Page 1 of 1

Connecting fails with Error Code 1

Posted: Sat Feb 27, 2021 4:57 pm
by Purpleivan
As this is a fairly fundamental/broad error code I'll provide as much detail as I can on my setup.

I'm running Softether server on a Window 10 machine and it's set to use the default ports (443, 992,1194 and 5555). All of these ports are forwarded (TCP and UDP) from my router to the local IP of the machine running the server.

I installed Softether client on my laptop, which via a USB tethered internet connection from my phone, I'm connecting from an outside (mobile) network, to my home (fibre) network. However when I attempt to connect the client, it fails with Error Code 1.

The client has the correct Global IPv4 address for the the network my server machine is on and the Virtual Hub Name is also correct. For the port number, I've tried both 443 and 5555 without success.

Both server and client are on Ver 4.34, Build 9745.

I can ping the IP of my network from the laptop I'm running the client on. I tried temporarily disabling the firewall and AV on both machines, to rule them out as a cause, but that made no difference.

Does anyone have any suggestions for a possible cause, or more tests I could try?

Re: Connecting fails with Error Code 1

Posted: Sat Feb 27, 2021 7:03 pm
by nobody12
Maybe first verify if you really can connect from the internet to your server:
install IIS, or any web server, put a file test.html into the web-root of you server
content:

Code: Select all

<html>
<hr>
blablabla<br>
<hr>
</html>
forward port 80 from your router to the server.
Then try to open the url from a PC in the internet.
Does that work?

Re: Connecting fails with Error Code 1

Posted: Sun Feb 28, 2021 11:59 am
by Purpleivan
I ran the test you suggested and can confirm that it works, as I see your test message page when I connect to my server machine from an external network (laptop tethered to my mobile).

So what would the next step be?

BTW... thanks for helping me out with this.

Re: Connecting fails with Error Code 1

Posted: Sun Feb 28, 2021 12:32 pm
by nobody12
On the Server in
C:\Program Files\SoftEther VPN Server\server_log
If you at the end of the latest logfile, are the messages about a connection?

On the client in
C:\Program Files\SoftEther VPN client\client_log
Do you find anything which gives you an idea what could be wrong?

But the error number suggests that there was a problem connecting to the server
https://github.com/SoftEtherVPN/SoftEth ... en.stb#L63

If you dont find anything in the logs, maybe disable the windows firewall completely if not already tried.
Or stop the Softether server, make the webserver listening on the same port as softether tries to connect, The try to open a connection using the browser with :portnumber at the end of the url.

Re: Connecting fails with Error Code 1

Posted: Sun Feb 28, 2021 3:30 pm
by Purpleivan
Following what you suggested, here's what I found.

Server
The latest server log file shows no sign of a the connection being attempted.

Client
Nothing in the client log other than Error Code1 "Connection to the server failed. Check network connection and make sure that address and port number of destination server are correct."

Changing web server to use VPN port
I stopped the Softether server and changed the web server to be bound to port 443. However this created some issues.

When I enter the port number change I get a message from IIS that "This binding is already being used. If you continue you might overwrite the certificate for this IP Address:Port or Host Name:Port combination. I clicked Yes to make the change, but after that I was unable to restart the web server as I get the message "This website cannot be started. Another website may be using the port".

Additionally since then I've been unable to start the Softether server from the Server Manager, as this failes with the message "Connection to the server failed. Check network connection..."

Re: Connecting fails with Error Code 1

Posted: Sun Feb 28, 2021 8:34 pm
by nobody12
Port 443 is used by the webserver to serve ssl protected pages.
If you want to try the test again, reset all changes you made to the webserver, or uninstall/reinstall, check that a binding on port 443 is present. The try to open the testfile with https (this will use port 443).
To make softether working again, it should be enough to uninstall the web-server.

When Softether works again, maybe you could make a new test:
Connect from within your own network to the internal IP of the SE server. If that works fine but be connection from the internet still not, the problem most likely is at the router which you use to connect to the internet, check the portforwarding again, firewall rules etc.

