Unable to connect from outside network

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Unable to connect from outside network

Post by gizmobrat » Mon May 09, 2022 6:17 pm

Hello,

I am currently unable to connect to my VPN from a outside network. I am able to connect locally, this leads me to believe that I am having a Firewall configuration issue. I have attached the ports I have set up on my Linksys router. My IP address is IPv6 from my ISP and a IPv4 internally. I have attempted to connect with the fire wall being disabled on my Windows 10 computer. I am using the Dynamic DNS service included in softether. I have also enable antonymous authentication to troubleshoot. The server has both Softether and the ports for the routed allowed through firewall in inbound and outbound rules. I would apricate any help.
You do not have the required permissions to view the files attached to this post.

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Tue May 10, 2022 1:36 am

For IPv4 connections, does your router has a public IPv4 address?
For IPv6 connections, have you allowed external access in the router?

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 11:11 am

I do not have a public facing IPv4 IP address as the ISP does not provide one. The router has IPv6-Automatic enabled by default. I also do not have SecureNAT enabled, let me know if I need to look into this.
You do not have the required permissions to view the files attached to this post.

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Tue May 10, 2022 12:23 pm

OK.
Then for IPv4, your remaining options are:
1. NAT traversal (not working on some network due to incompatible NAT types)
2. VPN azure (slow because traffic will be relayed from servers in Japan)
In both cases firewall rules are not needed. They are for public facing routers.

For IPv6 the direct connection is always possible as long as the router allows external access / forwarding. Find that in your router's firewall settings.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 12:32 pm

As I am a noob with IPv6, is the option I am looking for IPv6 Tunneling?

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Tue May 10, 2022 12:52 pm

Tunneling does not sound right. But I don’t know about your router.
Try pinging the server’s IPv6 address from the internet as you are looking for the right option. Also disable windows firewall first.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 2:19 pm

I am using a linksys MR7350. I have attached screenshots of most of my configs. I am unable to ping the server from a laptop connected to my phone's hotspot.
You do not have the required permissions to view the files attached to this post.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 2:19 pm

Next set of screenshots
You do not have the required permissions to view the files attached to this post.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 2:21 pm

I want to thank you for your help with this.
Here is the next set of screenshots.
You do not have the required permissions to view the files attached to this post.

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Tue May 10, 2022 2:45 pm

First, I saw you have setup IPv6 port forwarding to some IPv6 address. I am not sure how linksys works but specifying some specific IPv6 address is usually problematic because Windows computers have more than one IPv6 address and may change from time to time.
Can you try not specifying the IPv6 address when creating a rule?
Second, you may also want to give the option Filter Anonymous Internet requests a try. I can't figure out what it exactly does but it looks suspicious.
The third option is turning IPv6 SPI firewall off.

Forget about the ping. TCP port forwarding may work while ping (ICMP) does not.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 3:44 pm

I have Tired connecting with no Firewalls enabled and I still have failed, so I might have a config error.

Server Configs
Dynamic DNS I have a global IPv6, an Assigned Dynamic DNS hostname, and no global IPv4. A local bridge from the VPN hub to the ethernet adaptor, NO layer 3 switch, No VPA Azure, L2TP enabled, VPN gate disabled, Open VPN and MS-SSTP disabled. Encryption is AES256-SHA with a self signed cert, and using keepa;ive.softether.org over UDP.

Hub Configs:
I have a user with no password (For testing)
NO groups
NO Access lists
NO authentication server
No cascade connections
No SecureNat

Do I need a static route to reach the virtual hub on my router? If there is a way to send the config file without posting it public I would be down to do that if it will help you.

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Tue May 10, 2022 3:56 pm

What protocol are you using? L2TP?
Most L2TP clients do not support IPv6 including Android and iOS built-in clients. Windows L2TP does support IPv6.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 3:59 pm

I have it set to use port 443 with Direct TCP/IP connection and the assigned XX.softether.net address. It works on the local network.
You do not have the required permissions to view the files attached to this post.

