VPN connects, assigns IP, but doesn't route packets.

[mauricev]

The VPN had worked previously and recently stopped. Specifically, clients connect and get assigned an IP via SecureNAT (bridging for some reason doesn't assign an interface, which is another issue), but it doesn't route packets.

My config
Gentoo Linux,

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1986
inet 129.98.90.18 netmask 255.255.255.0 broadcast 129.98.90.255
ether 00:50:56:b0:3e:1c txqueuelen 1000 (Ethernet)
RX packets 13788 bytes 2004971 (1.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 869 bytes 95864 (93.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet 192.168.1.7 netmask 255.255.255.0 broadcast 192.168.1.255
ether 00:50:56:b0:0a:de txqueuelen 1000 (Ethernet)
RX packets 381288 bytes 42403202 (40.4 MiB)
RX errors 0 dropped 717 overruns 0 frame 0
TX packets 1903 bytes 402316 (392.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 0 (Local Loopback)
RX packets 369 bytes 40782 (39.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 369 bytes 40782 (39.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Linux opensesame 3.19.0-gentoo

Version 4.17 Build 9562

Since the config can't be posted in a file due to forum rules, I'm posting it inline.
# Software Configuration File
# ---------------------------
#
# You may edit this file when the VPN Server / Client / Bridge program is not running.
#
# In prior to edit this file manually by your text editor,
# shutdown the VPN Server / Client / Bridge background service.
# Otherwise, all changes will be lost.
#
declare root
{
uint ConfigRevision 180
bool IPsecMessageDisplayed true
string Region US
bool VgsMessageDisplayed false

declare DDnsClient
{
bool Disabled false
byte Key aEXehq/TBVXhxAU4fo/eoC7HoQY=
string LocalHostname opensesame
string ProxyHostName $
uint ProxyPort 0
uint ProxyType 0
string ProxyUsername $
}
declare IPsec
{
bool EtherIP_IPsec false
string IPsec_Secret I$20always$20turn$20the$20car$20around
string L2TP_DefaultHub VPN
bool L2TP_IPsec true
bool L2TP_Raw false

declare EtherIP_IDSettingsList
{
}
}
declare ListenerList
{
declare Listener0
{
bool DisableDos false
bool Enabled true
uint Port 443
}
declare Listener1
{
bool DisableDos false
bool Enabled true
uint Port 992
}
declare Listener2
{
bool DisableDos false
bool Enabled true
uint Port 1194
}
declare Listener3
{
bool DisableDos false
bool Enabled true
uint Port 5555
}
}
declare LocalBridgeList
{
bool DoNotDisableOffloading false

