Why MAC address of users changes?

[kzmo]

Hi,

I'm trying to setup SE server with OpenVPN enabled (as teltonika RUT200 has simple setup for OpenVPN). I'm using SE server 4.40.
I want to have static IP for each of the clients that connect to SE via OpenVPN.
I setup OpenDHCPServer alongside to assign IPs and it works OK.
I've set the MAC:... address for one user, meaning I've put:

Code: Select all

MAC:ae:00:00:00:00:01

in the Note field for the user.
However, when client connects to it, I almost always see two or three MACs for this client:

Code: Select all

ae:00:00:00:00:01
ae:00:00:00:00:02

Why is that? It prevents DHCP to correctly assign IP, as they changes.
Is there a way to have MAC address always fixed?

thank you and all the best
Chris

[solo]

Version 4.40 does not exist. Try v4.44, v5.x, then report it here https://github.com/SoftEtherVPN/SoftEtherVPN/issues

[kzmo]

Version 4.40 does not exist. Try v4.44, v5.x, then report it here https://github.com/SoftEtherVPN/SoftEtherVPN/issues

Right, sorry it is 4.41.
But I will try v4.44 as suggested.

[kzmo]

So I've updated to version 4.44 build 9807 RTM and I still see 2 MAC addresses for one user, even if I've put in the Note field:

Code: Select all

MAC:DE:AD:00:00:01:01

I see it has MAC addresses:

Code: Select all

MAC:DE:AD:00:00:01:01
MAC:DE:AD:00:00:01:02

Am I doing something wrong? Where in the source code it is happening? I checked the source code and I couldn't easily find this situation. I found that when MAC is specified in Note field, then this MAC is being used directly as is, but I couldn't find where and why the second MAC (incremented by 1) it's assigned.

[solo]

Am I doing something wrong?

Yes, your DHCP server is either misconfigured or dysfunctional.

Code: Select all

Open DHCP Server DYNAMIC


SessionList command - Get List of Connected Sessions
Item            |Value
----------------+--------------------
Session Name    |SID-LOCALBRIDGE-1
VLAN ID         |-
Location        |Local Session
User Name       |Local Bridge
Source Host Name|Ethernet Bridge
TCP Connections |None
Transfer Bytes  |24,085
Transfer Packets|457
----------------+--------------------
Session Name    |SID-1-[OPENVPN_L3]-3
VLAN ID         |-
Location        |Local Session
User Name       |1
Source Host Name|localhost
TCP Connections |1 / 1
Transfer Bytes  |3,138
Transfer Packets|10


MacTable command - Get the MAC Address Table Database
Item        |Value
------------+--------------------
ID          |3948334459
Session Name|SID-LOCALBRIDGE-1
VLAN ID     |-
MAC Address |02-00-4C-4F-4F-50
Created at  |2025-05-21 09:41:22
Updated at  |2025-05-21 10:00:33
Location    |On 'DC22'
------------+--------------------
ID          |2076634987
Session Name|SID-1-[OPENVPN_L3]-3
VLAN ID     |-
MAC Address |AE-00-00-00-00-01
Created at  |2025-05-21 09:47:29
Updated at  |2025-05-21 09:47:29
Location    |On 'DC22'
------------+--------------------
ID          |2076634987
Session Name|SID-1-[OPENVPN_L3]-3
VLAN ID     |-
MAC Address |AE-00-00-00-00-02
Created at  |2025-05-21 09:47:29
Updated at  |2025-05-21 09:47:29
Location    |On 'DC22'
------------+--------------------
ID          |2076634987
Session Name|SID-1-[OPENVPN_L3]-3
VLAN ID     |-
MAC Address |AE-00-00-00-00-03
Created at  |2025-05-21 09:47:29
Updated at  |2025-05-21 09:47:29
Location    |On 'DC22'



IpTable command - Get the IP Address Table Database
Item        |Value
------------+--------------------
ID          |264036810
Session Name|SID-LOCALBRIDGE-1
IP Address  |192.168.0.1
Created at  |2025-05-21 09:41:22
Updated at  |2025-05-21 10:01:09
Location    |On 'DC22'
------------+--------------------
ID          |3051396890
Session Name|SID-1-[OPENVPN_L3]-3
IP Address  |192.168.0.17 (DHCP)
Created at  |2025-05-21 09:47:29
Updated at  |2025-05-21 09:47:29
Location    |On 'DC22'


[21-May-25 09:39:36] Open DHCP Server Version 1.81 Windows Build 1055 (32bit) Starting...
...
[21-May-25 09:46:32] Lease Status URL: http://127.0.0.1:6789
[21-May-25 09:46:32] Listening On: 192.168.0.1
[21-May-25 09:47:29] Host ae:00:00:00:00:03 (Hostae0000000003) allotted 192.168.0.17 for 36000 seconds

Confirmed, it's exactly as you described. Next, the same setup but with Static Client DHCP assignment.