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Tue May 10, 2022 4:26 pm

OK. I don't think there is any configuration problem on the server since you can connect it locally.
The issue is in the router's firewall.
You said you have disabled the firewall but I am not sure how. Have you tried all options I mentioned?
There is an easy way to test. Open any browser to https://vpnxxxxxx.softether.net (v4/v6) or https://vpnxxxxx.v6.softether.net (v6 only) and see if you can get a certificate error page. If you get only timeout, the firewall is blocking it.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 4:36 pm

To confirm the DNS will be VPNSUBDOMAINHER.softether.net?

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Tue May 10, 2022 4:39 pm

It's the same hostname as you enter in the vpn client.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 4:53 pm

Using the host name I am getting a Time out DNS error so it is an issue with the Firewall. I have disable the Firewall on the Windows 10 server (Windows 10 Pro with AMD CPU), and have set the Firewall to the following.
Untitled.png
I have also forwarded the ports for the local IPv4 network.
You do not have the required permissions to view the files attached to this post.

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Tue May 10, 2022 5:06 pm

OK. Try this.
Let's say the server has a temporary IPv6 address x:x:x:x:x:x:x:x and you have created a firewall rule under Ipv6 port services.
Open browser and enter https://[x:x:x:x:x:x:x:x]:443 or https://[x:x:x:x:x:x:x:x]:1194, what do you get?

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 5:17 pm

I get a SoftEther VPN Server / Bridge page using the IPv6 adress:443 address.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 5:20 pm

Reenabling the firewalls also allows me to connect to the landing page.

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Tue May 10, 2022 5:25 pm

It seems the firewall rule you added is working. You should also be able to connect using that address from the vpn client.
The reason that the actual address works while the DDNS hostname does not might be that the DDNS resolves to another address not in the rule. As I said Windows has several IPv6 addresses.
However fixing the address in the firewall rule is not a long-term solution because the address is volatile. You still need to find out how to disable firewall in ipv6.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 5:37 pm

So under host name on the client use the global IP address address https://[x:x:x:x:x:x:x:x] for the host name? s I now get error code 1. Can I just say I hate IPv6 or at least it's half ass implementation?

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Tue May 10, 2022 5:42 pm

You don't need the https://[] wrapper in the vpn client. Just replace the ddns hostname with the actual address.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 5:46 pm

I can connect on my local network to the VPN using the IPv6 address. However, using my phone's hotspot I get a time out error.

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Tue May 10, 2022 5:49 pm

That's weird. You should not get a timeout with vpn client but not with browser, if the destination address is the same.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 5:57 pm

I am getting error code 1 on the client. Could it be the phone Hot spot?

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 6:00 pm

When I am on my phone's wifi I am unable to connect to the server from the browser.

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Tue May 10, 2022 6:11 pm

So what network did you use when you opened the vpn server console from the browser? Doing from the local network does not mean anything.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 6:16 pm

It might be I am out of data. Going to see if a family member can remote in.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Tue May 10, 2022 7:43 pm

I have verified that outside users are unable to connect

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Unable to connect from outside network

Post by eddiewu » Wed May 11, 2022 1:59 am

So the firewall is still blocking. I can't help you further since I do not know how linksys works.

gizmobrat
Posts: 19
Joined: Mon May 09, 2022 6:09 pm

Re: Unable to connect from outside network

Post by gizmobrat » Wed May 11, 2022 10:55 am

Thank you for your help anyways. Going to talk the boss into getting a router that has VPN built in.

auspiciouszesty
Posts: 1
Joined: Tue Jun 14, 2022 4:18 am

Re: Unable to connect from outside network

Post by auspiciouszesty » Tue Jun 14, 2022 4:19 am

I'm new to IPv6, so is IPv6 Tunneling the solution I'm searching for?gmail

Post Reply