Routing all traffic through VPN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Routing all traffic through VPN

Post by Resentic » Mon Jan 26, 2015 1:15 pm

I have managed to connet to my VPN provider's Softether server on the command-line Mac version of softether. However, I can't get it to route traffic through the VPN. I have tried playing around with the routing tables using the route command but I can't get it to work.

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Mon Jan 26, 2015 4:00 pm

Remove default gateway. Add route to your VPN server through normal exit IP (local or direct external). Add default gateway through VPN.

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Mon Jan 26, 2015 4:13 pm

Nemesiz wrote:
> Remove default gateway. Add route to your VPN server through normal exit IP
> (local or direct external). Add default gateway through VPN.

This is what I did:
'sudo ipconfig set tap0 DHCP' to give my Virtual Network Adapater (tap0) an IP
sudo route add [VPN IP] [Router default gateway]
sudo route delete default
sudo route add default [VPN NIC gateway]

So I am effectively changing my default gateway to that of my Virtual adapter and then routing traffic to my VPN IP through the default gatway

Then my internet wouldn't work.

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Mon Jan 26, 2015 5:05 pm

If you do not add route to your VPN server your network will be looped.

I`ll give you example on linux

Before

192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10
default via 192.168.0.1 dev eth0

After (vpn server IP x.x.x.x)

192.168.30.0/24 dev tap_vpn proto kernel scope link src 192.168.30.10
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10
x.x.x.x via 192.168.0.10 dev eth0
default via 192.168.30.1 dev tap_vpn

I hope I give you working example

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Mon Jan 26, 2015 5:48 pm

Nemesiz wrote:
> I hope I give you working example

I'm not sure I understand what you're trying to show me. Here is an example of what I was trying to do and you can tell me if it is incorrect:

[tap0 is Virtual Network Adapter]
[xx.xxx.xxx.xx is VPN IP, yyy.yyy.yyy.y is Router gateway, zzz.zzz.zzz. is Virtual Network Adapter gateway]
1. sudo dhclient tap0 (to get virtual IP)
2. sudo ip route add xx.xxx.xxx.xx/32 via yyy.yyy.yyy.y dev en1
3. sudo ip route del default
4. sudo ip route add default via zzz.zzz.zzz.z dev tap0
Then it should work, except it doesn't so I'm doing something wrong

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Mon Jan 26, 2015 5:56 pm

can you ping xx.xxx.xxx.xx after step 2 and after step 3 ?

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Mon Jan 26, 2015 6:26 pm

Nemesiz wrote:
> can you ping xx.xxx.xxx.xx after step 2 and after step 3 ?

I tried pining then and got:
ping: sendto: No route to host
Request timeout for icmp_seq 0
ping: sendto: No route to host
Request timeout for icmp_seq 1
...and so on

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Mon Jan 26, 2015 6:31 pm

Try to change step 2 to
sudo ip route add xx.xxx.xxx.xx/32 via [your PC IP of yyy.yyy.yyy.y network] dev en1

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Mon Jan 26, 2015 9:06 pm

Nemesiz wrote:
> Try to change step 2 to
> sudo ip route add xx.xxx.xxx.xx/32 via [your PC IP of yyy.yyy.yyy.y
> network] dev en1

I changed that and tried pinging my VPN server again. It just said:

Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
...but it didn't mention "ping: sendto: No route to host" which is a good sign I guess.

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Mon Jan 26, 2015 10:16 pm

UPDATE:

This may be something to do with the fact that I am at college? When I got home I pinged my VPN server with all the steps done and it replied. However, I still couldn't use the internet and when I tried doing 'ping youtube.com' it said no route to host like before.

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Mon Jan 26, 2015 10:52 pm

My test on linux:

# adding vpn ip route
1. ip r add [VPN IP] via [GATEWAY IP]
# removing defaul gateway
2. ip r del default

# connecting to vpn
# if success

# dhcp vpn client
4. dhclient [vpn network name]

5. ping 8.8.8.8

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Mon Jan 26, 2015 10:53 pm

BTW is secureNat enabled and virtual nat function is turned on ?

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Mon Jan 26, 2015 11:16 pm

Nemesiz wrote:
> BTW is secureNat enabled and virtual nat function is turned on ?

How can I check this?

I tried what you did and it still did the same thing; but bear in mind that I am on Mac OS X so I am using the OS X equivalent commands.

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Tue Jan 27, 2015 6:32 am

securenat is in server side. After all commands can you print routing table ?

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Wed Jan 28, 2015 8:36 am

Nemesiz wrote:
> securenat is in server side. After all commands can you print routing table

Here is a picture:
[removed]
Last edited by Resentic on Mon Jan 07, 2019 11:10 am, edited 1 time in total.

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Wed Jan 28, 2015 1:14 pm

For me its looks like OK. But we can start to check from the beginning. From point 1. Can you ping VPN after you add route record about him ?

