VPN Clients Can't Connect to Server when in VPN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
alfer
Posts: 3
Joined: Fri Sep 12, 2014 11:48 pm

Re: VPN Clients Can't Connect to Server when in VPN

Post by alfer » Sat Sep 13, 2014 12:44 am

After struggling with this for the better part of a day I finally found the solution on an obscure post. I too was not able to connect to any services running on the server running SoftEther, although I was able to connect out to the Internet and to all other IP's on my LAN. To resolve this, like the documentation in section 3.6.11 says you have to create another physical interface. If you have a physical server that means installing another NIC if you dont have two already, in my case I'm using VirtualBox so I simply attached another virtual NIC to my VM's instance (which is attached to the same physical NIC on the host machine as the primary virtual NIC).

What the documentation doesn't tell you, is that this second NIC needs to be on a different subnet than your primary. So say your primary NIC's IP is 192.168.1.2, gateway 192.168.1.1. Your secondary NIC needs to be on for example 192.168.2.2, with gateway 192.168.2.1. Even though that gateway may well not exist (it doesnt in my case) this simple change fixed the problem and I am now able to SSH and access other services running on the VPN server. In Ubuntu 12.04 Linux I was able to modify my NIC config in /etc/network/interfaces to read:

auto eth2
iface eth2 inet static
address 192.168.2.2
netmask 255.255.255.0
gateway 192.168.2.1
dns-nameservers 8.8.8.8

Once your second NIC is up and running, just connect a local bridge from your virtual hub to the second NIC (eth2 in my case). You dont need to use a local bridge to the primary NIC, it is unnecessary. Hope it helps someone, and I also hope the fine developers at UoT can update section 3.6.11, and 11.1.2 of the manual to make this a bit more clear!

garnet
Posts: 3
Joined: Sun Feb 25, 2018 9:02 pm

Re: VPN Clients Can't Connect to Server when in VPN

Post by garnet » Sun Feb 25, 2018 9:09 pm

Hi all
I have similar problem. I use IPSec and can connect to my VPN server running on raspbian on raspberrypi 3.
From client I can access the internet with my home IP (softether runs at home).
I can also ping the home gateway, in my case 10.10.10.1
My VPN server is 10.10.10.108 but I can not ping it at all.
I have one bridge between my vpn hub and eth0
Above solution didnt work.
What might be the problem?

Railtracer
Posts: 14
Joined: Sat Dec 23, 2017 7:09 am

Re: VPN Clients Can't Connect to Server when in VPN

Post by Railtracer » Tue Feb 27, 2018 6:51 pm

Garnet, this is a super old post, its more useful if you create your own post with a new topic.

In my own experience, when the vpn server only has one nic and is running a hub bridge off of it, clients that connect to that hub don't seem to have network connectivity to the server itself. I don't know the full explanation for this or if it is a bug, or a limitation of softether. What I do know is that the best practice for softether server is for the server to have a dedicated NIC for itself to use and receive connections on, as well as a dedicated NIC with protocols removed for the bridge to the virtual hub. When I ran in this configuration I was able to have clients ping the vpn server itself through the vpn, perhaps because their traffic is routed through a different NIC than the ping destination. This is just a guess. If your server is running on a pi 3 though, unless you are using a USB nic I would guess you are only using a single NIC for the server.

In the case of alfers response above, I think he may be slightly misled. The secondary NIC does not need to be on a different subnet. Ideally it has tcp protocols disabled and does not receive an IP address at all, and is a physical NIC dedicated to the task. I have used a single physical NIC, addressed as multiple virtual nics in a hypervisor for the purpose of having a dedicated virtual nic with disabled protocols, but since you are not running virtual, you need to add a physical NIC.

Long story short, read up in the tutorials, and work to follow softether best practices for the physical config of your server, you may get better results. There are legitimate reasons to use a second dedicated NIC, so I would find one that is compatible with rasbian and see if that makes the difference for you.

garnet
Posts: 3
Joined: Sun Feb 25, 2018 9:02 pm

Re: VPN Clients Can't Connect to Server when in VPN

Post by garnet » Tue Feb 27, 2018 8:04 pm

Hi

It is an old topic, but very relevant. I hope someone from thenteam sees it and provide input. I can not add a second nic to the pi. Can i somehow use virtual nic?

qupfer
Posts: 202
Joined: Wed Jul 10, 2013 2:07 pm

Re: VPN Clients Can't Connect to Server when in VPN

Post by qupfer » Wed Feb 28, 2018 8:09 am

Bind the vpn to a virtual interfact (tap_soft) and then use bridge utils and your network-configuration tool (like systemd-networkd) to create a bridge between the vpn/tap device and the physical device.

garnet
Posts: 3
Joined: Sun Feb 25, 2018 9:02 pm

Re: VPN Clients Can't Connect to Server when in VPN

Post by garnet » Sat Mar 03, 2018 1:11 pm

qupfer wrote:
> Bind the vpn to a virtual interfact (tap_soft) and then use bridge utils
> and your network-configuration tool (like systemd-networkd) to create a
> bridge between the vpn/tap device and the physical device.

I am not sure how to do this. Could you give some examples please.
I dont see any option to bind the vpn hub to a tap interface. Ingot one tap already but it doesnt show in the bridge options in softether.

Post Reply