Adding DHCP server to SE vpn

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Mada
Posts: 102
Joined: Sat Jun 20, 2015 9:40 am

Adding DHCP server to SE vpn

Post by Mada » Mon Feb 20, 2017 4:13 pm

Hi,

how should I proceed to set up my own DHCP server? I am using the built in now.

I am on Xubuntu 16.10 and I tried to use the isc-dhcp-server.

I have 2 nics. NIC1 to the internet. NIC2 to the local network. NIC2 is bridged in SE to the virtual hub. NIC2 has ip 0.0.0.0

I also have created a tap device in SE bridged to the virtual hub. Tap device has valid ip etc.

I talk to the tap device from the local network when I need to configure the server.

The DHCP server starts without errors and operate on the tap device. But I am not getting any ip addresses to my clients.

Thanks,

moatazelmasry
Posts: 336
Joined: Sat Aug 15, 2015 7:41 pm

Re: Adding DHCP server to SE vpn

Post by moatazelmasry » Tue Feb 21, 2017 12:01 pm

I haven't done it myself, so I'll try to just guess here :)

My guess is that you have to configure DHCP to listen on NIC1. Since this is the default gateway, so this should be safer than other options.

Here's a tutorial on how to use dhcp and isc-dhcp-relay agent.
https://help.ubuntu.com/community/isc-dhcp-server

If you follow this tutorial, then you don't need to specify a NIC, since NIC1 will be picked up automatically as eth0 (default gateway).

If this does not work, then try listening on multiple interfaces NIC1, NIC2, TAP, whatever needed ...

nano -w /etc/default/isc-dhcp-server
INTERFACES="wlan0 eth0"

Cheers,
Moataz

Mada
Posts: 102
Joined: Sat Jun 20, 2015 9:40 am

Re: Adding DHCP server to SE vpn

Post by Mada » Tue Feb 21, 2017 4:05 pm

Hi, thanks for the reply.

Well, but NIC1 has a public ip. The machines needing ip from dhcp is on NIC2 (or attached to it by SE virtual hub) witch is on a private subnet. SE does NT between the two but that wont work before the client has an ip? And it won´t work for dhcp request broadcast?

Do I want to expose my dhcp to the internet? How will that work with the dhcp server of the isp?

Thanks

moatazelmasry wrote:
> I haven't done it myself, so I'll try to just guess here :)
>
> My guess is that you have to configure DHCP to listen on NIC1. Since this
> is the default gateway, so this should be safer than other options.
>
> Here's a tutorial on how to use dhcp and isc-dhcp-relay agent.
> https://help.ubuntu.com/community/isc-dhcp-server
>
> If you follow this tutorial, then you don't need to specify a NIC, since
> NIC1 will be picked up automatically as eth0 (default gateway).
>
> If this does not work, then try listening on multiple interfaces NIC1,
> NIC2, TAP, whatever needed ...
>
> nano -w /etc/default/isc-dhcp-server
> INTERFACES="wlan0 eth0"
>
> Cheers,
> Moataz

moatazelmasry
Posts: 336
Joined: Sat Aug 15, 2015 7:41 pm

Re: Adding DHCP server to SE vpn

Post by moatazelmasry » Thu Feb 23, 2017 5:05 pm

Sorry to get back late to you regarding this issue.

I think you need to bind the dhcp to the tap device, not to NIC1.
I found some nice discussion and blog:
viewtopic.php?t=2832&p=14273
http://blog.lincoln.hk/blog/2013/05/17/ ... al-bridge/

This blog uses a tap device for bridging and bind this setup to an actual dhcp server. I think this is similar to what you are trying to achieve

Also you mention your NIC2 has the ip 0.0.0.0, this is probably very wrong

Cheers

Mada
Posts: 102
Joined: Sat Jun 20, 2015 9:40 am

Re: Adding DHCP server to SE vpn

Post by Mada » Fri Feb 24, 2017 9:20 am

N.p. this is somewhat of a project for me. I´m going to have to find time to bring the server to my workbench. I tend to lose contact with it when trying out configurations :)

Adding the dhcp to the tap is what I did. However, I didn't get reply's from the computers attached to nic2. Nic2 and tap device is bridged to the same virtual hub.

The tap device was created by softether (in the bridge dialog) and I saw that the network service (systemd) logged errors concering that tap device. I am going to try to create the tap in the operating system first and then bridge it in SE. Maybe that works better.

SE manual advice 0.0.0.0 as ip:

"For Linux and Solaris, it is possible to use the [ifconfig] command to obtain a result equivalent to assigning an IP address of 0.0.0.0 to the local bridge network adapter."

At least it is what I think it says. I have had intermittent problems with that config.



moatazelmasry wrote:
> Sorry to get back late to you regarding this issue.
>
> I think you need to bind the dhcp to the tap device, not to NIC1.
> I found some nice discussion and blog:
> viewtopic.php?t=2832&p=14273
> http://blog.lincoln.hk/blog/2013/05/17/ ... al-bridge/
>
> This blog uses a tap device for bridging and bind this setup to an actual
> dhcp server. I think this is similar to what you are trying to achieve
>
> Also you mention your NIC2 has the ip 0.0.0.0, this is probably very wrong
>
> Cheers

moatazelmasry
Posts: 336
Joined: Sat Aug 15, 2015 7:41 pm

Re: Adding DHCP server to SE vpn

Post by moatazelmasry » Fri Feb 24, 2017 10:15 am

This is an interesting problem actually :)

I need to tinker around myself and try to find a solution. let me know if you found a workaround

Mada
Posts: 102
Joined: Sat Jun 20, 2015 9:40 am

Re: Adding DHCP server to SE vpn

Post by Mada » Tue Feb 28, 2017 12:13 pm

So, I gave up on having 0.0.0.0 as IP.

I set:

NIC2 with a private ip.
DHCP server operating on NIC2
iptables doing NAT.

SE has NIC2 bridged. No secureNAT and no DHCP from SE.

This seems to work. No performance problems so far.

Mada
Posts: 102
Joined: Sat Jun 20, 2015 9:40 am

Re: Adding DHCP server to SE vpn

Post by Mada » Fri Mar 24, 2017 10:17 pm

So, my solution doesn't really work.

When I am offsite I get no reply from default gateway. Strangely enough I do get DHCP reply and I do get the address etc.

Soft-ether is bridged to the nic1 being default gateway.

My guess here is that softether process outputs a packet on the nic1. The packet is from my offsite location. And it is destined for the default gateway,, so in this case destined for the same nic1 that softether outputs it on?

And this will never work?

This must be a common problem? How do you overcome it?

Mada wrote:
> So, I gave up on having 0.0.0.0 as IP.
>
> I set:
>
> NIC2 with a private ip.
> DHCP server operating on NIC2
> iptables doing NAT.
>
> SE has NIC2 bridged. No secureNAT and no DHCP from SE.
>
> This seems to work. No performance problems so far.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Adding DHCP server to SE vpn

Post by thisjun » Thu Apr 06, 2017 7:31 am

If tap has private IP address, DHCP should listen only on tap.

Post Reply