Softether Limitation

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Softether Limitation

Post by claudelu » Mon Mar 23, 2020 4:01 pm

Hi there!
I have a Client - Server SE VPN environment (Version provided in attach) which runs for some years now.

Until now I didn't need too many VPN Client connections. Lately we have the following problem:

we are using costantly 10+ SE VPN Client Connections.
The problem starts from the 11th connection.
Repro Steps:
- the 11th (or more) connection is incomming;
- connection is established successfully on both SE Client and Server;
- Network Settings (DHCP) are called but not received;
- if the same user starts the connection on the first 10 -> everything is OK;

Can someone please tell me if there is a SE limitation (to 10 concurent connections)?
Or point me to what I need to change if there is a Option active somewhere?

Regards!
You do not have the required permissions to view the files attached to this post.

centeredki69
Posts: 245
Joined: Wed Sep 18, 2013 1:49 pm

Re: Softether Limitation

Post by centeredki69 » Mon Mar 23, 2020 6:56 pm

It sounds like the DHCP server is out of IP address leases to allocate.
If using "SecureNAt/Virtual DHCP" verify the amount allowed under "secureNat settings". If using "localbridge" verify local DHCP server limit.

claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Re: Softether Limitation

Post by claudelu » Tue Mar 24, 2020 7:43 am

Hi centeredki69,

thank you for your answer.

We are using "local bridge" in combination with the Windows Server DHCP Role.
I must say that your suggestion was also my first thought but I am not 100% sure.

I have looked on the "Adressleases" when the problem occured and not all IP adresses from the DHCP adresspool were ocupied.
Furthermore at that time I have also checked with Wireshark the SE Virtual Adapter on a problem PC: connection to SE VPN Server established; the traffic on the SE Virtual Adapter showed that the Adapter sent and received the correct Network Information like "Who is IP" but in the end it received none. I have looked in the Event Viewer on local PC and DHCP Server for Errors and found none.
I will check again, when the problem occurs and get back to you (Info or screenshots).

But until then is there another place where I can still search for this "limitation"?

Best regards!

claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Re: Softether Limitation

Post by claudelu » Tue Mar 24, 2020 9:53 am

Hi there!

I come with an extra Info: we do not limit the VPN Sessions on the SE VPN Server.
regards!
You do not have the required permissions to view the files attached to this post.

claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Re: Softether Limitation

Post by claudelu » Tue Mar 24, 2020 10:46 am

Hi again!

The problem is happening as I type and it does not reside in the DHCP Role:
I can connect without problems with local PCs but on the SE VPN Server the 10 Conections are there and the SE Clients (Conection Nr. 11, 12 and so on) doesn't receive their IPs.

Regards!

mad_gulls
Posts: 3
Joined: Tue Mar 24, 2020 4:51 pm

Re: Softether Limitation

Post by mad_gulls » Tue Mar 24, 2020 5:05 pm

Try stable RTM versions server & clients. Collect wiresharks dumps on client side and DHCP side and figure out if there is a problem. Try to redeploy server it easy do with rehost configuration via config file.

claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Re: Softether Limitation

Post by claudelu » Wed Mar 25, 2020 8:50 am

Hi mad_gulls!

Thank you for your answer.
I have checked the Version and it seems I use the latest RTM Version (SoftEther VPN 4.25 Build 9656 RTM (January 15, 2018)).

I will go ahead and reinstall/replace the SE VPN Server and all SE Clients with the latest BETA Version (SoftEther VPN 4.34 Build 9744 Beta (March 21, 2020)) and I hope the problem will disapear.

Best regards!

claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Re: Softether Limitation

Post by claudelu » Wed Mar 25, 2020 12:28 pm

Hi there!

I have reinstalled the VPN Server and Clients like I wrote and that did't helped. The problem is still there.

Can this be related with the fact that we are using both Split and Full Mode on the clients adapters?

Regards!

mad_gulls
Posts: 3
Joined: Tue Mar 24, 2020 4:51 pm

Re: Softether Limitation

Post by mad_gulls » Wed Mar 25, 2020 9:17 pm

What is a Split and Full Mode Can you attach a screenshot with settings?

claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Re: Softether Limitation

Post by claudelu » Thu Mar 26, 2020 7:35 am

Hi mad_gulls,

Split or Full is how you want the Client traffic to be routed: partially over VPN Server (split) or completly (full).

I am a bit confused of which config you mean. I have posted the VPN Client config as attach.
This config is on all VPN Clients the same and I repeat. It works without problems as long there are max. 10 Clients connected.
When the 11th comes, it gets successfully connected with its Windows Domain Credentials but receive no IP.

Regards!
You do not have the required permissions to view the files attached to this post.

mad_gulls
Posts: 3
Joined: Tue Mar 24, 2020 4:51 pm

Re: Softether Limitation

Post by mad_gulls » Thu Mar 26, 2020 8:56 am

Hmm, I would check is it a dhcp issue only, are you tried to assign a static ip addresses to 10th, 11th VPN connections? What shows VPN servers logs and logs from DHCP server?

claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Re: Softether Limitation

Post by claudelu » Fri Mar 27, 2020 8:51 am

Hi mad_gulls!

As requested I have attached the logs in two parts - I have hided the sensitive infos - this is part 1.
My understandins everythings look OK and I see no error.

That is why I don't understand why the first 10 VPN Clients receive their IPs from DHCP Server and the others are not.
You do not have the required permissions to view the files attached to this post.

claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Re: Softether Limitation

Post by claudelu » Fri Mar 27, 2020 8:52 am

Hi mad_gulls!
here is the part 2.

Regards!
You do not have the required permissions to view the files attached to this post.

claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Re: Softether Limitation

Post by claudelu » Fri Mar 27, 2020 9:54 am

Hi there again!

Here I post my Windows DHCP Infos:
- Addresspool: 100
- Leasetime: it was set to 4 h -> now I have changed it to 30 Min.
- Failover: Hot Standby, see attach

Regards!
You do not have the required permissions to view the files attached to this post.

claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Re: Softether Limitation

Post by claudelu » Fri Mar 27, 2020 10:11 am

Hi !
and here is the DHCP Log.
Best regards!
You do not have the required permissions to view the files attached to this post.

claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Re: Softether Limitation

Post by claudelu » Fri Mar 27, 2020 10:18 am

Hi again!

And here is what the Log on the other DHCP Server looks like.

Regards!
You do not have the required permissions to view the files attached to this post.

claudelu
Posts: 26
Joined: Mon Aug 29, 2016 11:42 pm

Re: Softether Limitation

Post by claudelu » Fri Mar 27, 2020 11:00 am

Hi there again!

I must come with explanations. I have hided the sensitive informations, but I can confirm that the Remote PC Name (with VPN Client) is not logged in the DHCP Log File.
So that means that the Remote PC is not receiving an IP, but on Wireshark i see the Ping/Pong traffic "Who has IP?" and again the authentication on AD works fine. Furthermore the AD and DHCP are bothon the same Servers: DC1 <-> DC2

Regards!

Post Reply