SE - Cannot connect to DHCP Server on LAN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
giltea
Posts: 8
Joined: Fri Apr 05, 2019 5:25 pm

SE - Cannot connect to DHCP Server on LAN

Post by giltea » Fri Apr 05, 2019 6:39 pm

I am trying to see if softether is a viable VPN solution for our needs. I have been successful in getting sstp to connect to SE, but only when secure NAT is enabled. When I disable secure NAT the request is going to our DHCP server but the lease is not being returned to the client and therefore they are not getting an IP Address and are not able to connect.

You can see this information from the server log:

Code: Select all

    2019-04-05 11:10:00.319 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: Trying to request an IP address from the DHCP server.
    2019-04-05 11:10:05.319 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: Acquiring an IP address from the DHCP server failed. To accept a PPP session, you need to have a DHCP server. Make sure that a DHCP server is working normally in the Ethernet segment which the Virtual Hub belongs to. If you do not have a DHCP server, you can use the Virtual DHCP function of the SecureNAT on the Virtual Hub instead.
    2019-04-05 11:10:13.501 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: The VPN Client sent a packet though an IP address of the VPN Client hasn't been determined.
    2019-04-05 11:10:13.501 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: A PPP protocol error occurred, or the PPP session has been disconnected.
I have setup a bridge to the private NIC from the virtual hub and have disabled secure NAT and DHCP functionality in the SE hub.



When I try to connect from a windows box using SSTP, I am getting the following information from the packet log:

Code: Select all

   -04-05,11:09:52.450,SID-LOCALBRIDGE-    1,-,A4580F42CBB6,FFFFFFFFFFFF,0x0800,358,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,-,-
        2019-04-05,11:09:53.199,SID-LOCALBRIDGE-1,-,001A4A160154,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.24,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=10.1.2.253 ServerIP=10.1.1.24 RelayIP=0.0.0.0,-,-,-
        2019-04-05,11:09:53.199,SID-LOCALBRIDGE-1,-,A4580F42CBB6,FFFFFFFFFFFF,0x0800,370,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,-,-
        2019-04-05,11:09:53.199,SID-LOCALBRIDGE-1,-,001A4A160154,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.24,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=10.1.2.253 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,-,-
        2019-04-05,11:09:53.210,SID-LOCALBRIDGE-1,-,001A4A16017B,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.23,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=10.1.2.203 ServerIP=10.1.1.23 RelayIP=0.0.0.0,-,-,-
        2019-04-05,11:09:56.159,SID-LOCALBRIDGE-1,-,001A4A16017B,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.23,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=2306803456 ClientIP=0.0.0.0 YourIP=10.1.2.112 ServerIP=10.1.1.23 RelayIP=0.0.0.0,-,-,-
        2019-04-05,11:10:00.400,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
        2019-04-05,11:10:01.932,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
        2019-04-05,11:10:03.516,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
        2019-04-05,11:10:04.084,SID-LOCALBRIDGE-1,-,001A4A16017B,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.23,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=2306803456 ClientIP=0.0.0.0 YourIP=10.1.2.112 ServerIP=10.1.1.23 RelayIP=0.0.0.0,-,-,-
        2019-04-05,11:10:05.076,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-

One issue that I think is causing the issue is the relay address from the DHCP lease that should be returning the ip address is not correct (0.0.0.0). But I am not sure how this should be configured on the SE server side.

I have been banging my head on tsome time for sometime about this and was hoping to find someone who has completed a simliar setup for a bit of help.

centeredki69
Posts: 123
Joined: Wed Sep 18, 2013 1:49 pm

Re: SE - Cannot connect to DHCP Server on LAN

Post by centeredki69 » Fri Apr 05, 2019 8:33 pm

Highlight the Virtual HUB on the main screen. Click manage virtual HUB--->manage sessions----->highlight SID-LocalBridge----> click IP address table list or IP address of selected sessions. You should See a list of all clients on your LOCAL DHCP network. if not your local bridge is not connected to the Network the DHCP serves is on. or the Local bridge is not configured correctly. See below

Post screen shot of Local bridge setting if possible. See below for example
Capture.JPG
You do not have the required permissions to view the files attached to this post.

hiro-gj
Posts: 22
Joined: Thu Mar 14, 2019 2:10 am

Re: SE - Cannot connect to DHCP Server on LAN

Post by hiro-gj » Sat Apr 06, 2019 11:11 pm

hi,

May be I have same question me in Japanese forum.

