client side VPN driver issue? - SOLVED! Option 121 causes Win10 DHCP client to fail

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
oddboy
Posts: 4
Joined: Fri Jun 08, 2018 2:08 am

client side VPN driver issue? - SOLVED! Option 121 causes Win10 DHCP client to fail

Post by oddboy » Fri Jun 08, 2018 2:24 am

Hi all,

I'm pretty new to softether, but not new to networking. However, I've been unable to get things working on my network.

As far as I can tell, everything on the softether server (CentOS 7 64 bit on a VM on VMWare 6.5) is set up correctly, but yet, my vpn clients don't get IP address from the DHCP server on the internal network (ISC). The client always ends up with a 169.254.x.x (autoconf) IP address. Note that I have enabled Promisc, forged transmits and MAC address changes on the port group the server is attached to.

I can see in packet captures as well as dhcp logs that the dhcp server sees the request coming in with the MAC address of the VPN adapter on my client. the dhcp server responds with a DHCPOFFER... but the IP never gets to the client (which is windows 10 btw).

Here's an example from the dhcp server log:

Jun 8 02:10:43 core1 dhcpd: DHCPDISCOVER from 5e:d2:9c:df:61:f1 (laptop) via ens192
Jun 8 02:10:44 core1 dhcpd: DHCPOFFER on 192.168.0.145 to 5e:d2:9c:df:61:f1 (laptop) via ens192
Jun 8 02:10:44 core1 dhcpd: DHCPREQUEST for 192.168.0.145 (192.168.0.5) from 5e:d2:9c:df:61:f1 (laptop) via ens192
Jun 8 02:10:44 core1 dhcpd: DHCPACK on 192.168.0.145 to 5e:d2:9c:df:61:f1 (laptop) via ens192

In fact, the softether server even associates the IP (in this case, 192.168.0.145) with my client session, but still no IP on the laptop.

If it matters, the softether host is dual homed. like this:

cable modem router -> ens224 (10.100.100.21)
router -> ens192 (192.168.0.11)

connections are forwarded from the cable modem router to the 10.100.100.21 address (port forwarding). Then, the SE Bridge for the Hub is bridged with ens192 on 192.168.0.0/24 network. I'm expecting that clients would get a 192.168.0.x address via the DHCP server that services all the other devices on the network...

One other thing I've observed in trying to get this all to work is that the VPN driver on the client doesn't seem to get along with windows. For example, if I do "ipconfig /renew VPN*" on the Windows 10 laptop, I get this error:

C:\Users\jbrooks>ipconfig /renew VPN*

Windows IP Configuration

An error occurred while renewing interface VPN - VPN Client : The data is invalid.

Anyway, I'm getting to the end of my rope. I thought this would be easy. Any help you can offer would be greatly appreciated!

Cheers, and thanks for such an awesome project!

Joel
Last edited by oddboy on Fri Jun 08, 2018 2:30 pm, edited 1 time in total.

oddboy
Posts: 4
Joined: Fri Jun 08, 2018 2:08 am

Re: client side VPN driver issue?

Post by oddboy » Fri Jun 08, 2018 2:33 am

here's a server log of a session too... (names of some objects have been redacted, but the logs remain materially unchanged)

