How to escape from Client Mode trap ?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
netflow
Posts: 2
Joined: Tue Mar 07, 2017 4:54 pm

How to escape from Client Mode trap ?

Post by netflow » Tue Mar 07, 2017 5:33 pm

Hi SoftEther Guru,

I need your advised expertise to escape from Client Mode nightmare.

1. Installed SoftEther Server on Linux Ubuntu 16.10 on AWS.
2. Configured SecureNat with DHCP and no NAT.
3. Created a TAP device and added to a local bridge in HUB.
4. Connected from a Mikrotik router (MT) as client using plain L2TP.

-> Session opens in client mode, got basic connectivity SE <-> MT using the DHCP addresses served, but I need way more ! I need to allow the TAP interface to communicate with MT, isn't the local bridge supposed to make this happen ?

However, according to manual chapter 1.6.8, there is some built-in security feature to prevent multiple MAC on the client, but apparently there is some (not so well documented) limitation also on the server side. What is sure is that the local server bridge is not working, no matter what IP addresses I set, there is no packet received either side according to tcpdump, no arp request.

I suspect strongly the "Client Mode" of the session to be the culprit.

As I don't want the built-in security "feature" at all for my project, I'm looking for ways to either:
A) Force another session mode (in server configuration only)
B) Disable this security feature (since step 2 does not do the trick)
C) Provide a bidir IP point to point connection from TAP interface to Mikrotik

Thanks for your help and pointers.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: How to escape from Client Mode trap ?

Post by thisjun » Thu Mar 16, 2017 6:53 am

L2 mode OpenVPN can connect to the SoftEther VPN Server with bridge mode.

netflow
Posts: 2
Joined: Tue Mar 07, 2017 4:54 pm

Re: How to escape from Client Mode trap ?

Post by netflow » Fri Mar 17, 2017 6:50 pm

Thanks for your reply.

OpenVPN over UDP is not supported on Mikrotik routers and I do not want to use any tunnels in TCP for my project.

I am no longer using SoftEther and now use standard/raw Linux server solutions as I can fully control them.

Post Reply