Cannot connect using iPhone

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
davidgmd
Posts: 2
Joined: Wed Aug 07, 2013 1:34 am

Cannot connect using iPhone

Post by davidgmd » Tue Feb 11, 2014 9:37 am

Have set up the server without any issues. Can connect to the server using the Softether Client software. Cannot connect using IPhone. Get the following error message:
"The L2TP-VPN server did not respond. Try reconnecting. If the problem continues..."

Have forwarded Ports : 443,992,1194,555,500,1701,1723 and 4500 to the server.
Am listening on all of those ports.
Have re-installed the server software.
Have tried manually assigning the port on the iPhone. ( Tried all of the above )
Tried PPTP-did not connect.
Checked and server software is configured for the L2TP server function, hub specified and "Secret key" chosen.

Any other suggestions would be helpful.
Thanks

Captainquark
Posts: 15
Joined: Thu Jan 21, 2016 9:35 pm

Re: Cannot connect using iPhone

Post by Captainquark » Wed Feb 17, 2016 12:28 pm

Hey,
I am having the same problem, did you ever solve this? How?
Thanks,
Cap'

PaulC
Posts: 26
Joined: Mon Nov 02, 2015 12:18 am

Re: Cannot connect using iPhone

Post by PaulC » Wed Feb 17, 2016 12:35 pm

Hi,

You don't need all those ports for L2TP to work.

Just UDP/4500 and UDP/500 will be sufficient.

That's not your issue, I'm just mentioning it.

You don't say what server you're running the soft ether instance on (Linux, etc...).. But are you sure there are no firewall rules blocking connectivity? Have you tried tcpdump (or equivalent) on the correct interface on the server to see if the packets are being dropped, etc

I presume you've selected "Enable L2TP Server Function (L2TP over IPSec) in the VPN server Manager settings...

Rgds
Paul

Captainquark
Posts: 15
Joined: Thu Jan 21, 2016 9:35 pm

Re: Cannot connect using iPhone

Post by Captainquark » Thu Feb 18, 2016 10:55 am

I am not the original author, but I am running it on Windows 2008 R2. I tried disabling the local Windows Firewall entirely for a test, which did not work, so it's definitely not blocked by Windows Firewall. I forwarded the ports UDP 500 and 4500 on the router to the Server. According to https://pentest-tools.com, this works as well, here's the Output:
**
PORT STATE SERVICE
500/udp open isakmp
4500/udp open|filtered nat-t-ike
**
Unfortunately, I don't have a tool to see which packets were dropped... Yes, I enabled the mentioned option. Any help is greatly appreciated.
Kind regards,
Cap'

PaulC
Posts: 26
Joined: Mon Nov 02, 2015 12:18 am

Re: Cannot connect using iPhone

Post by PaulC » Thu Feb 18, 2016 4:32 pm

So in the VPN settings on your phone, you have your external IP address (the one you checked at pertest-tools.com)]

Do you see any connections come in at all? You should be able to see something in the server logs for SoftEther.

I run it on Linux so am not entirely sure where they're stored on Windows.

Rgds

Paul

Captainquark
Posts: 15
Joined: Thu Jan 21, 2016 9:35 pm

Re: Cannot connect using iPhone

Post by Captainquark » Sat Feb 20, 2016 3:33 pm

Thanks Paul for trying to help me. I found some logs, and maybe we got one step closer to the problem. It seems as if the IPhone cannot draw an IP. Which is strange, as I always get an IP when I connect using my Windows laptop. Attached the log details.
Thanks for helping!
Cheers,
Cap'
You do not have the required permissions to view the files attached to this post.

PaulC
Posts: 26
Joined: Mon Nov 02, 2015 12:18 am

Re: Cannot connect using iPhone

Post by PaulC » Sat Feb 20, 2016 4:00 pm

Ok. That's definitely a good step closer

So, what is giving your PC an IP address? Do you have a DCHP server somewhere or are you using the DCHP function within SoftEther? Or are you manually setting an IP address in your PC in the right subnet (192.168.0.0/16)?