2018-06-07 22:26:52.389 On the TCP Listener (Port 0), a Client (IP address 10.100.100.2, Host name "10.100.100.2", Port number 57706) has connected.
2018-06-07 22:26:52.389 For the client (IP address: 10.100.100.2, host name: "10.100.100.2", port number: 57706), connection "CID-28" has been created.
2018-06-07 22:26:52.389 SSL communication for connection "CID-28" has been started. The encryption algorithm name is "AES128-SHA".
2018-06-07 22:26:52.411 [HUB "MyVPN"] The connection "CID-28" (IP address: 10.100.100.2, Host name: 10.100.100.2, Port number: 57706, Client name: "SoftEther VPN Client", Version: 4.27, Build: 9668) is attempting to connect to the Virtual Hub. The auth type provided is "Certificate authentication" and the user name is "user1".
2018-06-07 22:26:52.411 [HUB "MyVPN"] The Virtual Hub's Security Account Manager has received the following certificate from the VPN Client and accepted its contents as the certificate for when user "user1" logs in: CN=user1, O=Company, OU=Security, S=Province, L=City, C=CA, SERIAL="0F" (Digest: MD5="48682CFA38BB399913D9F92738B77BD3", SHA1="C326C16C1CBC4AFD1B1DB657E71A95FB13632486")
2018-06-07 22:26:52.411 [HUB "MyVPN"] Connection "CID-28": Successfully authenticated as user "user1".
2018-06-07 22:26:52.411 [HUB "MyVPN"] Connection "CID-28": The new session "SID-user1-8" has been created. (IP address: 10.100.100.2, Port number: 57706, Physical underlying protocol: "VPN over UDP with NAT-T (IPv4)")
2018-06-07 22:26:52.411 [HUB "MyVPN"] Session "SID-user1-8": The parameter has been set. Max number of TCP connections: 2, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2018-06-07 22:26:52.411 [HUB "MyVPN"] Session "SID-user1-8": VPN Client details: (Client product name: "SoftEther VPN Client", Client version: 427, Client build number: 9668, Server product name: "SoftEther VPN Server (64 bit)", Server version: 427, Server build number: 9668, Client OS name: "Windows 10", Client OS version: "Build 16299, Multiprocessor Free (16299.rs3_release_svc_escrow.180502-1908)", Client product ID: "--", Client host name: "laptop.domain.com", Client IP address: "192.168.0.99", Client port number: 57706, Server host name: "vpn.MyVPN.com", Server IP address: "X.X.X.X", Server port number: 443, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "MyVPN", Client unique ID: "06D504991CC7705C8920E6CF076063E5")
2018-06-07 22:26:52.784 [HUB "MyVPN"] Session "SID-user1-8": A new MAC address "5E-D2-9C-DF-61-F1" has been assigned.
2018-06-07 22:26:55.086 On the TCP Listener (Port 0), a Client (IP address 10.100.100.2, Host name "10.100.100.2", Port number 59882) has connected.
2018-06-07 22:26:55.086 For the client (IP address: 10.100.100.2, host name: "10.100.100.2", port number: 59882), connection "CID-29" has been created.
2018-06-07 22:26:55.096 SSL communication for connection "CID-29" has been started. The encryption algorithm name is "AES128-SHA".
2018-06-07 22:26:55.106 Connection "CID-29" has been terminated.
2018-06-07 22:27:04.174 [HUB "MyVPN"] Session "SID-user1-7": The session has been terminated. The statistical information is as follows: Total outgoing data size: 2062965 bytes, Total incoming data size: 498231 bytes.
2018-06-07 22:27:04.194 Connection "CID-26" terminated by the cause "The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2018-06-07 22:27:04.194 Connection "CID-26" has been terminated.
2018-06-07 22:27:04.194 The connection with the client (IP address 10.100.100.2, Port number 57055) has been disconnected.
2018-06-07 22:27:09.196 [HUB "MyVPN"] Session "SID-LOCALBRIDGE-1": The DHCP server of host "00-50-56-8A-46-4E" (192.168.0.5) on this session allocated, for host "SID-user1-8" on another session "5E-D2-9C-DF-61-F1", the new IP address 192.168.0.145.

oddboy
Posts: 4
Joined: Fri Jun 08, 2018 2:08 am

Re: client side VPN driver issue?

Post by oddboy » Fri Jun 08, 2018 1:47 pm

I should add that the VPN works if i hard code an IP address on the VPN adapter. it's only with DHCP that it doesn't seem to work.

oddboy
Posts: 4
Joined: Fri Jun 08, 2018 2:08 am

Re: client side VPN driver issue?

Post by oddboy » Fri Jun 08, 2018 2:29 pm

FFS. I figured it out - FINALLY!

from this thread, I got a lead that dhcp option 121 can cause problems with Windows 10. Sure enough, my dhcp server was set to deliver option 121 to a few laptops... removed it and BAM! Works!

https://forum.netgate.com/topic/108952/ ... se-dhcp/12

Now, onto the fun stuff with SoftEther!

Post Reply