Pointers for installation requirements

[wspivak]

Problem: was just in Canada and couldn't stream anything from my MAC/iPad. A VPN would solve that.

I'm running a Fedora 38 server. I loaded the server, what else to I need to load on the server?

There will be one "user" and possibly two concurrent sessions.

Thanks

[solo]

https://www.softether-download.com/file ... PN_Server/
and enable SecureNAT with all defaults.

[wspivak]

Thank you, I did download and install the vpnserver portion.

Do I need to install anything else on my server, such as vpn hub or bridge? In tutorials, this is the type of VPN I want to install, "Comfortable Network Anywhere", but it has no tutorial how-to, just a description.

Is there a better "how to"?

[solo]

Sure there is, @sevepen posted an excellent guide here https://www.vpnusers.com/viewtopic.php? ... 129#p98965
Just skip the game, Windows and client parts and you're good to go.

[wspivak]

Solo,

Thanks for your assistance.

I've connected to my VPN server using the internal LAN address and the Windows client. I configured per those instructions you provided.

I opened the ports on my Fedora 38 server as well as added port forwarding from my router to the Fedora server.

I attempted to use my iPhone via cell service to connect. I used L2TP, my server public domain name as the address, and account my username@virtual hub name.

I even tried the DDNS domain name as the server.

No joy.

So I tried my mac, which is on the same LAN as the server and my windows box. I used the same info, but use my server's ip address instead of domain name.

No joy.

I read somewhere that the

VPN Gate link but not RTFM? It clearly states "Specify "vpn" (3-letters) also on the "Shared Secret" field".

My virtual hub has VPN in the name with dashes between names, the secret key has vpn in the key (but no dashes). Does this matter?

Lastly, this is coming from my server_log

2023-06-07 08:46:34.878 SSL communication for connection "CID-9" has been started. The encryption algorithm name is "TLS_AES_256_GCM_SHA384".
2023-06-07 08:46:34.898 Connection "CID-9" connected using server admin mode.
2023-06-07 08:46:34.898 Connection "CID-9" successfully logged in using administration mode.
2023-06-07 08:46:34.898 Connection "CID-9" created a new remote procedure call session "RPC-63" for the purpose of administration mode.
2023-06-07 08:48:05.807 On the TCP Listener (Port 5555), a Client (IP address 103.118.30.122, Host name "103.118.30.122", Port number 53712) has connected.
2023-06-07 08:48:05.807 For the client (IP address: 103.118.30.122, host name: "103.118.30.122", port number: 53712), connection "CID-10" has been created.
2023-06-07 08:48:05.807 Connection "CID-10" has been terminated.
2023-06-07 08:48:05.807 The connection with the client (IP address 103.118.30.122, Port number 53712) has been disconnected.
2023-06-07 08:48:31.782 Administration mode [RPC-63]: The IPsec server setting has been updated.
2023-06-07 08:57:56.305 On the TCP Listener (Port 5555), a Client (IP address 103.178.229.173, Host name "103.178.229.173", Port number 41312) has connected.
2023-06-07 08:57:56.305 For the client (IP address: 103.178.229.173, host name: "103.178.229.173", port number: 41312), connection "CID-11" has been created.
2023-06-07 08:57:56.305 Connection "CID-11" has been terminated.
2023-06-07 08:57:56.305 The connection with the client (IP address 103.178.229.173, Port number 41312) has been disconnected.
2023-06-07 09:16:56.054 On the TCP Listener (Port 5555), a Client (IP address 103.110.32.156, Host name "103.110.32.156", Port number 37672) has connected.
2023-06-07 09:16:56.054 For the client (IP address: 103.110.32.156, host name: "103.110.32.156", port number: 37672), connection "CID-12" has been created.
2023-06-07 09:16:56.054 Connection "CID-12" has been terminated.
2023-06-07 09:16:56.054 The connection with the client (IP address 103.110.32.156, Port number 37672) has been disconnected.
2023-06-07 09:31:20.793 On the TCP Listener (Port 5555), a Client (IP address 194.180.48.149, Host name "194.180.48.149", Port number 44570) has connected.
2023-06-07 09:31:20.793 For the client (IP address: 194.180.48.149, host name: "194.180.48.149", port number: 44570), connection "CID-13" has been created.
2023-06-07 09:31:20.793 Connection "CID-13" has been terminated.
2023-06-07 09:31:20.793 The connection with the client (IP address 194.180.48.149, Port number 44570) has been disconnected.
2023-06-07 09:32:48.310 On the TCP Listener (Port 5555), a Client (IP address 194.87.151.178, Host name "194.87.151.178", Port number 44440) has connected.
2023-06-07 09:32:48.310 For the client (IP address: 194.87.151.178, host name: "194.87.151.178", port number: 44440), connection "CID-14" has been created.
2023-06-07 09:32:48.310 Connection "CID-14" has been terminated.
2023-06-07 09:32:48.310 The connection with the client (IP address 194.87.151.178, Port number 44440) has been disconnected.
2023-06-07 09:41:26.128 On the TCP Listener (Port 5555), a Client (IP address 192.168.1.232, Host name "192.168.1.232", Port number 50194) has connected.
2023-06-07 09:41:26.128 For the client (IP address: 192.168.1.232, host name: "192.168.1.232", port number: 50194), connection "CID-15" has been created.
2023-06-07 09:41:26.138 SSL communication for connection "CID-15" has been started. The encryption algorithm name is "TLS_AES_256_GCM_SHA384".
2023-06-07 09:41:26.158 Connection "CID-15" connected using server admin mode.
2023-06-07 09:41:26.158 Connection "CID-15" successfully logged in using administration mode.
2023-06-07 09:41:26.168 Connection "CID-15" created a new remote procedure call session "RPC-73" for the purpose of administration mode.
2023-06-07 09:44:33.786 On the TCP Listener (Port 5555), a Client (IP address 85.217.144.35, Host name "85.217.144.35", Port number 58040) has connected.
2023-06-07 09:44:33.786 For the client (IP address: 85.217.144.35, host name: "85.217.144.35", port number: 58040), connection "CID-16" has been created.
2023-06-07 09:44:33.786 Connection "CID-16" has been terminated.
2023-06-07 09:44:33.786 The connection with the client (IP address 85.217.144.35, Port number 58040) has been disconnected.

