Hi SoftEther Community! I will very thank you for any help and advise!
My final project's goal is to run an FTP server(vsftpd) on Ubuntu over a VPN with Dynamic DNS to provide access for users via FileZilla.
But at the moment, I'm stuck connecting to my SE Dynamic DNS global IP or hostname. My users from Virtual Hub not able to ping it.
I have as my VPN Server:
1. Ubuntu Server 22.04
2. Softether VPN Server installed and configured. I'm able to run vpncmd as an administrator, and execution of the Check command passed well.
3. I disabled Firewall(ufw) for now to investigate host ping issue.
I have as my VPN Server Manager and Client:
1. Windows 10
2. SE VPN Server Manager installed
3. SE VPN Client Manager installed
4. DHCP Function activated and working fine. When a User connects with Client Manager, it allocates an IP for him.
After VPN Server installation, I created a Virtual Hub and added two test users to this hub.
I successfully connected one of my test user through the SE VPN Client Manager to the server.
These are the basic settings that I thought would satisfy the needs of my task for SoftEther (solving static IP issue with D-DNS).
But when I'm trying to ping my global IP or DNS hostname from the connected user's PC, I'm getting a "Request timed out" message.
I use the VPN Server global IP and DNS hostname provided by the SE Dynamic DNS function, which are shown in the SE VPN Server Manager in the D-DNS Settings page.
Any Idea how to make this work?
Can't ping VPN Server Global IP or Dynamic DNS Hostname
-
green.yellow
- Posts: 2
- Joined: Wed Dec 20, 2023 6:37 pm
-
solo
- Posts: 1285
- Joined: Sun Feb 14, 2021 10:31 am
-
green.yellow
- Posts: 2
- Joined: Wed Dec 20, 2023 6:37 pm
Re: Can't ping VPN Server Global IP or Dynamic DNS Hostname
I have read many discussion topics on this forum as well as SE documentation that, in one way or another, relate to my issue. I understood that the dynamic DNS function does not work for a SE Server running on Linux due to the limitations of the Linux kernel itself.
There are three potential custom solutions for this problem:
1. Use a second NIC, physical or virtual
2. Implement it with the Tap Device feature as a bridge
3. Use SecureNAT as a solution with DisableKernelModeSecureNAT set to 1
I tried all these solutions, and none of them gave me any positive results. At the end of my experiments and manipulations with iptables and dnsmasq I came to the result that my SE VPN Server machine is not even able to ping Google, so now the server has completely lost communication with the internet.
After that, I sadly realized that all these custom solutions require a higher level of networking expertise than I have. And probably the best option for me will be to create my SE Server on Windows, where the D-DNS feature should work out of the box.
The only question I have now is whether I correctly understand the main paradigm of the network that I want to build.
I have one server and many different clients. Clients connect to the Internet through different local networks and Internet providers. But all clients must be able to connect to the server to work with their files.
I thought that this is a simple network topology Remote Access VPN or PC-to-PC VPN, isn't it?
If it's so, then I don't understand why we need all these bridges, tap devices, etc. if I just need to connect many users to one standalone server by its D-DNS hostname.
Looking ahead, I just want to understand will I need to build these bridges on Windows SE VPN Server to make my project work?
There are three potential custom solutions for this problem:
1. Use a second NIC, physical or virtual
2. Implement it with the Tap Device feature as a bridge
3. Use SecureNAT as a solution with DisableKernelModeSecureNAT set to 1
I tried all these solutions, and none of them gave me any positive results. At the end of my experiments and manipulations with iptables and dnsmasq I came to the result that my SE VPN Server machine is not even able to ping Google, so now the server has completely lost communication with the internet.
After that, I sadly realized that all these custom solutions require a higher level of networking expertise than I have. And probably the best option for me will be to create my SE Server on Windows, where the D-DNS feature should work out of the box.
The only question I have now is whether I correctly understand the main paradigm of the network that I want to build.
I have one server and many different clients. Clients connect to the Internet through different local networks and Internet providers. But all clients must be able to connect to the server to work with their files.
I thought that this is a simple network topology Remote Access VPN or PC-to-PC VPN, isn't it?
If it's so, then I don't understand why we need all these bridges, tap devices, etc. if I just need to connect many users to one standalone server by its D-DNS hostname.
Looking ahead, I just want to understand will I need to build these bridges on Windows SE VPN Server to make my project work?
-
solo
- Posts: 1285
- Joined: Sun Feb 14, 2021 10:31 am
Re: Can't ping VPN Server Global IP or Dynamic DNS Hostname
This conclusion is totally incorrect as DDNS has nothing to do with the kernel issue.green.yellow wrote: ↑Fri Dec 22, 2023 12:56 pmI understood that the dynamic DNS function does not work for a SE Server running on Linux due to the limitations of the Linux kernel itself.
"After VPN Server installation, I created a Virtual Hub and added two test users to this hub. I successfully connected one of my test user through the SE VPN Client Manager to the server."
At this point DDNS has done its job as intended.
"Can't ping VPN Server Global IP or Dynamic DNS Hostname"
After the successful connection, only pinging VPN server's PRIVATE IP, not global IP is relevant, hence "Bridge not working as expected" information to resolve it.