Is this a port enabling problem? A5V11 ramips/mipsel

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
sky59
Posts: 477
Joined: Tue Sep 11, 2018 5:58 pm

Is this a port enabling problem? A5V11 ramips/mipsel

Post by sky59 » Thu Sep 27, 2018 8:37 am

I compiled and installed SE on the small beast, photo is attached. I used extroot 200MB SWAP and 500MB rootfs. Small USB stick is visible on the photo.

I use OpenWrt ChaosCalmer 15.05.1. Eth0 static address 10.52.254.44, I used it to connect OpenWrt LUCI in browser, also for ssh terminal.

I already tried two separate routers, one server, one bridge. No success to get Online status in bridge.

So I made following test: ( I believe this test can be very usefull for other people as well! )

I was not sure that compiled binaries are OK, but this test proves (?) they should be OK.

- I installed on signle router vpnserver, vpnbridge and vpncmd. all not started automatically!
- I started vpnserver manually
- started vpncmd, check pased, password setup
- using windows manager I set up everything in server, saved DNS symbolic address
- manually stopped vpnserver, widows manager disconnected from server

- then I started manually vpnbridge
- started vpncmd, check pased, password setup
- using windows manager I set up everything in bridge, provided DNS symbolic address of vpnserver
- I left windows manager connected to the bridge, checking its status

as server was not running it could not connect and go Online

- then over ssh terminal I manually started vpnserver, so both server and bridge are running

wuala! bridge gets connected Online! see attached screenshot.

somewhere on internet I found how to set up ports enabling for OpenWrt, so I made it, see attached screenshot

I think it was for server only and I am not sure if it is also sufficient for bridge, or if it is even correct at all?

With this setting if in single router (server and bridge) it gets connected, but in two separate devices no.

Any idea where is the problem??
DSCN2392.JPG
DSCN2391.JPG
ports.png
You do not have the required permissions to view the files attached to this post.

sky59
Posts: 477
Joined: Tue Sep 11, 2018 5:58 pm

Re: Is this a port enabling problem? A5V11 ramips/mipsel

Post by sky59 » Thu Sep 27, 2018 9:55 am

this is the screenshot running sucessfully connected vpnbridge inside one device with vpnserver
works2.jpg
You do not have the required permissions to view the files attached to this post.

sky59
Posts: 477
Joined: Tue Sep 11, 2018 5:58 pm

Re: Is this a port enabling problem? A5V11 ramips/mipsel

Post by sky59 » Thu Sep 27, 2018 9:57 am

or last idea today: can speed of server affect connection? what are the timeouts? seconds? tens of seconds? hundreds of seconds?

cmd wh0ami
Posts: 125
Joined: Sun Jul 16, 2017 6:58 pm

Re: Is this a port enabling problem? A5V11 ramips/mipsel

Post by cmd wh0ami » Fri Sep 28, 2018 2:07 pm

Did you diable OpenVPN, L2TP/IPsec, Layer 3 switch, Azure and Dynamic DNS? If you didn't disable them, Your using some other kind of bridge that disables them automatically and I cant help you there.

What did you bridge to? eth0 or did you make a tap_interface?

Your Wrt setting look good, but all you really needed was tcp 443 unless your going to use L2TP/IPsec (tcp 500) or OpenVPN (tcp/udp 1194) with its default settings.

Does Wrt have default accept policy for output and forwarding?

My firewall rules would be accept all output... accept all forwarding... then drop all input... and open up input for tcp 443 and if you using OpenVPN open up input for udp 1194

Although you can change the OpenVPN client config to tcp 443 and you wouldnt have to open up udp 1194 at all.

If I had to guess where you messed up, its when you were setting up the server with Server Manager... You selected Site to Site bridge instead of remote access VPN server.
Image


This is where I select Bridge...
Image
And if you bridge to eth0 your router will do all the ip assignments. If you make a tap_interface you have to do them with dnsmasq and enable forwarding in sysctl.
VPN Discord invite: https://discord.gg/QByKXA9

sky59
Posts: 477
Joined: Tue Sep 11, 2018 5:58 pm

Re: Is this a port enabling problem? A5V11 ramips/mipsel

Post by sky59 » Tue Oct 02, 2018 12:46 pm

It seems I have found already something interesting that may lead to the problem solving??

But in the mean time I did following:

- implemented Openwrt v18 into A5V11 microrouter + compiled SE v4.25 for it getting directly ipk package

- implemented Openwrt v15 into OrangePiZero + "hard" compiled SE for it, getting executable files

- implemented Openwrt v18 (manipulating Sd card image) into OPiZ + compiled SE v4.25 getting ipk package

it seems all behave in the same way (not connecting bridge to server)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Being desperate I made following test:

no local bridges in vpnbridge and in vpnserver, just trying if they find each other
both PC and OrangePiZero connected to the same Acess Point wifi providing internet

- PC with Ubuntu running vpnbridge v4.25, connected to the internet over wifi Ip 192.168.92.130

- OrangePiZero running Openwrt v15 + my "hard" obtained vpnserver v4.25 file placed into /usr/bin, connected also to internet over wifi Ip 192.168.92.137

-----------------------------------------------------------------------------------
during setting up vpnserver I was provided with both xxxxxxxxx.softether.org and xxxxxxxxxxxxx.vpn.azure.net adresses
these I tried to provide to the vpnbridge as where to look for vpn server, NOT CONNECTING

then, being totally deperate I provided vpnbridge physical address of OrangePiZero wit vpnserver 192.168.92.137 !!! And IT CONNECTS !!

What I am duing wrong (if I do something wrong)??? Or where is the "dog hidden"?? No idea where to search for the problem
It is always me who must experience unusual problems in my life :)

I hope someone will be able to help me, thank you in advance

Post Reply