Port forwarding with the SoftEther server and L2TP

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
russellg99
Posts: 7
Joined: Sat Feb 23, 2019 3:39 pm

Port forwarding with the SoftEther server and L2TP

Post by russellg99 » Thu May 13, 2021 2:18 pm

I have the SoftEther VPN server configured for L2TP on a Windows computer behind a firewall. I've forwarded UDP ports 500 and 4500 to the PC running the SoftEther server. When I connect with the SoftEther client, I have to enter a host name like "myhost.com/192.168.0.100". How can I configure the client to connect with just "myhost.com" without having to specify the internal IP address of the server? I'm able to use just "myhost.com" if I connect using the VPN client built into Windows 10 but not with the SoftEther client. I don't understand why the port forwarding isn't enough for the SoftEther client also.

The SoftEther client is configured to connect on port 443 but only because that was the default. But port 443 is not forwarded to the VPN server. Actually, it appears that the port number doesn't matter because it connects ok on any port (even ones not forwarded and not used by the server) as long as the internal IP is included, and does not connect on any port if the internal IP is not included.

Also, NAT-T is not disabled in the client.

Thanks,
Russell

centeredki69
Posts: 328
Joined: Wed Sep 18, 2013 1:49 pm

Re: Port forwarding with the SoftEther server and L2TP

Post by centeredki69 » Thu May 13, 2021 8:59 pm

The "SoftEther client" is only used to connect to a SE server using the SSL (Ethernet over HTTPs) protocol. NOT L2TP or any other. It wont try to use port 500 or 4500.
The "SE-SERVER" however can receive and functions as a Muti-protocol VPN server supporting SSL-VPN (Ethernet over HTTPs) and 6 major traditional VPN protocols (OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3 and EtherIP) The native Windows client connect using many of these traditional VPN protocols.

Your SE-Client is most likely trying to find your server via NAT-T on port 443. Adding the local IP is helping it. With some NAT firewall routers NAT-t wont work. Try using "myhost.com" and port 5555 (SE default port) on the client. Your" virtual HUBS" should populate in the "virtual HUB Name dropdown"

If it doesn't work. You may have to forward 443 or 5555 to the SE-Server Host just as you did with the L2TP ports. depending on what you choose.

russellg99
Posts: 7
Joined: Sat Feb 23, 2019 3:39 pm

Re: Port forwarding with the SoftEther server and L2TP

Post by russellg99 » Fri May 14, 2021 3:59 am

Thanks!

I tried forwarding ports 500, 4500, 443, and 5555 but it makes no difference - I can only connect the SE client if I include the internal IP in the host name. But if I do include the internal IP, I don't actually have to forward any ports at all, not even 443.

And yes, the name of the virtual hub is populated in the Virtual Hub Name field of the connection properties in the SE client.

So I guess I'm still confused - is there not a way to just use "myhost.com" without the internal IP?

Thanks,
Russell

eddiewu
Posts: 69
Joined: Wed Nov 25, 2020 9:10 am

Re: Port forwarding with the SoftEther server and L2TP

Post by eddiewu » Fri May 14, 2021 5:57 am

NAT traversal does not use the ports you have opened, therefore as you said, forwarding ports makes no difference.
However, I can't tell the exact reason why NAT traversal works only if you append the private IP to the hostname. Maybe there are multiple servers behind the same external IP? I don't know.

On the other hand, Win 10 native client does not use NAT traversal so at least your UDP port forwarding seems to be working (I assume it's L2TP). The problem is TCP which the SE client is using. You may want to double check your firewall, both in Windows and on your gateway.
Also there is an easy way to check if the port forwarding is working. Open it in the client's browser. (https://myhost.com or https://myhost.com:5555) Ignore TLS certificate warning if any and you should see SE server's admin console (or 403 if the console is disabled) if port forwarding is ok.

russellg99
Posts: 7
Joined: Sat Feb 23, 2019 3:39 pm

Re: Port forwarding with the SoftEther server and L2TP

Post by russellg99 » Fri May 14, 2021 2:59 pm

It's working!

I said before that I tried forwarding 443 but then I realized that it was only UDP and it should've been TCP. Once I forwarded TCP port 443, the SE client was able to connect without including the internal IP, as long as the port was set to 443 in the SE client connection properties. The same works for TCP 5555, 992, and 1194, which my SE server is also listening on.

So now I understand that the Windows 10 VPN client needs UDP ports 500 and 4500 forwarded, and the SE client needs TCP port 443 forwarded (or whatever port is set in the connection properties).

Thanks to you both for the help in understanding everything and getting it working!

Russell

Post Reply