When local bridge is enabled, major problems arise

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Bugattikid2012
Posts: 3
Joined: Wed Jul 19, 2017 5:20 pm

When local bridge is enabled, major problems arise

Post by Bugattikid2012 » Wed Jul 19, 2017 5:44 pm

It appears as if whenever local bridging has been enabled and active for ~10-20 minutes, the router for my network becomes overwhelmed and cannot keep up. The ping from any computer on my network reaches into the thousands, up to 13,000 milliseconds of ping. The VPN server refuses connections, and the router can no longer be accessed via the browser interface. Furthermore, the logs found in ~/softethervpn/vpnserver/server_logs/ show *many* new lines of code every second the local bridge is enabled. A log from yesterday has over 2 million *LINES* of logs, and one from today has 600,000 *LINES* of logs. They are effectively just two different things repeating, as shown here.

[code]2017-07-19 13:10:46.948 [HUB "VPN"] SecureNAT: The UDP session 184128 has been created. Connection source 192.168.0.105:41711, Connection destination 255.255.255.255:1900
2017-07-19 13:10:46.958 [HUB "VPN"] SecureNAT: The UDP session 183540 has been deleted.
2017-07-19 13:10:46.988 [HUB "VPN"] SecureNAT: The UDP session 184129 has been created. Connection source 192.168.0.105:55167, Connection destination 255.255.255.255:1900
2017-07-19 13:10:47.089 [HUB "VPN"] SecureNAT: The UDP session 184130 has been created. Connection source 192.168.0.105:51439, Connection destination 255.255.255.255:138
2017-07-19 13:10:47.129 [HUB "VPN"] SecureNAT: The UDP session 183536 has been deleted.
2017-07-19 13:10:47.139 [HUB "VPN"] SecureNAT: The UDP session 184131 has been created. Connection source 192.168.0.105:56325, Connection destination 255.255.255.255:1900
2017-07-19 13:10:47.240 [HUB "VPN"] SecureNAT: The UDP session 184132 has been created. Connection source 192.168.0.105:57400, Connection destination 255.255.255.255:138
2017-07-19 13:10:47.280 [HUB "VPN"] SecureNAT: The UDP session 184133 has been created. Connection source 192.168.0.105:50993, Connection destination 255.255.255.255:1900
2017-07-19 13:10:47.331 [HUB "VPN"] SecureNAT: The UDP session 183543 has been deleted.
2017-07-19 13:10:47.331 [HUB "VPN"] SecureNAT: The UDP session 183496 has been deleted.
2017-07-19 13:10:47.392 [HUB "VPN"] SecureNAT: The UDP session 184134 has been created. Connection source 192.168.0.105:59122, Connection destination 255.255.255.255:138
2017-07-19 13:10:47.392 [HUB "VPN"] SecureNAT: The UDP session 184135 has been created. Connection source 192.168.0.105:45466, Connection destination 255.255.255.255:1900
2017-07-19 13:10:47.564 [HUB "VPN"] SecureNAT: The UDP session 184136 has been created. Connection source 192.168.0.105:39465, Connection destination 255.255.255.255:1900
2017-07-19 13:10:47.564 [HUB "VPN"] SecureNAT: The UDP session 183539 has been deleted.
2017-07-19 13:10:47.595 [HUB "VPN"] SecureNAT: The UDP session 184137 has been created. Connection source 192.168.0.105:45547, Connection destination 255.255.255.255:138
2017-07-19 13:10:47.706 [HUB "VPN"] SecureNAT: The UDP session 184138 has been created. Connection source 192.168.0.105:55357, Connection destination 255.255.255.255:1900
2017-07-19 13:10:47.746 [HUB "VPN"] SecureNAT: The UDP session 184139 has been created. Connection source 192.168.0.105:47781, Connection destination 255.255.255.255:138
2017-07-19 13:10:47.756 [HUB "VPN"] SecureNAT: The UDP session 183500 has been deleted.
[/code]

Yes, this is a local connection, however that makes no differences for the log, nor for connectivity. I have tested it with multiple other connections and I can confirm that the VPN is working perfectly (to my knowledge) without the local bridge enabled. Furthermore, when the local bridge *is* enabled, for the first 10-15 minutes networking and printing from remote connections also works as intended. The issues only arise after the local bridge has time to slow down the router. I can confirm the router has the latest available firmware, and is not in a damaged condition, nor is it incapable of handling softethervpn.