Captainquark
Posts: 15
Joined: Thu Jan 21, 2016 9:35 pm

Re: Cannot connect using iPhone

Post by Captainquark » Sun Feb 21, 2016 7:35 am

Paul,
I have the DHCP option in my router that is providing IP addresses. I don't use static ones for my clients. As I said, my Windows laptop is perfectly capable to draw an IP from the router.
The range it provides IPs from is 60 addresses, of which around 20 are in use.
Thanks,
Cap

PaulC
Posts: 26
Joined: Mon Nov 02, 2015 12:18 am

Re: Cannot connect using iPhone

Post by PaulC » Sun Feb 21, 2016 10:19 pm

Can you grab me a snippet of the log file from when your PC makes a connections and does successfully get a DHCP allocated IP address?

Cheers

NiloRamirez
Posts: 6
Joined: Wed Jan 13, 2016 4:20 pm

Re: Cannot connect using iPhone

Post by NiloRamirez » Wed Feb 24, 2016 12:25 pm

Hi, how are you?
I'm here because i'm with some troubles. I'm trying to configure a SoftEther Server with an Android tablet.
The communication between the Server and an Windows Client is working, but with my tablet it doesn't work.
I saw at the "server_log" folder and found this log:

2016-02-22 17:49:45.295 IPsec Client 2 (192.168.0.106:500 -> 192.168.0.201:500): A new IPsec client is created.
2016-02-22 17:49:45.296 IPsec IKE Session (IKE SA) 2 (Client: 2) (192.168.0.106:500 -> 192.168.0.201:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x92322E8D27DBA64A, Responder Cookie: 0xB0CB5300BDF07886, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2016-02-22 17:49:45.508 IPsec Client 2 (192.168.0.106:4500 -> 192.168.0.201:4500): The port number information of this client is updated.
2016-02-22 17:49:45.509 IPsec Client 2 (192.168.0.106:4500 -> 192.168.0.201:4500):
2016-02-22 17:49:45.509 IPsec IKE Session (IKE SA) 2 (Client: 2) (192.168.0.106:4500 -> 192.168.0.201:4500): This IKE SA is established between the server and the client.
2016-02-22 17:49:46.295 IPsec IKE Session (IKE SA) 2 (Client: 2) (192.168.0.106:4500 -> 192.168.0.201:4500): The client initiates a QuickMode negotiation.
2016-02-22 17:49:46.296 IPsec ESP Session (IPsec SA) 2 (Client: 2) (192.168.0.106:4500 -> 192.168.0.201:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0x5A676B03, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2016-02-22 17:49:46.297 IPsec ESP Session (IPsec SA) 2 (Client: 2) (192.168.0.106:4500 -> 192.168.0.201:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x686BF5F, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2016-02-22 17:49:46.302 IPsec ESP Session (IPsec SA) 2 (Client: 2) (192.168.0.106:4500 -> 192.168.0.201:4500): This IPsec SA is established between the server and the client.
2016-02-22 17:49:47.286 IPsec Client 2 (192.168.0.106:4500 -> 192.168.0.201:4500): The L2TP Server Module is started.
2016-02-22 17:49:47.325 L2TP PPP Session [192.168.0.106:1701]: A new PPP session (Upper protocol: L2TP) is started. IP Address of PPP Client: 192.168.0.106 (Hostname: "anonymous"), Port Number of PPP Client: 1701, IP Address of PPP Server: 192.168.0.201, Port Number of PPP Server: 1701, Client Software Name: "L2TP VPN Client", IPv4 TCP MSS (Max Segment Size): 1314 bytes
2016-02-22 17:49:47.336 On the TCP Listener (Port 0), a Client (IP address 192.168.0.106, Host name "192.168.0.106", Port number 1701) has connected.
2016-02-22 17:49:47.336 For the client (IP address: 192.168.0.106, host name: "192.168.0.106", port number: 1701), connection "CID-18-88922EEB76" has been created.
2016-02-22 17:49:47.337 SSL communication for connection "CID-18-88922EEB76" has been started. The encryption algorithm name is "(null)".
