Linux Client Configuration

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
riccardoprandini01
Posts: 3
Joined: Fri Jul 27, 2018 6:36 am

Linux Client Configuration

Post by riccardoprandini01 » Sat Jul 28, 2018 6:42 am

Hi I have done:
SERVER/NETWORK

1) A small server at home based on raspi where I have compiled and configured a local vpn.
2)Configured it via GUI using ReactOS (I can't belive it works).
3)I have LocalBridge that connect vitual hub with phisical card.

This is the guide where I took idea and code https://liewdaryl.wordpress.com/2015/06 ... erry-pi-2/
but also those are very useful was
http://blog.lincoln.hk/blog/2013/03/19/ ... er-on-vps/
http://blog.lincoln.hk/blog/2013/05/17/ ... al-bridge/

My network is 192.168.11.xxx
I have a Router with DHCP at 192.168.11.1
I am behind double NAT network and this is not so great so i use vpnazure

CLIENT

I need:
1) The devices works remotely as connected locally to the LAN I have mobile Internet WIFI key or thetering phone.
2) The possibilities of the devices to connect also as local in the LAN (without messing up all)
3) The ability to navigate via Internet using (preferentially no vpn but real interface)

So what I have done

In Debian Laptop i have
1) make vpnclient
2) via vpncmd
2.1) Created a NIC niccreate
2.2) Created an account
2.3) Set the password
2.4) Start the connection.

And OK it say connected. Also the server say connected.

So i have this situation when in VPN
1)
wls5 wireles of laptop connected to the phone then to the internet
inet 192.168.43.229/24 brd 192.168.43.255 scope global dynamic wls5

2)vpn_test1 the nic created by softether
no ip assigned

Now I can ping my vpnazure.

ip route show

default via 192.168.43.1 dev wls5 proto static metric 600
192.168.43.0/24 dev wls5 proto kernel scope link src 192.168.43.229 metric 600


Now I can see if I am really connected

sudo dhclient vpn_test1

now i have an IP assigned by dhcp remote router

ip a

vpn_test1 the nic created by softether
inet 192.168.11.107/24 brd 192.168.11.255 scope global vpn_test1

It looks like OK but.........................................suddenly


1) accountlist shows vpn in Connecting status
2) dns can't resolve anything
3) traceroute / ping go nowhere
4) ip route show

default via 192.168.11.1 dev vpn_test1
default via 192.168.43.1 dev wls5 proto static metric 600
192.168.11.0/24 dev vpn_test1 proto kernel scope link src 192.168.11.107
192.168.43.0/24 dev wls5 proto kernel scope link src 192.168.43.229 metric 600

So I think that system try to resolve vpnazure thru the vpn itself and it goes down

if I do accountdisconnect and account connect it vpn keep the status connecting

if i do
ip addr flush dev vpn_test1
route become clear
I can do a disconnect and reconnect and it works return at the point before dhclient.


HOW TO SOLVE?
some ideas reading around.

1)create a TUN on the server a private DHCP on the server and a routing rule between TUN and real network?
2)Create a specific configuration on each client?

I think the first is the better because I can create 2 TUN 2 VirtualHUB.
The first can issue via DNS the info to use client resource to navigate in internet and vpn to reach a range of ip.
The second can issue to use VPN for each resolution exept the endpoint of vpnazure.

Is this possible.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Linux Client Configuration

Post by thisjun » Thu Aug 09, 2018 6:21 am

>default via 192.168.11.1 dev vpn_test1

This configuration is not good.
You don't need it.

qupfer
Posts: 202
Joined: Wed Jul 10, 2013 2:07 pm

Re: Linux Client Configuration

Post by qupfer » Fri Aug 10, 2018 2:06 pm

I set vpnclient to auto-connect and use this bash script

qupfer@yogaarch ~ % cat vpnstart.sh
#!/bin/bash
sudo vpnclient start
sleep 1
sudo dhcpcd -B -G -C resolv.conf vpn_vpn #stops with ctrl+c
sudo vpnclient stop


Other solution should be to add a static route to your vpn-server. I think your problem is, that your system tries to send the encrypted vpn traffic through the vpn because you got a new default route which point to the vpn tunnel endpoint.

riccardoprandini01
Posts: 3
Joined: Fri Jul 27, 2018 6:36 am

Re: Linux Client Configuration

Post by riccardoprandini01 » Sun Aug 19, 2018 9:51 am

thisjun wrote:
> >default via 192.168.11.1 dev vpn_test1
>
> This configuration is not good.
> You don't need it.
OK this i true i have to delete it but how to avoid its creation?

riccardoprandini01
Posts: 3
Joined: Fri Jul 27, 2018 6:36 am

Re: Linux Client Configuration

Post by riccardoprandini01 » Sun Aug 19, 2018 9:57 am

Yes this is the problem but dhcpcd

-B, --nobackground
-G, --nogateway
-C, --nohook script
So to stop dhcpcd from touching your DNS or MTU settings you would do:-
dhcpcd -C resolv.conf -C mtu eth0

This could be useful thanks!

qupfer wrote:
> I set vpnclient to auto-connect and use this bash script
>
> qupfer@yogaarch ~ % cat vpnstart.sh
> #!/bin/bash
> sudo vpnclient start
> sleep 1
> sudo dhcpcd -B -G -C resolv.conf vpn_vpn #stops with ctrl+c
> sudo vpnclient stop
>
>
> Other solution should be to add a static route to your vpn-server. I think
> your problem is, that your system tries to send the encrypted vpn traffic
> through the vpn because you got a new default route which point to the vpn
> tunnel endpoint.

Post Reply