Bridge not working as expected

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
dario
Posts: 22
Joined: Wed Aug 30, 2023 11:57 am

Bridge not working as expected

Post by dario » Thu Aug 31, 2023 9:14 am

Hello,

I set up my softether service on a home lan PC (192.168.1.4).
I set it to bridge the defined hub to the local ethernet port (the only one available).

When I connect from outside, I see my pc gets a local IP (192.168.1.27), all traffic is routed through VPN (my external IP is the one of the home router) and I can access internet as if I was at home.

The problem is I can't access my home IPs: 192.1681.1.1 (router) homepage spins forever and trying to ssh to my server (192.168.1.4) fails immediately.

Where am I wrong?

solo
Posts: 1192
Joined: Sun Feb 14, 2021 10:31 am

Re: Bridge not working as expected

Post by solo » Thu Aug 31, 2023 11:42 am

dario wrote:
Thu Aug 31, 2023 9:14 am
The problem is I can't access my home IPs: 192.1681.1.1 (router) homepage spins forever and trying to ssh to my server (192.168.1.4) fails immediately.
1. the 192.1681.1.1 address is incorrect
2. due to Linux kernel limitation you can not access SE server at 192.168.1.4

dario
Posts: 22
Joined: Wed Aug 30, 2023 11:57 am

Re: Bridge not working as expected

Post by dario » Thu Aug 31, 2023 12:09 pm

192.1681.1.1 is a typo here; I meant 192.168.1.1 that is unreachable, and I don't understand why.

Why the second answer? When I'm in my local LAN, I can access 192.168.1.4 without problems. Can you explain more?

solo
Posts: 1192
Joined: Sun Feb 14, 2021 10:31 am

Re: Bridge not working as expected

Post by solo » Thu Aug 31, 2023 12:12 pm

Search this forum for "Linux kernel limitation", fix it, and then we'll look into your other issues.

dario
Posts: 22
Joined: Wed Aug 30, 2023 11:57 am

Re: Bridge not working as expected

Post by dario » Thu Aug 31, 2023 12:48 pm

Looking here (https://www.softether.org/4-docs/1-manu ... r_Mac_OS_X) I understand I should add a second physical network adapter. This is not an option, unfortunately. Am I wrong?

solo
Posts: 1192
Joined: Sun Feb 14, 2021 10:31 am

Re: Bridge not working as expected

Post by solo » Thu Aug 31, 2023 1:13 pm

That's one solution and you still could use a USB NIC, but there is another one, search for "soft tap" and do double-bridge.

dario
Posts: 22
Joined: Wed Aug 30, 2023 11:57 am

Re: Bridge not working as expected

Post by dario » Thu Aug 31, 2023 1:38 pm

I'll look into it; meanwhile, isn't' secureNat a possibile alternative?
If I put that all 192.168.1.x traffic goes through vpn, that should work, doesn't it?

solo
Posts: 1192
Joined: Sun Feb 14, 2021 10:31 am

Re: Bridge not working as expected

Post by solo » Thu Aug 31, 2023 1:50 pm

It is, however you need to set DisableKernelModeSecureNAT to 1 in order to access the server via VPN.

dario
Posts: 22
Joined: Wed Aug 30, 2023 11:57 am

Re: Bridge not working as expected

Post by dario » Thu Aug 31, 2023 2:57 pm

I tried the SeceureNAT way, but I have some trouble.

Apart from not connecting to my VPN Server (that is 192.168.1.4 and I understand I need to put that parameter somewhere - where?), I can't event access my router (192.168.1.1) home page: it starts loading and then stays spinning forever...
How can I troubleshoot it?

designermix
Posts: 11
Joined: Wed Aug 30, 2023 11:16 am

Re: Bridge not working as expected

Post by designermix » Thu Aug 31, 2023 8:56 pm

make

Code: Select all

tracert 192.168.1.1
and show result

dario
Posts: 22
Joined: Wed Aug 30, 2023 11:57 am

Re: Bridge not working as expected

Post by dario » Fri Sep 01, 2023 9:26 am

I don't understand... all seems correctly configured, but some web pages don't load.

