VPN- Client connected, but no access to the server itself

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
XxX_Cobra_XxX
Posts: 7
Joined: Fri Dec 13, 2013 2:23 pm

VPN- Client connected, but no access to the server itself

Post by XxX_Cobra_XxX » Fri Dec 13, 2013 2:50 pm

Hi @ all.

I have setup the vpn- server on a Netgear ReadyNAS RN104 with OS6.

The connection of VPN- Clients is successfull and i have access to all computers and routers of the NAS- Network.

But i have no access to the NAS itself over VPN.

Please help me...

kh_tsang
Posts: 551
Joined: Wed Jul 24, 2013 12:09 pm

Re: VPN- Client connected, but no access to the server itsel

Post by kh_tsang » Sat Dec 14, 2013 6:04 am

Same here.

UkrZilla
Posts: 65
Joined: Sun Dec 15, 2013 8:34 am

Re: VPN- Client connected, but no access to the server itsel

Post by UkrZilla » Wed Dec 18, 2013 7:43 pm

You can't connect to server's virtual address.
You have to create local bridge on internal netcard and virtual hub.
Than connect to internal real address.

XxX_Cobra_XxX
Posts: 7
Joined: Fri Dec 13, 2013 2:23 pm

Re: VPN- Client connected, but no access to the server itsel

Post by XxX_Cobra_XxX » Thu Dec 19, 2013 8:39 am

UkrZilla wrote:
> You can't connect to server's virtual address.
> You have to create local bridge on internal netcard and virtual hub.
> Than connect to internal real address.

I have created a Local Bridge on the NAS VPN Server to eth1 where no cable is connected and to eth0 where the LAN cable is connected but i don't have access to the Local Internal IP 192.168.0.2 of the NAS over the VPN connection.

Do you have any idea?

Screenshots below
You do not have the required permissions to view the files attached to this post.

UkrZilla
Posts: 65
Joined: Sun Dec 15, 2013 8:34 am

Re: VPN- Client connected, but no access to the server itsel

Post by UkrZilla » Thu Dec 19, 2013 9:29 am

XxX_Cobra_XxX, where did you get ip address from?
From buid-in DHCP in SoftEther or from you local net connected to eth1?
Anyway ip address on vpn session has to be in same subnet with eth1 - 192.168.0.0

XxX_Cobra_XxX
Posts: 7
Joined: Fri Dec 13, 2013 2:23 pm

Re: VPN- Client connected, but no access to the server itsel

Post by XxX_Cobra_XxX » Thu Dec 19, 2013 11:00 am

UkrZilla wrote:
> XxX_Cobra_XxX, where did you get ip address from?
> From buid-in DHCP in SoftEther or from you local net connected to eth1?
> Anyway ip address on vpn session has to be in same subnet with eth1 -
> 192.168.0.0

Hi UkrZilla, i get the ip adress from my local net that is connected to eth1 (192.168.0.0) and i can access all other computers in the real local network but not the NAS.

The status of the VPN- Connection shows the ip 192.168.0.4 but the subnetmask is 255.255.255.255

UkrZilla
Posts: 65
Joined: Sun Dec 15, 2013 8:34 am

Re: VPN- Client connected, but no access to the server itsel

Post by UkrZilla » Thu Dec 19, 2013 11:37 am

Hi XxX_Cobra_XxX
I think problem not in SothEther Server.
What about firewall?
How do you check access to NAS?
Can you temporary flush iptables rules in all chunks?

XxX_Cobra_XxX
Posts: 7
Joined: Fri Dec 13, 2013 2:23 pm

Re: VPN- Client connected, but no access to the server itsel

Post by XxX_Cobra_XxX » Thu Dec 19, 2013 11:58 am

UkrZilla wrote:
> Hi XxX_Cobra_XxX
> I think problem not in SothEther Server.
> What about firewall?
> How do you check access to NAS?
> Can you temporary flush iptables rules in all chunks?

I have only enabled the firewall on the router behind the NAS. But i have forwarded all VPN ports to the NAS.
I check the access to the NAS in different ways.

I put the local IP from the NAS (192.168.0.2) in the browser --> no access
I check it with the explorer \\192.168.0.2 --> no access
I ping the ip with cmd of windows ping 192.168.0.2 --> no answere

Sorry, but what do you mean with temporary flush iptables?