declare LocalBridge0
{
string DeviceName eth0
string HubName VPN
bool LimitBroadcast false
bool MonitorMode false
bool NoPromiscuousMode false
bool TapMode false
}
}
declare ServerConfiguration
{
bool AcceptOnlyTls false
uint64 AutoDeleteCheckDiskFreeSpaceMin 104857600
uint AutoDeleteCheckIntervalSecs 300
uint AutoSaveConfigSpan 300
bool BackupConfigOnlyWhenModified true
string CipherName RC4-MD5
uint CurrentBuild 9562
bool DisableCoreDumpOnUnix false
bool DisableDeadLockCheck false
bool DisableDosProction false
bool DisableGetHostNameWhenAcceptTcp false
bool DisableIntelAesAcceleration false
bool DisableIPv6Listener false
bool DisableNatTraversal false
bool DisableOpenVPNServer true
bool DisableSessionReconnect false
bool DisableSSTPServer false
bool DontBackupConfig false
bool EnableVpnAzure false
bool EnableVpnOverDns false
bool EnableVpnOverIcmp false
byte HashedPassword 1DkyrLKQVBiScayIQPYRZQLOQ6g=
string KeepConnectHost keepalive.softether.org
uint KeepConnectInterval 50
uint KeepConnectPort 80
uint KeepConnectProtocol 1
uint64 LoggerMaxLogSize 1073741823
uint MaxConcurrentDnsClientThreads 512
uint MaxConnectionsPerIP 256
uint MaxUnestablishedConnections 1000
bool NoHighPriorityProcess false
bool NoLinuxArpFilter false
bool NoSendSignature false
string OpenVPNDefaultClientOption dev-type$20tun,link-mtu$201500,tun-mtu$201500,cipher$20AES-128-CBC,auth$20SHA1,keysize$20128,key-method$202,tls-client
string OpenVPN_UdpPortList 1194
bool SaveDebugLog false
byte ServerCert MIID/DCCAuSgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBtjEjMCEGA1UEAwwab3BlbnNlc2FtZS5laW5zdGVpbi55dS5lZHUxLDAqBgNVBAoMI0FsYmVydCBFaW5zdGVpbiBDb2xsZWdlIG9mIE1lZGljaW5lMTcwNQYDVQQLDC5Eb21pbmljayBQLiBQdXJwdXJhIERlcGFydG1lbnQgb2YgTmV1cm9zY2llbmNlMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxDjAMBgNVBAcMBUJyb254MB4XDTE0MDYyMDIxMzQ0MVoXDTI0MDYxNzIxMzQ0MVowgbYxIzAhBgNVBAMMGm9wZW5zZXNhbWUuZWluc3RlaW4ueXUuZWR1MSwwKgYDVQQKDCNBbGJlcnQgRWluc3RlaW4gQ29sbGVnZSBvZiBNZWRpY2luZTE3MDUGA1UECwwuRG9taW5pY2sgUC4gUHVycHVyYSBEZXBhcnRtZW50IG9mIE5ldXJvc2NpZW5jZTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMQ4wDAYDVQQHDAVCcm9ueDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkzNWIJcibGPFhTeZE/1Ea+n/s+MAaunI+S+sEg7ic9w8Uar/1B3B8+ZBTni7pq44gZ7I822urO5luXujYM29WgZjwOuryFHITwHpzNSQsGWx/jGNyaiG3lqKhNeDH9y8hamvd9JL0YHlZqCGlLsYZvb/eif3/GWwsggca542fLYcbEwOrq7p1LJ2EFJJq1yqLQATCZPWZPictcwPqYxqEtswCMVFfug20sZRoZuxKfCAegrZQKe0xq0GAICyOMtqL5f2P5AWPYuFiN3bcorTUUmsBaaEjCjMJsG/+79AaK22JMs83go/Rg0iyE2QBhf7zRT0SrKOaAAhrE+yP0I2ECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAV66oeCd/DKdozvFAyMbrYsYMvu9tSRnWJCQnMxmNgkvH5vi2e3+lBA/rEXdt+rg0MUYkYN6t1u5m0fc0rMNh9+gGnRZqTak+ruk7u0TPvnNQ3MTRCyCdfKmIPcjWcJYSdfx53ph7W2NNnzAkE0Z72qkmVdmYFD97K47OYqZ1YR8AAEqehA8HJ7MWkXAOKKcFxKJsM4/Gj9kj5NOAEDrTQandmDcaotCD2RO0Pdmuu+/pfazj7mY3CsxEefFpBR31ejsPV0evG7NrJUoUsC4iOJn8HIJVcBzvIlYQuCl2MXjTlG+/WWdiEFG+cXtAyXcpbuJZZIoV+nyv+uajKz4+Nw==
byte ServerKey MIIEpAIBAAKCAQEAuTM1YglyJsY8WFN5kT/URr6f+z4wBq6cj5L6wSDuJz3DxRqv/UHcHz5kFOeLumrjiBnsjzba6s7mW5e6Ngzb1aBmPA66vIUchPAenM1JCwZbH+MY3JqIbeWoqE14Mf3LyFqa930kvRgeVmoIaUuxhm9v96J/f8ZbCyCBxrnjZ8thxsTA6urunUsnYQUkmrXKotABMJk9Zk+Jy1zA+pjGoS2zAIxUV+6DbSxlGhm7Ep8IB6CtlAp7TGrQYAgLI4y2ovl/Y/kBY9i4WI3dtyitNRSawFpoSMKMwmwb/7v0BorbYkyzzeCj9GDSLITZAGF/vNFPRKso5oACGsT7I/QjYQIDAQABAoIBAQCjJZZgT9vshnOAh8CvEOCqlaEPTiA2srmezSby3VSO4x1D1Je2bb9BEtBNjhCMXz8jlVrMatF9Slip1Uan+LnsPgnx3DPqgQS3o2QEU9+Fw8qgk4lCRSvsTAVAhkZdG6vaSt77KJYlskp/a5cPUywHNsIXD2JsKEvpyHAqpXTL6GHbnoPrswA1lhErF3qQjAHGRtWsdX2aljgF2H7ED7JwbaQO220t/2iU3VN33i4YtBsjoUf1KRMAaIpUj3IgLdPwUj6QTsOtEY2LYvxhTrkSk7DmYNCxA7PJvEWHUMljqeoyBk7/nbN6BRFKFkvmAu+Ey5eHYaY88VSTl3mOt5fVAoGBAODskKxDCUHzLIT8fEJOcit2zCK6Bpz3FfdoF1jSQU7cSKJ1FOryI0ZM0G0BPvbfYImaF9TmB0hO7k/NT/cP3E2LEg84pAfqYCXngAg4t4DZVafPba0/4UwUZKhyBI40PYSx+/bT18XjsW0bxm38ujG28UQp0xC8KkBnsu2d99MfAoGBANLJoHEAaSqdlBj4ttCkCojM0+eHooXmXAb/jEfOvfd7iPEc6SK4DNzJoq4QDwPKqHVyAb4PKnIT8pc6HsRkNuiIIy5EAb+8ySAjDdN9BKvHRH8MZDbjIlojmhAS8fUJFLgIenxzUgOBITcNDCreIKmGI3WosGs3JbbSnqJcb7l/AoGAWkW33ttc2NI/WPR47qfLXLRmQ73Dr7XfZBer3yMrwPnaURGKnq0mCS4FLOqmGbEXbsKgs/rKi3PaY770TCVadujNC7zg4KhphG0ATsxsodMYdKxkyXbs9nrs10pDl8tRsXM5vBvT6wFykWbnYfdfx1o0RPZAVuQeVREJmCKhd2MCgYAPlG+TaqBbUgJcRiXdDgLpUZpoBpJwqzIqIkFQHWvVGwBoMebZdhkdSJoJm45AjX4eECsozR4qCGdp3hXgFjgov8c56DTo4x9KjMy80QTDXZsmeNf/ZpJnbzI39e6EWgN6BsZm5G8vax/1XbWEhZ6MaSm9zJYdlpnnBXJMNeDcKQKBgQDOfk6DpdAIXBRVvhJixIRuxTOzjgHIt5LHjulNmba7jlSsdBBJBz2uDjVN310/61+rlVc4sA/An9zEiq+KyiFXPENtFZNMBc49sfZzRmWDgaUIiW52zNX7sNaBrqgnT4xUdkvwzsCfFiYzUeVBOd9D1XFSeeVupBOMmUqFq9xw6Q==
uint ServerLogSwitchType 4
uint ServerType 0
bool UseKeepConnect true
bool UseWebTimePage false
bool UseWebUI false