2016-02-22 17:49:47.345 [HUB "Teste1"] The connection "CID-18-88922EEB76" (IP address: 192.168.0.106, Host name: 192.168.0.106, Port number: 1701, Client name: "L2TP VPN Client", Version: 4.19, Build: 9599) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "Nilo".
2016-02-22 17:49:47.345 [HUB "Teste1"] Connection "CID-18-88922EEB76": Successfully authenticated as user "Nilo".
2016-02-22 17:49:47.346 [HUB "Teste1"] Connection "CID-18-88922EEB76": The new session "SID-NILO-[L2TP]-5" has been created. (IP address: 192.168.0.106, Port number: 1701, Physical underlying protocol: "Legacy VPN - L2TP")
2016-02-22 17:49:47.346 [HUB "Teste1"] Session "SID-NILO-[L2TP]-5": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2016-02-22 17:49:47.352 [HUB "Teste1"] Session "SID-NILO-[L2TP]-5": VPN Client details: (Client product name: "L2TP VPN Client", Client version: 419, Client build number: 9599, Server product name: "SoftEther VPN Server (32 bit)", Server version: 419, Server build number: 9599, Client OS name: "L2TP VPN Client", Client OS version: "-", Client product ID: "-", Client host name: "anonymous", Client IP address: "192.168.0.106", Client port number: 1701, Server host name: "192.168.0.201", Server IP address: "192.168.0.201", Server port number: 1701, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "Teste1", Client unique ID: "C672F7B8F742464797E7D5141937F6C5")
2016-02-22 17:49:47.360 L2TP PPP Session [192.168.0.106:1701]: Trying to request an IP address from the DHCP server.
2016-02-22 17:49:52.036 [HUB "Teste1"] Session "SID-NILO-4": The session has been terminated. The statistical information is as follows: Total outgoing data size: 6001 bytes, Total incoming data size: 10413 bytes.
2016-02-22 17:49:52.062 Connection "CID-16-CFC8CDE377" terminated by the cause "The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2016-02-22 17:49:52.062 Connection "CID-16-CFC8CDE377" has been terminated.
2016-02-22 17:49:52.062 The connection with the client (IP address 192.168.0.202, Port number 1229) has been disconnected.
2016-02-22 17:49:52.360 L2TP PPP Session [192.168.0.106:1701]: Acquiring an IP address from the DHCP server failed. To accept a PPP session, you need to have a DHCP server. Make sure that a DHCP server is working normally in the Ethernet segment which the Virtual Hub belongs to. If you do not have a DHCP server, you can use the Virtual DHCP function of the SecureNAT on the Virtual Hub instead.
2016-02-22 17:49:58.584 L2TP PPP Session [192.168.0.106:1701]: The VPN Client sent a packet though an IP address of the VPN Client hasn't been determined.
2016-02-22 17:49:58.584 L2TP PPP Session [192.168.0.106:1701]: A PPP protocol error occurred, or the PPP session has been disconnected.
2016-02-22 17:49:58.841 [HUB "Teste1"] Session "SID-NILO-[L2TP]-5": The session has been terminated. The statistical information is as follows: Total outgoing data size: 0 bytes, Total incoming data size: 1320 bytes.
2016-02-22 17:49:58.866 Connection "CID-18-88922EEB76" terminated by the cause "The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2016-02-22 17:49:58.866 Connection "CID-18-88922EEB76" has been terminated.
2016-02-22 17:49:58.866 The connection with the client (IP address 192.168.0.106, Port number 1701) has been disconnected.
2016-02-22 17:52:29.017 IPsec Client 2 (192.168.0.106:4500 -> 192.168.0.201:4500): This IPsec Client is deleted.
2016-02-22 17:52:29.017 IPsec IKE Session (IKE SA) 2 (Client: 2) (192.168.0.106:4500 -> 192.168.0.201:4500): This IKE SA is deleted.
2016-02-22 17:52:29.018 IPsec ESP Session (IPsec SA) 2 (Client: 2) (192.168.0.106:4500 -> 192.168.0.201:4500): This IPsec SA is deleted.
2016-02-22 17:52:29.018 IPsec ESP Session (IPsec SA) 2 (Client: 2) (192.168.0.106:4500 -> 192.168.0.201:4500): This IPsec SA is deleted.