UkrZilla
Posts: 65
Joined: Sun Dec 15, 2013 8:34 am

Re: VPN- Client connected, but no access to the server itsel

Post by UkrZilla » Thu Dec 19, 2013 7:17 pm

1. Try to get adress from build-in in SoftEther DHCP server.
2. Reboot NAS.
3. On Windows Server 2008 SE works very fine, predictable, without surprises.
4. Does your vpn user have any active security policy?
5. Does your virtual hub have any access list?

UkrZilla
Posts: 65
Joined: Sun Dec 15, 2013 8:34 am

Re: VPN- Client connected, but no access to the server itsel

Post by UkrZilla » Sat Dec 21, 2013 1:02 pm

XxX_Cobra_XxX,

http://www.softether.org/4-docs/1-manua ... _SecureNAT

If you are using Linux or Solaris, you can communicate within the Virtual Hub (VPN) from the network adapter connected to by the local bridge to the LAN, but you can not communicate to the network adapter itself. This is a restriction imposed by the Linux kernel.

XxX_Cobra_XxX
Posts: 7
Joined: Fri Dec 13, 2013 2:23 pm

Re: VPN- Client connected, but no access to the server itsel

Post by XxX_Cobra_XxX » Sat Dec 21, 2013 4:24 pm

UkrZilla wrote:
> XxX_Cobra_XxX,
>
>
> http://www.softether.org/4-docs/1-manua ... _SecureNAT
>
> If you are using Linux or Solaris, you can communicate within the Virtual
> Hub (VPN) from the network adapter connected to by the local bridge to the
> LAN, but you can not communicate to the network adapter itself. This is a
> restriction imposed by the Linux kernel.


Hy UkrZilla,

and there is no way to solve or change this on the linux kernel?

UkrZilla
Posts: 65
Joined: Sun Dec 15, 2013 8:34 am

Re: VPN- Client connected, but no access to the server itsel

Post by UkrZilla » Sat Dec 21, 2013 7:00 pm

I'll check how to resolve this problem.
I've installed Ubuntu Server and SE works fine.
Now I'm testing this.

XxX_Cobra_XxX
Posts: 7
Joined: Fri Dec 13, 2013 2:23 pm

Re: VPN- Client connected, but no access to the server itsel

Post by XxX_Cobra_XxX » Sun Dec 22, 2013 7:44 am

UkrZilla wrote:
> I'll check how to resolve this problem.
> I've installed Ubuntu Server and SE works fine.
> Now I'm testing this.

Hy UkrZilla

Wow! You are the best! Thank you very much!!!

UkrZilla
Posts: 65
Joined: Sun Dec 15, 2013 8:34 am

Re: VPN- Client connected, but no access to the server itsel

Post by UkrZilla » Wed Dec 25, 2013 8:14 am

So, after small investigation I can say that you have only one workaround:
1. Both cards from your NAS you have to connect to switch/router.
First with assigned address from 192.168.0.0 and second without address - we will use it for local bridge with virtual hub.
2. Make local bridge between virtual hub and second card.
3. Make port redirecting on your router to NAS - tcp:443/5555/1194.

After connect you can access to NAS by address from first netcard.

XxX_Cobra_XxX
Posts: 7
Joined: Fri Dec 13, 2013 2:23 pm

Re: VPN- Client connected, but no access to the server itsel

Post by XxX_Cobra_XxX » Wed Dec 25, 2013 9:27 am

UkrZilla wrote:
> So, after small investigation I can say that you have only one workaround:
> 1. Both cards from your NAS you have to connect to switch/router.
> First with assigned address from 192.168.0.0 and second without address -
> we will use it for local bridge with virtual hub.
> 2. Make local bridge between virtual hub and second card.
> 3. Make port redirecting on your router to NAS - tcp:443/5555/1194.
>
> After connect you can access to NAS by address from first netcard.

Hy UkrZilla,

i have to assign the ip from the first network card from the router via dhcp and specify the ip from the second card manual in the same subnet, is that right?

UkrZilla
Posts: 65
Joined: Sun Dec 15, 2013 8:34 am

Re: VPN- Client connected, but no access to the server itsel

Post by UkrZilla » Wed Dec 25, 2013 9:32 am

Hello XxX_Cobra_XxX!

Second card has to be without any ip. This card you have to use to make local bridge, not first card.

UkrZilla
Posts: 65
Joined: Sun Dec 15, 2013 8:34 am

Re: VPN- Client connected, but no access to the server itsel

Post by UkrZilla » Wed Dec 25, 2013 9:33 am

You have to assign the ip from the first network card from the router via static.
So, you can know this address)

Post Reply