declare GlobalParams
{
uint FIFO_BUDGET 10240000
uint HUB_ARP_SEND_INTERVAL 5000
uint IP_TABLE_EXPIRE_TIME 60000
uint IP_TABLE_EXPIRE_TIME_DHCP 300000
uint MAC_TABLE_EXPIRE_TIME 600000
uint MAX_BUFFERING_PACKET_SIZE 2560000
uint MAX_HUB_LINKS 1024
uint MAX_IP_TABLES 65536
uint MAX_MAC_TABLES 65536
uint MAX_SEND_SOCKET_QUEUE_NUM 128
uint MAX_SEND_SOCKET_QUEUE_SIZE 2560000
uint MAX_STORED_QUEUE_NUM 1024
uint MEM_FIFO_REALLOC_MEM_SIZE 655360
uint MIN_SEND_SOCKET_QUEUE_SIZE 320000
uint QUEUE_BUDGET 2048
uint SELECT_TIME 256
uint SELECT_TIME_FOR_NAT 30
uint STORM_CHECK_SPAN 500
uint STORM_DISCARD_VALUE_END 1024
uint STORM_DISCARD_VALUE_START 3
}
declare ServerTraffic
{
declare RecvTraffic
{
uint64 BroadcastBytes 21330836636
uint64 BroadcastCount 196399018
uint64 UnicastBytes 397188152537
uint64 UnicastCount 569763521
}
declare SendTraffic
{
uint64 BroadcastBytes 24369570186
uint64 BroadcastCount 226020410
uint64 UnicastBytes 392126581424
uint64 UnicastCount 519429296
}
}
declare SyslogSettings
{
string HostName $
uint Port 514
uint SaveType 0
}
}
declare VirtualHUB
{
declare VPN
{
uint64 CreatedTime 1392051373215
byte HashedPassword +WzqGYrR3VYXrAhKPZLGEHcIwO8=
uint64 LastCommTime 1436166345615
uint64 LastLoginTime 1436164316395
uint NumLogin 120
bool Online true
uint RadiusRetryInterval 0
uint RadiusServerPort 1812
string RadiusSuffixFilter $
byte SecurePassword bpw3X/O5E8a6G6ccnl4uXmDtkwI=
uint Type 0