When connected, the situation is:

Code: Select all

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.30.1    192.168.30.10      2
and

Code: Select all

Tracing route to 192.168.1.1 over a maximum of 30 hops

  1    46 ms    31 ms    43 ms  192.168.30.1
  2    46 ms    53 ms    40 ms  192.168.1.1
If I try fast.com, it shows 2Mbps. But...

192.168.1.1 loads some page components and never end.
Same for this site (vpnuser.com): I haven't been able to post this without turning my VPN off...

What could it be?
Moreover, please tell me where to put that parameter, so that I can check my vpn server with VPN open.

tnx

dario
Posts: 22
Joined: Wed Aug 30, 2023 11:57 am

Re: Bridge not working as expected

Post by dario » Fri Sep 01, 2023 9:35 am

Yup!

I found where to put that parameter, I did and now it all work!
The only problem is the CPU utilization now: one of the two CPU core is at 100% steadily.

solo
Posts: 1192
Joined: Sun Feb 14, 2021 10:31 am

Re: Bridge not working as expected

Post by solo » Fri Sep 01, 2023 11:47 am

dario wrote:
Fri Sep 01, 2023 9:35 am
The only problem is the CPU utilization now: one of the two CPU core is at 100% steadily.
Yeah...
Precautions relating to Performance

By possessing an internal virtual TCP/IP stack, SecureNAT performs the highly advanced process of reassembling the TCP/IP stream packetized once by the TCP/IP stack and further TCP/IP packetizing via the operating system. The overhead resulting from these processes is large, such that throughput via the virtual NAT is considerably decreased when compared to physical maximum throughput, even when using a computer with sufficiently high speed. That is why virtual NAT should not be used for performance-centric applications. As previously stated, virtual NAT is a function which can be used as an alternative when the local bridge function cannot be used for security or technical reasons. Where high-speed methods such as local bridging are available, those methods should be used.
Also Comparison on SecureNAT and local bridge method

Back to bridging? :-)

dario
Posts: 22
Joined: Wed Aug 30, 2023 11:57 am

Re: Bridge not working as expected

Post by dario » Fri Sep 01, 2023 12:00 pm

Mmmm...

First point: I see CPU goes to 100% when I connect and remains there even if I disconnect; if I restart the server, CPU goes down until the next client connection. Why does it stay high even if I disconnect?

Bridge: maybe I didn't investigate enough, but it looked that the promiscuous mode of the adapter spiked CPU in the same manner, plus I need some complicated trick to access my vpn server (192.168.1.4).

What do you suggest?

solo
Posts: 1192
Joined: Sun Feb 14, 2021 10:31 am

Re: Bridge not working as expected

Post by solo » Fri Sep 01, 2023 12:21 pm

Check if DisableIpRawModeSecureNAT = 1 improves anything.

dario
Posts: 22
Joined: Wed Aug 30, 2023 11:57 am

Re: Bridge not working as expected

Post by dario » Fri Sep 01, 2023 12:57 pm

I tried, but same result: the CPU stays at 100% even after disconnection. Do you understand why?

solo
Posts: 1192
Joined: Sun Feb 14, 2021 10:31 am

Re: Bridge not working as expected

Post by solo » Fri Sep 01, 2023 1:10 pm

Proceed with DE deployment.
https://github.com/SoftEtherVPN/SoftEth ... le-edition
https://dev.azure.com/SoftEther-VPN/Sof ... _a=summary

Confirmed to solve the issue as recently as yesterday...
I built the development version of softether and the problem is gone! The cpu usage has dropped by half, and everything seems great. Wish I had done this sooner
https://www.vpnusers.com/viewtopic.php? ... 29#p100007

dario
Posts: 22
Joined: Wed Aug 30, 2023 11:57 am

Re: Bridge not working as expected

Post by dario » Fri Sep 01, 2023 3:45 pm

This is a timely bug fixing!! :-)

I'm now running version 5.0.1 I downloaded via ATP on my Debian 12.
What version does DE correspond to?

Is it safe? How will it take to have it on Debian 12 repo?

Thank you!

Post Reply