Re: Connecting fails with Error Code 1

Posted: Mon Mar 01, 2021 3:08 pm
by Purpleivan
I went back to Softether and found that VPN Manager Listener List, that port 443 was had the status of "error", while the other three were listening. I then deleted port 443 from the list, replacing it with 501. After that I changed my port forwarding of 443 to 501 on my router, then changed the port setting on my Softether client to 501 as well.

After doing that I am now able to get a connection to the VPN server from my laptop :)

However I need clients machines connected to the VPN, to have access the internet via the VPN, with their IP appearing to be that of the VPN Server, for which I need to enable the Virtual DHCP Server functionality. However when enabling SecureNAT with the VIrtual DHCP enabled to do this, I get a message "Are you sure you want to enable the SecureNAT..." and of particular interest further down the message is the part which says "Also please take care if there is already a DHCP server in a location that can be reached from a Virtual Hub Layer 2 segment... otherwise there will be a DHCP conflict".

My goal in setting up a VPN is not to run it on my home PC (this is just a test), but to set one up at the office of the company I work for. However the office is in Norway and I'm in the UK and due to the Covid situation it's not possible for me to travel there to do this. I have access to the PC I will set the VPN up on at the office, via remote desktop, with access to that via the current (very slow) VPN which is running on an Asus router.

That router is acting also acts as the DHCP server for the small number of devices in the office, as well as providing the VPN that I and a few others use on a daily basis.

So I have a question... if I set up the new Softether VPN, running the Virtual DHCP server, is that that likely to conflict with the DHCP server currently running on the router?

I don't know if that's a straightforward question to answer (I'm guessing not), but some opinion on the likelyhood of a conflict would be useful.

If all else fails and after setting up the new VPN there is a DHCP conflict, I plan to have someone in the office (so with physical access to the machine the new VPN would be running on) turn off the Softether VPN.

If there is a DHCP conflict, is there a way to avoid that, e.g. to somehow limit the allocations of IP addresses by the Softether Virtual DHCP to only the remote machines that have connected to it and not include those in the office.

I know that's all quite a big dump of information and going well beyond my initial question. Let me know if I should start a new thread.

Re: Connecting fails with Error Code 1

Posted: Mon Mar 01, 2021 7:26 pm
by nobody12
Good.
If you create a VPN where all clients send all their traffic through the VPN, you dont need to activate the Secure NAT. Just add users. The clients will get their IP from the current DHCP server (the asus router). The drawback of this option is that as long as the VPN connectiion is up, any traffic to the internet will go throught the VPN - using additional bandwidth.
If you want to route only traffic to the VPN for hosts inside (split routing), maybe better setup an extra network within the SoftEther VPN.
Assuming your local network where the VPN server lives has 192.168.10.0/24
Your default router has 192.168.10.1
The IP Adress 192.168.10.254 is free for use.
Create a new HUB, named VPN-Network. Activate The Secure NAT option
Disable the "use Virtual NAT function"
Give it the IP adress of 192.168.11.2/255.255.255.0
Activate the virtual DHCP server. with address range: 192.168.11.10 to 192.168.11.200
Leave the Default Gateway Adress empty.
Edit the static routing table to push:
Insert 192.168.10.0/255.255.255.0/192.168.11.1
Press Ok.
Set a DNS server of your choice, which is able to resolve names in the local network.
Create a new L3 switch
Associate it with the "VPN-Network", give it the IP 192.168.11.1
Associate it with the default hub already present, give it the IP 192.168.10.254
On your Default router (the Asus) add a static route:
destination 192.168.11.0/24 gateway 192.168.10.254 network mask 255.255.255.0
It would be better for performance If the asus router is able to distribute routes but I guess it is not able to do so. Anyway if this is possible, distribute a route to the clients like 192.168.11.0/24 gateway 192.168.10.254

