SoftEther OpenVPN on Centos failed dhcp responses

[midair77]

Hi all,

I have ran into a problem that is weird and I just about to give up.

I set up vpnserver and tried to use openvpn client to connect to it. For some reasons, vpnserver altered the response from dnsmasq for dhcp configuration and the route/gateway values have been wrong.

In my setup, I have eth0 as the main interface responding to vpn connections, eth1 as the local bridge to my LAN.

I use the latest softether-vpnserver-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gz or softether-vpnserver-v4.18-9570-rtm-2015.07.26-linux-x64-64bit.tar.gz and both of them seem to have the same issues.

On my server, I configured dnsmasq to response to dhcp requests from tap_eth1 and here is the config for that dnsmasq server.

#dnsmasq --help dhcp
interface=tap_eth1
dhcp-range=tap_eth1,172.16.82.10,172.16.82.254,6h

#3 router/gateway
#0.0.0.0 or the tap_eth1's ip address 172.16.82.1 still caused the same problem
dhcp-option=tap_eth1,3,0.0.0.0

#6 dns server
#dhcp-option=tap_eth1,6,172.16.82.1,8.8.8.8

#15 domain-name
#dhcp-option=tap_eth1,15,mydomain.com

dhcp-option=tap_eth1,121,172.31.0.0/29,0.0.0.0

/var/log/messages showed these:

Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 Available DHCP range: 172.16.82.10 -- 172.16.82.254
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 Vendor class: MSFT 5.0
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 DHCPREQUEST(tap_eth1) 172.16.82.249 ca:7e:6b:49:20:89
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 DHCPACK(tap_eth1) 172.16.82.249 ca:7e:6b:49:20:89
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 requested options: 1:netmask, 15:domain-name, 3:router, 6:dns-server,
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 requested options: 44:netbios-ns, 46:netbios-nodetype, 47:netbios-scope,
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 requested options: 31:router-discovery, 33:static-route, 121:classless-static-route,
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 requested options: 249, 43:vendor-encap
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 tags: tap_eth1
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 next server: 172.16.82.1
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 sent size: 1 option: 53:message-type 05
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 sent size: 4 option: 54:server-identifier 172.16.82.1
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 sent size: 4 option: 51:lease-time 00:00:54:60
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 sent size: 4 option: 58:T1 00:00:2a:30
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 sent size: 4 option: 59:T2 00:00:49:d4
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 sent size: 4 option: 1:netmask 255.255.255.0
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 sent size: 4 option: 28:broadcast 172.16.82.255
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 sent size: 4 option: 6:dns-server 172.16.82.1
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 sent size: 13 option: 15:domain-name mydomain.com
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 sent size: 9 option:121:classless-static-route 1d:ac:1f:00:00:00:00:00:00
Feb 3 23:04:57 softether0 dnsmasq-dhcp[30046]: 707866862 sent size: 4 option: 3:router 172.16.82.1

###################################################################
Here are logs in server_log

2017-02-03 23:04:57.262 [HUB "mum"] Session "SID-LOCALBRIDGE-1": The DHCP server of host "00-AC-FA-24-EE-45" (172.16.82.1) on this session allocated, for host "SID-STRUONG-[OPENVPN_L3]-5" on another session "CA-7E-6B-49-20-89", the new IP address 172.16.82.249.
2017-02-03 23:04:57.262 OpenVPN Session 5 (108.116.x.x:23421 -> 172.31.14.103:1194) Channel 0: The channel becomes the established state.
2017-02-03 23:04:57.262 OpenVPN Session 5 (108.116.x.x:23421 -> 172.31.14.103:1194) Channel 0: The IP address and other network information parameters are set successfully. IP Address of Client: 172.16.82.249, Subnet Mask: 255.255.255.0, Default Gateway: 172.16.82.1, DNS Server 1: 172.16.82.1, DNS Server 2: , WINS Server 1: , WINS Server 2:
2017-02-03 23:04:57.262 OpenVPN Session 5 (108.116.x.x:23421 -> 172.31.14.103:1194) Channel 0: The full strings replied: "PUSH_REPLY,ping 3,ping-restart 10,ifconfig 172.16.82.249 172.16.82.250,dhcp-option DOMAIN paxatadev.com,dhcp-option DNS 172.16.82.1,route-gateway 172.16.82.250,redirect-gateway def1,route 172.31.0.0 255.255.255.248 vpn_gateway"

#####################
And here I connected to this using the openvpn CLI:

Fri Feb 3 15:04:58 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 172.16.82.249 172.16.82.250,dhcp-option DOMAIN mydomain.com,dhcp-option DNS 172.16.82.1,route-gateway 172.16.82.250,redirect-gateway def1,route 172.31.0.0 255.255.255.248 vpn_gateway'
Fri Feb 3 15:04:58 2017 OPTIONS IMPORT: timers and/or timeouts modified
Fri Feb 3 15:04:58 2017 OPTIONS IMPORT: --ifconfig/up options modified
Fri Feb 3 15:04:58 2017 OPTIONS IMPORT: route options modified
Fri Feb 3 15:04:58 2017 OPTIONS IMPORT: route-related options modified
Fri Feb 3 15:04:58 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Feb 3 15:04:58 2017 ROUTE_GATEWAY 10.1.16.1/255.255.252.0 IFACE=enx847beb58b946 HWADDR=84:7b:eb:58:b9:46
Fri Feb 3 15:04:58 2017 TUN/TAP device tun0 opened
Fri Feb 3 15:04:58 2017 TUN/TAP TX queue length set to 100
Fri Feb 3 15:04:58 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Feb 3 15:04:58 2017 /sbin/ip link set dev tun0 up mtu 1500
Fri Feb 3 15:04:58 2017 /sbin/ip addr add dev tun0 local 172.16.82.249 peer 172.16.82.250
Fri Feb 3 15:04:58 2017 /sbin/ip route add 35.154.130.253/32 via 10.1.16.1
Fri Feb 3 15:04:58 2017 /sbin/ip route add 0.0.0.0/1 via 172.16.82.250
Fri Feb 3 15:04:58 2017 /sbin/ip route add 128.0.0.0/1 via 172.16.82.250
Fri Feb 3 15:04:58 2017 /sbin/ip route add 172.31.0.0/29 via 172.16.82.250
Fri Feb 3 15:04:58 2017 Initialization Sequence Completed
#################################################################

Please pay close attention to 172.16.82.250. How did this happen that this IP address were passed along as reply to dhcp request to the openvpn client as the gateway. This really showed that was the case in the server_log and then in the openvpn cli output.

Because of this, I checked and I could ping 172.16.82.1 but not 172.16.82.250. And I could not find this Ip anywhere in the vpnserver...

[root@softether0 server_log]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 0a:72:d2:c3:1c:59 brd ff:ff:ff:ff:ff:ff
inet 172.31.14.103/20 brd 172.31.15.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 0a:b9:63:6a:cd:c1 brd ff:ff:ff:ff:ff:ff
inet 172.31.15.254/20 brd 172.31.15.255 scope global eth1
13: tap_eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
link/ether 00:ac:fa:24:ee:45 brd ff:ff:ff:ff:ff:ff
inet 172.16.82.1/24 scope global tap_eth1


Has anybody encountered this weirdness? I repeatedly restarted dnsmasq to make sure I did not have any tale config that was being used but I do not think that is the case.

Please help.

[thisjun]

A virtual router is created in tun(L3) mode OpenVPN. 172.16.82.250 is used by the virtual router.

I think you should use tap(L2) mode OpenVPN.