SoftEther client through SIM900 gprs module

[cprcpr]

Hello everyone,
I've been looking through the forum and I couldn't find the answer to my question, so I decided to register and write a post with my problem.

I am working in a research group and we are trying to get VPN connection over IPSEC using an Olimex board (Olinuxino A10), it is a linux based board similar to raspberry pi, but the particular thing is that we are interfacing this board with a GPRS module (SIM900), we got VPN connection using GPRS and OpenVPN, but we want to use SoftEther to get IPSEC over GPRS.
We have got IPSEC over Ethernet port using Softether client in the Olimex board and Softether server in our Windows Server 2008 but we can't figure out how to configure the SoftEther client in the Olimex board to get that IPSEC connection but over GPRS.

When we connect the GPRS we get a ppp0 connection issuing "ifconfig" command. So, we think we should point the Softether client configuration to that interface (ppp0) instead of the ethernet one (eth0) but we don't know how to do that.

Does any one know how we can get IPSEC connection over GPRS using SoftEther client?

Thank you in advance.

[cprcpr]

Nobody?

[cprcpr]

Hello,
Thank you for the reply.
But my default gateway is pointing to the IP address assigned for the ppp0 interface. So, I don't think that is the problem.

Actually I see TCP packets and ICMP packets going back and forward between server and client... but when I issue AccountList, my connection is only in Connecting status...

Any Idea?

[cprcpr]

help!!! :P

[kh_tsang]

The default route should not point to itself. The default route should be on-link.

[cprcpr]

Thank you for the answer.
I am not working on windows, I am in linux. And when I issue the route -n command I get something similar to this:
Destination | Gateway | Genmask | Flags | Metric | Ref | Use | Iface
---------------------------------------------------------------------------------------------------------
0.0.0.0 | 10.69.100.67 | 255.255.255.0 | UG | 0 | 0 | 0 | ppp0

Where the 10.69.100.67 address is the assigned to the GPRS by the MNO, vodafone.

It looks like it is On-link since it is pointing to 0.0.0.0, am I right?

Thank you.

[kh_tsang]

As you said, the ppp0 is the GPRS connection.

The routes should be:
1. server IP pointing at ppp0, no need to specify IP address/can specify any address but cannot point at the client itself
2. 0.0.0.0/0 pointing at the L2TP/IPsec tunnel, not ppp0

[cprcpr]

Hello again,
Thank you for the reply.

I have some doubts, probably is concept problem, but if you can explain them to me I'd appreciate it.
First: what do you mean by server IP?
Second: and what is the L2TP/IPSec tunnel? the vpn_vapdater that appears in ifconfig? I have two of them but it doesn't have any IP... they appear when I start vpnclient service.
I attach the ifconfig output to this post in case it helps.
Thank you in advance.

[kh_tsang]

I cannot identify very accurately which adapter is the L2TP/IPsec tunnel.

Note that L2TP/IPsec uses PPP link and is likely the ppp0 interface.
The remaining interface with an IP address is eth0 is likely your orignal eth0.

However, to be scientific, can you show the "ifconfig" and "ip route show" of both before connecting the L2TP/IPsec VPN and after connecting the L2TP/IPsec VPN?

[cprcpr]

Hello,
Thank you again for the reply.
I attach the ifconfig and ip route show output before and after the IPSEC/L2TP connection, which is actually not connected. I do it in different posts since the maximum number of attachments per post is 3.

[cprcpr]

Continue

[cprcpr]

last one
Thank you in advance.

[kh_tsang]

That means eth0 is your original connection. vpn_adapter1 and vpn_adapter2 is the Softether VPN Client adapter. The ppp0 is your GPRS interface.

It seems that you are connecting using Softether VPN Client("./vpnclient") instead of L2TP/IPsec. It seems that your client fails to get any IP from the VPN Server.

Let's take an example.
1.2.3.4 is the VPN Server.
vpn_adapter1 is the adapter of your VPN connection.
After you connect to the vpn, add the following commands.

ip route add 1.2.3.4 via 10.68.254.17 dev ppp0
ip route del default via 10.68.254.17 dev ppp0
dhclient vpn_adapter1

Then see whether there is a new default route pointing at the VPN connection and test if the vpn connection works.

After disconnecting the VPN, change the default route to ppp0.

[cprcpr]

Hello,
Thanks for the reply.

I still have some doubts:

when you say: "after connecting to vpn" what do you mean with that?
Do you mean after issuing ./vpnclient start? or after issuing ./vpncmd and Accountconnect?

