How to escape from Client Mode trap ?
Posted: Tue Mar 07, 2017 5:33 pm
Hi SoftEther Guru,
I need your advised expertise to escape from Client Mode nightmare.
1. Installed SoftEther Server on Linux Ubuntu 16.10 on AWS.
2. Configured SecureNat with DHCP and no NAT.
3. Created a TAP device and added to a local bridge in HUB.
4. Connected from a Mikrotik router (MT) as client using plain L2TP.
-> Session opens in client mode, got basic connectivity SE <-> MT using the DHCP addresses served, but I need way more ! I need to allow the TAP interface to communicate with MT, isn't the local bridge supposed to make this happen ?
However, according to manual chapter 1.6.8, there is some built-in security feature to prevent multiple MAC on the client, but apparently there is some (not so well documented) limitation also on the server side. What is sure is that the local server bridge is not working, no matter what IP addresses I set, there is no packet received either side according to tcpdump, no arp request.
I suspect strongly the "Client Mode" of the session to be the culprit.
As I don't want the built-in security "feature" at all for my project, I'm looking for ways to either:
A) Force another session mode (in server configuration only)
B) Disable this security feature (since step 2 does not do the trick)
C) Provide a bidir IP point to point connection from TAP interface to Mikrotik
Thanks for your help and pointers.
I need your advised expertise to escape from Client Mode nightmare.
1. Installed SoftEther Server on Linux Ubuntu 16.10 on AWS.
2. Configured SecureNat with DHCP and no NAT.
3. Created a TAP device and added to a local bridge in HUB.
4. Connected from a Mikrotik router (MT) as client using plain L2TP.
-> Session opens in client mode, got basic connectivity SE <-> MT using the DHCP addresses served, but I need way more ! I need to allow the TAP interface to communicate with MT, isn't the local bridge supposed to make this happen ?
However, according to manual chapter 1.6.8, there is some built-in security feature to prevent multiple MAC on the client, but apparently there is some (not so well documented) limitation also on the server side. What is sure is that the local server bridge is not working, no matter what IP addresses I set, there is no packet received either side according to tcpdump, no arp request.
I suspect strongly the "Client Mode" of the session to be the culprit.
As I don't want the built-in security "feature" at all for my project, I'm looking for ways to either:
A) Force another session mode (in server configuration only)
B) Disable this security feature (since step 2 does not do the trick)
C) Provide a bidir IP point to point connection from TAP interface to Mikrotik
Thanks for your help and pointers.