OpenVpn clients access to local resources only. (Previous topic closed?)

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
mendoza_lt
Posts: 31
Joined: Fri Jul 05, 2024 8:37 pm

OpenVpn clients access to local resources only. (Previous topic closed?)

Post by mendoza_lt » Wed Nov 06, 2024 6:17 pm

Continuing my topic, which for some reason was closed(?):

First of all i am very sorry if i did something wrong, i am just trying to figure out what is wrong, yes, there might be my mistake, and probably is... i'm just trying to figure out... i still can't find...

Answer to @solo:
Screenshot 2024-11-06 190159.png
Yes, Server 1 is Windows 10, Server 2 is Debian. You have asked logs for server 1,
Screenshot 2024-11-06 185803.png

but OpenVpn clients are acctually connecting to the server 2, and then there is cascade connection from the Server 2 to the Server 1.
Screenshot 2024-11-03 183055.png
You do not have the required permissions to view the files attached to this post.

solo
Posts: 1521
Joined: Sun Feb 14, 2021 10:31 am

Re: OpenVpn clients access to local resources only. (Previous topic closed?)

Post by solo » Wed Nov 06, 2024 9:23 pm

I suppose it is SE v5 on that Debian as both "block-outside-dns" and "192.0.0.8 255.255.255.240" exist in its code. In this case use l3.ovpn to solve the problem, but it is what you initially did, so what's the error?

mendoza_lt
Posts: 31
Joined: Fri Jul 05, 2024 8:37 pm

Re: OpenVpn clients access to local resources only. (Previous topic closed?)

Post by mendoza_lt » Thu Nov 07, 2024 7:31 am

Yes, it is v5.01 in debian server.

Ok, i tried l3. seems like i can connect, i get IP from Server#1 (192.168.120.12 f.e.) which is correct, but i can not access anything in lan 192.168.12.0 (and can not ping), and seems like dns server address is not configured, because i can not access web pages from the browser, but i am able to ping outside, f.e. 8.8.8.8, 142.250.72.206 (google) or any other ip.

[code2024-11-07 07:28:58 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-11-07 07:28:58 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-11-07 07:28:59 MANAGEMENT: >STATE:1730960939,GET_CONFIG,,,,,,
2024-11-07 07:28:59 SENT CONTROL [blablabla.softether.net]: 'PUSH_REQUEST' (status=1)
2024-11-07 07:28:59 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,topology subnet,ifconfig 192.168.120.12 255.255.255.0,route 192.168.12.0 255.255.255.0 vpn_gateway,route 192.168.120.0 255.255.255.0 vpn_gateway,block-outside-dns'
2024-11-07 07:28:59 OPTIONS IMPORT: --ifconfig/up options modified
2024-11-07 07:28:59 OPTIONS IMPORT: route options modified
2024-11-07 07:28:59 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-11-07 07:28:59 Using peer cipher 'AES-128-CBC'
2024-11-07 07:28:59 interactive service msg_channel=624
2024-11-07 07:28:59 ROUTE_GATEWAY 192.168.55.1/255.255.255.0 I=11 HWADDR=54:bf:64:7f:0e:8d
2024-11-07 07:28:59 OpenVPN ROUTE: vpn_gateway undefined
2024-11-07 07:28:59 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.120.0
2024-11-07 07:28:59 OpenVPN ROUTE: vpn_gateway undefined
2024-11-07 07:28:59 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.12.0
2024-11-07 07:28:59 open_tun
2024-11-07 07:28:59 tap-windows6 device [OpenVPN TAP-Windows6] opened
2024-11-07 07:28:59 TAP-Windows Driver Version 9.27
2024-11-07 07:28:59 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.120.0/192.168.120.12/255.255.255.0 [SUCCEEDED]
2024-11-07 07:28:59 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.120.12/255.255.255.0 on interface {3C629F95-23F0-423D-BAA0-4880B0D7CF24} [DHCP-serv: 192.168.120.0, lease-time: 31536000]
2024-11-07 07:28:59 Successful ARP Flush on interface [83] {3C629F95-23F0-423D-BAA0-4880B0D7CF24}
2024-11-07 07:28:59 MANAGEMENT: >STATE:1730960939,ASSIGN_IP,,192.168.120.12,,,,
2024-11-07 07:28:59 IPv4 MTU set to 1500 on interface 83 using service
2024-11-07 07:28:59 Blocking outside dns using service succeeded.
2024-11-07 07:28:59 Data Channel: cipher 'AES-128-CBC', auth 'SHA1'
2024-11-07 07:28:59 Timers: ping 3, ping-restart 10
2024-11-07 07:29:04 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
2024-11-07 07:29:04 Initialization Sequence Completed
2024-11-07 07:29:04 MANAGEMENT: >STATE:1730960944,CONNECTED,SUCCESS,192.168.120.12,xx.xxx.xxx.xxx,1194,,][/code]

ipconfig:

Code: Select all

  Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-3C-62-9F-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e895:7023:9402:65c9%83(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.120.12(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 2024 m. lapkričio 7 d., ketvirtadienis 07:29:01
   Lease Expires . . . . . . . . . . : 2025 m. lapkričio 7 d., penktadienis 07:28:59
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.120.0
   DHCPv6 IAID . . . . . . . . . . . : 1392574268
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-14-78-D9-54-BF-64-7F-0E-8D
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

solo
Posts: 1521
Joined: Sun Feb 14, 2021 10:31 am

Re: OpenVpn clients access to local resources only. (Previous topic closed?)

Post by solo » Thu Nov 07, 2024 11:22 am

mendoza_lt wrote:
Thu Nov 07, 2024 7:31 am

Code: Select all

   DHCP Server . . . . . . . . . . . : 192.168.120.0
This is clearly an error.

Look, you are using DEVELOPER EDITION and it is buggy. Specifically, with the "topology subnet" directive, ifconfig's meaning is changed but route-gateway is missing. Try these workarounds while keeping your "access only to specific network, but not internet through it" objective in mind:

1. in l3.ovpn add "route-gateway 192.168.120.1"

2. if you don't intend to use SE clients then on server #1 SecureNAT add the above default gateway and in l3.ovpn add:
route-nopull
route 192.168.12.0 255.255.255.0

3. install the bug-free v4 server on Debian, or...

4. ask for a v5 fix here https://github.com/SoftEtherVPN/SoftEtherVPN/issues

mendoza_lt
Posts: 31
Joined: Fri Jul 05, 2024 8:37 pm

Re: OpenVpn clients access to local resources only. (Previous topic closed?)

Post by mendoza_lt » Thu Nov 07, 2024 2:53 pm

solo wrote:
Thu Nov 07, 2024 11:22 am
mendoza_lt wrote:
Thu Nov 07, 2024 7:31 am

Code: Select all

   DHCP Server . . . . . . . . . . . : 192.168.120.0
This is clearly an error.
I know, should be 192.168.120.1... But at the same time it gets correct IP from DHCP server...

I have added "route-gateway 192.168.120.1", and now i can access the lan that i suppose to, but no internet... (or no dns, to be precise, it works with IP)

Yeah, i think i will install V4...

mendoza_lt
Posts: 31
Joined: Fri Jul 05, 2024 8:37 pm

Re: OpenVpn clients access to local resources only. (Previous topic closed?)

Post by mendoza_lt » Thu Nov 07, 2024 7:47 pm

Ok, installed V4.43, and yeah... it works from the first click, and works the way it should (l3)... I knew that V5 "May have bugs" but i did not expect it to be that much buggy, now i learned that...

Thanks for help :)

Post Reply