I explain you step by step exactly what I was doing:
1. ./vpnclient start
2. ifconfig and I get get the vpn_vadapter1 and vpn_vadapter2
3. pon to establish the ppp0 connection using the GPRS module (SIM900).
4.ifconfig and I get the ppp0 in there with an IP address in the range 10.0.0.0/8 apart from the vpn_vadapter1 and 2.
5. I put as default gw the IP address assigned to the ppp0 connection.
6. Issue ./vpncmd and Accountconnect

Nothing happens, I can't ping the server and my connection status stays in "Connecting".
After reading your last reply I did this:
1. ./vpnclient start
2. ifconfig and I get get the vpn_vadapter1 and vpn_vadapter2
3. pon to establish the ppp0 connection using the GPRS module (SIM900).
4.ifconfig and I get the ppp0 in there with an IP address in the range 10.0.0.0/8 apart from the vpn_vadapter1 and 2.
5. Issuing the next commands in this order (the 10.7.0.1 is the VPN server IP, when we got connection before and the 10.68.254.17 is the ppp0 ipp address, it changes everytime):

ip route add 10.7.0.1 via 10.68.254.17 dev ppp0
ip route del default via 10.68.254.17 dev ppp0
dhclient vpn_adapter1

after dhclient it takes a while and then show again the terminal line to input another command, but nothing changes in the routing tables.
I also tried to issue the commands that you told me after accountconnect but, still, the connection status stays as "connecting".

after this I still can't ping my server ( I tried the IP of the vpn server (10.7.0.1) and the actual IP of the server).

Any idea of what is wrong?

Thank you in advance.

[kh_tsang]

After establishing ppp0, then try the following:

1. ip route del default via 10.68.254.17 dev ppp0
2. ip route add 10.7.0.1 dev ppp0 <-- I removed the gateway IP here, you can try to see if you can ping 10.7.0.1 after this step.
3. Establish the vpn connection and wait until the status of the vpn connection becomes connected.
4. dhclient vpn_adapter1

[cprcpr]

Hi again, thanks for the quick answer.
I explain what I've just done:
1. pon to establish the ppp0 connection using the GPRS module (SIM900)
2. ip route del default via 10.68.254.17 dev ppp0
3. ip route add 10.7.0.1 dev ppp0
4. Tried to ping, but no response.
5. ./vpnclient start
6. ./vpncmd and accountconnect
7. accountlist, the connection is in "connecting" status for 10 min now.

Thanks.

[kh_tsang]

I assume your VPN server responses to ping and the network does not block ping.

Can you check your firewall configuration of your VPN server?
If there is no problem, try adding "src <IP address of ppp0>" after ip commands for adding routes.
(For example, "ip route add 10.7.0.1 dev ppp0 src 10.68.254.17")

Also, what is 192.200.1.21(as picture)?

[cprcpr]

Hello,
The server is not pingable cause external firewall (academic environment) but we got the OpenVPN working without taht ping. So, we assumed that Softether will work the same way. Because when we use OpenVPN and we have the VPN tunnel established the ping works through the tunnel.

There is no problem adding src after the ip commands, it accepts it properly :)
192.200.1.21 is the point to point ip that vodafone has in their server, i guess is their server ip.

Thank you in advance.

[kh_tsang]

Do you mean OpenVPN works with the same commands but not SoftEther VPN?

Can you also try
ip route add 10.7.0.1 via 10.68.254.17 dev ppp0
instead of
ip route add 10.7.0.1 dev ppp0

because it is via your original IP configured by the system.

[cprcpr]

Hello. Thanks for the reply.
OpenVPN works straight away, I start the ppp connection and after that with the 10.68.254.17 ip address as default GW it can connect issuing the commands to establish the OpenVPN connection. Eventough, before starting the OpenVPN connection (after establishing the ppp connection) I can't ping the server.

I've tried the commands of your last post, but the same results. Not working.
Thanks

[kh_tsang]

It is quite interesting that how OpenVPN works well on it.

[cprcpr]

Hello,
I was wondering if Softether points somehow to the Eth0 interface by default? is there any config file for Softether to change that?
Thanks in advance.

[kh_tsang]

deleted

[cprcpr]

Hello,
I am using Debian wheezy, does anyone has tried Softether in Debian?
thanks

[kh_tsang]

I forgot about Fedora. However, it works well with Oracle Linux. Oracle Linux is not using eth0 as the name.
I also specify the metric as well.

52.68.x.x is my VPN server.

[thisjun]

Did you check a client log?