Layer 3 newbie problem

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Mastiff
Posts: 6
Joined: Tue Sep 04, 2018 4:20 pm

Layer 3 newbie problem

Post by Mastiff » Tue Sep 04, 2018 4:52 pm

I have been using OpenVPN for several years (probably close to 10) as a bridge between my house and my cabin, but for various reasons I had problem making that work on my new setup, which is a pair of Windows Server 2016 Datacenter on server cards with Xeon CPU's. I work as a freelance translator and can in principle work anywhere I have a broadband connection, but since it's very typing intensive I need a good chair, a desk, a dual monitor setup and my Matias Ergo Pro keyboard. I have those at both places, and the only thing I need to bring with me when I go from one place to the other is my Surface Pro, which is hooked up to a docking station I have at each location. That means that I can start a job, find out that I want to go to the cabin because the weather's nice and just bring the Surface Pro to keep on working there. All work files are on the cabin server (with 300/300 fibre, UPS that runs for 8 hours and full real-time backup solutions). With the bridge it doesn't matter where I am, I always open the file from the same location.

But since I have spent a month trying to get OpenVPN to work reliably I figured I'd give SoftEther a chance. I have been running my own Windows Server computers for a long time, ever since Windows Server 2000. So I know about the terminology and routing and all that, I'm just a newbie on SoftEther. But I find the UI easy to understand, and I thought I followed a "howto" perfectly. But obviously I did not... This is the one I used: https://www.softether.org/4-docs/1-manu ... Routing%29

My networks are Hjemmeserver (home server in Norwegian) on 192.168.0.1 and Hytteserver (cabin server) on 192.168.2.1.

So on the cabin server (which I am using as the VPN server because I plan to keep that for the rest of my life, while I'm not as sure about the house) I have created two virtual hubs, "Cabin server" (local with a local bridge to the network card that covers the internal network) and "From House server" (which the house server connects to).

On the cabin server I have also defined a layer 3 switch which connectes the two virtual hubs "cabin server" (with a Virtual interface 191.168.2.2) and "From house server" (with a Virtual interface 191.168.0.2). On the same switch I defined routing tables 192.168.0.0 with the 192.168.2.2 virtual hub as gateway and 192.168.2.2 with the 192.168.0.2 virtual hub as gateway.

On the home server I have installed a SoftEther with the standard bridge virtual hub and the correct setup in cascade connection.

Finally I have made static routes on Routing and remote access on both sides. On the cabin side I have destination 192.168.0.0 with virtual hub 192.168.2.2 as the gateway, and on the house side I have destination 192.168.2.0 with virtual hub 192.168.0.2 as the gateway.

I can connect the home server bridge to the cabin VPN server without problems.

From the cabin server side I can ping both the virtual hubs and the home server, but I can not ping any other computers on the home server side. From the home server side I can ping both the virtual hubs and the home server, but I can not ping any other computers or other devices on the cabin server side.

From other computers than the servers on both sides I can ping the server on the other side, but I can't ping any other computers or other devices on the same network.

Finally I can not ping anything with the network name, only IP address. So there is no DNS that is being transfered over the Layer 3 bridge.

If there is a step I have forgotten here, I would very much like to know.

Mastiff
Posts: 6
Joined: Tue Sep 04, 2018 4:20 pm

Re: Layer 3 newbie problem

Post by Mastiff » Wed Sep 05, 2018 8:18 am

One step closer. :) I deleted the routes on the virtual layer 3 switch, and added another route on each side using the opposite virtual interface as the gateway, and now I can access stuff on each side. So now it's only the DNS thing that's missing, so I can use device/computer names to access on the opposite network.

But I do have a rather slow connection. I should have been on 2,5-3 MB/s, but I only get around 1-1,2 on transfer of big files. Is that a limitation within SoftEther, or is there something I can fiddle with?

InvisibleJim
Posts: 2
Joined: Mon Sep 10, 2018 12:51 pm

Re: Layer 3 newbie problem

Post by InvisibleJim » Tue Sep 11, 2018 8:20 am

On the cabin server I have also defined a layer 3 switch which connectes the two virtual hubs "cabin server" (with a Virtual interface 191.168.2.2) and "From house server" (with a Virtual interface 191.168.0.2)
Out of curiosity, is the 191.168.... correct for your connection or is it a typing error?

Mastiff
Posts: 6
Joined: Tue Sep 04, 2018 4:20 pm

Re: Layer 3 newbie problem

Post by Mastiff » Tue Sep 11, 2018 6:44 pm

Typing error... it should of course be 192.

thisjun
Posts: 2134
Joined: Mon Feb 24, 2014 11:03 am

Re: Layer 3 newbie problem

Post by thisjun » Thu Oct 04, 2018 6:46 am

What protocol do you use for the file transfer?
SMB is slow with high latency, So please try FTP or HTTP.

Mastiff
Posts: 6
Joined: Tue Sep 04, 2018 4:20 pm

Re: Layer 3 newbie problem

Post by Mastiff » Thu Oct 04, 2018 8:07 am

Thanks! I do have an FTP-server, and that works fast. But I need SMB because then I and my family can simply copy the files the same way as if they are on the same network. The point with this network is that it shouldn't matter where the files are, both for copying and direct access. I will probably have 300/300 fibre in both ends within half a year. I hope it will work faster then.

But why should SMB be 1/2 to 1/3 of the speed on SoftEther compared to OpenVPN? I can't really see a reason for that, the packages should be the same, shouldn't they?

cmd wh0ami
Posts: 82
Joined: Sun Jul 16, 2017 6:58 pm

Re: Layer 3 newbie problem

Post by cmd wh0ami » Thu Oct 04, 2018 9:19 pm

In SoftEther Client in advanced settings how many tcp connections do you have going? I would set it to 16-20... Then enable half duplex mode...