declare AccessList
{
}
declare AdminOption
{
uint allow_hub_admin_change_option 0
uint deny_bridge 0
uint deny_change_user_password 0
uint deny_empty_password 0
uint deny_hub_admin_change_ext_option 0
uint deny_qos 0
uint deny_routing 0
uint max_accesslists 0
uint max_bitrates_download 0
uint max_bitrates_upload 0
uint max_groups 0
uint max_multilogins_per_user 0
uint max_sessions 0
uint max_sessions_bridge 0
uint max_sessions_client 0
uint max_sessions_client_bridge_apply 0
uint max_users 0
uint no_access_list_include_file 0
uint no_cascade 0
uint no_change_access_control_list 0
uint no_change_access_list 0
uint no_change_admin_password 0
uint no_change_cert_list 0
uint no_change_crl_list 0
uint no_change_groups 0
uint no_change_log_config 0
uint no_change_log_switch_type 0
uint no_change_msg 0
uint no_change_users 0
uint no_delay_jitter_packet_loss 0
uint no_delete_iptable 0
uint no_delete_mactable 0
uint no_disconnect_session 0
uint no_enum_session 0
uint no_offline 0
uint no_online 0
uint no_query_session 0
uint no_read_log_file 0
uint no_securenat 0
uint no_securenat_enabledhcp 0
uint no_securenat_enablenat 0
}
declare CascadeList
{
}
declare LogSetting
{
uint PacketLogSwitchType 4
uint PACKET_LOG_ARP 0
uint PACKET_LOG_DHCP 1
uint PACKET_LOG_ETHERNET 0
uint PACKET_LOG_ICMP 0
uint PACKET_LOG_IP 0
uint PACKET_LOG_TCP 0
uint PACKET_LOG_TCP_CONN 1
uint PACKET_LOG_UDP 0
bool SavePacketLog true
bool SaveSecurityLog true
uint SecurityLogSwitchType 4
}
declare Message
{
}
declare Option
{
uint AccessListIncludeFileCacheLifetime 30
uint AdjustTcpMssValue 0
bool ApplyIPv4AccessListOnArpPacket false
bool AssignVLanIdByRadiusAttribute false
bool BroadcastLimiterStrictMode false
uint BroadcastStormDetectionThreshold 0
uint ClientMinimumRequiredBuild 0
uint DetectDormantSessionInterval 0
bool DisableAdjustTcpMss false
bool DisableCheckMacOnLocalBridge false
bool DisableCorrectIpOffloadChecksum false
bool DisableHttpParsing false
bool DisableIPParsing false
bool DisableKernelModeSecureNAT false
bool DisableUdpAcceleration false
bool DisableUdpFilterForLocalBridgeNic false
bool DisableUserModeSecureNAT false
bool DoNotSaveHeavySecurityLogs false
bool DropArpInPrivacyFilterMode true
bool DropBroadcastsInPrivacyFilterMode true
bool FilterBPDU false
bool FilterIPv4 false
bool FilterIPv6 false
bool FilterNonIP false
bool FilterOSPF false
bool FilterPPPoE false
uint FloodingSendQueueBufferQuota 33554432
bool ManageOnlyLocalUnicastIPv6 true
bool ManageOnlyPrivateIP true
uint MaxLoggedPacketsPerMinute 0
uint MaxSession 0
bool NoArpPolling false
bool NoDhcpPacketLogOutsideHub true
bool NoEnum false
bool NoIpTable false
bool NoIPv4PacketLog false
bool NoIPv6AddrPolling false
bool NoIPv6DefaultRouterInRAWhenIPv6 true
bool NoIPv6PacketLog false
bool NoLookBPDUBridgeId false
bool NoMacAddressLog true
bool NoManageVlanId false
bool NoPhysicalIPOnPacketLog false
bool NoSpinLockForPacketDelay false
bool RemoveDefGwOnDhcpForLocalhost true
uint RequiredClientId 0
uint SecureNAT_MaxDnsSessionsPerIp 0
uint SecureNAT_MaxIcmpSessionsPerIp 0
uint SecureNAT_MaxTcpSessionsPerIp 0
uint SecureNAT_MaxTcpSynSentPerIp 0
uint SecureNAT_MaxUdpSessionsPerIp 0
bool SecureNAT_RandomizeAssignIp false
bool SuppressClientUpdateNotification false
string VlanTypeId 0x8100
bool YieldAfterStorePacket false
}
declare SecureNAT
{
bool Disabled true
bool SaveLog true