Although the simultaneous availability of local bridge and SecureNAT has not been solved yet,
but, I think it will be useful to you.
(just in attached diagram png)
https://www.vpnusers.com/viewtopic.php?f=15&t=64059

thanks,

giltea
Posts: 8
Joined: Fri Apr 05, 2019 5:25 pm

Re: SE - Cannot connect to DHCP Server on LAN

Post by giltea » Mon Apr 08, 2019 5:12 pm

So, I am using linux setup but I was able to replicate the commands that you posted in the GUI. I can confirm that the bridges picking up the DHCP clients on our internal network. I also can confirm that the DHCP servers IP address is included in this list when I execute the IP tables command. I rebuild the box this morning to see if there were any old issues associated with my configuration but I am getting the exact same issue that I had before.

I am using a VM from an Ovirt cluster, but I am not sure if that would make a difference (or why it would).

I don't want to use secureNat if possible, we have all the tools in house to not use that feature (plus I don't want a performance hit that people seem to experience when using secureNat).

giltea
Posts: 8
Joined: Fri Apr 05, 2019 5:25 pm

Re: SE - Cannot connect to DHCP Server on LAN

Post by giltea » Mon Apr 08, 2019 6:31 pm

Alright, so I figured out you can use the server manager to connect to the remote host. Below are my bridge configuration and ip table from the bridge.

Bridge:
vpn-config.PNG
Iptables:
vpn-config.PNG

As you can see, I am getting the DHCP addresses on the LAN but still am failing to get a lease from the server. Every configuration with the exception of the SecureNat setup have failed in this manner. Any ideas would be appreciated.
You do not have the required permissions to view the files attached to this post.

centeredki69
Posts: 123
Joined: Wed Sep 18, 2013 1:49 pm

Re: SE - Cannot connect to DHCP Server on LAN

Post by centeredki69 » Mon Apr 08, 2019 7:41 pm

I believe you need to use promiscuous mode for Virtual environments.
It is still ideal to have two separate NICs (even if Virtual), one dedicated for the machine, one dedicated for the virtual hub with tcp protocols disabled.
The NIC used for the bridge should have promiscuous mode which is the equivalent mac address spoofing enabled in HyperV.

I'm not sure how to set it up promiscuous mode on Ovirt

See this Link
https://www.softether.org/4-docs/1-manu ... al_Bridges

giltea
Posts: 8
Joined: Fri Apr 05, 2019 5:25 pm

Re: SE - Cannot connect to DHCP Server on LAN

Post by giltea » Mon Apr 08, 2019 10:39 pm

thanks for the suggestion, this did not work. I'm still getting the exact same issues. No DHCP lease is being returned to the client.

I just rebuilt my box using the development build of softEther

I find it super hard to believe that this is not a standard setup. I would think that the majority of companies would run this on a Linux dist, with an internal DCHP / DNS servers.

The only setup that seems to work with SoftEther is to use the secureNat functionality. But this is not something that will work for us.

Is there anyone out there that has actually completed something close to my setup and could share their config file?

giltea
Posts: 8
Joined: Fri Apr 05, 2019 5:25 pm

Re: SE - Cannot connect to DHCP Server on LAN

Post by giltea » Wed Apr 10, 2019 7:39 pm

Looks like softether doesn't accept Virutal NIC's... I rebuilt on bare metal and the exact same setup and it worked the first time. Kind of sad that such a robust software cannot function properly virtualized. But at least I solved my problem.

rexkani
Posts: 2
Joined: Fri May 17, 2019 3:05 am

Re: SE - Cannot connect to DHCP Server on LAN

Post by rexkani » Fri May 17, 2019 3:10 am

I'm not sure but i think i'm running into a similar problem as you, im running softether on a Proxmox host in containers.
it works if i put the local bridge over the container eth0, but the download speed is problematic, with upload speed normal. therefore i tried to put the local bridge to a TAP device which is supported on Softether config, i can successfully build the TAP device with softether, but no MAC address is seen from that device, DHCP doesnt work for my clients.
tap_soft: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::5c11:6fff:fef3:8fdb prefixlen 64 scopeid 0x20<link>
ether 5e:11:6f:f3:8f:db txqueuelen 1000 (Ethernet)
RX packets 12 bytes 2008 (1.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 29 bytes 2382 (2.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Post Reply