Hi,
I'm running softether server on linux (root privileges), local bridge to the ethernet card.
Running client on Windows.
Connection is properly established, IP address assigned by the DHCP server running on the remote LAN.
I can ping all machines on the remote LAN except the VPN server host itself. I did the exact same setup on a Windows server, and it worked OK.
Any hints?
Can't ping VPN server host (linux)
-
M3xi
- Posts: 4
- Joined: Wed Mar 20, 2013 9:55 am
Re: Can't ping VPN server host (linux)
Madmonkey,
I did the same test on a linux and according to the trace I took the ping to the vpn server ip is not going through the tunnel. I guess that your windows is accessible without the tunnel and your linux is not.
I do agree with you that we should be able to ping the vpn server even trhough the tunnel.
My 0.02c
I did the same test on a linux and according to the trace I took the ping to the vpn server ip is not going through the tunnel. I guess that your windows is accessible without the tunnel and your linux is not.
I do agree with you that we should be able to ping the vpn server even trhough the tunnel.
My 0.02c
-
madmonkey57
- Posts: 6
- Joined: Tue Mar 19, 2013 7:01 pm
Re: Can't ping VPN server host (linux)
Thanks for your reply.
I confirm my Windows host is NOT accessible without the tunnel. I set up the VPN servers in exact same conditions.
Might be a bug... Or maybe extra configuration (TCP/IP stack? iptables?) is needed on the linux host...
At least, we are 2 with the same issue, so there is definitely something missing here...
I confirm my Windows host is NOT accessible without the tunnel. I set up the VPN servers in exact same conditions.
Might be a bug... Or maybe extra configuration (TCP/IP stack? iptables?) is needed on the linux host...
At least, we are 2 with the same issue, so there is definitely something missing here...
-
madmonkey57
- Posts: 6
- Joined: Tue Mar 19, 2013 7:01 pm
Re: Can't ping VPN server host (linux)
11.1.2 I am unable to communicate with the IP address of the Virtual Network Adapter used for local bridging from within the VPN.
In some cases, communication can not be established from VPN Server or VPN Bridge to the IP address assigned to the physical network adapter connected to by the bridge from the Virtual Hub even when the Virtual Hub is connected to the physical network adapter by a local bridge connection. Some possible causes of this are as follows:
- From Windows 2000 on, this type of problem may occur right after defining a local bridge that connects to a network adapter with hardware offloading capabilities. If this is the case, try restarting your computer. Please refer to section 3.6 Local Bridges for more details.
- If you are using Linux or Solaris, you can communicate within the Virtual Hub (VPN) from the network adapter connected to by the local bridge to the LAN, but you can not communicate to the network adapter itself. This is a restriction imposed by the Linux kernel. For more information please refer to 3.6 Local Bridges.
- If you are using local bridging to make a bridged connection between a Virtual Hub and a physical LAN as described in section 3.6 Local Bridges, we recommend you set aside a network adapter specifically for this purpose. This will result in the best performance when using local bridging.
In some cases, communication can not be established from VPN Server or VPN Bridge to the IP address assigned to the physical network adapter connected to by the bridge from the Virtual Hub even when the Virtual Hub is connected to the physical network adapter by a local bridge connection. Some possible causes of this are as follows:
- From Windows 2000 on, this type of problem may occur right after defining a local bridge that connects to a network adapter with hardware offloading capabilities. If this is the case, try restarting your computer. Please refer to section 3.6 Local Bridges for more details.
- If you are using Linux or Solaris, you can communicate within the Virtual Hub (VPN) from the network adapter connected to by the local bridge to the LAN, but you can not communicate to the network adapter itself. This is a restriction imposed by the Linux kernel. For more information please refer to 3.6 Local Bridges.
- If you are using local bridging to make a bridged connection between a Virtual Hub and a physical LAN as described in section 3.6 Local Bridges, we recommend you set aside a network adapter specifically for this purpose. This will result in the best performance when using local bridging.
-
macst34
- Posts: 4
- Joined: Tue Aug 05, 2014 8:30 pm
Re: Can't ping VPN server host (linux)
Hi There,
I have setup a multisite VPN connecting 4 servers. I too have this issue where I cannot ping the VPN server from the other end of the tunnel. The interesting thing is when I reboot the server(s) they can ping though for a period of time (5-10 minutes?) but afterwards, cannot seem to find the server again. Perhaps I need to do som log spelunking to figure out why it breaks after a period of time.
