SoftEther VPN User Forum

Hi all, I set up a Vpn server on a win machine.
My problem is that I'm able to connect to it only using the Softether client software for windows (works both with and without vpnAzure but not without Nat-T); if I try to use the embedded Vpn client on win or the one of iPhone-iPad or even tunnelblink for my Mac, I can't establish the connection. The error says that the server was not find.
I already forwarded 500 and 4500 to the Vpn server.
Do you have any suggestion?

Hello,

For the L2TP protocol to work (the built in windows, IOS, android clients), you also need to open the UDP port 1701.

Hi and thanks for the answer.
I already did that as well - didn't write that because I read that according to some other guy it's not necessary. But in any case it's already open that port as well. I still can't understand why ONLY Softether client software works..

Make sure you have enabled l2tp support on the server. It is disabled by default.

please check this page from the manual :

https://www.softether.org/4-docs/2-howt ... VPN_Server

Yeah, everything is enabled.

Here is the question:

Would this kind of clients (not using Softether client software) work behind NAT? I forwarded ports on my router but of course I cannot work on the NAT of my IPS...does my question make sense?

Thanks

up.
thanks

Does router WAN port have global IP address?

Nope, It has a private dynamic ip since there is NAT from my ISP!!! Is this the problem?

I think so.

But then what is special in Softether Client compared to other softwares?

I tried to establish a PPTP VPN (which should support NAT-T) from my iPhone and iPad but they don't work..

I recommend that you should use cloud server for VPN server.

Hi, what do you mean with cloud server? Do you mean Azure VPN or something else? thanks

Petrol wrote:
> Hello,
>
> For the L2TP protocol to work (the built in windows, IOS, android clients),
> you also need to open the UDP port 1701.

No, its not. 1701 is for L2TP. But the "L2TP-Traffic" is encapsulated in IPSec.
Just UDP 500 and UDP 4500 is needed.

Can you post your ovpn-config file? And maybe you can verify with wireshark/tcpdump, that traffic "arrives" at the server then you try ipsec?
For example on server-side with tcpdump
sudo tcpdump -n -i SERVERINTERFACE "udp and (port 500 or port 4500)"
sudo tcpdump -n -i br0 "udp and (port 500 or port 4500)"


Edit: I read, you tried PPTP??? Softether Server does NOT support PPTP. Only L2TP/IPsec and SSTP.
SSTP needs a valid Certificate on Clients....so thats not that easy to configure.
I recommend OpenVPN in TCP-Mode at Port 443. Nearly as "robust" as SSTP and Softether against (simple) Firewalls, but works on Windows/Linux/OSX/iOS and Android.
L2TP/Ipsec works also with every Client and you can use the build-in Client, but IPsec is more often blocked by firewalls. Because many public Networks are blocking UDP-Traffic.

I think your network environment is not suitable for VPN server.
So, please use a VPS service to install VPN server.