Page 1 of 1

softether TAP interface on unprivileged container not passing to host

Posted: Fri May 17, 2019 7:09 am
by rexkani
Dear all,

I have a Proxmox host and I have been trying to follow instructions found on the internet to enable my container to create a TAP device.
i used this on the pve host:
/etc/pve/lxc/102.conf

lxc.cgroup.devices.allow = c 10:200 rwm
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file
i see the TAP device successfully created by softether:
2: tap_soft: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 5e:11:6f:f3:8f:db brd ff:ff:ff:ff:ff:ff
inet6 fe80::5c11:6fff:fef3:8fdb/64 scope link
valid_lft forever preferred_lft forever
but when i try to establish a L2TP vpn from a remote host, the remote host traffic cant seem to go to the pve host and DHCP cannot be processed:
2019-05-16 03:03:21.625 On the TCP Listener (Port 0), a Client (IP address xxx.xxx.xxx.xxx, Host name "xxx.xxx.xxx.xxx", Port number 1701) has connected.
2019-05-16 03:03:21.625 For the client (IP address: xxx.xxx.xxx.xxx, host name: "xxx.xxx.xxx.xxx", port number: 1701), connection "CID-1" has been created.
2019-05-16 03:03:21.625 SSL communication for connection "CID-1" has been started. The encryption algorithm name is "(null)".
2019-05-16 03:03:21.625 [HUB "VPN"] The connection "CID-1" (IP address: xxx.xxx.xxx.xxx, Host name: xxx.xxx.xxx.xxx, Port number: 1701, Client name: "L2TP VPN Client", Version: 4.29, Build: 9680) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "abc".
2019-05-16 03:03:21.625 [HUB "VPN"] Connection "CID-1": Successfully authenticated as user "abc".
2019-05-16 03:03:21.625 [HUB "VPN"] Connection "CID-1": The new session "SID-abc-[L2TP]-2" has been created. (IP address: xxx.xxx.xxx.xxx, Port number: 1701, Physical underlying protocol: "Legacy VPN - L2TP")
2019-05-16 03:03:21.625 [HUB "VPN"] Session "SID-abc-[L2TP]-2": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2019-05-16 03:03:21.625 [HUB "VPN"] Session "SID-abc-[L2TP]-2": VPN Client details: (Client product name: "L2TP VPN Client", Client version: 429, Client build number: 9680, Server product name: "SoftEther VPN Server (64 bit)", Server version: 429, Server build number: 9680, Client OS name: "L2TP VPN Client", Client OS version: "-", Client product ID: "-", Client host name: "anonymous", Client IP address: "xxx.xxx.xxx.xxx", Client port number: 1701, Server host name: "xxx.xxx.xxx.xxx", Server IP address: "xxx.xxx.xxx.xxx", Server port number: 1701, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "VPN", Client unique ID: "FC3F68CDF0545A43EC372F364A3BE044")
2019-05-16 03:03:21.685 L2TP PPP Session [xxx.xxx.xxx.xxx:1701]: Trying to request an IP address from the DHCP server.
2019-05-16 03:03:26.687 L2TP PPP Session [xxx.xxx.xxx.xxx:1701]: Acquiring an IP address from the DHCP server failed. To accept a PPP session, you need to have a DHCP server. Make sure that a DHCP server is working normally in the Ethernet segment which the Virtual Hub belongs to. If you do not have a DHCP server, you can use the Virtual DHCP function of the SecureNAT on the Virtual Hub instead.
2019-05-16 03:03:33.368 L2TP PPP Session [xxx.xxx.xxx.xxx:1701]: The VPN Client sent a packet though an IP address of the VPN Client hasn't been determined.
2019-05-16 03:03:33.368 L2TP PPP Session [xxx.xxx.xxx.xxx:1701]: A PPP protocol error occurred, or the PPP session has been disconnected.
Futher looking at my host, I'm not seeing any TAP device on the host, is this going to be an issue?
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
5: veth100i0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
12: veth103i0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr103i0 state UP group default qlen 1000
13: fwbr103i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
14: fwpr103p0@fwln103i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
15: fwln103i0@fwpr103p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr103i0 state UP group default qlen 1000
17: veth104i0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr104i0 state UP group default qlen 1000
18: fwbr104i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
19: fwpr104p0@fwln104i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
20: fwln104i0@fwpr104p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr104i0 state UP group default qlen 1000
22: veth105i0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr105i0 state UP group default qlen 1000
23: fwbr105i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
24: fwpr105p0@fwln105i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
25: fwln105i0@fwpr105p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr105i0 state UP group default qlen 1000
27: veth106i0@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr106i0 state UP group default qlen 1000
28: fwbr106i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
29: fwpr106p0@fwln106i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
30: fwln106i0@fwpr106p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr106i0 state UP group default qlen 1000
32: veth108i0@if31: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr108i0 state UP group default qlen 1000
33: fwbr108i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
34: fwpr108p0@fwln108i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
35: fwln108i0@fwpr108p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr108i0 state UP group default qlen 1000
37: veth102i0@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr102i0 state UP group default qlen 1000
38: fwbr102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
39: fwpr102p0@fwln102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
40: fwln102i0@fwpr102p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr102i0 state UP group default qlen 1000
42: veth109i0@if41: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr109i0 state UP group default qlen 1000
43: fwbr109i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
44: fwpr109p0@fwln109i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
45: fwln109i0@fwpr109p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr109i0 state UP group default qlen 1000

I found this on the softether interface, which shows the mac address learned from the local-bridge, on the local-bridge built on the container's eth0, i can see mac addresses.

but on the local-bridge built on the TAP interface, no mac can be learnt

Image


Any one has some idea of what is happening to me?

Re: softether TAP interface on unprivileged container not passing to host

Posted: Mon May 27, 2019 3:22 am
by rexkani
is there anyone who has any idea on my case?

Re: softether TAP interface on unprivileged container not passing to host

Posted: Tue Jun 11, 2019 7:50 am
by thisjun
Could you explain more about the VPN server configuration and network environment?