What's new

SoftEther VPN Client 8 Thread Connection Made But Cannot Communicate

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Chxc

New Around Here
Hello,

Tinkered with SoftEther VPN server on my VPS a bit and came across some awesome ppl's binary that works on my Asus RT68U running Merlin.

Got the connection made, however. my ignorance in Linux has prevented me to go further after about too many hrs of learning and trying. Seems like a good time to seek professional help!

Why do it?
SoftEther's own client-server software can establish 8+ simultaneous TCP connections and with a decent compression algorithm that can not only saturate and but also slightly increase my home Internet bandwidth.

I have tested using the Windows client. 100 Mbps cable service at College Station going to my VPS server (same 100Mbps uplink) at Dallas. I can consistently hit 120 Mbps downstream throughput using speedtest.net. Result is consistent with the max 20% efficiency claim at the official site.

In contrast to that I can only hit about 30-40 Mbps with an ovpn link running over UDP.


What has been done?

1. SoftEther VPN From lancethepants' website install on /jffs
(http://files.lancethepants.com/Binaries/SoftEtherVPN/arm/SoftEtherVPN v4.20-9608-rtm/)

2. boot script so far
Code:
#enable tun dev
modprobe tun

#recreate tun interface as it is wiped at boot
ip tuntap add dev vpn_tun mod tun
ip link set dev vpn_tun up

#must to set udhcpc broastcast address
ip address add 192.168.5.0/24 dev vpn_tun

#start client binary
./vpnclient start

#connect saved connection profile
./vpncmd localhost /client /CMD accountconnect home

#get dhcp lease from server
udhcpc -i vpn_tun


What is working so far?

1. SoftEther 8-thread client-server can be made
2. Can obtain DHCP lease from server


What's the problem?

1. I am not sure if I setup the interface correctly!

2. I cannot access my vpn server side even when VPN connection is established
I am suspecting it's a route issue as the SoftEther Linux client doesn't update route setting at all (fail?)


route output w/o vpn connection:

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.1   *               255.255.255.255 UH    0      0        0 eth0
192.168.1.0   *               255.255.255.0   U     0      0        0 eth0
192.168.2.0    *               255.255.255.0   U     0      0        0 br0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         192.168.1.1   0.0.0.0         UG    0      0        0 eth0

route otuput with ovpn connection:

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.1   *               255.255.255.255 UH    0      0        0 eth0
(server ip)  192.168.1.1   255.255.255.255 UGH   0      0        0 eth0
192.168.1.0   *               255.255.255.0   U     0      0        0 eth0
192.168.2.0    *               255.255.255.0   U     0      0        0 br0
192.168.5.0    *               255.255.255.0   U     0      0        0 tun11
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         192.168.5.1    128.0.0.0       UG    0      0        0 tun11
128.0.0.0       192.168.5.1    128.0.0.0       UG    0      0        0 tun11
default         192.168.1.1   0.0.0.0         UG    0      0        0 eth0


Few resources I have tried with CentOS and other Linx distro but w/o much luck:

1. https://blog.harshillodhi.co.in/softether-vpn-ubuntu-linux-client-configuration-behind-http-proxy/

2. http://askubuntu.com/questions/666484/setting-up-softether-vpn-client

3. https://www.rapidvpn.com/setup-vpn-softether-ubuntu


Many thanks!


Chris
 
Last edited:
Very nicely written tutorial. Good stuff.

Also, may I recommend adding trying the server management software and client management software to further tweak and harden the server connections such as switching switching ciphers, enable certificate based, RADIUS, or domain controller based user management.

Those software can be downloaded from the SoftEther official site.

The server management can be connected directly with the server IP and the port number of your choice. The client side would need to enter RemoteEnable during the initial setup.

However, I am more interested in running a SoftEther Client on the Asus Router, because my server is already up and running on my remote VPS server.

Anyway. kudos to an awesome tutorial!
 
http://www.softether.org/4-docs/1-m...ng_in_Linux.2C_FreeBSD.2C_Solaris_or_Mac_OS_X
  • Limitations within the Linux or UNIX operating system prevent communication with IP addresses assigned to the network adapter locally bridged from the VPN side (Virtual Hub side). The cause of this restriction lies with OS's internal kernel codes rather than with the SoftEther VPN. When wishing to communicate in any form with a UNIX computer used for local bridging from the VPN side (Virtual Hub side), (for instance, when running both the VPN Server / VPN Bridge service & the HTTP Server service and wishing to grant access to the server service from the VPN side as well), prepare and connect a local bridge network adapter and physically connect both it and the existing network adapter to the same segment (as explained in 3.6 Local Bridges, it is recommended to prepare a network adapter for exclusive use in local bridging for this and other situations).
 
This is an interesting point. Thank you for your post.

However, I am not sure if this applies to the problem I am facing as I am not creating any SoftEther local bridges on the router side.

Server side:
VPN Server's sole "Local Bridge" interface is not bridged with others, and is directly masqueraded to the internet side venet interface.

Router side:
The VPN client creates a local tun interface that is not bridged with any other existing interfaces.

The client program itself can communicate with server, however, I am unable to extend that connection to other interfaces with my limited knowledge.
 
i use the following service script on my debian server
Code:
[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/opt/vpnserver/do_not_run

[Service]
Type=forking
EnvironmentFile=-/opt/vpnserver
ExecStart=/opt/vpnserver/vpnserver start
ExecStartPost=/bin/sleep 2
ExecStartPost=/sbin/brctl addif br0 tap_se
ExecStop=/opt/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/opt/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID

[Install]
WantedBy=multi-user.target

and this is my local bridge setting
upload_2017-3-25_16-28-43.png


basically what i did is attach softether on a tap bridged together with my physical interface eth0 in br0 and I can aceess any resource
 
Good stuff man. Thanks.

Do you have any advise setting up client program on the router side?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top