I would disable udp acceleration on the client and server, and the dynamic dns on the server too...

To get the best performance out of SoftEther you need to bridge to eth0, wlan0, or tap.
VPN Discord invite: https://discord.gg/QByKXA9

Mastiff
Posts: 6
Joined: Tue Sep 04, 2018 4:20 pm

Re: Layer 3 newbie problem

Post by Mastiff » Fri Oct 05, 2018 1:40 pm

Thanks! I had 8 tcp connections, but I have now changed it to 20, with half duplex and reconnected. I can't say that I see a significant change of speed, though. Next step was to disable UDP acceleration on both and Dynamic DNS (took a bit of time to find the config file and those options...). I lost contact with the server after that and walked the dog. Still not running when I came back, so I guess I deleted the stuff from the config file wrongly, I deleted this part:

Code: Select all

	declare DDnsClient
	{
		bool Disabled false
		byte Key [i](something gibberish, probaby secret, so I'm not showing that)[/i]
		string LocalHostname [i]My server name[/i]
		string ProxyHostName $
		uint ProxyPort 0
		uint ProxyType 0
		string ProxyUsername $
	}
I guess I should just have changed Disabled to true... (Quite embarassing...) Rebooting the server didn't help either. But when I look at the vpn_server.config under C:\Program Files\SoftEther VPN Server it still contains that stuff. Is there a config file hidden somewhere else that is messed up? What should I do?

Edit: I tried now to delete the config file from the directory mentioned over and copy the last backup before the changes. No luck, the server manager still can't connect. Should I uninstall and reinstall, and then restore the settings from the config file?

Edit 2: By "lost contact" I mean that neither the server manager running on the same computer (localhost) nor the client can connect to it.

cmd wh0ami
Posts: 82
Joined: Sun Jul 16, 2017 6:58 pm

Re: Layer 3 newbie problem

Post by cmd wh0ami » Fri Oct 05, 2018 3:02 pm

Wow... I'm so sorry that turned out like that.... But yes, you were suppose to change bool Disabled from false to true under declare DDnsClient. The thing is I doubt those two settings will speed anything up... I was just suggesting disabling ddns client and udp acceleration because it will stop SE from calling home to servers in Japan. (those settings make me paranoid)...

Code: Select all

declare DDnsClient
	{
		bool Disabled true
	}]

Code: Select all

}
			declare Message
			{
			}
			declare Option
			{
				uint AccessListIncludeFileCacheLifetime 30
				uint AdjustTcpMssValue 0
				bool ApplyIPv4AccessListOnArpPacket false
				bool AssignVLanIdByRadiusAttribute false
				bool BroadcastLimiterStrictMode false
				uint BroadcastStormDetectionThreshold 0
				uint ClientMinimumRequiredBuild 0
				bool DenyAllRadiusLoginWithNoVlanAssign false
				uint DetectDormantSessionInterval 0
				bool DisableAdjustTcpMss false
				bool DisableCheckMacOnLocalBridge false
				bool DisableCorrectIpOffloadChecksum false
				bool DisableHttpParsing false
				bool DisableIPParsing false
				bool DisableIpRawModeSecureNAT false
				bool DisableKernelModeSecureNAT false
				bool DisableUdpAcceleration true

One good thing that will come out of this... The more times you set it up the more you'll learn... I've probably set up SE close to a thousand times at this point.

But most of my installing was on a project I was experimenting with where I turned a android cell phone into a VPN server to be able to use the US cellular IP's remotely from other countries. (Cellular IP's are more credible than Data Center IP's for websites that look at that sort of thing).

Dont quote me on this... And I've never run VPN server software on a Windows OS... But I think if you delete the softether_server_config_file (I have no idea what it's called in windows)... but I know there should be a back up file named the exact same thing just labeled backup... It should recreate the original fresh install setup.. Then when it asks for a passwrd just leave it blank and hit enter... then it will ask you to set a passwd... and you should be back to square one.

But it might just be easier on Windows to uninstall and reinstall...

If you do a reinstall, this time make sure you grab the rtm version... not the beta.. Just in case you didn't already.
VPN Discord invite: https://discord.gg/QByKXA9

Mastiff
Posts: 6
Joined: Tue Sep 04, 2018 4:20 pm

Re: Layer 3 newbie problem

Post by Mastiff » Tue Oct 09, 2018 7:34 am

And I'm up and running. :) Thanks for the tip about deleting the config file! At first it errored out on port 443, which I am connecting to, but a reboot of the server (which is quite a job with all the VM's I have and my home automation system) fixed it. I guess the crashed, original service was blocking the port. But I see that the version I'm running is actually the beta, softether-vpnserver_vpnbridge-v4.27-9668-beta-2018.05.29-windows-x86_x64-intel. Should I get the newest beta or go rtm? The RTM seems to be a lot older. Are you suggesting that because of stgability or performance? Because before I started to mess with this the stability was 100 %. :)

cmd wh0ami
Posts: 82
Joined: Sun Jul 16, 2017 6:58 pm

Re: Layer 3 newbie problem

Post by cmd wh0ami » Tue Oct 09, 2018 12:11 pm

The RTM (release to manufacturing) is the stable version. I've personally had bad luck with beta versions... Its actually the reason I knew you could delete the config, reboot and enter blank passwd to fix your issue... I had a beta version I was running on a few different servers that deleted it's own config somehow. From what I can tell most, if not all the RTM versions were last updated in Jan of this year. That's not all that long ago for a stable version. After switching all of my servers over to rtm i haven't had any issues since. (I also did the same for Clients)
VPN Discord invite: https://discord.gg/QByKXA9

Post Reply