Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

SoftEther VPN Client 8 Thread Connection Made But Cannot Communicate

Discussion in 'Asuswrt-Merlin' started by Chxc, Mar 19, 2017.

Tags:
  1. Chxc

    Chxc New Around Here

    Joined:
    Mar 19, 2017
    Messages:
    6
    Hello,

    Tinkered with SoftEther VPN server on my VPS a bit and came across some awesome ppl's binary that works on my Asus RT68U running Merlin.

    Got the connection made, however. my ignorance in Linux has prevented me to go further after about too many hrs of learning and trying. Seems like a good time to seek professional help!

    Why do it?
    SoftEther's own client-server software can establish 8+ simultaneous TCP connections and with a decent compression algorithm that can not only saturate and but also slightly increase my home Internet bandwidth.

    I have tested using the Windows client. 100 Mbps cable service at College Station going to my VPS server (same 100Mbps uplink) at Dallas. I can consistently hit 120 Mbps downstream throughput using speedtest.net. Result is consistent with the max 20% efficiency claim at the official site.

    In contrast to that I can only hit about 30-40 Mbps with an ovpn link running over UDP.


    What has been done?

    1. SoftEther VPN From lancethepants' website install on /jffs
    (http://files.lancethepants.com/Binaries/SoftEtherVPN/arm/SoftEtherVPN v4.20-9608-rtm/)

    2. boot script so far
    Code:
    #enable tun dev
    modprobe tun
    
    #recreate tun interface as it is wiped at boot
    ip tuntap add dev vpn_tun mod tun
    ip link set dev vpn_tun up
    
    #must to set udhcpc broastcast address
    ip address add 192.168.5.0/24 dev vpn_tun
    
    #start client binary
    ./vpnclient start
    
    #connect saved connection profile
    ./vpncmd localhost /client /CMD accountconnect home
    
    #get dhcp lease from server
    udhcpc -i vpn_tun
    

    What is working so far?

    1. SoftEther 8-thread client-server can be made
    2. Can obtain DHCP lease from server


    What's the problem?

    1. I am not sure if I setup the interface correctly!

    2. I cannot access my vpn server side even when VPN connection is established
    I am suspecting it's a route issue as the SoftEther Linux client doesn't update route setting at all (fail?)


    route output w/o vpn connection:

    Code:
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.1.1   *               255.255.255.255 UH    0      0        0 eth0
    192.168.1.0   *               255.255.255.0   U     0      0        0 eth0
    192.168.2.0    *               255.255.255.0   U     0      0        0 br0
    127.0.0.0       *               255.0.0.0       U     0      0        0 lo
    default         192.168.1.1   0.0.0.0         UG    0      0        0 eth0
    
    route otuput with ovpn connection:

    Code:
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.1.1   *               255.255.255.255 UH    0      0        0 eth0
    (server ip)  192.168.1.1   255.255.255.255 UGH   0      0        0 eth0
    192.168.1.0   *               255.255.255.0   U     0      0        0 eth0
    192.168.2.0    *               255.255.255.0   U     0      0        0 br0
    192.168.5.0    *               255.255.255.0   U     0      0        0 tun11
    127.0.0.0       *               255.0.0.0       U     0      0        0 lo
    default         192.168.5.1    128.0.0.0       UG    0      0        0 tun11
    128.0.0.0       192.168.5.1    128.0.0.0       UG    0      0        0 tun11
    default         192.168.1.1   0.0.0.0         UG    0      0        0 eth0
    

    Few resources I have tried with CentOS and other Linx distro but w/o much luck:

    1. https://blog.harshillodhi.co.in/softether-vpn-ubuntu-linux-client-configuration-behind-http-proxy/

    2. http://askubuntu.com/questions/666484/setting-up-softether-vpn-client

    3. https://www.rapidvpn.com/setup-vpn-softether-ubuntu


    Many thanks!


    Chris
     
    Last edited: Mar 19, 2017
  2. Chxc

    Chxc New Around Here

    Joined:
    Mar 19, 2017
    Messages:
    6
    /bump
     
  3. TeHashX

    TeHashX Very Senior Member

    Joined:
    Jul 6, 2012
    Messages:
    937
    Location:
    Europe
    I'm working on a softethervpn tutorial, will be ready in short time here www.hqt.ro
     
  4. TeHashX

    TeHashX Very Senior Member

    Joined:
    Jul 6, 2012
    Messages:
    937
    Location:
    Europe
  5. Chxc

    Chxc New Around Here

    Joined:
    Mar 19, 2017
    Messages:
    6
    Very nicely written tutorial. Good stuff.