I made all configurations using the Tutorial.
Can you help me how to make it work?

Thank you.

dmun
Posts: 4
Joined: Wed Feb 24, 2016 3:13 pm

Re: Cannot connect using iPhone

Post by dmun » Wed Feb 24, 2016 3:43 pm

I decided to try out softether last night as a replacement to the built in vpn server in OS X (running it on 10.9). I'm seeing the same DHCP failure behavior. I have tried connecting from three platforms (iOS, OS X, Windows 8.1) using their built-in clients and each has the same problem. I know the system can obtain DHCP since the built in vpnd/racoon setup already works ok with those built-in clients. And the hub itself seems to know about the (192.168.1.1) DHCP server.

The connection does work using the Softether client, so it appears to have something to do with L2TP support in the softether server.

Here is some output from my logs. I'd be happy to debug but it looks like I'll have to go back to the native setup.

2016-02-24 10:02:17.985 IPsec IKE Session (IKE SA) 10 (Client: 16) (8.x.x.x:362 -> 192.168.1.11:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xE11EF254EA605D00, Responder Cookie: 0x33B303D9CFAB003B, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2016-02-24 10:02:18.056 IPsec Client 16 (8.x.x.x:29679 -> 192.168.1.11:4500): The port number information of this client is updated.
2016-02-24 10:02:18.056 IPsec Client 16 (8.x.x.x:29679 -> 192.168.1.11:4500):
2016-02-24 10:02:18.056 IPsec IKE Session (IKE SA) 10 (Client: 16) (8.x.x.x:29679 -> 192.168.1.11:4500): This IKE SA is established between the server and the client.
2016-02-24 10:02:19.058 IPsec IKE Session (IKE SA) 10 (Client: 16) (8.x.x.x:29679 -> 192.168.1.11:4500): The client initiates a QuickMode negotiation.
2016-02-24 10:02:19.058 IPsec ESP Session (IPsec SA) 9 (Client: 16) (8.x.x.x:29679 -> 192.168.1.11:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0x2C5F538A, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2016-02-24 10:02:19.080 IPsec ESP Session (IPsec SA) 9 (Client: 16) (8.x.x.x:29679 -> 192.168.1.11:4500): This IPsec SA is established between the server and the client.
2016-02-24 10:02:19.080 IPsec Client 16 (8.x.x.x:29679 -> 192.168.1.11:4500): The L2TP Server Module is started.
2016-02-24 10:02:19.128 L2TP PPP Session [8.x.x.x:1701]: A new PPP session (Upper protocol: L2TP) is started. IP Address of PPP Client: 8.x.x.x (Hostname: "macbook-pro.local"), Port Number of PPP Client: 1701, IP Address of PPP Server: 192.168.1.11, Port Number of PPP Server: 1701, Client Software Name: "L2TP VPN Client", IPv4 TCP MSS (Max Segment Size): 1314 bytes
2016-02-24 10:02:19.304 On the TCP Listener (Port 0), a Client (IP address 8.x.x.x, Host name "8.x.x.x", Port number 1701) has connected.
2016-02-24 10:02:19.304 For the client (IP address: 8.x.x.x, host name: "8.x.x.x", port number: 1701), connection "CID-7" has been created.
2016-02-24 10:02:19.304 SSL communication for connection "CID-7" has been started. The encryption algorithm name is "(null)".
2016-02-24 10:02:19.314 [HUB "MINIVPN"] The connection "CID-7" (IP address: 8.x.x.x, Host name: 8.x.x.x, Port number: 1701, Client name: "L2TP VPN Client", Version: 4.19, Build: 9599) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "vpnuser".
2016-02-24 10:02:19.314 [HUB "MINIVPN"] Connection "CID-7": Successfully authenticated as user "vpnuser".
2016-02-24 10:02:19.324 [HUB "MINIVPN"] Connection "CID-7": The new session "SID-VPNUSER-[L2TP]-6" has been created. (IP address: 8.x.x.x, Port number: 1701, Physical underlying protocol: "Legacy VPN - L2TP")
2016-02-24 10:02:19.324 [HUB "MINIVPN"] Session "SID-VPNUSER-[L2TP]-6": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2016-02-24 10:02:19.334 [HUB "MINIVPN"] Session "SID-VPNUSER-[L2TP]-6": VPN Client details: (Client product name: "L2TP VPN Client", Client version: 419, Client build number: 9599, Server product name: "SoftEther VPN Server (64 bit)", Server version: 419, Server build number: 9599, Client OS name: "L2TP VPN Client", Client OS version: "-", Client product ID: "-", Client host name: "macbook-pro.local", Client IP address: "8.x.x.x", Client port number: 1701, Server host name: "192.168.1.11", Server IP address: "192.168.1.11", Server port number: 1701, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "MINIVPN", Client unique ID: "585CFE394AF29898FA2DCAC0C85CEC6A")
2016-02-24 10:02:19.345 L2TP PPP Session [8.x.x.x:1701]: Trying to request an IP address from the DHCP server.
2016-02-24 10:02:28.000 L2TP PPP Session [8.x.x.x:1701]: Acquiring an IP address from the DHCP server failed. To accept a PPP session, you need to have a DHCP server. Make sure that a DHCP server is working normally in the Ethernet segment which the Virtual Hub belongs to. If you do not have a DHCP server, you can use the Virtual DHCP function of the SecureNAT on the Virtual Hub instead.
2016-02-24 10:02:28.128 [HUB "MINIVPN"] Session "SID-LOCALBRIDGE-1": The DHCP server of host "00-26-62-3D-AF-B5" (192.168.1.1) on this session allocated, for host "SID-VPNUSER-[L2TP]-6" on another session "CA-1C-58-CB-E8-66", the new IP address 192.168.1.177.
2016-02-24 10:02:37.786 IPsec ESP Session (IPsec SA) 9 (Client: 16) (8.x.x.x:29679 -> 192.168.1.11:4500): This IPsec SA is deleted.
2016-02-24 10:02:37.786 IPsec IKE Session (IKE SA) 10 (Client: 16) (8.x.x.x:29679 -> 192.168.1.11:4500): This IKE SA is deleted.
2016-02-24 10:02:37.786 IPsec ESP Session (IPsec SA) 9 (Client: 16) (8.x.x.x:29679 -> 192.168.1.11:4500): This IPsec SA is deleted.
2016-02-24 10:02:37.800 L2TP PPP Session [8.x.x.x:1701]: The VPN Client sent a packet though an IP address of the VPN Client hasn't been determined.
2016-02-24 10:02:37.800 L2TP PPP Session [8.x.x.x:1701]: A PPP protocol error occurred, or the PPP session has been disconnected.
2016-02-24 10:02:38.060 [HUB "MINIVPN"] Session "SID-VPNUSER-[L2TP]-6": The session has been terminated. The statistical information is as follows: Total outgoing data size: 6275 bytes, Total incoming data size: 2365 bytes.
2016-02-24 10:02:38.082 Connection "CID-7" terminated by the cause "The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2016-02-24 10:02:38.082 Connection "CID-7" has been terminated.
2016-02-24 10:02:38.082 The connection with the client (IP address 8.x.x.x, Port number 1701) has been disconnected.
2016-02-24 10:02:48.091 IPsec Client 16 (8.x.x.x:29679 -> 192.168.1.11:4500): This IPsec Client is deleted.


Edit: below is the log from a successful connection using the Softether TLS-based client on WIndows 8.1:

2016-02-24 11:01:32.908 On the TCP Listener (Port 0), a Client (IP address 8.x.x.x, Host name "8.x.x.x", Port number 51245) has connected.
2016-02-24 11:01:32.908 For the client (IP address: 8.x.x.x, host name: "8.x.x.x", port number: 51245), connection "CID-10" has been created.
2016-02-24 11:01:32.940 SSL communication for connection "CID-10" has been started. The encryption algorithm name is "AES128-SHA".
2016-02-24 11:01:32.984 [HUB "MINIVPN"] The connection "CID-10" (IP address: 8.x.x.x, Host name: 8.x.x.x, Port number: 51245, Client name: "SoftEther VPN Client", Version: 4.19, Build: 9599) is attempting to connect to the Virtual Hub. The auth type provided is "Password authentication" and the user name is "vpnuser.
2016-02-24 11:01:32.984 [HUB "MINIVPN"] Connection "CID-10": Successfully authenticated as user "vpnuser".
2016-02-24 11:01:32.994 [HUB "MINIVPN"] Connection "CID-10": The new session "SID-VPNUSER-8" has been created. (IP address: 8.x.x.x, Port number: 51245, Physical underlying protocol: "VPN over UDP with NAT-T (IPv4)")
2016-02-24 11:01:33.004 [HUB "MINIVPN"] Session "SID-VPNUSER-8": The parameter has been set. Max number of TCP connections: 2, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2016-02-24 11:01:33.004 [HUB "MINIVPN"] Session "SID-VPNUSER-8": VPN Client details: (Client product name: "SoftEther VPN Client", Client version: 419, Client build number: 9599, Server product name: "SoftEther VPN Server (64 bit)", Server version: 419, Server build number: 9599, Client OS name: "Windows 8.1", Client OS version: "Build 9600, Multiprocessor Free (9600.winblue_ltsb.160119-0600)", Client product ID: "--", Client host name: "bootcamp.mynetwork.net", Client IP address: "172.x.x.x", Client port number: 51245, Server host name: "forest.mynetwork.net", Server IP address: "100.x.x.x", Server port number: 443, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "MINIVPN", Client unique ID: "CEEA5C29AC9B6E70720B9C761C2F48D0")

Here is a strange thing; it already created CID-10 and then creates CID-11. Then it says CID-11 has been terminated yet the session is up and active.

2016-02-24 11:01:38.208 On the TCP Listener (Port 0), a Client (IP address 8.x.x.x, Host name "8.x.x.x", Port number 56574) has connected.
2016-02-24 11:01:38.208 For the client (IP address: 8.x.x.x, host name: "8.x.x.x", port number: 56574), connection "CID-11" has been created.
2016-02-24 11:01:38.239 SSL communication for connection "CID-11" has been started. The encryption algorithm name is "AES128-SHA".
2016-02-24 11:01:38.291 Connection "CID-11" has been terminated.
2016-02-24 11:01:55.280 [HUB "MINIVPN"] Session "SID-LOCALBRIDGE-1": The DHCP server of host "00-26-62-3D-AF-B5" (192.168.1.1) on this session allocated, for host "SID-VPNUSER-8" on another session "00-AC-B6-92-FA-92", the new IP address 192.168.1.179.

(session came up, worked well. tested access to my internal network then I shut down the connection):

2016-02-24 11:13:59.705 [HUB "MINIVPN"] Session "SID-VPNUSER-8": The session has been terminated. The statistical information is as follows: Total outgoing data size: 1488172 bytes, Total incoming data size: 40841354 bytes.
2016-02-24 11:13:59.729 Connection "CID-10" terminated by the cause "The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2016-02-24 11:13:59.729 Connection "CID-10" has been terminated.
2016-02-24 11:13:59.729 The connection with the client (IP address 8.x.x.x, Port number 51245) has been disconnected.

PaulC
Posts: 26
Joined: Mon Nov 02, 2015 12:18 am

Re: Cannot connect using iPhone

Post by PaulC » Fri Feb 26, 2016 3:42 pm

See here: - http://www.vpnusers.com/viewtopic.php?f=7&t=5581

It seems that iOS and android devices struggle to get a DHCP IP address when using a DHCP server that's not provided by SecureNAT

if you configure DHCP there, it should work.

Rgds

paul

dmun
Posts: 4
Joined: Wed Feb 24, 2016 3:13 pm

Re: Cannot connect using iPhone

Post by dmun » Fri Feb 26, 2016 4:01 pm

Thanks for the reply Paul. I'd like to avoid double NAT if at all possible (NAT at the vpn hub then NAT at my border router).
And to be clear, L2TP doesn't work for me with Windows either (via Windows built-in L2TP client) so I think this is more of an issue with the L2TP implementation in general than just with iOS/Android clients.

This weekend I may have some time to get some packet dumps between softether and the dhcp server to see if we can identify any unusual behavior. I'm up for getting this to work instead of switching to something even the FAQ recommends against using; "The performance of SecureNAT is lower than Local Bridge, and it consumes much of CPU time. You should not use SecureNAT except very limited situation."

I realize this may be a limited situation but I like to squash bugs instead of avoiding them :) My guess (complete guess), based upon looking at the timestamps, is that there is some sort of timeout with the DHCP request because the logs show it times out after about 10 seconds then less than a second later it gets an IP address. Why it's taking so long for a DHCP request is another mystery, which tcpdumps may help identify.

PaulC
Posts: 26
Joined: Mon Nov 02, 2015 12:18 am

Re: Cannot connect using iPhone

Post by PaulC » Fri Feb 26, 2016 4:04 pm

Hi,

Ah, I see. Definitely worth fixing. I believe the latest version of SoftEther gets rid of those speed issues when using SecureNAT now (it's in the changelog).

Let me know how you get on.

Captainquark
Posts: 15
Joined: Thu Jan 21, 2016 9:35 pm

Re: Cannot connect using iPhone

Post by Captainquark » Sun Feb 28, 2016 10:49 am

Sorry for the late reply, I was away for a week.
I saw that dmun already supplied the log from a working connection, but if you still need mine, I'll be happy to provide it, just let me know.

I updated my VPN Server from 4.18 build 9570 (rtm) to latest 4.19 build 9599 (beta), to no avail.

I then played around with the SecureNAT feature. I used only DHCP Server, and with that, I can establish a connection without problems. The only caveat is that I still have my own (router) DHCP in the network, which I do not want to turn off, so I had to take a different subnet for the Softether DHCP Server (I accepted the default ...30.1). So I can connect my Softether server, but I am stuck there, as all my local PCs and Servers are in the 192.168.1.x subnet. Can you please tell me how to "bridge" the 30.x to the 1.x subnet? I tried using the static route table in SecureNAT, but honestly, I don't understand enough of this to know what to enter there. All I tried did not work... Can you please help me with that?
I am willing to use the SecureNAT feature, as this is a home network and I am the only one connecting to it, so performance is not really an issue for me.
Thanks!

Captainquark
Posts: 15
Joined: Thu Jan 21, 2016 9:35 pm

Re: Cannot connect using iPhone

Post by Captainquark » Sun Feb 28, 2016 10:53 am

Oups... got conflicts with two DHCP Servers in the same network... all my home PC's got an IP from the Softether DHCP :-) had to turn it off again... need to give this some more thought, I guess. Any help appreciated, thanks!

mark.barl
Posts: 7
Joined: Thu Mar 17, 2016 2:28 pm

Re: Cannot connect using iPhone

Post by mark.barl » Thu Mar 17, 2016 3:01 pm

When testing my iphone L2TP connection I found it was using UDP 1701 in addition to 500 & 4500. I also had a problem that I discovered the iphone doesn't like some non alphanumeric characters in the secret. I removed them and hey presto.

Captainquark
Posts: 15
Joined: Thu Jan 21, 2016 9:35 pm

Re: Cannot connect using iPhone

Post by Captainquark » Thu Mar 17, 2016 7:10 pm

Guys,
Thanks for your suggestions. Unfortunately, it did not help me, either.
- I have correctly bridget my Virtual Hub (otherwise, I would not be able to connect using my PC, I guess)
- UDP 1701 was already forwarded on my router.
- My Secret only contains alphanumeric characters. Just for the sake of it, I changed it briefly to "VPN", to no avail.
Kind regards,
Cap'

Captainquark
Posts: 15
Joined: Thu Jan 21, 2016 9:35 pm

Re: Cannot connect using iPhone

Post by Captainquark » Sat Mar 26, 2016 9:45 am

All,
Thanks for trying to help, but I've given up and switched to OpenVPN. Worked like a charm, out of the box.
Cheers,
Cap'

Post Reply