SoftEther DHCP Problem

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
revin
Posts: 2
Joined: Sat Feb 11, 2017 9:32 pm

SoftEther DHCP Problem

Post by revin » Sat Feb 11, 2017 10:07 pm

Hi, I'm running softether-vpnserver-v4.22-9634-beta-2016.11.27-linux-x64-64bit
managed using softether-vpn_admin_tools-v4.22-9634-beta-2016.11.27-win32
connecting from Mac OSX 10.10.5 using Viscosity 1.6.8

I want to have specific vpn client connected then acting as a DMZ server, but can't find relevant settings
And I can't find a DHCP setting to bind a static IP to specific user, nor bind to specific MAC address
so I'm not even able to use port forwarding to simulate DMZ myself
Please don't tell me that advanced tools like SoftEther just can't assign static IP addresses by itself

Anyway I also tried to configure Viscosity to use static IP address when connecting
found this: https://www.sparklabs.com/forum/viewtopic.php?t=245
say I want my static IP to be x.x.x.x, tried adding each of the following line, none works:
ifconfig x.x.x.x // grammar error
ifconfig x.x.x.x 255.255.255.0 // won't work
ifconfig x.x.x.x x.x.x.x // won't work
ifconfig x.x.x.x y.y.y.y // y.y.y.y is SoftEther's server address, won't work
ifconfig x.x.x.x y.y.y.y // y.y.y.y is SoftEther's HUB address, won't work
also tried to disable SoftEther's DHCP completely, only resulting Viscosity unable to connect

During experiment, also found a default route 192.168.254.254 is added(see attachment)
but my SoftEther HUB address is 192.168.254.1, and 192.168.254.254 is not even in DHCP pool
I'm wondering if this is normal? If not, does it caused by SoftEther or Viscosity?

1) How can I have a specific vpn client connected then acting as a DMZ server?
2) How can I assign static IP to specific vpn clients and/or MAC addresses?
3) Are the routing tables messed up?

Please note I DO UNDERSTAND that Viscosity is in no way related to SoftEther
I just put it here for completeness, and hope anyone familiar with both softwares are around to help
If you have other vpn client software that connects to SoftEther and runs on OSX 10.10.5, do suggest
Can't use OSX's built in VPN client

[attachment=0]2017-02-12_06-05-59.png[/attachment]
You do not have the required permissions to view the files attached to this post.

moatazelmasry
Posts: 336
Joined: Sat Aug 15, 2015 7:41 pm

Re: SoftEther DHCP Problem

Post by moatazelmasry » Mon Feb 13, 2017 11:56 pm

You can have your SE server acting as DMZ. where you create a local bridge. In this case any client connected to your SE server, should be able to access other machines in the same subnet as the SE server

Now for the second problem: Assigning static IPs to clients. I can think of two solutions:
1- Configure an external DHCP server, and disable the virtual DHCP functionality in SE
2- Authenticate the users using Radius. In this case you can configure radius to push whatever static IP to SE

revin
Posts: 2
Joined: Sat Feb 11, 2017 9:32 pm

Re: SoftEther DHCP Problem

Post by revin » Tue Feb 14, 2017 10:52 am

moatazelmasry wrote:
> You can have your SE server acting as DMZ. where you create a local bridge.
> In this case any client connected to your SE server, should be able to
> access other machines in the same subnet as the SE server
>
> Now for the second problem: Assigning static IPs to clients. I can think of
> two solutions:
> 1- Configure an external DHCP server, and disable the virtual DHCP
> functionality in SE
> 2- Authenticate the users using Radius. In this case you can configure
> radius to push whatever static IP to SE

Hi, thanks for the reply. I'll try to setup a local bridge, it sounds easy and promising
Using an external DHCP is ugly, I hate adding dependencies just for such small gain, I'll try other ways first

update:
I'm software developer and new to network management, so forgive me if I ask stupid questions.
After sometimes of fiddling around, still can't get port forwarding(DMZ) to work.

My Goal:
Our company have a firewall that blocks any connection from clusterA to clusterB, but allows clusterB to connect to clusterA, and allows machines on clusterA to connect to each other. I'm running a program on clusterA, and I need it to be able to connect to clusterB, my laptopZ is at clusterB.

Here is my attempted solution:
In clusterA I have two machines, machineX(with an IP address X.X.X.X which I fully controlls) and machineY(with Y.Y.Y.Y which I don't have root access).
I'm running SoftEther server on machineX, running my program on machineY.
When I connect my laptopZ to SoftEther on machineX, I got an IP address Z.Z.Z.Z.
I can setup a port forwarding from X.X.X.X:1080 to Z.Z.Z.Z:1080, so my program on machineY can connect to X.X.X.X:1080 and be connected to my laptopZ.
With Z.Z.Z.Z not being a static IP address, this fails.

I'd like basically any connections to SoftEther server's port range α~β to be forwarded to the corresponding port of the SoftEther's connected client's local ports, thus effectively making one of the clients a DMZ.

I can't see the relevance of a local bridge here: I can't modify the routing table of machineY, so if I connect to Z.Z.Z.Z directly from machineY, it will just fail isn't it?

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: SoftEther DHCP Problem

Post by thisjun » Thu Mar 02, 2017 6:08 am

I think you don't need to use NAT.
Please add static route on Laptop Z to VPN server.
After that, just assign an IP address of cluster A to virtual NIC of LaptopZ.

Post Reply