

Re: problem: Cannot connect bridge machine

Post by sirase » Mon May 27, 2013 10:20 am

Sorry.
Did you mean this ? (sorry japanese Web site)
http://www.pc-links.com/blog/softether/tap/

I understand.

sirase
Posts: 28
Joined: Mon May 20, 2013 6:06 am

Re: problem: Cannot connect bridge machine

Post by sirase » Mon May 27, 2013 3:28 pm

数時間格闘するも分からないので教えて下さい。

仮想LANカード(tapデバイス)を追加して、仮想HUBにローカルブリッジさせ、Linux上でtapデバイスと
物理的なLANカード(eth0)をブリッジさせ、IPアドレスをブリッジデバイスに割り当てることで、
LANカード1枚でVPNサーバ自体と、VPNサーバが属するセグメント全体と通信できるように
セットアップする手順についてです。
パフォーマンスが落ちる事は承知の上です。

仮想HUB名:bridgedHUB
物理NICデバイス:eth0(192.168.1.40)
brctlによって作成したブリッジデバイス:br0
SoftEtherによって作成されるTAPデバイス:tap_eth0

まず vpncmd で
>bridgecreate bridgedHUB /device:eth0 /tap:yes
として、SoftEtherのブリッジ設定 + tap_eth0デバイスを作成する。

vpncmdを抜けて、Linuxコマンドラインで
# brctl addbr br0 ← ブリッジデバイスbr0を作成
# brctl addif br0 eth0 ← br0にeth0をブリッジ設定
# brctl addif br0 tap_eth0 ← br0にtap_eth0をブリッジ設定
# brctl show ← 現在のブリッジ状況を表示
bridge name bridge id STP enabled interfaces
br0 8000.000c2969a17b no eth0
tap_eth0

とします。
次に、
# ifconfig eth0 0.0.0.0 ← eth0のIPアドレス割り当てを解除
# ifconfig br0 192.168.1.40 netmask 255.255.255.0 ← もともとeth0に割り当てられていたIPを割り当て

と設定します。
上記の設定で、とりあえずVPNサーバ自体と、VPNサーバが属するセグメント内のマシンへ
VPNクライアント側から通信が出来るはずなのですが(Webで調べた限り。)、全く通信できません。
何か間違っているのでしょうか?
上記の設定をすると、VPNサーバが属するセグメント内の別マシンから
>ping 192.168.1.40
とすると、正常に応答が返ってくるのですが、VPNクライアント側のvpncmdで
>accountlist
を実行すると「接続処理中」のまま接続出来なくなります。
VPNサーバ側で
# tcpdump dst port <VPNサーバのポート番号> -i br0

# tcpdump dst port <VPNサーバのポート番号> -i eth0
を実行すると、パケットは一応受け取っている事が確認できています。


# tcpdump dst port <VPNサーバのポート番号> -i tap_eth0
はパケットを全く受け取りません。

SoftEther VPNサーバのログは
# tail -f /opt/vpnserver/server_log/vpn_20130528.log
で、監視を続けているのですが、全くログが書き込まれません。

もう一歩のところまできている気がするのですが、何かを間違えて
接続できていません。ご教示頂けないでしょうか?

以上、どうぞよろしくお願い致します。

sirase
Posts: 28
Joined: Mon May 20, 2013 6:06 am

Re: problem: Cannot connect bridge machine

Post by sirase » Mon May 27, 2013 3:58 pm

度々何度も本当に申し訳ありません。
なんとOSを再起動したら繋がっちゃいました!

一応他の方の参考になれば嬉しいので成功した設定を掲載しておきます。
--
# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto br0
allow-hotplug br0

iface br0 inet static
address 192.168.1.40
netmask 255.255.255.0
gateway 192.168.1.1
network 192.168.1.0
broadcast 192.168.1.255
bridge_ports eth0

------------------------------------------------
# cat /etc/rc.local

# for SoftEther
/opt/vpnserver/vpnserver start
sleep 5
brctl addif br0 tap_eth0

exit 0
--

こんな感じの設定ファイルでOS再起動しても自動的にブリッジ(br0)に
eth0とtap_eth0が入ってVPN接続が正常に出来ます。
本当は/etc/rc.localにbrctlを書きたくなかったのですが、vpnserver start した数秒後に
tap_eth0が作られるようでしたので、ここに書くしか考えつきませんでした。
/etc/network/interfaces に
bridge_ports tap_eth0
を書いて問題なく動く方法もあるかもしれません。

以上、よろしくお願い致します。

Post Reply