Need help understanding vpn client on same machine as server

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
metc
Posts: 7
Joined: Sat Nov 11, 2023 10:06 pm

Need help understanding vpn client on same machine as server

Post by metc » Sat Nov 11, 2023 10:29 pm

Hey all. Aiming to set up a vpn server on a remote vm; got red hat running on an ec2 instance. Following this tutorial: https://www.softether.org/4-docs/2-howt ... into_Cloud

Because it's Linux and remote, I need to do everything from the command line. I've confirmed the server's up with the check utility. I have the default hub. But whenever I try to connect to the client on that machine, which looks like it should be on localhost:

Code: Select all

./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.43 Build 9799   (English)
Compiled 2023/08/31 10:50:49 by buildsan at crosswin with OpenSSL 3.0.9
Copyright (c) 2012-2023 SoftEther VPN Project. All Rights Reserved.

By using vpncmd program, the following can be achieved.

1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 2

Specify the host name or IP address of the computer that the destination VPN Client is operating on.
If nothing is input and Enter is pressed, connection will be made to localhost (this computer).
Hostname of IP Address of Destination:

Error occurred. (Error code: 1)
Connection to the server failed. Check network connection and make sure that address and port number of destination server are correct.
I'm not sure how to get to the client or how to make it from the command line, and that tutorial wants me to have that setup before connecting my local client. Is it necessary to have the local client, and, if so, how do I access/create that from the cli?

Thanks!

solo
Posts: 1529
Joined: Sun Feb 14, 2021 10:31 am

Re: Need help understanding vpn client on same machine as server

Post by solo » Sun Nov 12, 2023 9:54 pm

Code: Select all

systemctl start vpnclient
cd /usr/local/vpnclient
./vpncmd
2
[Enter][Enter]
RemoteEnable
	RemoteEnable command - Allow Remote Management of VPN Client Service
	The command completed successfully.
exit

metc
Posts: 7
Joined: Sat Nov 11, 2023 10:06 pm

Re: Need help understanding vpn client on same machine as server

Post by metc » Mon Nov 13, 2023 5:30 pm

Getting some weird behavior, and I'm not sure what I'm getting wrong. I'm running Red Hat on the ec2 instance. Neither the client or the server is registering as a systemctl service, but they are added through chkconfig.

Code: Select all

[root@ip-172-31-23-232 local]# chkconfig --add vpnclient
[root@ip-172-31-23-232 local]# chkconfig --add vpnserver
[root@ip-172-31-23-232 local]# chkconfig

Note: This output shows SysV services only and does not include native
      systemd services. SysV configuration data might be overridden by native
      systemd configuration.

      If you want to list systemd services use 'systemctl list-unit-files'.
      To see services enabled on particular target use
      'systemctl list-dependencies [target]'.

vpnclient       0:off   1:off   2:on    3:on    4:on    5:on    6:off
vpnserver       0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@ip-172-31-23-232 local]# systemctl list-unit-files | grep vpn
[root@ip-172-31-23-232 local]#
Per what @solo said, I figured the main issue was that I only added vpnserver, and not vpnclient, so I went and downloaded the latest vpnclient, and followed the same steps to get that setup as I did for the server. I'm noticing that starting or stopping one of the services seems to start/stop both:

Code: Select all

[root@ip-172-31-23-232 local]# cd /etc/init.d
[root@ip-172-31-23-232 init.d]# ls -l
total 40
-rwxr-xr-x. 1 root     root       321 Oct 27 10:47 choose_repo
-rw-r--r--. 1 root     root     18220 Aug 24  2022 functions
-rw-r--r--. 1 root     root      1161 Jul 17 08:33 README
-rwxr-xr-x. 1 root     root      1872 Oct 27 10:47 rh-cloud-firstboot
-rwxr-xr-x. 1 ec2-user ec2-user   353 Nov 13 16:45 vpnclient
-rwxr-xr-x. 1 ec2-user ec2-user   353 Nov 11 19:55 vpnserver
[root@ip-172-31-23-232 init.d]# ./vpnclient stop
SoftEther VPN Server service has not yet been started.
Run the "vpnserver start" to start this service.
rm: cannot remove '/var/lock/subsys/vpnserver': No such file or directory
[root@ip-172-31-23-232 init.d]# ./vpnclient start
The SoftEther VPN Server service has been started.

Let's get started by accessing to the following URL from your PC:

https://172.31.23.232:5555/
  or
https://172.31.23.232/

Note: IP address may vary. Specify your server's IP address.
A TLS certificate warning will appear because the server uses self signed certificate by default. That is natural. Continue with ignoring the TLS warning.