    Also, may I recommend adding trying the server management software and client management software to further tweak and harden the server connections such as switching switching ciphers, enable certificate based, RADIUS, or domain controller based user management.

    Those software can be downloaded from the SoftEther official site.

    The server management can be connected directly with the server IP and the port number of your choice. The client side would need to enter RemoteEnable during the initial setup.

    However, I am more interested in running a SoftEther Client on the Asus Router, because my server is already up and running on my remote VPS server.

    Anyway. kudos to an awesome tutorial!
     
  6. TeHashX

    TeHashX Very Senior Member

    Joined:
    Jul 6, 2012
    Messages:
    937
    Location:
    Europe
    I will take a look at SoftEther Client part but no promise
     
  7. Chxc

    Chxc New Around Here

    Joined:
    Mar 19, 2017
    Messages:
    6
    Much obliged and looking forward to your valuable advise!
     
  8. maurer

    maurer Occasional Visitor

    Joined:
    May 13, 2014
    Messages:
    46
    http://www.softether.org/4-docs/1-m...ng_in_Linux.2C_FreeBSD.2C_Solaris_or_Mac_OS_X
    • Limitations within the Linux or UNIX operating system prevent communication with IP addresses assigned to the network adapter locally bridged from the VPN side (Virtual Hub side). The cause of this restriction lies with OS's internal kernel codes rather than with the SoftEther VPN. When wishing to communicate in any form with a UNIX computer used for local bridging from the VPN side (Virtual Hub side), (for instance, when running both the VPN Server / VPN Bridge service & the HTTP Server service and wishing to grant access to the server service from the VPN side as well), prepare and connect a local bridge network adapter and physically connect both it and the existing network adapter to the same segment (as explained in 3.6 Local Bridges, it is recommended to prepare a network adapter for exclusive use in local bridging for this and other situations).
     
  9. Chxc

    Chxc New Around Here

    Joined:
    Mar 19, 2017
    Messages:
    6
    This is an interesting point. Thank you for your post.

    However, I am not sure if this applies to the problem I am facing as I am not creating any SoftEther local bridges on the router side.

    Server side:
    VPN Server's sole "Local Bridge" interface is not bridged with others, and is directly masqueraded to the internet side venet interface.

    Router side:
    The VPN client creates a local tun interface that is not bridged with any other existing interfaces.

    The client program itself can communicate with server, however, I am unable to extend that connection to other interfaces with my limited knowledge.
     
  10. maurer

    maurer Occasional Visitor

    Joined:
    May 13, 2014
    Messages:
    46
    i use the following service script on my debian server
    Code:
    [Unit]
    Description=SoftEther VPN Server
    After=network.target auditd.service
    ConditionPathExists=!/opt/vpnserver/do_not_run
    
    [Service]
    Type=forking
    EnvironmentFile=-/opt/vpnserver
    ExecStart=/opt/vpnserver/vpnserver start
    ExecStartPost=/bin/sleep 2
    ExecStartPost=/sbin/brctl addif br0 tap_se
    ExecStop=/opt/vpnserver/vpnserver stop
    KillMode=process
    Restart=on-failure
    
    # Hardening
    PrivateTmp=yes
    ProtectHome=yes
    ProtectSystem=full
    ReadOnlyDirectories=/
    ReadWriteDirectories=-/opt/vpnserver
    CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID
    
    [Install]
    WantedBy=multi-user.target
    
    and this is my local bridge setting
    upload_2017-3-25_16-28-43.png

    basically what i did is attach softether on a tap bridged together with my physical interface eth0 in br0 and I can aceess any resource
     
  11. Chxc

    Chxc New Around Here

    Joined:
    Mar 19, 2017
    Messages:
    6
    Good stuff man. Thanks.

    Do you have any advise setting up client program on the router side?
     
  12. maurer

    maurer Occasional Visitor

    Joined:
    May 13, 2014
    Messages:
    46
    i haven't use client on router yet
     

Share This Page