Code: Select all

Open DHCP Server STATIC


VPN Server/VPN>SessionList
SessionList command - Get List of Connected Sessions
Item            |Value
----------------+--------------------
Session Name    |SID-LOCALBRIDGE-1
VLAN ID         |-
Location        |Local Session
User Name       |Local Bridge
Source Host Name|Ethernet Bridge
TCP Connections |None
Transfer Bytes  |36,826
Transfer Packets|728
----------------+--------------------
Session Name    |SID-1-[OPENVPN_L3]-4
VLAN ID         |-
Location        |Local Session
User Name       |1
Source Host Name|localhost
TCP Connections |1 / 1
Transfer Bytes  |1,258
Transfer Packets|4


MacTable command - Get the MAC Address Table Database
Item        |Value
------------+--------------------
ID          |3948334459
Session Name|SID-LOCALBRIDGE-1
VLAN ID     |-
MAC Address |02-00-4C-4F-4F-50
Created at  |2025-05-21 09:41:22
Updated at  |2025-05-21 10:11:37
Location    |On 'DC22'
------------+--------------------
ID          |2076634987
Session Name|SID-1-[OPENVPN_L3]-4
VLAN ID     |-
MAC Address |AE-00-00-00-00-01
Created at  |2025-05-21 10:09:28
Updated at  |2025-05-21 10:09:28
Location    |On 'DC22'


IpTable command - Get the IP Address Table Database
Item        |Value
------------+--------------------
ID          |264036810
Session Name|SID-LOCALBRIDGE-1
IP Address  |192.168.0.1
Created at  |2025-05-21 09:41:22
Updated at  |2025-05-21 10:12:08
Location    |On 'DC22'
------------+--------------------
ID          |1252577960
Session Name|SID-1-[OPENVPN_L3]-4
IP Address  |192.168.0.9 (DHCP)
Created at  |2025-05-21 10:09:28
Updated at  |2025-05-21 10:09:28
Location    |On 'DC22'


[21-May-25 10:09:11] Open DHCP Server Version 1.81 Windows Build 1055 (32bit) Starting...
...
[21-May-25 10:09:11] Lease Status URL: http://127.0.0.1:6789
[21-May-25 10:09:11] Listening On: 192.168.0.1
[21-May-25 10:09:28] Host ae:00:00:00:00:01 (Hostae0000000001) allotted 192.168.0.9 for 36000 seconds

In conclusion, the "phenomenon" disappears when DHCP is set up as intended - specifically...

...you can fix the user's IP address by configuring the static IP address reserve list hosted by the existing DHCP server (e.g. Linux dhcpd or Windows DHCP Service) on the target local-area network which the Virtual Hub is connected with the Local Bridge function. To fix the IP addresses assignment by the DHCP server you need to configure the "Static IP address reserve list" function (the function name may vary on each DHCP server product). You need to refer the document of your DHCP Server to configure the static IP address reserve list.

https://www.softether.org/5-download/history

[kzmo]

Thanks for the followup.
I have updated Open DHCP Server to newest version:

Code: Select all

[21-May-25 15:11:26] Open DHCP Server Version 2.01 Windows Build 1062 Starting...
[21-May-25 15:11:26] Starting DHCP Service

And I have set this in ODS ini file:

Code: Select all

[RANGE_SET]
DHCPRange=192.168.30.20-192.168.30.30 

[de:ad:00:00:02:01]
IP=192.168.30.110

[de:ad:00:00:02:02]
IP=192.168.30.111

When my Teltonika router connects over GSM I see in Open DCHP Logs:

Code: Select all

[21-May-25 15:13:58] DHCPDISCOVER for de:ad:00:00:02:01 () from interface 192.168.30.2 received
[21-May-25 15:13:58] Host de:ad:00:00:02:01 (Hostdead00000201) offered 192.168.30.110
[21-May-25 15:13:58] DHCPDISCOVER for de:ad:00:00:02:02 () from interface 192.168.30.2 received
[21-May-25 15:13:58] Host de:ad:00:00:02:02 (Hostdead00000202) offered 192.168.30.111
[21-May-25 15:13:58] DHCPDISCOVER for de:ad:00:00:02:03 () from interface 192.168.30.2 received
[21-May-25 15:13:58] Host de:ad:00:00:02:03 (Hostdead00000203) offered 192.168.30.21
[21-May-25 15:13:58] DHCPREQUEST for de:ad:00:00:02:03 () from interface 192.168.30.2 received
[21-May-25 15:13:58] Host de:ad:00:00:02:03 (Hostdead00000203) allotted 192.168.30.21 for 300 seconds