I'm on Arch Linux and have installed softethervpn via the AUR. Everything else that I have done is following this guide: https://www.digitalocean.com/community/ ... nage-users

I need a local bridge because for the purposes of this VPN, it is necessary to be able to print as well as access local networked files. If I can do this with softethervpn without a local bridge, I'd be interested in learning about that, however to my knowledge a local bridge is neccessary.

I currently have the local bridge setup on a dedicated network card, however I have used the general network connection for this PC as well without issue. The steps I took to enable the local bridge are as follows:

[code]
./vpncmd
1 // Choosing option to edit VPN Server and VPN Bridge
localhost:5555 //Necessary to specify this, or I cannot log into the vpncmd tool as admin
hub VPN //Choosing my hub
BridgeDeviceList //Results in two devices, device 7, the general network device, which has a static IP and is set to accept all incoming traffic on necessary ports, and device 8, a second network card that is currently setup to be used by the bridge
BridgeCreate
VPN // Choosing hub for Bridge
Device 8 // Choosing device 8 as the device to be used, of course it should go without saying I entered the actual device name, not "device 8"
BridgeList //Results in showing this Local Bridge as "Operational"
[/code]


I'm not sure as to where the problem lies, but I would really appreciate any help at all. I'm hoping I've messed up in the configuring of the local bridge or something. Thanks for your help and time.

Edit: It also seems worth nothing that the hardware for the VPN Server was made sometime around ~2004 so it's pretty old, but should be fully capable of running a server such as this. If I disable/delete the local bridge, CPU usage drops to about 3%. Note that the rest of SoftEtherVPN is untouched and still running/working, and doesn't change hardly at all (less than 1%) when clients connect. Once I enable the local bridge, CPU usage jumps to 100% with no clients connected. I'm not quite sure what to think of this. Maybe the logging hundreds of lines a second with the bridge enabled is causing the CPU usage increase, and as a result the server sends extra packets to the router since it doesn't realize it's behind? Thus effectively DdoSing the router? Just a thought, input appreciated.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: When local bridge is enabled, major problems arise

Post by thisjun » Fri Jul 28, 2017 5:51 am

Broadcast storm occur.
Please do not use localbridge and SecureNAT at same time.

Bugattikid2012
Posts: 3
Joined: Wed Jul 19, 2017 5:20 pm

Re: When local bridge is enabled, major problems arise

Post by Bugattikid2012 » Fri Jul 28, 2017 8:16 pm

Thanks for the reply! I was beginning to lose hope. So if I just disable SecureNAT, will that be it? Will that fix it on its own? Is there any further configuration required? I would assume not, but I just wanted to check.

Bugattikid2012
Posts: 3
Joined: Wed Jul 19, 2017 5:20 pm

Re: When local bridge is enabled, major problems arise

Post by Bugattikid2012 » Fri Aug 04, 2017 4:35 pm

I would like to point out that I can not get the server working, and I never received an answer from my last question. When attempting to connect after disabling SecureNAT, I can no longer receive an IP address from the VPN which results in an error of 720 from IPSec. Some help would be greatly appreciated, I can't find hardly anything on the topic, and I have a deadline looming.

If I enable the dhcp part of SecureNat, but disable the NAT part of SecureNat, I still cannot connect. However, enabling the NAT part allows me to connect and everything works well, however the endless loopback happens again. I still can't find anything on this issue and I would really like to get this fixed soon.

Edit: Not sure exactly what the issue was, but I renamed the configuration file so it would be re-created and that fixed the localbridge issues I was having. SecureNat (both NAT and DHCP) can be disabled and local bridging works. One thing to note is that I have the two different ethernet devices plugged into a different HUB and Switch for each, but I do not believe this makes a difference.

Post Reply