Using VPN server tunnel to communicate with server itself

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
chrisk
Posts: 5
Joined: Mon May 16, 2022 3:40 pm

Using VPN server tunnel to communicate with server itself

Post by chrisk » Tue May 17, 2022 6:30 am

Dear forum members,

I installed SoftEther and setup VPN server with SecureNAT, VirtualDHCP (192.168.30.0/24) successfully.
Ping from my client (192.168.30.10) to the VPN server (192.168.30.1) works fine.
But the VPN connection couldn't be used from the VPN server back to the client, for example a ping from the server (192.168.30.1) to the
client 192.168.30.10 is not successful.

I'm looking for a solution to tunnel eclipse debugging with pydev which needs the following setup:
client -> https://webserver using the same host/ip address as VPN server
server debugging should use VPN tunnel (192.168.30.1) and connect to -> port 5678 to client (192.168.30.10)

Is this setup possible with SoftEther?
If yes, what needs to be changed in the configuration to either get a seperate interface for the private subnet (192.168.30.0/24) or to use
the VPN tunnel backwards?

Thank you for your help.

Best regards

Christof

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Using VPN server tunnel to communicate with server itself

Post by eddiewu » Tue May 17, 2022 12:28 pm

SecureNAT setup is internal to softether. So you won't see 192.168.30.0 assigned to the server.
Use a TAP device and local bridge instead should solve the problem, provided you are on Linux.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Using VPN server tunnel to communicate with server itself

Post by solo » Tue May 17, 2022 12:50 pm

SoftEther offers VPN solutions in L2, L3 and SecureNAT mode. To achieve the described objectives in your preferred SecureNAT mode, install a SE client together with SE server on the same PC. The client must not use your vDHCP, set its vNIC to a static IP 192.168.30.2/24 and DG/DNS none.

chrisk
Posts: 5
Joined: Mon May 16, 2022 3:40 pm

Re: Using VPN server tunnel to communicate with server itself

Post by chrisk » Tue May 17, 2022 6:28 pm

eddiewu wrote:
Tue May 17, 2022 12:28 pm
SecureNAT setup is internal to softether. So you won't see 192.168.30.0 assigned to the server.
Use a TAP device and local bridge instead should solve the problem, provided you are on Linux.
Hi Eddie,

I changed my setup according your comment. Now I'm using a bride with tap device and use a static subnet (192.168.3.0/24).
Unfortunately, I'm not able to set the ip address of the tap device of the vpn server (bridge) permanent.
I use ip addr add 192.168.3.1/24 dev tap_tap, but after reboot of the server the ip address is no longer set.
How could I set the ip address permanently (linux, debian)?

Thank you for your help.

Best regards

Christof

chrisk
Posts: 5
Joined: Mon May 16, 2022 3:40 pm

Re: Using VPN server tunnel to communicate with server itself

Post by chrisk » Tue May 17, 2022 6:30 pm

solo wrote:
Tue May 17, 2022 12:50 pm
SoftEther offers VPN solutions in L2, L3 and SecureNAT mode. To achieve the described objectives in your preferred SecureNAT mode, install a SE client together with SE server on the same PC. The client must not use your vDHCP, set its vNIC to a static IP 192.168.30.2/24 and DG/DNS none.
Hi Solo,

I changed my setup according to Eddie's comment.

Now I'm using a bridge with tap device and use a static subnet (192.168.3.0/24).
Unfortunately, I'm not able to set the ip address of the tap device of the vpn server (bridge) permanent.
I use ip addr add 192.168.3.1/24 dev tap_tap, but after reboot of the server the ip address is no longer set.
How could I set the ip address permanently (linux, debian)?

Thank you for your help.

Best regards

Christof

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Using VPN server tunnel to communicate with server itself

Post by eddiewu » Wed May 18, 2022 1:55 am

That depends on how you start softether. Put the command in the startup script.

chrisk
Posts: 5
Joined: Mon May 16, 2022 3:40 pm

Re: Using VPN server tunnel to communicate with server itself

Post by chrisk » Thu May 19, 2022 6:25 am

eddiewu wrote:
Wed May 18, 2022 1:55 am
That depends on how you start softether. Put the command in the startup script.
Hello Eddir,

I created another systemd service to set the ip address of the tap interface which is dependant on the softether vpn server.service.
First I tried to exec the script with the ExecStartPost directive which didn't work for me.

Thank you for your help.

Best regards

Christof

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Using VPN server tunnel to communicate with server itself

Post by eddiewu » Thu May 19, 2022 6:38 am

ExecStartPost should work but you may need to add some delay before setting IP.

chrisk
Posts: 5
Joined: Mon May 16, 2022 3:40 pm

Re: Using VPN server tunnel to communicate with server itself

Post by chrisk » Thu May 19, 2022 7:07 am

eddiewu wrote:
Thu May 19, 2022 6:38 am
ExecStartPost should work but you may need to add some delay before setting IP.
Hello Eddie,

I use the following script as a service which shows that some time is needed before the tap device is in place.
# cat /usr/libexec/softether/vpnserver/set_ip_tap_device.sh
#!/bin/bash
retval=1
retries=3

while [ $retval -ne 0 ] && [ $retries -gt 0 ]
do
ip addr add 192.168.3.1/24 dev tap_tap
retval=$?
if [ $retval -ne 0 ] ; then
echo "Set tap ip failed, $retval. Retries: $retries"
sleep 2
else
echo "Set tap ip successful, $retval,"
fi

((retries--))
done

Output of systemctl:
# systemctl status softether-set-tap-ip.service
● softether-set-tap-ip.service - SoftEther Set tap IP Address
Loaded: loaded (/lib/systemd/system/softether-set-tap-ip.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2022-05-18 18:34:20 UTC; 12h ago
Main PID: 901 (code=exited, status=0/SUCCESS)
CPU: 8ms

May 18 18:34:18 systemd[1]: Started SoftEther Set tap IP Address.
May 18 18:34:18 set_ip_tap_device.sh[902]: Cannot find device "tap_tap"
May 18 18:34:18 set_ip_tap_device.sh[901]: Set tap ip failed, 1. Retries: 3
May 18 18:34:20 set_ip_tap_device.sh[901]: Set tap ip successful, 0,
May 18 18:34:20 systemd[1]: softether-set-tap-ip.service: Succeeded.

Have a good day

Christof

Post Reply