ssh to VPN server from remote client?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
cshotton
Posts: 3
Joined: Tue Mar 04, 2014 3:01 pm

ssh to VPN server from remote client?

Post by cshotton » Tue Mar 04, 2014 3:06 pm

I have the latest SoftEther VPN software running on the most recent release of Ubuntu. The VPN server is connected to the LAN via a single ethernet interface.

I would like to be able to connect to the VPN server host itself, via SSH, from a remote VPN client connected over L2TP/IPSec. However, the host's native address (x.x.x.132) does not respond to pings, SSH requests, or anything else from the remote client.

The VPN is operating in bridge mode and the client receives its DHCP address from another DHCP server on the LAN, which should place all machines (server, client) in the same subnet.

What configuration changes are required to allow the server running SoftEther VPN to be accessible from the remote client? (The server is reachable if I connect to another host on the LAN, and then SSH to the VPN server from that intermediate host, so it is not a generic SSH or connectivity issue.)

Thanks!

qupfer
Posts: 202
Joined: Wed Jul 10, 2013 2:07 pm

Re: ssh to VPN server from remote client?

Post by qupfer » Tue Mar 04, 2014 4:28 pm

RTFM ;) and take a special look at point 3.6.11
http://www.softether.org/4-docs/1-manua ... al_Bridges

cshotton
Posts: 3
Joined: Tue Mar 04, 2014 3:01 pm

Re: ssh to VPN server from remote client?

Post by cshotton » Wed Mar 05, 2014 2:39 am

The manual is cryptic at best. As best I can interpret, 3.6.11 is instructing you to add a second NIC and hook both NICs to a local hardware bridge/switch on the LAN. What is not clear is what configuration needs to happen on the SoftEther side of things.

Assuming I have two NICs in the server (I do), and an external switch (bridge) for them both to plug into (I do), what needs to get done in the admin interface to rigs things up so a VPN client can SSH to the VPN server host?

I have SoftEther happily playing VPN server on eth1 and eth0 is plugged into the same hardware switch as eth1. What am I doing in SoftEther's config with eth0?

qupfer
Posts: 202
Joined: Wed Jul 10, 2013 2:07 pm

Re: ssh to VPN server from remote client?

Post by qupfer » Wed Mar 05, 2014 9:33 am

Okay, i try to explain how it works for me.

Let's assume the server has two NICs, in my homenetwork it's eth0 and wlan0. Eth0 has the IP 10.10.10.200 and wlan0 the IP 10.10.10.118.
SoftEther is bridged to eth0, because the wlan-adapter doesn't support promiscuous mode.
Additional, you need to make sure, that your client(s) alway get the same IP. You can reach this by a special configuration of your dhcp-server or set the IP manually for your SoftEther VPN-Device on client side. I prefere the second way, but this has little disadvantage (or advantage, it is a matter of opinion.) Windows/Softether doesn't set the default route through the VPN, so "normal" traffic isn't redirected. But IPs and Domains in your homenetwork are working well. The function "No adjustment of routing table" has no no influence on this behavior.

But back to topic. Let's also assume, that your Client always get the IP 10.10.10.244.
Then you must Enter this line on your server:

'sudo ip route add 10.10.10.244 dev wlan0' or to be more excatly:
'sudo ip route add 10.10.10.244/32 dev wlan0' or in your case something like:
'sudo ip route add 10.10.10.244/32 dev eth0' (the device which isn't bridged with the VirtualHub)

You can also use ipcalc oder just http://www.subnet-calculator.com/cidr.php to calculate a range of IPs for the routing entry.

With 'sudo ip route add 10.10.10.240/28 dev wlan0' all clients in the range from 10.10.10.240 to 10.10.10.255 will work, included my 10.10.10.244.

If somebody know a more elegant way, please tell us ;)

cshotton
Posts: 3
Joined: Tue Mar 04, 2014 3:01 pm

Re: ssh to VPN server from remote client?

Post by cshotton » Wed Mar 05, 2014 7:23 pm

So here's the situation:

eth1 : 10.0.1.132 - running SoftEther in bridge mode on this interface - connected to 10.0.x.x LAN
eth0: 10.0.1.133 - connect to 10.0.x.x LAN
Remote laptop, VPN connection to SoftEther

I can get a DHCP address (say 10.0.2.1) assigned to the laptop and can see any host on 10.0.x.x except the eth1 interface above. Understandable due to Linux kernel limitations, blah blah.

The laptop can also connect to 10.0.1.133 (eth0) and access any services that are bound to "*" on the server.

What I want to be able to do is connect to the eth0 interface and have 10.0.1.132 respond.

It seems like setting eth0 to run in bridge mode (at the Linux level, not SoftEther level) may be what the SoftEther documentation in section 3.6.11 is trying to describe. Is this correct? Will the eth0 NIC running in bridge mode allow LAN traffic to/from 10.0.1.132 (eth1) to transit the VPN connection to the laptop?

I hate to be such a noob about this, but I have all the right parts to pull this off and the SoftEther documentation is just not quite helpful enough to get me to the proper config here. Any more hints?

qupfer
Posts: 202
Joined: Wed Jul 10, 2013 2:07 pm

Re: ssh to VPN server from remote client?

Post by qupfer » Wed Mar 05, 2014 9:47 pm

Mh, sorry I can't help you anymore. The routing table of my server looks like:

[qupfer@vpn ~]$ ip route show
default via 10.10.10.10 dev enp0s10
default via 10.10.10.10 dev wlp5s0 metric 303
10.0.0.0/8 dev enp0s10 proto kernel scope link src 10.10.10.200
10.0.0.0/8 dev wlp5s0 proto kernel scope link src 10.10.10.118 metric 303
10.10.10.240/28 dev wlp5s0 scope link

And I can ping both from my client: 10.10.10.200 and 10.10.10.118. The Bridge is created with the SoftEther-Windows-Config tool.
You could change the bridge from eth1 to eth0....
You can also try to set your IP manually or change the metric of eth0

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: ssh to VPN server from remote client?

Post by thisjun » Thu Sep 03, 2015 7:25 am

Did you create localbridge or use SecureNAT?

Mada
Posts: 102
Joined: Sat Jun 20, 2015 9:40 am

Re: ssh to VPN server from remote client?

Post by Mada » Sat Oct 31, 2015 11:11 am

I think I have the same problem. Any solution?

My post: http://forum.softether.org/viewtopic.php?t=2770&p=5711

Similar problems:

http://www.vpnusers.com/viewtopic.php?f=7&t=5152
http://www.vpnusers.com/viewtopic.php?f=7&t=5212

Remote accessing a bridge or server running windows seems impossible?

I have tried a second NIC with static ip attached to HW switch attached to the local-bridged NIC. No luck accessing that nic.

Post Reply