vpncmd Issues

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
3ronco
Posts: 3
Joined: Sun Oct 07, 2018 10:21 am

vpncmd Issues

Post by 3ronco » Sun Oct 07, 2018 11:03 am

First of all, thank you for providing such a powerful software as OSS to the community. Currently i'm working on a softether docker container where several 'install taks' should be done automatically especially providing certs for the instance. I've encountered some problems trying to configure a softether server via console:
  1. Code: Select all

    vpncmd localhost /SERVER /HUB:VAone /CMD CAAdd path/to/mycertfile
    fails when a filename is provided although the help implicitly states that a filename is expected. However calling the same command without a filename and entering one doesn't work either with the same error msg.
    Calling it again without a filename and pressing enter once gives a prompt text for the file, after entering an adequate path to a file it works!
    I don't think this is intendend.
  2. Softether doesn't honor the default CA store of a host eg. CA certs installed in /etc/ssl/certs on debian based systems. Is that intended?
    In that case any installed softether instance expects certs installed in /usr/local/libexec/softether/chain_certs (assuming here the path of make install)?
    ...or to be embedded in the vpn_server.config file by using the Manager or vpncmd to add a CA with CAAdd?
    If both are in use which one is checked first?
    For what scenario exactly do i need to place chained CA certs in /usr/local/libexec/softether/chain_certs?
  3. Code: Select all

    vpncmd localhost /SERVER /CMD ServerCertSet /LOADCERT:/path/to/myCert /LOADKEY:/path/to/myKey
    import of PKCS12 certs (which requires a password) doesn't work although the GUI client is doing it the correct way by prompting for a password so the procedure of decoding it must be somewhere buried in there. For a docker build it would be convenient if certs are rather kept encrypted instead of decrypting them to a file beforehand.
  4. Is it possible to get into the server by using vpncmd without providing a password eg: connecting via localhost?
    Trying to give the /PASSWORD arg fails when chars (eg: exclamation mark) are contained which are interpreted by bash before vpncmd is executed. A hint in "--help" would be nice. Providing a password somewhere in a script isn't a good idea anyway but the docker build process doesn't allow any interaction like inputting a password. Would be nice if the password could be supplied by an env variable.
Thanks & kind regards from Hanover

3ronco
Posts: 3
Joined: Sun Oct 07, 2018 10:21 am

Re: vpncmd Issues

Post by 3ronco » Mon Oct 08, 2018 6:55 am

Forget about 2. was my fault. In Debian new certs added to the store can exist but not utilized anyway, they need to be activated and mine was not.

3ronco
Posts: 3
Joined: Sun Oct 07, 2018 10:21 am

Re: vpncmd Issues

Post by 3ronco » Fri Oct 12, 2018 5:46 am

Well it seems this was a waste of time.

Post Reply