declare VirtualDhcpServer
{
string DhcpDnsServerAddress 129.98.1.6
string DhcpDnsServerAddress2 129.98.1.4
string DhcpDomainName $
bool DhcpEnabled true
uint DhcpExpireTimeSpan 7200
string DhcpGatewayAddress 129.98.90.1
string DhcpLeaseIPEnd 129.98.90.40
string DhcpLeaseIPStart 129.98.90.36
string DhcpPushRoutes 129.98.90.0/255.255.255.0/129.98.90.1
string DhcpSubnetMask 255.255.255.0
}
declare VirtualHost
{
string VirtualHostIp 129.98.90.35
string VirtualHostIpSubnetMask 255.255.255.0
string VirtualHostMacAddress 00-50-56-B0-3E-1C
}
declare VirtualRouter
{
bool NatEnabled true
uint NatMtu 1500
uint NatTcpTimeout 1800
uint NatUdpTimeout 60
}
}
declare SecurityAccountDatabase
{
declare CertList
{
declare Cert0
{
byte X509 MIIEoTCCA4mgAwIBAgIJANZoWLY7AMm+MA0GCSqGSIb3DQEBBQUAMIHmMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxDjAMBgNVBAcMBUJyb254MSwwKgYDVQQKDCNBbGJlcnQgRWluc3RlaW4gQ29sbGVnZSBvZiBNZWRpY2luZTE3MDUGA1UECwwuRG9taW5pY2sgUC4gUHVycHVyYSBEZXBhcnRtZW50IG9mIE5ldXJvc2NpZW5jZTEdMBsGA1UEAwwUa2VubmVkeS5hZWNvbS55dS5lZHUxLjAsBgkqhkiG9w0BCQEWH21hdXJpY2Uudm9sYXNraUBlaW5zdGVpbi55dS5lZHUwHhcNMTQwMTMxMTYxNjUwWhcNMTUwMTMxMTYxNjUwWjCB5jELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMQ4wDAYDVQQHDAVCcm9ueDEsMCoGA1UECgwjQWxiZXJ0IEVpbnN0ZWluIENvbGxlZ2Ugb2YgTWVkaWNpbmUxNzA1BgNVBAsMLkRvbWluaWNrIFAuIFB1cnB1cmEgRGVwYXJ0bWVudCBvZiBOZXVyb3NjaWVuY2UxHTAbBgNVBAMMFGtlbm5lZHkuYWVjb20ueXUuZWR1MS4wLAYJKoZIhvcNAQkBFh9tYXVyaWNlLnZvbGFza2lAZWluc3RlaW4ueXUuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbiz/Ttv2XbJgc03ocGnWRkfvxjiEqbmc0CHSEZadZq2qTIs4BYiMQrgqeTk268O9lqMoozFTTQv3cOaDgWHNI/JnCDFweQFMH65tBqOSk1rFptVhRg/3MwDJbeVaC5GXi0xGIE3OohZjrp2eBwljkvES/eezB+ulmyAVGbt/wIPWcYz4JVFXXS6txnACNDZaaRG3ZiljausXFEfPsg9GMTzep7NDng8V0pFL9kclxFd1jE0Ts6QrAnlpUWfIulVB/x0nN9FAJDrYTuAKtBfkUss1REcfrW7cMCJRsBQCf3L11QeypFkUxTkGD62b9g9+InPszU6E+c/FE6/uxkzgwIDAQABo1AwTjAdBgNVHQ4EFgQU3xhiWHrtiD5VShT0xJY32GQSxUQwHwYDVR0jBBgwFoAU3xhiWHrtiD5VShT0xJY32GQSxUQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAywUaoigQWG2LjBOtBMi/p4sU5lSNV3p5LVSygJwkeALh7zOEEjGi0xdIvGa9IqXkpe0nXqVlHWlLjIAJmrRXhNFJc+1ALfvAoSNDkamgxG305PtBrxBXELQc0peK/L5UWIZ/Vnasd/45v55rhwhFJZ19Vle8dDOy72s4LceLWOYumQcrDjxFsY6rnY1fMfCAmzvmDHBsVOOwv96ZAcD595FIrXPSXSiuJmpvrU6kUeFT9soFY4MrR5/guV1VzvYsASOD9Edmt4mQVqBr9PUQwS0ei1i8CZXRteStrLe5dT00oo4hW3RS0bJINYRehWf4HnRYWT88nUA9XBUpi4FPEA==
}
}
declare CrlList
{
}
declare GroupList
{
}
declare IPAccessControlList
{
}
declare UserList
{
declare alex
{
uint AuthType 1
uint64 CreatedTime 1405941940445
uint64 ExpireTime 0
uint64 LastLoginTime 0
string Note $
uint NumLogin 0
string RealName Alexander$20Lucaci
uint64 UpdatedTime 1405941997995

