WORKING solution for VPN and Samba on same Linux host (tutorial inside)

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
autobottodoggo
Posts: 9
Joined: Sun Apr 09, 2023 2:06 am

WORKING solution for VPN and Samba on same Linux host (tutorial inside)

Post by autobottodoggo » Thu Sep 05, 2024 2:23 pm

Every time I've attempted to search for this, the answers have always come up short and incomplete. So I finally buckled down and created a guide for myself.

First, some assumptions:
  • you already have SEVPN server installed, configured, and running on the Linux host
  • you already have SEVPN client installed, configured, and running on a remote system (any compatible OS)
  • you are familiar with the SEVPN admin server manager GUI
  • you are familiar with Linux and bash CLI
  • you are familiar with with the basic concepts of TCP/IP
This guide was specifically written for RHEL CentOS/RockyOS, but it can be adapted for other distros.

STEP-BY-STEP TUTORIAL

Code: Select all

# install bridge-utils from repo if available
# use applicable package manager for OS (eg.: `apt` on Debian-based systems)
yum install bridge-utils.x86_64

# if bridge-utils not available from repo, you'll need to download and compile it...

# compiler pre-reqs
yum update -y
yum -y install epel-release wget
yum groupinstall 'Development Tools' -y

# download, compile, and install bridge-utils
cd bridge-utils
git clone -b main git://git.kernel.org/pub/scm/network/bridge/bridge-utils.git
autoconf
./configure
make
make install

# start VPN server here
# open the SEVPN GUI on a networked system, create hub, users, etc.

# create the virtual bridge NIC
# sub 'br0' with appropriate device name (can be anything with letters, numbers, underscores, and hyphens)
brctl addbr br0
# bind virtual bridge to physical NIC (sub 'eth0' with name of physical NIC)
brctl addif br0 eth0

# edit: /etc/sysconfig/network-scripts/ifcfg-br0
# (sub 'br0' with name of virtual NIC)
# replace IP configs with whatever is correct for your network
DEVICE=br0
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
DELAY=0
NAME=br0
IPADDR="192.168.x.x"
PREFIX="24"
GATEWAY="192.168.x.x"
DNS1="192.168.x.x"

# edit: /etc/sysconfig/network-scripts/ifcfg-eth0
# (sub 'eth0' with name of physical NIC)
# remove or comment out IP config lines and add:
# (sub 'br0' with name of virtual NIC)
BRIDGE="br0"

# bring up the virtual NIC
# (sub 'br0' with name of virtual NIC)
ip link set br0 up

# return to SEVPN GUI on a networked system
# delete any existing bridges
# create new bridge on virtual hub and select the *physical* NIC as destination

# reboot VPN host to confirm persistence
reboot

# after reboot, confirm connections...

# should show IP on virtual NIC, and *no* IP on physical NIC
ipconfig

# should show at minimum: lo, physical NIC, virtual NIC
ip link

# should return positive ping response
ping $your_gateway_IP
ping 8.8.8.8

# on VPN client: should be able to mount and navigate SMB shares on VPN host

solo
Posts: 1546
Joined: Sun Feb 14, 2021 10:31 am

Re: WORKING solution for VPN and Samba on same Linux host (tutorial inside)

Post by solo » Fri Sep 06, 2024 12:08 am

autobottodoggo wrote:
Thu Sep 05, 2024 2:23 pm
Every time I've attempted to search for this, the answers have always come up short and incomplete.
This is because of variety of scenarios requiring different solutions. Your proposition barely scratches the surface.

spp
Posts: 4
Joined: Thu Jan 02, 2025 6:51 pm

Re: WORKING solution for VPN and Samba on same Linux host (tutorial inside)

Post by spp » Thu Jan 02, 2025 9:10 pm

In most linux distros, the ethernet brigde may be configured with systemd

First, create a bridge:

/etc/systemd/network/1-br0.netdev

Code: Select all

[NetDev]
Name=br0
Kind=bridge
/etc/systemd/network/1-br0.network

Code: Select all

[Match]
Name=br0

[Network]
ConfigureWithoutCarrier=true
Address=192.168.45.1/24
Also create a tap device(s) included to the bridge

/etc/systemd/network/2-tap_soft.netdev

Code: Select all

[NetDev]
Name=tap_soft
Kind=tap
/etc/systemd/network/2-tap_soft.network

Code: Select all

[Match]
Name=tap_soft

[Network]
Bridge=br0
then apply this configuration

systemctl restart systemd-networkd

and enable load on startup (if disabled)

systemctl enable systemd-networkd

then run vpncmd and configure Softether VPN to use the existing tap_soft device

VPN Server>BridgeCreate DEFAULT /DEVICE:soft /TAP:yes


Any local servers binded to br0 device will be accessible through VPN

Post Reply