Only softether client software can connect to server

[FabioPD]

Hi all, I set up a Vpn server on a win machine.
My problem is that I'm able to connect to it only using the Softether client software for windows (works both with and without vpnAzure but not without Nat-T); if I try to use the embedded Vpn client on win or the one of iPhone-iPad or even tunnelblink for my Mac, I can't establish the connection. The error says that the server was not find.
I already forwarded 500 and 4500 to the Vpn server.
Do you have any suggestion?

[Petrol]

Hello,

For the L2TP protocol to work (the built in windows, IOS, android clients), you also need to open the UDP port 1701.

[FabioPD]

Hi and thanks for the answer.
I already did that as well - didn't write that because I read that according to some other guy it's not necessary. But in any case it's already open that port as well. I still can't understand why ONLY Softether client software works..

[Petrol]

Make sure you have enabled l2tp support on the server. It is disabled by default.

please check this page from the manual :

https://www.softether.org/4-docs/2-howt ... VPN_Server

[FabioPD]

Yeah, everything is enabled.

Here is the question:

Would this kind of clients (not using Softether client software) work behind NAT? I forwarded ports on my router but of course I cannot work on the NAT of my IPS...does my question make sense?

Thanks

[FabioPD]

up.
thanks

[thisjun]

Does router WAN port have global IP address?

[FabioPD]

Nope, It has a private dynamic ip since there is NAT from my ISP!!! Is this the problem?

[thisjun]

I think so.

[FabioPD]

But then what is special in Softether Client compared to other softwares?

I tried to establish a PPTP VPN (which should support NAT-T) from my iPhone and iPad but they don't work..

[thisjun]

I recommend that you should use cloud server for VPN server.

[FabioPD]

Hi, what do you mean with cloud server? Do you mean Azure VPN or something else? thanks

[qupfer]

Petrol wrote:
> Hello,
>
> For the L2TP protocol to work (the built in windows, IOS, android clients),
> you also need to open the UDP port 1701.

No, its not. 1701 is for L2TP. But the "L2TP-Traffic" is encapsulated in IPSec.
Just UDP 500 and UDP 4500 is needed.

Can you post your ovpn-config file? And maybe you can verify with wireshark/tcpdump, that traffic "arrives" at the server then you try ipsec?
For example on server-side with tcpdump
sudo tcpdump -n -i SERVERINTERFACE "udp and (port 500 or port 4500)"
sudo tcpdump -n -i br0 "udp and (port 500 or port 4500)"


Edit: I read, you tried PPTP??? Softether Server does NOT support PPTP. Only L2TP/IPsec and SSTP.
SSTP needs a valid Certificate on Clients....so thats not that easy to configure.
I recommend OpenVPN in TCP-Mode at Port 443. Nearly as "robust" as SSTP and Softether against (simple) Firewalls, but works on Windows/Linux/OSX/iOS and Android.
L2TP/Ipsec works also with every Client and you can use the build-in Client, but IPsec is more often blocked by firewalls. Because many public Networks are blocking UDP-Traffic.

[thisjun]

I think your network environment is not suitable for VPN server.
So, please use a VPS service to install VPN server.