[root@ip-172-31-23-232 init.d]# cd /usr/local/vpnclient/
[root@ip-172-31-23-232 vpnclient]# ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.43 Build 9799   (English)
Compiled 2023/08/31 10:50:49 by buildsan at crosswin with OpenSSL 3.0.9
Copyright (c) 2012-2023 SoftEther VPN Project. All Rights Reserved.

By using vpncmd program, the following can be achieved.

1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 2

Specify the host name or IP address of the computer that the destination VPN Client is operating on.
If nothing is input and Enter is pressed, connection will be made to localhost (this computer).
Hostname of IP Address of Destination:

Error occurred. (Error code: 1)
Connection to the server failed. Check network connection and make sure that address and port number of destination server are correct.
I definitely have both vpnclient and vpnserver, but they're both behaving like vpnserver. What should I do here?<br/>

Code: Select all

[root@ip-172-31-23-232 local]# cd /etc/init.d
[root@ip-172-31-23-232 init.d]# ls -l
total 40
-rwxr-xr-x. 1 root     root       321 Oct 27 10:47 choose_repo
-rw-r--r--. 1 root     root     18220 Aug 24  2022 functions
-rw-r--r--. 1 root     root      1161 Jul 17 08:33 README
-rwxr-xr-x. 1 root     root      1872 Oct 27 10:47 rh-cloud-firstboot
-rwxr-xr-x. 1 ec2-user ec2-user   353 Nov 13 16:45 vpnclient
-rwxr-xr-x. 1 ec2-user ec2-user   353 Nov 11 19:55 vpnserver
[root@ip-172-31-23-232 init.d]# ./vpnclient stop
SoftEther VPN Server service has not yet been started.
Run the "vpnserver start" to start this service.
rm: cannot remove '/var/lock/subsys/vpnserver': No such file or directory
[root@ip-172-31-23-232 init.d]# ./vpnclient start
The SoftEther VPN Server service has been started.

Let's get started by accessing to the following URL from your PC:

https://172.31.23.232:5555/
  or
https://172.31.23.232/

Note: IP address may vary. Specify your server's IP address.
A TLS certificate warning will appear because the server uses self signed certificate by default. That is natural. Continue with ignoring the TLS warning.

[root@ip-172-31-23-232 init.d]# cd /usr/local/vpnclient/
[root@ip-172-31-23-232 vpnclient]# ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.43 Build 9799   (English)
Compiled 2023/08/31 10:50:49 by buildsan at crosswin with OpenSSL 3.0.9
Copyright (c) 2012-2023 SoftEther VPN Project. All Rights Reserved.

By using vpncmd program, the following can be achieved.

1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 2

Specify the host name or IP address of the computer that the destination VPN Client is operating on.
If nothing is input and Enter is pressed, connection will be made to localhost (this computer).
Hostname of IP Address of Destination:

Error occurred. (Error code: 1)
Connection to the server failed. Check network connection and make sure that address and port number of destination server are correct.
What else should I try here? Why is my client behaving just like server?

metc
Posts: 7
Joined: Sat Nov 11, 2023 10:06 pm

Re: Need help understanding vpn client on same machine as server

Post by metc » Mon Nov 13, 2023 5:34 pm

I'm still not sure why the bootup script is treating them the same, but I was able to get the client started by:

Code: Select all

[root@ip-172-31-23-232 vpnclient]# pwd
/usr/local/vpnclient
[root@ip-172-31-23-232 vpnclient]# ./vpnclient
SoftEther VPN Client service program
Copyright (c) SoftEther VPN Project. All Rights Reserved.

vpnclient command usage:
 vpnclient start  - Start the SoftEther VPN Client service.
 vpnclient stop   - Stop the SoftEther VPN Client service if the service has been already started.

[root@ip-172-31-23-232 vpnclient]# ./vpnclient start
The SoftEther VPN Client service has been started.
[root@ip-172-31-23-232 vpnclient]# ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.43 Build 9799   (English)
Compiled 2023/08/31 10:50:49 by buildsan at crosswin with OpenSSL 3.0.9
Copyright (c) 2012-2023 SoftEther VPN Project. All Rights Reserved.

By using vpncmd program, the following can be achieved.

1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 2

Specify the host name or IP address of the computer that the destination VPN Client is operating on.
If nothing is input and Enter is pressed, connection will be made to localhost (this computer).
Hostname of IP Address of Destination:

Connected to VPN Client "localhost".

VPN Client>exit
So, at the very least, I can start the client that way!

solo
Posts: 1529
Joined: Sun Feb 14, 2021 10:31 am

Re: Need help understanding vpn client on same machine as server

Post by solo » Mon Nov 13, 2023 11:24 pm

metc wrote:
Mon Nov 13, 2023 5:30 pm
Why is my client behaving just like server?
Because it is a service. Next, do "RemoteEnable" and then you'll be able to set it up from a comfy remote GUI.

Post Reply