Looping Connection/Disconnection Error 11

[tellsworth]

I've been troubleshooting an issue with getting connections to my SoftEther VPN server. I am attempting to connect to a SE VPN server running on VMWare ESXi 5.5. Here are the stats for the server:

1. OS: Ubuntu 14.04.1 LTS x64
2. Results of "ifconfig -a":
eth0 Link encap:Ethernet HWaddr 00:0c:29:9c:4c:da
inet addr:192.168.20.224 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe9c:4cda/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1504 Metric:1
RX packets:77022 errors:0 dropped:5 overruns:0 frame:0
TX packets:11109 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:25143568 (25.1 MB) TX bytes:1297562 (1.2 MB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1184 (1.1 KB) TX bytes:1184 (1.1 KB)

3. Results of "uname -a": Linux softether 3.13.0-43-generic #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
4. SoftEther Build Number: Version 4.12 Build 9514 (English)
5. This is the SoftEther VPN Server component.
6. There is a firewall and NAT between this server and the internet. I have opened up ports 443 and 5555 to be forwarded to the SE VPN server box.
7. I am not using secureNAT

The issue occurs when I try to connect to the VPN from a location external to the local network. No matter what I've tried I always get this this set of logs in ../vpnserver/server_log/vpn_[date].log

2015-01-02 15:43:50.220 On the TCP Listener (Port 5555), a Client (IP address 54.208.39.101, Host name "ec2-54-208-39-101.compute-1.amazonaws.com", Port number 43709) has connected.
2015-01-02 15:43:50.220 For the client (IP address: 54.208.39.101, host name: "ec2-54-208-39-101.compute-1.amazonaws.com", port number: 43709), connection "CID-67" has been created.
2015-01-02 15:43:50.270 SSL communication for connection "CID-67" has been started. The encryption algorithm name is "RC4-MD5".
2015-01-02 15:43:50.463 [HUB "DEFAULT"] The connection "CID-67" (IP address: 54.208.39.101, Host name: ec2-54-208-39-101.compute-1.amazonaws.com, Port number: 43709, Client name: "SoftEther VPN Client", Version: 4.12, Build: 9514) is attempting to connect to the Virtual Hub. The auth type provided is "Password authentication" and the user name is "tellsworth".
2015-01-02 15:43:50.463 [HUB "DEFAULT"] Connection "CID-67": Successfully authenticated as user "tellsworth".
2015-01-02 15:43:50.463 [HUB "DEFAULT"] Connection "CID-67": The new session "SID-TELLSWORTH-66" has been created. (IP address: 54.208.39.101, Port number: 43709, Physical underlying protocol: "Standard TCP/IP (IPv4)")
2015-01-02 15:43:50.463 [HUB "DEFAULT"] Session "SID-TELLSWORTH-66": The parameter has been set. Max number of TCP connections: 2, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2015-01-02 15:43:50.463 [HUB "DEFAULT"] Session "SID-TELLSWORTH-66": VPN Client details: (Client product name: "SoftEther VPN Client", Client version: 412, Client build number: 9514, Server product name: "SoftEther VPN Server (64 bit)", Server version: 412, Server build number: 9514, Client OS name: "Linux", Client OS version: "Unknown Linux Version", Client product ID: "--", Client host name: "dev2", Client IP address: "10.0.1.149", Client port number: 43709, Server host name: "97.64.167.34", Server IP address: "97.64.167.34", Server port number: 5555, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "DEFAULT", Client unique ID: "BBFDF6A24CCF05EC64C3EC364D860DE8")
2015-01-02 15:43:50.463 [HUB "DEFAULT"] Session "SID-TELLSWORTH-66": Assigned VLAN ID: 20
2015-01-02 15:43:51.069 [HUB "DEFAULT"] Session "SID-TELLSWORTH-65": The session has been terminated. The statistical information is as follows: Total outgoing data size: 704 bytes, Total incoming data size: 0 bytes.
2015-01-02 15:43:51.090 Connection "CID-66" terminated by the cause "The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2015-01-02 15:43:51.090 Connection "CID-66" has been terminated.
2015-01-02 15:43:51.090 The connection with the client (IP address 54.208.39.101, Port number 43656) has been disconnected.

The server will connect with the client and then almost immediately disconnect again and it will keep going forever it seems.
I notice the Error 11 but I cannot determine the cause of the error for the life of me! I can't imagine that an entity external to my company would be disconnecting the service, but I cannot think of anything else.

Thanks in advance for any help!

[dajhorn]

IPSec/L2TP is incompatible with the AWS EC2 NAT implementation. Use a direct native SoftEther connection into EC2 instances, or use the separate AWS VPC VPN service.

Also keep in mind that AWS often squelches IP traffic to destinations that its routers don't know about -- EC2 does not actually implement things like a true OSI Layer 2 for ethernet broadcast -- and that SoftEther cannot bridge the virtual ethernet interfaces provided by Xen or VMware.

[tellsworth]

Ahh, well that makes sense. I will test it on an a direct connection as soon as I get a chance. Thank you for you help!

[thisjun]

Do you enable 'No adjustments of routing table' option?

[tellsworth]

Oops I meant to reply to this last month >.>

When I tried connecting from a standard machine everything worked perfectly.

And no I did not have to enable the 'No adjustments of routing table' option.

[thisjun]

Please try not to assign a default gateway for the TAP device on the client.