Access VPN network from server

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
wquintal
Posts: 2
Joined: Fri Mar 17, 2017 12:58 pm

Access VPN network from server

Post by wquintal » Fri Mar 17, 2017 1:13 pm

Hi , i'm running a Soft Ether VPN server on FreeBSD with Digital Ocean. My issue is that i have a web server connect to my vpn network witch is located inside my home behind a firewall and a nginx server on the FreeBSD machine for reverse proxy to the web server but i cant route the packet from the server because softether does not create a interface like OpenVPN would do (i used that before for the same purpose) or create rout. What are the option to overcome this issue ? a new virtual adapter with a bridge on it ?

moatazelmasry
Posts: 336
Joined: Sat Aug 15, 2015 7:41 pm

Re: Access VPN network from server

Post by moatazelmasry » Fri Mar 17, 2017 9:53 pm

Yes you can try creating a bridge, or you can try a tap device, but I'm not sure you can do this on digitalocean

wquintal
Posts: 2
Joined: Fri Mar 17, 2017 12:58 pm

Re: Access VPN network from server

Post by wquintal » Fri Mar 17, 2017 10:21 pm

Yes i can load the kernel module and create a tap adapter , set the bridge on my tap0 device on the Server Manager from windows. Where im stuck is should i assign the same ip adresse as the gateway on the tap0 device with the route to the network but i think is not good to assigne ip adresse to bridge ?

Instead i try to only add a route but this doesn't work

[... ifconfig ... ]
tap0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether 00:bd:7b:2a:11:00
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
groups: tap
➜ ~ sudo route add -host 10.1.8.1 -interface tap0
Password:
add host 10.1.8.1: gateway tap0
➜ ~ ping 10.1.8.1
PING 10.1.8.1 (10.1.8.1): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 10.1.8.1 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss

10.1.8.0/24 is the vpn network and 10.1.8.1 is the ip adresse of the nat

this is the routing table

Routing tables

Internet:
Destination Gateway Flags Netif Expire
default X.X.X.X UGS vtnet0
10.1.8.0/24 00:bd:7b:2a:11:00 US tap0
10.1.8.1 00:bd:7b:2a:11:00 UHS tap0

moatazelmasry
Posts: 336
Joined: Sat Aug 15, 2015 7:41 pm

Re: Access VPN network from server

Post by moatazelmasry » Sun Mar 19, 2017 11:33 am

No, do not assign an IP to the bride.

One thing to be aware of, is that the bridge tun/tap documentation is talking about Linux, not FreeBSD, so this might not be tested.

I don't fully understand your environment. You have SE installed on FreeBSD on DigitalOcean.
You have a VPN Server at Home, which is behind a NAT.

You are trying to achieve a site to site VPN connection? Is that right?

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Access VPN network from server

Post by thisjun » Thu Mar 30, 2017 6:47 am

Tap mode localbridge isn't supported in FreeBSD.
Please try prepare 2 NICs on same switch, and create localbridge to one of them and assign an IP address to the other.

Post Reply