[Problem solved]vpn client can't ping vpn server

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
zhychen
Posts: 5
Joined: Mon Feb 22, 2021 6:54 am

[Problem solved]vpn client can't ping vpn server

Post by zhychen » Mon Feb 22, 2021 7:24 am

Problem solved.
when I disabled virtual NAT , CPU usage became normal.

Thanks.

==============================================================================================================

Problem still exists, when I add eth0 and tap_soft to bridge, it will leads to excessive CPU consumption.


===============================================================================================================
//Problem solved.

Someone met this years ago, https://www.vpnusers.com/viewtopic.php?t=4542 , according to his way , i solved this problem.

Thanks to everyone.

===========================================================================================================

I have installed vpn server on a server(IP:192.168.1.10) in lan and configured ddns, and vpn cliet on PC .
vpn client can connect to vpn server and get ip,when vpn have connected,the client can access another server(192.168.1.11) in lan ,but can't access the vpn server(192.168.1.10), either i create bridge on vpn server or not.

Can anybody help me with this question?
Thanks!
Last edited by zhychen on Thu Feb 25, 2021 1:53 am, edited 6 times in total.

solo
Posts: 35
Joined: Sun Feb 14, 2021 10:31 am

Re: vpn client can't ping vpn server

Post by solo » Mon Feb 22, 2021 10:13 am

My observations:
Linux SE bridge server can not be pinged.
Windows SE bridge server can be pinged.

Delete the bridge and enable SecureNAT + Virtual NAT.
Now a vpn client can ping the vpn server for sure.

zhychen
Posts: 5
Joined: Mon Feb 22, 2021 6:54 am

Re: vpn client can't ping vpn server

Post by zhychen » Mon Feb 22, 2021 10:22 am

Thanks.

I have tried with or without bridge, and have enabled SecureNAT + Virtual NAT, it didn't work,the same problem happened.

I also tried to install vpn server on another server(192.168.1.11) , then the client can't access 192.168.1.11,but can access 192.168.1.10. It's very strange.
solo wrote:
Mon Feb 22, 2021 10:13 am
My observations:
Linux SE bridge server can not be pinged.
Windows SE bridge server can be pinged.

Delete the bridge and enable SecureNAT + Virtual NAT.
Now a vpn client can ping the vpn server for sure.

solo
Posts: 35
Joined: Sun Feb 14, 2021 10:31 am

Re: vpn client can't ping vpn server

Post by solo » Mon Feb 22, 2021 10:36 am

zhychen wrote:
Mon Feb 22, 2021 10:22 am
have enabled SecureNAT + Virtual NAT, it didn't work,the same problem happened.
Ensure the following:

- Virtual DHCP has Default Gateway set to 192.168.30.1 (assuming SecureNAT is on the 192.168.30.0 subnet)
- client uses DHCP
- reboot the server
- reboot the client

Post the client's route table, if still the same problem.

lawsangel
Posts: 12
Joined: Fri Feb 19, 2021 6:04 pm

Re: vpn client can't ping vpn server

Post by lawsangel » Mon Feb 22, 2021 2:23 pm

Are these servers virtual or physical?
If virtual what platform are you hosting it on?

zhychen
Posts: 5
Joined: Mon Feb 22, 2021 6:54 am

Re: vpn client can't ping vpn server

Post by zhychen » Tue Feb 23, 2021 12:53 am

I have done what you say ,the client still can't access the vpn server(192.168.1.189), but can access another server(192.168.1.20) .

please see the attachements.

solo wrote:
Mon Feb 22, 2021 10:36 am
zhychen wrote:
Mon Feb 22, 2021 10:22 am
have enabled SecureNAT + Virtual NAT, it didn't work,the same problem happened.
Ensure the following:

- Virtual DHCP has Default Gateway set to 192.168.30.1 (assuming SecureNAT is on the 192.168.30.0 subnet)
- client uses DHCP
- reboot the server
- reboot the client

Post the client's route table, if still the same problem.
You do not have the required permissions to view the files attached to this post.

zhychen
Posts: 5
Joined: Mon Feb 22, 2021 6:54 am

Re: vpn client can't ping vpn server

Post by zhychen » Tue Feb 23, 2021 12:54 am

All these servers are physical.
lawsangel wrote:
Mon Feb 22, 2021 2:23 pm
Are these servers virtual or physical?
If virtual what platform are you hosting it on?

solo
Posts: 35
Joined: Sun Feb 14, 2021 10:31 am

Re: vpn client can't ping vpn server

Post by solo » Tue Feb 23, 2021 10:05 am

zhychen wrote:
Tue Feb 23, 2021 12:53 am
I have done what you say ,the client still can't access the vpn server(192.168.1.189), but can access another server(192.168.1.20) .
Is it a Linux server? No restrictions in iptables?

Code: Select all

-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P FORWARD ACCEPT

zhychen
Posts: 5
Joined: Mon Feb 22, 2021 6:54 am

Re: vpn client can't ping vpn server

Post by zhychen » Tue Feb 23, 2021 10:17 am

Yes,it's a linux server,there is no restrictions in iptables.
If i install vpn server on another server (like 192.168.1.20), the client pc can access this server(192.168.1.189), but then the client pc can't access the new vpn server(192.168.1.20).
solo wrote:
Tue Feb 23, 2021 10:05 am
zhychen wrote:
Tue Feb 23, 2021 12:53 am
I have done what you say ,the client still can't access the vpn server(192.168.1.189), but can access another server(192.168.1.20) .
Is it a Linux server? No restrictions in iptables?

Code: Select all

-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P FORWARD ACCEPT

solo
Posts: 35
Joined: Sun Feb 14, 2021 10:31 am

Re: vpn client can't ping vpn server

Post by solo » Tue Feb 23, 2021 10:38 pm

zhychen wrote:
Tue Feb 23, 2021 10:17 am
Yes,it's a linux server,there is no restrictions in iptables. If i install vpn server on another server (like 192.168.1.20), the client pc can access this server(192.168.1.189), but then the client pc can't access the new vpn server(192.168.1.20).
Here is my server which can be pinged, providing SecureNAT is enabled:
System:
Host: a Kernel: 5.4.0-65-generic x86_64 bits: 64 Desktop: Xfce 4.14.1
Distro: Linux Mint 19.3 Tricia
Network:
Device-1: Broadcom and subsidiaries NetLink BCM57788 Gigabit Ethernet PCIe
If I run tcpdump -nn icmp on the server, I can only see pings to LAN destinations. A ping to the server replies to clients but is not recorded by Linux tools. Try a different Linux distro. Ensure this setup:
snat.png
You do not have the required permissions to view the files attached to this post.

Post Reply