declare Traffic
{
declare RecvTraffic
{
uint64 BroadcastBytes 0
uint64 BroadcastCount 0
uint64 UnicastBytes 0
uint64 UnicastCount 0
}
declare SendTraffic
{
uint64 BroadcastBytes 0
uint64 BroadcastCount 0
uint64 UnicastBytes 0
uint64 UnicastCount 0
}
}
}
declare magda
{
uint AuthType 1
uint64 CreatedTime 1403268123605
uint64 ExpireTime 0
uint64 LastLoginTime 1403495508365
string Note $
uint NumLogin 4
string RealName Magdalena$20Kalinowska
uint64 UpdatedTime 1403268123605

declare Traffic
{
declare RecvTraffic
{
uint64 BroadcastBytes 32354633
uint64 BroadcastCount 255913
uint64 UnicastBytes 103370746
uint64 UnicastCount 122221
}
declare SendTraffic
{
uint64 BroadcastBytes 14772
uint64 BroadcastCount 123
uint64 UnicastBytes 18385618
uint64 UnicastCount 93712
}
}
}
declare maria
{
uint AuthType 1
uint64 CreatedTime 1435815410105
uint64 ExpireTime 0
uint64 LastLoginTime 1436092975475
string Note $
uint NumLogin 7
string RealName Maria$20Gullinello
uint64 UpdatedTime 1435815410105

declare Traffic
{
declare RecvTraffic
{
uint64 BroadcastBytes 1658212
uint64 BroadcastCount 11413
uint64 UnicastBytes 13776
uint64 UnicastCount 328
}
declare SendTraffic
{
uint64 BroadcastBytes 24527
uint64 BroadcastCount 297
uint64 UnicastBytes 375652
uint64 UnicastCount 4757
}
}
}
declare maurice
{
uint AuthType 1
uint64 CreatedTime 1392052816015
uint64 ExpireTime 0
uint64 LastLoginTime 1436164316395
string Note $
uint NumLogin 109
string RealName Maurice$20Volaski
uint64 UpdatedTime 1392052816015

declare Traffic
{
declare RecvTraffic
{
uint64 BroadcastBytes 3028718248
uint64 BroadcastCount 29480438
uint64 UnicastBytes 379567258063
uint64 UnicastCount 340451039
}
declare SendTraffic
{
uint64 BroadcastBytes 9460642
uint64 BroadcastCount 153361
uint64 UnicastBytes 9868179421
uint64 UnicastCount 147753100
}
}
}
}
}
declare Traffic
{
declare RecvTraffic
{
uint64 BroadcastBytes 21330836636
uint64 BroadcastCount 196399018
uint64 UnicastBytes 397188152537
uint64 UnicastCount 569763521
}
declare SendTraffic
{
uint64 BroadcastBytes 24369570186
uint64 BroadcastCount 226020410
uint64 UnicastBytes 392126581424
uint64 UnicastCount 519429296
}
}
}
}
declare VirtualLayer3SwitchList
{
}
}

[kh_tsang]

Where does the result of ifconfig command come from? The server or the client?

[mauricev]

The server. The client's is

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether 00:3e:e1:c3:58:d0
inet6 fe80::23e:e1ff:fec3:58d0%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.152 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=1<PERFORMNUD>
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active
en2: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether 80:00:6e:f2:2c:92
media: autoselect (<unknown type>)
status: inactive
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether f2:00:00:9f:e6:f5
media: autoselect <full-duplex>
status: inactive
en4: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether f2:00:00:9f:e6:f9
media: autoselect <full-duplex>
status: inactive
en5: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether f2:00:00:9f:e6:f4
media: autoselect <full-duplex>
status: inactive
en6: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether f2:00:00:9f:e6:f8
media: autoselect <full-duplex>
status: inactive
en7: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether f2:00:00:9f:e6:f1
media: autoselect <full-duplex>
status: inactive
en8: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether f2:00:00:9f:e6:f0
media: autoselect <full-duplex>
status: inactive
en1: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether 00:3e:e1:c3:58:d1
media: autoselect (none)
status: inactive
p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304
ether 02:00:6e:f2:2c:92
media: autoselect
status: inactive
awdl0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1452
ether 6e:e9:fe:5b:21:74
nd6 options=1<PERFORMNUD>
media: autoselect
status: inactive
bridge0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 02:3e:e1:3c:55:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en3 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
member: en4 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 7 priority 0 path cost 0
member: en5 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 8 priority 0 path cost 0
member: en6 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 9 priority 0 path cost 0
member: en7 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 10 priority 0 path cost 0
member: en8 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 11 priority 0 path cost 0
media: <unknown type>
status: inactive
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
inet 129.98.90.36 --> 1.0.0.1 netmask 0xffffff00

[kh_tsang]

How do you obtain the public IP?

