Packet Loss from VPN clients

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
mjones8019
Posts: 2
Joined: Thu Sep 03, 2020 11:26 pm

Packet Loss from VPN clients

Post by mjones8019 » Thu Sep 03, 2020 11:32 pm

Hello,

I have installed SoftEther VPN Server in a small business environment. The setup is as follows.
There is a Cloud IP address which remote users connect to. TCP 5555 and UDP 500 and 4500 and forwarded from there, through the WAN IP's to the LAN IP of the SoftEther VPN Server. The Server is using SecureNAT to enable split tunneling. The load is very small on the server as there is only about 40 users max. The VPN clients outside are able to connect, but drop packets to the DNS server inside the network on the other side of the SoftEtherVPN server. The server inside the network does not, and other servers and workstations inside the network do not. The packet loss to the VPN clients is around 70%. I have tried tracing and checking the logs and all I find is that many requests are being made, and many are not being answered. More info, the SoftEtherVPN server is running windows 2016 and it is a guest on a 2016 Hyper-v host server. The DNS server is on a different Hyper-V 2016 host server and is a 2012R2 guest.

This issue is driving me nuts and it may not even be SoftEther VPN's fault. Does anyone have any ideas to assist in narrowing down this issue please?

Thanks,
Mike

mjones8019
Posts: 2
Joined: Thu Sep 03, 2020 11:26 pm

Re: Packet Loss from VPN clients

Post by mjones8019 » Fri Sep 04, 2020 10:18 pm

I have an update on this that I and my ISP network engineer were able to see. The problem appears to be withing SoftEther VPN Server using the SecureNat function. It has to do with ARP table updating and where the traffic is directed.

The Engineer found the following when troubleshooting.
"I was able to confirm by reading through the SoftEther VPN source code that there are areas in the code that update it's internal ARP table based on any incoming packet rather than just received ARP packets. In src/Ceder/Virtual.c VirtualLayer2() calls VirtualIpReceived() for otherwise unprocessed IPV4 packets, which always calls ArpIpWasKnown() which calls InsertArpTable() which inserts or replaces MAC/IP pairs in its ARP table."

For now I have disabled the SecureNat functionality and am using the local bridge option. This puts my clients in Full Tunnel mode, instead of split tunnel, but at least they are not dropping packets and their connections are stable. If anyone has a solution to this very specific environmental problem, or if this is a software issue, is there a fix for it?

Thanks,
Mike

ethanolson
Posts: 43
Joined: Mon Dec 02, 2019 6:29 am

Re: Packet Loss from VPN clients

Post by ethanolson » Tue Sep 08, 2020 5:06 am

I'm not certain what's causing the packet loss... maybe a promiscuous virtual switch or a PPPoE WAN connection which has a smaller MTU.

Also, you should have UDP port 1701 forwarded to the SoftEther server as well since L2TP uses it.

fenice
Posts: 167
Joined: Sun Jul 19, 2015 4:23 pm

Re: Packet Loss from VPN clients

Post by fenice » Tue Sep 08, 2020 5:21 am

If there really is a bug with SecureNat I'd suggest you file a bug report on github to get it confirmen/fixed.
Regards


Bill

Post Reply