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Wed Jan 28, 2015 1:59 pm

Yes I could ping the VPN. However, I couldn't do, for example: ping youtube.com

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Wed Jan 28, 2015 2:36 pm

Maybe it is DNS problem not network. Try to ping VPN gateway ip 10.0.0.3 then ping google DNS server IP 8.8.8.8

If both pings then you need only to change DNS server address.

If you can ping only VPN gateway but no others - try to check secureNat setting (or maybe you use other masquerade technique) http://www.softether.org/index.php?titl ... T_Function

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Thu Jan 29, 2015 12:42 am

I can only ping 10.0.0.3, when I ping 8.8.8.8 I get 'no route to host' again.

I don't have access to secureNAT since I am connecting to my VPN provider's SoftEther server. What is the masquerade thing you mentioned?

I have sent a ticket to my VPN provider asking whether they have SecureNAT enabled.

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Thu Jan 29, 2015 1:34 am

Resentic wrote:
> I can only ping 10.0.0.3, when I ping 8.8.8.8 I get 'no route to host'
> again.
>
> I don't have access to secureNAT since I am connecting to my VPN provider's
> SoftEther server. What is the masquerade thing you mentioned?

"masquerade" is linux iptables (firewall) method to share Internet access (NAT) to become like router.

>
> I have sent a ticket to my VPN provider asking whether they have SecureNAT
> enabled.

I guess VPN provider unchecked Virtual NAT function and did not remove default gateway from virtual DHCP server.

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Thu Jan 29, 2015 8:02 am

Nemesiz wrote:
> I guess VPN provider unchecked Virtual NAT function and did not remove default gateway from virtual DHCP server.

Is this only necessary for the linux/osx version of SoftEther, since I can connect fine to it on Windows?

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Thu Jan 29, 2015 10:09 am

Have you tried to connect to the same VPN on windows ?

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Thu Jan 29, 2015 10:27 am

Yes, the same VPN works perfectly fine with Windows.

UPDATE: They replied saying that SecureNAT is not enabled. If so, how come I am able to connect on Windows?

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Fri Jan 30, 2015 11:05 am

I just installed Ubuntu on a virtualbox to test it out and the VPN worked.

That means that there is something I am doing wrong on Mac OS X since it works fine on Linux; any ideas?

BoredAus
Posts: 115
Joined: Sun Nov 23, 2014 3:29 am

Re: Routing all traffic through VPN

Post by BoredAus » Fri Jan 30, 2015 12:20 pm

Have you looked at using L2TP/IPSec option?

https://www.softether.org/4-docs/2-howt ... ient_Setup

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Fri Jan 30, 2015 12:31 pm

BoredAus wrote:
> Have you looked at using L2TP/IPSec option?
>
>
> https://www.softether.org/4-docs/2-howt ... ient_Setup

They are blocked on my network; SoftEther is the only solution I have found that works.

BoredAus
Posts: 115
Joined: Sun Nov 23, 2014 3:29 am

Re: Routing all traffic through VPN

Post by BoredAus » Sat Jan 31, 2015 11:49 am

Resentic wrote:
> I just installed Ubuntu on a virtualbox to test it out and the VPN worked.
>
> That means that there is something I am doing wrong on Mac OS X since it
> works fine on Linux; any ideas?

If L2TP/IPSec is blocked, then I guess the commands mentioned by Nemesiz would not have been the equivalent under OS X or specifically BSD like shell. According to Google searches for instance, there are no references to ip as a program but rather as some programmer's documentation on writing programs to interface with it. The same ip program would have worked under linux but not for route via OS X.

I'd try comparing the two routing tables, the working one from within the linux virtualbox in which you have setup with versus the one on your OS X. It sounds like the 'via' part of the command is where a specific extra routing table was added in between. However I am not sure specifically as I do not have access to a Mac machine.

There are plenty of dirty hacks you can try, for instance setting up L2TP/IPSec server from within the virtualbox that is running linux with a working connection to your host via SoftEther VPN. Then using your Mac, connect to the L2TP server in virtualbox.

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Sat Jan 31, 2015 12:35 pm

I`ll try to test on Mac. Just need to find time to install it in VPS.

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Mon Feb 02, 2015 1:00 pm

BoredAus wrote:
> I'd try comparing the two routing tables, the working one from within the linux
> virtualbox in which you have setup with versus the one on your OS X. It sounds like
> the 'via' part of the command is where a specific extra routing table was added in
> between. However I am not sure specifically as I do not have access to a Mac machine.

The Linux routing table in VirtualBox has barely anything in compared to the OS X one, but the routes in there are also in the Mac one (after I add them). Here is a picture comparison of both tables after routing:

[removed]

>I guess the commands mentioned by Nemesiz would not have been the equivalent under OS X

These are the equivalent commands I used:

LINUX >> MAC OS X
sudo dhclient vpn_tap0 >> sudo ipconfig set vpn_tap0 DHCP
sudo ip route add [VPN IP] via [Router gateway IP] dev eth0 >> sudo route add -ifscope eth0 [VPN IP] [Router gateway IP]
sudo ip route del default >> sudo route delete default
sudo ip route add default via [VPN gateway IP] dev vpn_tap0 >> sudo route add -ifscope vpn_tap0 default [VPN gateway IP]

Nemesiz wrote:
>I`ll try to test on Mac. Just need to find time to install it in VPS.

