Page 1 of 1

SoftEther on ReadyNAS 102 can't ping NAS

Posted: Wed Aug 22, 2018 4:26 pm
by plentyoftimeto69
Hi, I just finished setting up an L2TP/IPSec VPN on my ReadyNAS 102. Everything is working, I can connect fine from outside of my LAN (I'm at work right now connected), and I can ping literally every host on my LAN except the ReadyNAS. I'm able to browse to my router's landing page at 192.168.1.1, admin my Apple Time Capsule at 192.168.1.2 using the native AirPort Utility, but I simply can't talk to the NAS. What gives? It's the only host on the network I can't speak to, but it's definitely online.

Re: SoftEther on ReadyNAS 102 can't ping NAS

Posted: Wed Aug 22, 2018 4:34 pm
by plentyoftimeto69
The ReadyNAS is at 192.168.1.3. I can't ping it. I can't connect via SMB. I can't get an SSH session.

Re: SoftEther on ReadyNAS 102 can't ping NAS

Posted: Mon Aug 27, 2018 2:50 pm
by plentyoftimeto69
Bump.

Re: SoftEther on ReadyNAS 102 can't ping NAS

Posted: Thu Aug 30, 2018 6:03 am
by cedar
The local bridge to the device on Linux does not pass the packet to that host itself.
Please use local bridge in tap mode.

Re: SoftEther on ReadyNAS 102 can't ping NAS

Posted: Fri May 22, 2020 1:15 pm
by lt.kubosh
Hello cedar,
let me re-use this topic. I got stuck at the same situation.
Softether running on Netgear ReadyNAS 102. It is behind NAT all 3 ports open and targeting ReadyNAS IP.

I've read the other articles about L2TP / Linux limitation. Unfortunately I'm stuck at local bridge configuration.

I tried configure make all 2 versions (4 w and w/o SuperNAT)
1) Local Bridge with Network adapter.
All 3 ports (500,4500,1701) are on the router open and NAT is targeting ReadyNAS physical NIC IP
Can connect to L2TP, everything works except any access to ReadyNAS via VPN. It's IP is not reachable on any port/service.

2) Local Bridge with TAP
All 3 ports (500,4500,1701) are on the router open and NAT is targeting ReadyNAS physical NIC IP
Can connect to L2TP, everything works except any access to ReadyNAS via VPN. It's IP is not reachable on any port/service.

Unfortunately I can't find details about this TAP conenctivity.
On router TAP seems it doesn't lease any DHCP IP from router DHCP
In SoftEther I see no way how to assign Static IP via GUI
I assigned TAP IP via ReadyNAS SSH another address from home subnet, but it was not pinging on this IP anyway.

Is there a way to configure TAP device IP within SoftEther?
In order to get ReadyNAS accessible via L2TP VPN, do I need to NAT (500,4500,1701) to ReadyNAT Physical IP or TAP IP?

Thank you
Kubos

Re: SoftEther on ReadyNAS 102 can't ping NAS

Posted: Fri May 22, 2020 7:42 pm
by cedar
I don't have a ReadyNAS, so I don't know how to use the GUI.
I think you need both a local bridge to the network adapter for DHCP and a local bridge to the TAP for access to the NAS.

Re: SoftEther on ReadyNAS 102 can't ping NAS

Posted: Fri May 22, 2020 8:41 pm
by lt.kubosh
Nono, I was not talking about ReadyNAS GUI that is simple.

I was referring to SoftEther Server manager GUI. I'll try both.

Re: SoftEther on ReadyNAS 102 can't ping NAS

Posted: Sat May 23, 2020 12:11 am
by centeredki69
I figured out how to make this work on a raspberry-pi Raspbian/debian after a week of trial and error. It may work with your ReadyNAS.

Please be aware my knowledge of Linux is limited so proceed with caution!

As Cedar mentioned in "SE- Server Manager GUI"

1) create a "local Bridge" between the physical NIC "eth0" and your Virtual HUB.

2) Also create another Local Bridge with a new "Tap device" to the SAME Virtual HUB (give it a name).

3)Reboot NAS.

4) SSH/terminal into the NAS and use the "ifconfig" command to verify your new Tap device is there. It will display near the bottom as "tap_name you gave it" and may or may not have an IPv4 address. Either way you need to set it with a static IP address.

5) In raspbian this can be done by editing the "/etc/dhcpd.conf" file. In other distros of linux I believe they use the "/etc/network/interfaces" file.

6) While editing the Static IP. An additional required command (in my case) needed to make this work is the "metric" command "metric 100" (NOT metric=100) placed under the Tap_ device area.(which value/number you use is irrelevant as long as you do not add a metric to the physical NIC "eth0")

7) Your physical NIC "eth0" should already have static IP I would think seeing its a NAS. Leave it as is. If you ever accidentally deleted the tap_ device you still have access to the NAS via the physical NIC "eth0".

8) Reboot your NAS.

9) On the router open/forward the L2TP/IPsec ports to either the "Tap_" or the "eth0", I found they both will work. I choose the original "eth0" ip address in case I ever accidentally deleted the tap_ device the vpn would still work.

10) If all went well your local network & also the VPN clients should now be able to access the NAS at the "TAP_" IP and the "eth0" IP.

******Example of commends for /etc/dhcpd.conf file ******

interface tap_vpn
metric 100
static ip_address=192.168.1.170
static routers=192.168.1.1
static domain_name_servers=192.168.1.1
static domain_search=
noipv6


interface eth0
static ip_address=192.168.1.107
static routers=192.168.1.1
static domain_name_servers=192.168.1.1
static domain_search=
noipv6

*************************************
/etc/network/interfaces file commands are a little different. (google can help)


Note: I found this can also be accomplished with or without setting a "metric" on the tap_vpn and setting "eth0" IP address to 0.0.0.0. as mentioned in the SE documentation when using 2 physical NICs . However the danger in this option is that if the "Tap_vpn" is ever deleted and with the "eth0" set to a static "nothing IP" address it would possibly leave the NAS inaccessible. With a RaspberryPi a keyboard/mouse and monitor can be used to fix the issue. With a NAS I believe IP address access is required which might force one to have to do a factory reset on the NAS.