If you are using dynamic IP, ISPs may not assign more than one IP to you.

[mauricev]

We are a university with our own class B. I allocated a range of IPs for VPN clients.

[thisjun]

I think DHCP route push configuration is wrong.

[tomtix]

>declare SecureNAT
>{
>bool Disabled true
>...

--> in your config file, is that normal?


> bridging for some reason doesn't assign an interface, which is another issue),
Do you mean that the machine hosting the SoftEther server doesn't create a
"brX" virtual interface to plug itself into the bridge? yes.
( a solution may be to connect into the hub with a softEther client, even if that may sound like a heavy solution, it works.)

Edit: I found a way that I consider is "better" on linux:
(if you can remotely control your linux server with a windows gui that would be easier)
when bridging to an interface, dont directly bridge to a physical Network Adapter
but create a new tap device (named 'tap0' for instance)

I think the corresponding configuration for this is :
declare LocalBridgeList {
...
declare LocalBridge0
{
string DeviceName tap0
string HubName YOURHUBNAME
bool LimitBroadcast false
bool MonitorMode false
bool NoPromiscuousMode false
string TapMacAddress MAC-ADRESS-FOR-THE-NEW-TAP-DEVICE
bool TapMode true
}

}




then in a linux comand line do (I think privilege elevation is needed):
# brctl addbr br0
# brctl addif br0 tap0
# brctl addif br0 ifname
-->where ifname is the name of the interface you were bridging to previously
# ifconfig br0 ip_adress up
--> where ip_adress is the adress that was previously used by 'ifname'
this way the machine hosting the vpnserver/bridge is still available on the network from the virtual HUB.

[mauricev]

thisjun wrote:
> I think DHCP route push configuration is wrong.

In what way?

Here is the result
2015-07-17 13:32:38.067 [HUB "VPN"] SecureNAT: The DHCP entry 2 has been created. MAC address: CA-C3-9D-07-73-47, IP address: 129.98.90.37, host name: ussflux.fios-router.home, expiration span: 7200 seconds

It seems to be working OK.

[mauricev]

tomtix wrote:
> >declare SecureNAT
> >{
> >bool Disabled true
> >...
>
> --> in your config file, is that normal?

When I was trying bridging, yes, it was. I thought incorrectly that it had to be disabled, but it's really the virtual NAT function that needs to be disabled. SecureNAT is needed for the virtual DHCP to work.


> > bridging for some reason doesn't assign an interface, which is another issue),
> Do you mean that the machine hosting the SoftEther server doesn't create a
> "brX" virtual interface to plug itself into the bridge? yes.


No, it's using eth0 to do it.

But I don't think that is related to the problem since either when I am using bridging with eth0 or not and I am using the virtual NAT function, there is no routing once the client is connected.

The basic problem remains.

[mauricev]

The endpoint shows

ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
inet 129.98.90.37 --> 1.0.0.1 netmask 0xffffff00

Doesn't this say that SoftEther isn't giving me my route?

[tomtix]

to show routes
run
# route
or
# ip route show

[kh_tsang]

mauricev wrote:
> The endpoint shows
>
> ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
> inet 129.98.90.37 --> 1.0.0.1 netmask 0xffffff00
>
> Doesn't this say that SoftEther isn't giving me my route?

Are you connecting using L2TP/IPsec?
I have similar problem before on a linux based disk station. You will need to add the routes manually after connecting to the vpn by the following commands.

ip route add 129.98.90.18 via <default gateway of the original connection>
ip route del default via <default gateway of the original connection> dev <the connection of the original device>
ip route add 129.98.90.0/24 dev ppp0
ip route add default dev ppp0

You can try to connect using a Windows client to see if there is any problem on the Softether VPN Server. Windows client should be applying the routes automatically.

[thisjun]

I think "push route" isn't needed.