Could you give us an update if you get round to doing this.
Last edited by Resentic on Mon Jan 07, 2019 11:10 am, edited 1 time in total.

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Fri Feb 06, 2015 5:26 pm

bump

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Mon Feb 09, 2015 4:24 pm

Anyone got this to work in OS X?

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Tue Feb 10, 2015 7:57 am

Sorry cant get OS X to test.

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Tue Feb 10, 2015 3:17 pm

I just can't get it to work. I can connect to my VPN fine with SoftEther but when it comes to routing it, it just doesn't work.

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Wed Feb 18, 2015 7:42 pm

bump

aubble
Posts: 12
Joined: Fri Feb 20, 2015 12:11 am

Re: Routing all traffic through VPN

Post by aubble » Fri Feb 20, 2015 12:52 am

Doing exact same steps except my commands look like this:

sudo ipconfig set tap0 DHCP
sudo route delete default [router ip]
sudo route add [server ip] [router ip]
sudo route add default [server ip in virtual network]

And mine as well does not work. However I tried to packet sniff and these are results

http://pastebin.com/E2EKBcnB

70.26.74.141 is my server
192.168.137.71 is my mac

As you can see it says Destination unreachable (Port unreachable) which means it does in fact get to the VPN but for some reason when going up the stack it can't find a program at the port? Atleast that is what my google search revealed.

If you look in the logs, atleast for me, it also actually does slowly connects and then instantly disconnects

aubble
Posts: 12
Joined: Fri Feb 20, 2015 12:11 am

Re: Routing all traffic through VPN

Post by aubble » Fri Feb 20, 2015 1:32 am

Windows works as well perfectly fine for me o,O

aubble
Posts: 12
Joined: Fri Feb 20, 2015 12:11 am

Re: Routing all traffic through VPN

Post by aubble » Fri Feb 20, 2015 2:06 am

also works with individual addresses
so like

sudo route add na.leagueoflegends.com [server ip in virtual network]

aubble
Posts: 12
Joined: Fri Feb 20, 2015 12:11 am

Re: Routing all traffic through VPN

Post by aubble » Fri Feb 20, 2015 3:10 am

Here I made a video on the problem, its kind of long but watch it to see all i've found so far :)

http://youtu.be/gmksVtXIcak

Hopefully we can find a solution together.
Right now I think there is some other IP address that must be forwarded to the router to make it work. Not sure though, need to test this on linux.

If you want logs just ask, just please help fix this :D

Nemesiz
Posts: 65
Joined: Mon Nov 17, 2014 2:11 pm

Re: Routing all traffic through VPN

Post by Nemesiz » Fri Feb 20, 2015 7:51 am

Can you look at server side logs? UDP is not the primary connection method.

aubble
Posts: 12
Joined: Fri Feb 20, 2015 12:11 am

Re: Routing all traffic through VPN

Post by aubble » Fri Feb 20, 2015 12:22 pm

Will do sir, I am going to school right now but when I get there ill ssh in and see.

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Wed Feb 25, 2015 10:27 am

It must be something to do with OS X since I can get it to work fine on Linux using the equivalent commands.

aubble
Posts: 12
Joined: Fri Feb 20, 2015 12:11 am

Re: Routing all traffic through VPN

Post by aubble » Wed Feb 25, 2015 12:21 pm

they have written that the OS X version is actually experimental so yea

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Thu Feb 26, 2015 5:47 pm

You would think that, at the very least, the experimental version would actually work though or why release it? Anyway, I hope they fix it soon since I really need it.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Routing all traffic through VPN

Post by thisjun » Wed Mar 11, 2015 9:32 am

I googled to find way to resolve default gateway problem.
I found this page.
http://qiita.com/ask/items/9ff1529d228ec093aa07

This page said that after IP is assigned from DHCP, add default gateway manually.

aubble
Posts: 12
Joined: Fri Feb 20, 2015 12:11 am

Re: Routing all traffic through VPN

Post by aubble » Wed Mar 11, 2015 9:39 am

We did do that but it won't work. Thats the problem. I don't really understand whats written on that page. :(

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Thu Mar 12, 2015 9:47 am

thisjun wrote:
> I googled to find way to resolve default gateway problem.
> I found this page.
> http://qiita.com/ask/items/9ff1529d228ec093aa07
>
> This page said that after IP is assigned from DHCP, add default gateway
> manually.

I tried using this guide (slightly different than the method I tried as you end up with two default routing rules). However, it still didn't work (resolving host, no internet access).

thisjun, did you get this working?

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Routing all traffic through VPN

Post by thisjun » Thu Mar 19, 2015 7:27 am

Sorry, I don't have Mac OS with SoftEther client.

Resentic
Posts: 26
Joined: Mon Jan 26, 2015 8:37 am

Re: Routing all traffic through VPN

Post by Resentic » Mon May 18, 2015 7:28 am

Hoping someone has found a solution

Post Reply