So it assigns proper IP 192.168.30.110 for de:ad:00:00:02:01 but then it does DISCOVER again and again and then it does DHCPREQUEST.
In SE logs (redacted sensitive data):

Code: Select all

2025-05-21 15:33:52.052 [HUB "xx"] The connection "CID-2576-CBB9375263" (IP address: xxxx, Host name: xxxxx, Port number: 18377, Client name: "OpenVPN Client", Version: 4.44, Build: 9807) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "xxxxx".
2025-05-21 15:33:52.052 [HUB "xx"] Connection "CID-2576-CBB9375263": Successfully authenticated as user "xx".
2025-05-21 15:33:52.052 [HUB "xx"] Connection "CID-2576-CBB9375263": The new session "SID-xxxx-OPENVPN_L3]-25" has been created. (IP address: xxx, Port number: 18377, Physical underlying protocol: "Legacy VPN - OPENVPN_L3")
2025-05-21 15:33:52.052 [HUB "xx"] Session "SID-xxx-[OPENVPN_L3]-25": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2025-05-21 15:33:52.053 [HUB "xx"] Session "SID-xxx-[OPENVPN_L3]-25": VPN Client details: (Client product name: "OpenVPN Client", Client version: 444, Client build number: 9807, Server product name: "SoftEther VPN Server (64 bit)", Server version: 444, Server build number: 9807, Client OS name: "OpenVPN Client", Client OS version: "-", Client product ID: "-", Client host name: "", Client IP address: "xxx", Client port number: 18377, Server host name: "xxx", Server IP address: "xxx", Server port number: 1194, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "xxx", Client unique ID: "B81694B1E9B85B23B682F501AC955CCD")
2025-05-21 15:33:52.059 [HUB "xx"] Session "SID-LOCALBRIDGE-1": The DHCP server of host "00-50-56-39-71-67" (192.168.30.2) on this session allocated, for host "SID-xxx-[OPENVPN_L3]-25" on another session "DE-AD-00-00-02-03", the new IP address 192.168.30.21.

So in last line it just uses DE-AD-00-00-02-03 MAC, not DE-AD-00-00-02-01.
Why SE is incrementing MAC? And where does it happen?

thanks!

[solo]

This will fix it:

Code: Select all

[de:ad:00:00:02:01]
IP=192.168.30.3

[de:ad:00:00:02:02]
IP=192.168.30.4

Please enter it exactly as above. If you don't like it, ask for a better solution here https://github.com/SoftEtherVPN/SoftEtherVPN/issues
;-)

[kzmo]

Thanks again.

I entered the settings as you suggested:

Code: Select all

[de:ad:00:00:02:01]
IP=192.168.30.3

[de:ad:00:00:02:02]
IP=192.168.30.4

[de:ad:00:00:02:03]
IP=192.168.30.5

but still is the same - several DHCPDISCOVER with different MACs and then DHCPREQUEST:

Code: Select all

[22-May-25 08:51:52] DHCPDISCOVER for de:ad:00:00:02:01 () from interface 192.168.30.2 received
[22-May-25 08:51:52] Host de:ad:00:00:02:01 (Hostdead00000201) offered 192.168.30.3
[22-May-25 08:51:52] DHCPDISCOVER for de:ad:00:00:02:02 () from interface 192.168.30.2 received
[22-May-25 08:51:52] Host de:ad:00:00:02:02 (Hostdead00000202) offered 192.168.30.4
[22-May-25 08:51:52] DHCPDISCOVER for de:ad:00:00:02:03 () from interface 192.168.30.2 received
[22-May-25 08:51:52] Host de:ad:00:00:02:03 (Hostdead00000203) offered 192.168.30.5
[22-May-25 08:51:52] DHCPREQUEST for de:ad:00:00:02:03 () from interface 192.168.30.2 received
[22-May-25 08:51:52] Host de:ad:00:00:02:03 (Hostdead00000203) allotted 192.168.30.5 for 300 seconds

I will ask on github then, thanks.

[solo]

I will ask on github then, thanks.