Lastly, I noticed in my logs that

failed to generate session key for dynamic DNS: permission denied

I run a cache-forward dns server :(

Ideas?

[solo]

https://www.vpnusers.com/viewtopic.php? ... 475#p95789

[wspivak]

Your last pointer now lets me connect on my MAC, and my iPhone.

Many thanks....

BUT

I can't access from my iPhone my email on my server (same server as the VPNServer) or Gmail (from my gmail client). Also web access doesn't work.

On my mac, (which is on the same LAN) I can't access my web server (same server as VPNServer) other websites, my email.

In fact I don't think I'm routing any traffic...

On a side question:

Is it normal to have lots of "hackers" trying to get in... or is that because of the dynamic dns reusing ip addresses?

2023-06-07 10:44:21.383 Connection "CID-20" has been terminated.
2023-06-07 10:44:21.383 The connection with the client (IP address 103.116.53.117, Port number 34270) has been disconnected.
2023-06-07 10:49:37.298 IPsec Client 3 (194.187.178.209:7820 -> 192.168.1.120:500): A new IPsec client is created.
2023-06-07 10:49:37.308 IPsec IKE Session (IKE SA) 3 (Client: 3) (194.187.178.209:7820 -> 192.168.1.120:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xD8757BB7945E3880, Responder Cookie: 0xFF0AD90648049CC, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-1, Cipher Algorithm: 3DES-CBC, Cipher Key Size: 192 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2023-06-07 10:49:37.440 IPsec Client 4 (45.83.64.54:39762 -> 192.168.1.120:500): A new IPsec client is created.
2023-06-07 10:49:37.440 IPsec IKE Session (IKE SA) 4 (Client: 4) (45.83.64.54:39762 -> 192.168.1.120:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x28C8EA07F08395E, Responder Cookie: 0xFD2FB6481DAFE1ED, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-1, Cipher Algorithm: 3DES-CBC, Cipher Key Size: 192 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2023-06-07 10:49:47.306 IPsec IKE Session (IKE SA) 3 (Client: 3) (194.187.178.209:7820 -> 192.168.1.120:500): This IKE SA is deleted.
2023-06-07 10:49:47.306 IPsec Client 3 (194.187.178.209:7820 -> 192.168.1.120:500): This IPsec Client is deleted.
2023-06-07 10:49:47.448 IPsec IKE Session (IKE SA) 4 (Client: 4) (45.83.64.54:39762 -> 192.168.1.120:500): This IKE SA is deleted.
2023-06-07 10:49:47.448 IPsec Client 4 (45.83.64.54:39762 -> 192.168.1.120:500): This IPsec Client is deleted.

[wspivak]

Update at 14:37.

I looked at the rules provided by your link and changed Rule 15 from discard to pass.

My iphone sent email out to gmail & outlook from the vpnserver/email server, and is able to read email as well.

I was able to go to my web site on my webserver/vpnserver without an issue.

On my MAC, was able to read email via the Outlook 365 client, but not send any email through my email server/vpnserver. I am able to send email from other accounts. The web browser works.

Any ideas on the MAC?

Footnote:

The number of errant connections has diminished greatly, probably DDNS timeouts.

[solo]

Those rules are for security of game host servers and they do not apply in your context, disable all.

[wspivak]

ahhhh.. Thanks again... So disable all 20 or so.

[wspivak]

I think all issues solved.

THANK YOU!!!