Can't connect to SoftEther server via L2TP on Android with VPN Azure

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
farmvpn
Posts: 7
Joined: Tue Feb 04, 2020 10:38 pm

Can't connect to SoftEther server via L2TP on Android with VPN Azure

Post by farmvpn » Mon Oct 05, 2020 11:14 pm

Hello,
I am running a SoftEther VPN server on a linux computer which is part of my LAN. I enabled the L2TP function on the VPN server and set the PSK by following these instructions on the website: "L2TP/IPsec Setup Guide for SoftEther VPN Server".

When I configured the built-in Android VPN client I specified the user name, user password, pre-shared key, type=L2TP/IPSec PSK, and forwarding routes (0.0.0.0/0). When I connect my phone to my LAN via WiFi and specify the private IP address (192.168.2.107) for my VPN server, I am able to connect without any problems. However, when I try to connect from my phone using the VPN Azure hostname or IP (such as ABC.vpnazure.net) I am unable to connect. From the server logs it appears that the connection request is never reaching my server.

The documentation says this: "If your SoftEther VPN Server is behind the NAT or firewall, you have to expose the UDP port 500 and 4500. On the NAT, UDP 500 and 4500 should be transferred to the VPN Server. If any packet filters or firewalls are existing, open UDP 500 and 4500 ports."

My LAN is connected to the Internet via a Ubiquiti Edge Router X with its firewall and NAT enabled. For testing I temporarily set the firewall rules to default allow everything but it still didn't work. I also tried port forwarding from UDP/500 and UDP/4500 to those ports on my server but still no luck.

Is this an issue with using VPN Azure with the Android built-in VPN client or is my firewall still blocking something somehow? I don't think my ISP is blocking anything. Previously I have been able to successfully configure connections between two NAT'd LANs using VPN Azure with linux clients and servers.

Thanks,
Dave

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Can't connect to SoftEther server via L2TP on Android with VPN Azure

Post by centeredki69 » Sat Oct 10, 2020 11:45 am

Is there some reason in your network configuration requiring you to use the VPNAzure RELAY feature? If not you can solve your issue by enabling the DDNS feature on the SE-server and open /forward NAT, UDP 500 and 4500 to the SE-Server Host and use (ABC.softether.net) instead of (ABC.vpnazure.net). This would direct connect to your SE-Server instead of being RLAYED through the VPNAzure Servers.

VPN Azure works with: MS SSTP-Client and SE-Client protocols.

farmvpn
Posts: 7
Joined: Tue Feb 04, 2020 10:38 pm

Re: Can't connect to SoftEther server via L2TP on Android with VPN Azure

Post by farmvpn » Sat Oct 10, 2020 1:49 pm

Thanks for the reply. I guess I was confused- I thought if I didn't have a public IP address I needed to use VPN Azure.

I still can't get a connection on Android via DDNS to work.

Here's what I've got on the SE server:
-Assigned Dynamic DNS Hostname: ABC.softether.net
-Global IPv4 Address: <one of my ISP's IP addresses which is the same public IP that shows up when I go to www.whatsmyip.org>
-Enable L2TP Server Function = checked
-IPSec Common Settings/IPsec Pre-Shared Key: <xxxxx>

Here's what I've got on my builtin Android L2TP VPN client:
-Server address: ABC.softether.net

Here's what I'm doing on my Ubiquiti Edge router/firewall in front of my SE server:
EdgeOS.png
Edge_default_allow.png

I can connect from Android when it's on the same LAN as my server using the server's private IP but not with the DDNS hostname.
You do not have the required permissions to view the files attached to this post.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Can't connect to SoftEther server via L2TP on Android with VPN Azure

Post by centeredki69 » Sat Oct 10, 2020 5:08 pm

Based on what you stated it should work.. Is your ISP's device a modem or modem/Router combo. Does your Edge router get a public ip address or private? If is is working inside you network then something is still blocking the connection.

farmvpn
Posts: 7
Joined: Tue Feb 04, 2020 10:38 pm

Re: Can't connect to SoftEther server via L2TP on Android with VPN Azure

Post by farmvpn » Sat Oct 10, 2020 9:52 pm

The next device upstream from my personal Edge firewall/router is my ISP's Ubiquiti Litebeam radio which is on-premise. That connects to another Ubiquiti AP that my ISP set up on a neighboring farm a few miles away. My Edge router gets a private IP from the Litebeam and the Litebeam also has a private IP, so somewhere upstream my ISP has another router. I did a traceroute from my LAN to a public IP and there are 5 more private IP hops after the Litebeam but before the first public IP. So I'm guessing that maybe my ISP is blocking UDP 500 and 4500.

I'll contact them and if they won't unblock those ports then I'll look into running a Microsoft-SSTP client on Android that would allow me to use VPN Azure.

farmvpn
Posts: 7
Joined: Tue Feb 04, 2020 10:38 pm

Re: Can't connect to SoftEther server via L2TP on Android with VPN Azure

Post by farmvpn » Tue Oct 20, 2020 12:24 am

I called my ISP and they said they are not blocking any incoming ports but I still haven't been able to make a connection with Android's L2TP client. I decided instead to try out an MS-SSTP connection from Android to my SoftEther server using VPN Azure- it worked on the first try.

I installed this app on Android (thank you kittoku):
https://github.com/kittoku/Open-SSTP-Client

Post Reply