In the clients configuration set the clients VPN hub option to use the "VPN-Network"
Now, when a client dials in to the VPN network, he will be given an adress out of the 192.168.11.0 range. And he will be told that if he wants to reach a host inside the 192.168.10.0 network packet shoud be send to the 192.168.11.1 router (the L3 switch) which will forward the packet into the 192.168.10.0. network.
Hosts in the 192.168.10.0 network which want to talk to the VPN client will send packets to the default router, which will then redirect these packets to the 192.168.10.254 address which is the IP of the L3 switch, which will send these into the 192.168.11.0 network.
Because you did not activate the NAT option you have a bi-directional communication between clients and the local network.
Because you left the defaiult gateway empty in the secure NAT DHCP configuration, clients internet traffic will still be routed through the clients default gateway - saving bandwidth four your local network.

This is what I recommend if you dont want to send all traffic through the VPN. I dont know, If it can be done in an easier way with SoftEther, but it works with other systems and also with SoftEther.

Re: Connecting fails with Error Code 1

Posted: Tue Mar 02, 2021 9:20 am
by Purpleivan
Thanks for that substantial and detailed response. I'll take a thorough read of it after work... and more coffee :)

Re: Connecting fails with Error Code 1

Posted: Tue Mar 02, 2021 10:34 pm
by Purpleivan
As a first step I wanted to try creating the VPN at the office without setting up the split routing that you described, but I've hit a problem.

I connected using the router VPN and Remote Desktoped to the machine that I intended to install the new VPN on. I then installed Softether Server and set up a VPN on that machine. After that I set up the Softether client on my home machine and straightaway got a connection to the new office VPN.

Hurrah I thought... but not so fast.

Although the client shows a connection and the new VPN server log at the office shows that connection having been made, I get no functionality through it.

First I tried to remote desktop to the machine I set up the VPN on... nope, can't do that. Then I checked to see if my WAN IP showed up as that of the office... nope, it's my home IP. Finally I tried to connect to our Perforce server, but no luck there either.

The client log doesn't say much (not much more than a VPN session was started and ended). The server log doesn't show anything that jumps out (to me at least) as problematic, other than a few warnings of "A large volume of broadcast packets has been detected. There are cases where packets are discarded based on the policy."

So the good news is I can connect to the new VPN at the ofice, the bad news is I can't actually do anything with it :(

Re: Connecting fails with Error Code 1

Posted: Wed Mar 03, 2021 8:17 am
by nobody12
Does your Clients SoftEther network card get an IP adress four your router after the connection is established?
If not:
If you installed the SE on a virtual machine: for hyper-V, in the options of the hyper-v guest check the "enable MAC address spoofing" in the virtual machines advanced network card options.

Re: Connecting fails with Error Code 1

Posted: Wed Mar 03, 2021 5:24 pm
by Purpleivan
I can see from in the log of the router at the office, which acts as the DHCP server, that my client machine is assigned an IP (192.168.1.142).

The Softether VPN is running on a native Windows 10 machine, not a virtual machine.

Re: Connecting fails with Error Code 1

Posted: Wed Mar 03, 2021 5:39 pm
by nobody12
Maybe the bridge which is iinstalled as default bridge is missing? If you dont have a brige installed, install one.
Windows 10: disable the firewall completetly for a test, check if your network is set to workplace or private
Uninstall any internet security programs (antivirus is ok, but internet security programs are a PITA).

Re: Connecting fails with Error Code 1

Posted: Wed Mar 03, 2021 7:06 pm
by Purpleivan
You are indeed correct. I came on here to let you know that I just found that out and had fixed the VPN.

I set up a Local Bridge and the new VPN is working fine :)

It's significantly faster than the old one running on the router, which is what I was looking for.

Thanks very much for your help with this.

Phew!

Re: Connecting fails with Error Code 1

Posted: Sat Mar 06, 2021 3:56 pm
by rogerkali
When I enter the port number change I get a message from IIS that "This binding is already being used. If you continue you might overwrite the certificate for this IP Address:Port or Host Name:Port combination. I clicked Yes to make the change, but after that I was unable to restart the web server as I get the message "This website cannot be started. Another website may be using the port".


snaptube vidmate