-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Impossible to get access to Host VPN Server from remote client #298
Comments
That's not going to be possible and not a problem of Softether. This is also mentioned manual under 3.6.11 and I quote:
In short, the Linux kernel prevents access to the interface you bridged for your VPN for security reasons as far I have read (had this issue aswell when I was new to SoftEther). The real solution is getting a second network card in the server you use for the VPN. Then you have one interface dedicated to routing internet traffic and the other interface as management where you can SSH into it. I hope this helps you any further. Note: I'm not a maintainer and/or member of this project, but just a user that runs its own SoftEther VPN server. |
I came to the same thought. But my servers are very tiny computers that has integrated CPU, without active cooling and there is no space to install any additional Network Card. So I'm thinking about something like Raspberry or Pine64 maybe with Windows on it. In that case there shouldn't be any troubles. |
Windows does indeed not have problem with this. I have run SoftEther VPN Server on a Windows operating system before I transfered over to Linux, due to getting a second NIC for it. |
May be it is a worthy thing to try to create a Virtual Network Adapter in Ubuntu and create Local Bridge in SE VPN to this Virtual Adapter? |
For whatever it's worth, I've noticed the same thing with my instance running on a RaspberryPi 3. My only work around was to SSH into another RP running on my network, to then reverse SSH into from the aforementioned. Which, does work. It doesn't solve the problem of connecting to my VPN server with the Windows Admin tool, but I can make manual configurations that way if absolutely necessary. |
Hi, Watch this as workaround to the problem: https://www.youtube.com/watch?v=jqRkFKHdz4A Define a tap device (forget about bridging it to the NIC) and then configure network for the VPN clients behind a NAT. regards, |
Hello everyone! I'm using softether+openhab (domotics) and experiencing the same issue: PI does not respond to any device connected through VPN. @nickete your solution seems to be feasible but I couldn't figure what configuration is needed. I created the tap device and used the SoftEther secure nat feature. The same behavior as before, I can ping any device in my LAN except my PI. I would greatly appreciate any hints on how to implement it. Also, I'm wondering why I can't ping the WLAN interface of PI if I'm using the eth interface for a VPN. Greetings, |
I'm interested to look into exactly why the Linux kernel is blocking this. (I can't believe such a limitation does not exist on a Windows OS). This issue was driving me insane until I found out the explanation in SoftEther documentation. Since I can not use a dedicated network card for bridging, I hope there could be another solution that I can use (aside from defining a TAP interface, or reverse SSH`ing using another Raspberry Pi). |
Please follow this workaround |
I try going to this link it does not load |
wait it just did after created a GitHub account |
test passed on centos7, please use command like 'shutdown -r 3' to keep remote server live. |
Hello eveyrone,
I think I discovered a serious problem with SE VPN when it is installed at Ubunutu (and probably other Linux).
Set-up: 192.168.0.0/24 network, Ubuntu 16LTS Server, The Simpliest Remote VPN Configuration, Local Bridge, One Hub, No ACL and other tricks, IPsec and OpenVPN options are enabled.
Client: Android device with standard IPsec (tested with Adnroid 6 and 4), OpenVPN client.
The problem: when Adnroid establishes VPN Tunnel then it can reach any computer at 192.168.0.0/24 network except the VPN Host with Ubuntu. The situation is vice versa: any computer from the network can ping Android device. But VPN Host with Ubuntu can't ping it.
I tryied to use ordinary ping and arping (from Ubuntu). I checked route table. I've updated ARP table with concrete corresponce between the client IP-address and its MAC-address. With no success.
Due to User Space of SE at Linux there is no separate network VPN adapter for VPN. SE uses its internal realization of VPN network interface adapter. We can't see it via ifconfig and we can't route packets to it from the local machine.
Anyway if I try to connect from Win10 with SE client to the same Virtual HUB I can reach VPN Host with Ubuntu.....
The text was updated successfully, but these errors were encountered: