IPsec/L2TP Build-in Client Internet Access Issues (both Windows and MacOS) (Looking for fixes)

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

IPsec/L2TP Build-in Client Internet Access Issues (both Windows and MacOS) (Looking for fixes)

Post by og1 » Tue Dec 05, 2017 9:31 am

Hi all:

I've am able to log in to my SoftEther VPN Server (my SoftEther VPN server, running on VirtualBox on a Linux VM) on both the Windows (Windows 10) and Mac OS IPsec/L2TP built in clients. I don't want to use Wine on the Mac OS (not of fan of software bloat on a system....it causes more issues than it's worth) and even prefer to not have to use the SoftEther Client on Windows if I can get the IPsec client working.

In both cases, the IPsec/L2TP connection to the VPN server seems to go fine, the DHCP assigns a proper private IP address, the port forwarding through the NAT works fine, but the Internet access does not work properly. I know there's probably a work around fix by adjusting parameters on the clients and network cards, etc (similar to the workaround fix on the virtual adapter from the Windows Client). I think the Mac OS is more of an issue than the Windows Client for the IPSec/L2TP connectivity.

If anyone has the lack of Internet access fix steps for both these IPsec/L2TP clients to obtain proper Internet access via the SoftEther VPN Server (both MacOS and Windows 7 or 10) fully documented, it would be appreciated if you can share. I can share the steps I had to get the Windows Client working on the VPN Server behind a Mikrotik router/firewall NAT (which is not easy).

Thanks for your help and time. Greatly appreciated.

og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

Re: IPsec/L2TP Build-in Client Internet Access Issues (both Windows and MacOS) (Looking for fixes)

Post by og1 » Wed Dec 06, 2017 7:40 am

I made more progress on this, but it's not perfect in terms of how SoftEther should work as a layer 2 virtual network.

I decided to do a full hardware (host server) reboot. It just hit me out of nowhere to do this. I almost never have to reboot my computers anymore, living in a Linux and Mac world given both the OS's are very stable (the Mac hardware, though not bleeding edge, is rock solid) and so are most of the programs that I use. As I mentioned, I'm not big on bloated, experimental software, and I avoid Microsoft at all costs.

The resetting/restarting of the hardware NIC connected to the SoftEther VPS bridge and the virtual NIC on VirtualBox, then the virtual SoftEther hub must have fixed the IPsec/L2TP issues not accessing the Internet. And would you believe it, it worked! Both the Mac IPsec/L2TP Client and Windows IPsec/L2TP Client can access the Internet no problems (they behave very differently though). Both receiving the proper IP address from the DHCP server on my local subnet. It's infuriating that a hard reboot is required to make the SoftEther system work after all this time playing around with settings that I thought I must have made a mistake on.

Still, using the SoftEther system is not working on the server hub the way it's sold to work. The Layer 2 connectivity between any devices on my local subnet are hit and miss.

I can print now using the printer functions of Windows and Mac OS. This was a relief. If I couldn't get the basic printing going with SoftEther's virtual Layer 2 hub I was going to give up. But try to ping the private IP address of the printers? Doesn't work! I don't get it.

Other than the gateway private IP address leading out to the Internet, no other device on the network responses to a ping using it's private IP address (yes, all on the same subnet). The VPN Client connection is (both Mac OS & Windows) is attached to the SoftEther Server OK, but this virtual layer 2 hub is not doing what the documentation says it should be doing at Layer 2.

I'm sure I did something wrong, but the documentation is not clear on what to do. The MacOS IPsec/L2TP Client shows my public IP as the remote network which I believe should be the way a VPN should work. But the Windows IPsec/L2TP Client connectivity shows my public IP as the network I'm using to access the Internet, which probably should not be the case for a VPN.

Though SoftEther is working now in some cases, it's not perfect. It would be hard for me to get others to use SoftEther on their laptops as they would be running into issues all the time. I will have to keep it in the development environment. I'll give more feedback over time now that I see on GitHub that people seem serious about getting the SoftEther open source program going the way a professional open source program should work.

I still need to test SoftEther VPN remote access to a couple other computers & files on the subnet with specific applications using the layer 2 hub (all the computers are on the same private subnet).

The last remaining VPN application -> I just want to access a Mac Workstation and also a Windows 10 workstation (just access the desktop) on the subnet using SoftEther, just like any remote desktop application would! I can't figure out out to do that with SoftEther using the virtual layer 2 hub. I don't want any SoftEther client software on this workstation, it should not be needed if the virtual hub is working properly.

These are the two remaining VPN connectivity applications that I want to test with SoftEther. Any suggestions to accomplish this ultimate goal and close this round of SoftEther testing out would be appreciated. Everything I've tried so far has failed to access those computers using SoftEther (they won't even respond to a ping).

I'm trying to get the SoftEther virtual hub on the subnet to work like a hardware Ethernet switch. That's the way SoftEther is advertised from the documentation.

Thanks for the help and time.

og1
Posts: 15
Joined: Sun Nov 12, 2017 11:08 pm

Re: IPsec/L2TP Build-in Client Internet Access Issues (both Windows and MacOS) (Looking for fixes)

Post by og1 » Wed Dec 06, 2017 4:18 pm

Hi all. Some more progress and my associated notes. I hope this helps others in the future so they don't have to go through what I've gone through with SoftEther. I'd like to see this project move forward to be useful in the future to everyday people for work, research, etc..

Maybe my performance expectations of SoftEther as a Layer 2 hub (aka Ethernet switch) operating at the software level are too high.

I was able to access the application(s) on the workstations/servers on the remote private subnet after just deciding to go ahead and leave command line and try to access things using the local networking applications built into MacOS and Windows. And I was surprised those logins worked on both MacOS and Windows.

Then I noticed that the SoftEther VPN hub only updates the IP and MAC address connection tables after I used the network functions of the Mac and Windows computers. After that initial connection using the networking applications built into the computers, I was able to go to back to command line and ping the private IP address of the target computers and get a response like I should. So SoftEther's virtual hub does not work exactly like a hardware Ethernet switch. Hopefully, this functionality/performance in terms of populating the IP and Mac address connection tables on the hub can be improved in future releases. The way I would expect/hope for SoftEther's hub to work is that it would go out on it's own and populates the IP and MAC address connection tables from the local subnet on it's own. It's very confusing to determine if SoftEther is working properly when setting up a VPN Server or VPN Bridge configuration the way the SoftEther hub works right now.

SoftEther also has some stability issues and some strange behaviours I don't quite get right now. For example, performing a basic search for a particular file type or string on MacOS Finder (the file explorer for Mac OS) crashes Finder application hard. That's a big issue (people live in Finder to find their files). I'll put a bug report in for this important issue with the people working on SoftEther development at GitHub.

My main SoftEther VPN Server is at least usable now for development, not ready for prime time unfortunately. Now on to the remote sites and try to get the SoftEthe VPN Brige configuration on a Linux VPS running properly. In theory that should be easier, but that wasn't working at all before. I'll add my notes for that bridge configuration setup to a separate string.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: IPsec/L2TP Build-in Client Internet Access Issues (both Windows and MacOS) (Looking for fixes)

Post by thisjun » Wed Dec 20, 2017 4:52 am

Did you create localbridge or SecureNAT on the VPN server?

Post Reply