It's a hilarious bug. Please check the following combination which is 100% reliable in my tests:

Code: Select all

[ae:00:00:00:00:01]
IP=192.168.0.9

[ae:00:00:00:00:01] with double-digit IP like 192.168.x.xx or 192.168.xx.x or 192.168.xx.xx produce double-MACs

But using your [de:ad:00:00:02:01] generates an incredible number of MACs.
...

dhcp.png

.

[kzmo]

Hmm still having the same issue.

I've added 192.168.9.2 as my server's another IP address (it also has 192.168.30.2).

In OpenDHCPServer I'm listening on:

Code: Select all

[22-May-25 13:50:45] Listening On: 192.168.9.2
[22-May-25 13:50:45] Listening On: 192.168.30.2

And I've set:

Code: Select all

[ae:00:00:00:00:01]
IP=192.168.9.3

In SE user Note:

Code: Select all

MAC:AE:00:00:00:00:01

And still I get serveral MACs for this client when connected:

Code: Select all

AE-00-00-00-00-01
AE-00-00-00-00-02
AE-00-00-00-00-03

And in DHCP log:

Code: Select all

[22-May-25 13:50:45] Listening On: 192.168.9.2
[22-May-25 13:50:45] Listening On: 192.168.30.2
[22-May-25 13:50:58] DHCPDISCOVER for ae:00:00:00:00:01 () from interface 192.168.30.2 received
[22-May-25 13:50:58] Host ae:00:00:00:00:01 (Hostae0000000001) offered 192.168.9.3
[22-May-25 13:50:58] DHCPDISCOVER for ae:00:00:00:00:01 () from interface 192.168.9.2 received
[22-May-25 13:50:58] Host ae:00:00:00:00:01 (Hostae0000000001) offered 192.168.9.3
[22-May-25 13:50:58] DHCPDISCOVER for ae:00:00:00:00:02 () from interface 192.168.30.2 received
[22-May-25 13:50:58] Host ae:00:00:00:00:02 (Hostae0000000002) offered 192.168.30.20
[22-May-25 13:50:58] DHCPDISCOVER for ae:00:00:00:00:02 () from interface 192.168.9.2 received
[22-May-25 13:50:58] No Matching DHCP Range for DHCPDISCOVER for ae:00:00:00:00:02 () from interface 192.168.9.2
[22-May-25 13:50:58] DHCPDISCOVER for ae:00:00:00:00:03 () from interface 192.168.30.2 received
[22-May-25 13:50:58] Host ae:00:00:00:00:03 (Hostae0000000003) offered 192.168.30.21
[22-May-25 13:50:58] DHCPDISCOVER for ae:00:00:00:00:03 () from interface 192.168.9.2 received
[22-May-25 13:50:58] No Matching DHCP Range for DHCPDISCOVER for ae:00:00:00:00:03 () from interface 192.168.9.2
[22-May-25 13:50:58] DHCPREQUEST for ae:00:00:00:00:03 () from interface 192.168.30.2 received
[22-May-25 13:50:58] Host ae:00:00:00:00:03 (Hostae0000000003) allotted 192.168.30.21 for 300 seconds

so it assignes proper 192.168.9.3 for ae:00:00:00:00:01 but then does again DISCOVER for ae:00:00:00:00:02...
Any idea where in code it happens? :) Do you known where in code it happens?

I tried the github issues but they're only for v5. I'd prefer to use v4 as it's stable version...

thanks!

[solo]

Any idea where in code it happens? :) Do you known where in code it happens?

The open source code is not complete. Let's assume we've found it, patched it up and re-compiled it. Now these are missing:

Current limitations
Features not supported by SoftEther VPN
The following features are not implemented in the current version of SoftEther VPN :

DoS attack prevention function
User authentication with RADIUS/NT domain
RSA certificate authentication
Detailed packet logging feature
Connection source IP access control list function
Syslog forwarding function
Distributing static routes on a virtual DHCP server

These functions are often used in large-scale environments such as large companies, and are currently only included in the commercial version of PacketiX VPN 4.0 due to copyright issues.

https://ja.softether.org/3-spec/cureent_limitations
viewtopic.php?f=7&t=69047&p=101594#p101594

So, if you like v4 officially compiled with all features, use either my 192.168.0.9 or search for other "compatible" IPs.

192.168.9.3 is also broken on my system.

[kzmo]

OK, so you propose to use v5, right? Is it stable enough? :)

[kzmo]

Also, should I first uninstall v4 and then install v5? Will the Virtual Hubs and settings be saved?

[solo]

This bug seems resolved in v5.02.5374, I tested a few MAC/IP combinations without a problem. There are other v5 issues with OpenVPN, eg. viewtopic.php?f=7&t=69424#p102738
I recommend a clean v5 install.