Page 1 of 1
Bridge not working as expected
Posted: Thu Aug 31, 2023 9:14 am
by dario
Hello,
I set up my softether service on a home lan PC (192.168.1.4).
I set it to bridge the defined hub to the local ethernet port (the only one available).
When I connect from outside, I see my pc gets a local IP (192.168.1.27), all traffic is routed through VPN (my external IP is the one of the home router) and I can access internet as if I was at home.
The problem is I can't access my home IPs: 192.1681.1.1 (router) homepage spins forever and trying to ssh to my server (192.168.1.4) fails immediately.
Where am I wrong?
Re: Bridge not working as expected
Posted: Thu Aug 31, 2023 11:42 am
by solo
dario wrote: ↑Thu Aug 31, 2023 9:14 am
The problem is I can't access my home IPs: 192.1681.1.1 (router) homepage spins forever and trying to ssh to my server (192.168.1.4) fails immediately.
1. the 192.1681.1.1 address is incorrect
2. due to Linux kernel limitation you can not access SE server at 192.168.1.4
Re: Bridge not working as expected
Posted: Thu Aug 31, 2023 12:09 pm
by dario
192.1681.1.1 is a typo here; I meant 192.168.1.1 that is unreachable, and I don't understand why.
Why the second answer? When I'm in my local LAN, I can access 192.168.1.4 without problems. Can you explain more?
Re: Bridge not working as expected
Posted: Thu Aug 31, 2023 12:12 pm
by solo
Search this forum for "Linux kernel limitation", fix it, and then we'll look into your other issues.
Re: Bridge not working as expected
Posted: Thu Aug 31, 2023 12:48 pm
by dario
Looking here (
https://www.softether.org/4-docs/1-manu ... r_Mac_OS_X) I understand I should add a second physical network adapter. This is not an option, unfortunately. Am I wrong?
Re: Bridge not working as expected
Posted: Thu Aug 31, 2023 1:13 pm
by solo
That's one solution and you still could use a USB NIC, but there is another one, search for "soft tap" and do double-bridge.
Re: Bridge not working as expected
Posted: Thu Aug 31, 2023 1:38 pm
by dario
I'll look into it; meanwhile, isn't' secureNat a possibile alternative?
If I put that all 192.168.1.x traffic goes through vpn, that should work, doesn't it?
Re: Bridge not working as expected
Posted: Thu Aug 31, 2023 1:50 pm
by solo
It is, however you need to set DisableKernelModeSecureNAT to 1 in order to access the server via VPN.
Re: Bridge not working as expected
Posted: Thu Aug 31, 2023 2:57 pm
by dario
I tried the SeceureNAT way, but I have some trouble.
Apart from not connecting to my VPN Server (that is 192.168.1.4 and I understand I need to put that parameter somewhere - where?), I can't event access my router (192.168.1.1) home page: it starts loading and then stays spinning forever...
How can I troubleshoot it?
Re: Bridge not working as expected
Posted: Thu Aug 31, 2023 8:56 pm
by designermix
Re: Bridge not working as expected
Posted: Fri Sep 01, 2023 9:26 am
by dario
I don't understand... all seems correctly configured, but some web pages don't load.
When connected, the situation is:
Code: Select all
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.30.1 192.168.30.10 2
and
Code: Select all
Tracing route to 192.168.1.1 over a maximum of 30 hops
1 46 ms 31 ms 43 ms 192.168.30.1
2 46 ms 53 ms 40 ms 192.168.1.1
If I try fast.com, it shows 2Mbps. But...
192.168.1.1 loads some page components and never end.
Same for this site (vpnuser.com): I haven't been able to post this without turning my VPN off...
What could it be?
Moreover, please tell me where to put that parameter, so that I can check my vpn server with VPN open.
tnx
Re: Bridge not working as expected
Posted: Fri Sep 01, 2023 9:35 am
by dario
Yup!
I found where to put that parameter, I did and now it all work!
The only problem is the CPU utilization now: one of the two CPU core is at 100% steadily.
Re: Bridge not working as expected
Posted: Fri Sep 01, 2023 11:47 am
by solo
dario wrote: ↑Fri Sep 01, 2023 9:35 am
The only problem is the CPU utilization now: one of the two CPU core is at 100% steadily.
Yeah...
Precautions relating to Performance
By possessing an internal virtual TCP/IP stack, SecureNAT performs the highly advanced process of reassembling the TCP/IP stream packetized once by the TCP/IP stack and further TCP/IP packetizing via the operating system. The overhead resulting from these processes is large, such that throughput via the virtual NAT is considerably decreased when compared to physical maximum throughput, even when using a computer with sufficiently high speed. That is why virtual NAT should not be used for performance-centric applications. As previously stated, virtual NAT is a function which can be used as an alternative when the local bridge function cannot be used for security or technical reasons. Where high-speed methods such as local bridging are available, those methods should be used.
Also
Comparison on SecureNAT and local bridge method
Back to bridging? :-)
Re: Bridge not working as expected
Posted: Fri Sep 01, 2023 12:00 pm
by dario
Mmmm...
First point: I see CPU goes to 100% when I connect and remains there even if I disconnect; if I restart the server, CPU goes down until the next client connection. Why does it stay high even if I disconnect?
Bridge: maybe I didn't investigate enough, but it looked that the promiscuous mode of the adapter spiked CPU in the same manner, plus I need some complicated trick to access my vpn server (192.168.1.4).
What do you suggest?
Re: Bridge not working as expected
Posted: Fri Sep 01, 2023 12:21 pm
by solo
Check if DisableIpRawModeSecureNAT = 1 improves anything.
Re: Bridge not working as expected
Posted: Fri Sep 01, 2023 12:57 pm
by dario
I tried, but same result: the CPU stays at 100% even after disconnection. Do you understand why?
Re: Bridge not working as expected
Posted: Fri Sep 01, 2023 1:10 pm
by solo
Proceed with DE deployment.
https://github.com/SoftEtherVPN/SoftEth ... le-edition
https://dev.azure.com/SoftEther-VPN/Sof ... _a=summary
Confirmed to solve the issue as recently as yesterday...
I built the development version of softether and the problem is gone! The cpu usage has dropped by half, and everything seems great. Wish I had done this sooner
https://www.vpnusers.com/viewtopic.php? ... 29#p100007
Re: Bridge not working as expected
Posted: Fri Sep 01, 2023 3:45 pm
by dario
This is a timely bug fixing!! :-)
I'm now running version 5.0.1 I downloaded via ATP on my Debian 12.
What version does DE correspond to?
Is it safe? How will it take to have it on Debian 12 repo?
Thank you!