If anyone lese has ideas, I would be happy to help test and confirm the issue(s).
Michael
I have setup a multisite VPN connecting 4 servers. I too have this issue where I cannot ping the VPN server from the other end of the tunnel. The interesting thing is when I reboot the server(s) they can ping though for a period of time (5-10 minutes?) but afterwards, cannot seem to find the server again. Perhaps I need to do som log spelunking to figure out why it breaks after a period of time.
If anyone lese has ideas, I would be happy to help test and confirm the issue(s).
Michael
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Can't ping VPN server host (linux)
>madmonkey57
Please use localbridge to TAP device.
>macst34
What OS do you use?
You shouldn't do ping to the server in linux.
Please use localbridge to TAP device.
>macst34
What OS do you use?
You shouldn't do ping to the server in linux.
-
andy22
- Posts: 3
- Joined: Thu Aug 06, 2015 1:24 pm
Re: Can't ping VPN server host (linux)
thisjun wrote:
> >madmonkey57
> Please use localbridge to TAP device.
>
> >macst34
> What OS do you use?
> You shouldn't do ping to the server in linux.
I have the exact same problem, softether as a windows server works fine, but on a NAS (linux) i cant access the host or any services running on it. I also tried to use a tap device on the NAS system, but while i can connect i do not get any DHCP from the remote router and if i enable secure NAT i'm never able to connect to any systems/services on the remote LAN.
So can anyone point us in the direction on how to configure softether so we can use the remote DHCP server and can reach the system softether is running on?
> >madmonkey57
> Please use localbridge to TAP device.
>
> >macst34
> What OS do you use?
> You shouldn't do ping to the server in linux.
I have the exact same problem, softether as a windows server works fine, but on a NAS (linux) i cant access the host or any services running on it. I also tried to use a tap device on the NAS system, but while i can connect i do not get any DHCP from the remote router and if i enable secure NAT i'm never able to connect to any systems/services on the remote LAN.
So can anyone point us in the direction on how to configure softether so we can use the remote DHCP server and can reach the system softether is running on?
-
kh_tsang
- Posts: 551
- Joined: Wed Jul 24, 2013 12:09 pm
Re: Can't ping VPN server host (linux)
You need to add a tap device in the softether vpn server manager. Then add the original adapter(I use eth0 to identify it below) and the tap device(with "tap_" as the prefix) to a linux bridge(not the local bridge of the softether vpn server), and assign IP on the bridge(neither eth0 nor the tap device).
When using softether vpn server as a service, make sure the linux bridge is added after the softether vpn server has been started for a few seconds when boot. Otherwise, errors will occur because the tap device does not exist.
However, it is better to bridge the virtual hub to the second adapter connecting to the LAN if you have multiple LAN interfaces on your server.
When using softether vpn server as a service, make sure the linux bridge is added after the softether vpn server has been started for a few seconds when boot. Otherwise, errors will occur because the tap device does not exist.
However, it is better to bridge the virtual hub to the second adapter connecting to the LAN if you have multiple LAN interfaces on your server.
-
andy22
- Posts: 3
- Joined: Thu Aug 06, 2015 1:24 pm
Re: Can't ping VPN server host (linux)
oki thx, so i need to manually create a new "real" linux bridge between the eth0 and tap1 adapter and than create a virtaul bridge inside softether using the physical bridge?
Using a second adapter would work, but i need to find a way so our Synology NAS stops using the same hostname for both network adapters on the DNS registration. The Synology UI has no option to assign different hostnames per network interface.
thx
Andy
Using a second adapter would work, but i need to find a way so our Synology NAS stops using the same hostname for both network adapters on the DNS registration. The Synology UI has no option to assign different hostnames per network interface.
thx
Andy
-
kh_tsang
- Posts: 551
- Joined: Wed Jul 24, 2013 12:09 pm
Re: Can't ping VPN server host (linux)
You do not need to assign IP on the second interface of your Synology.
Tap device is created by the softether vpn server automatically when you add it, with name as "tap_" as the prefix in ifconfig. Bridge it to your original LAN adapter using a linux bridge. Do not add tap1 with your own linux command.
For example, after adding tap1 in the softether vpn server manager, the adapter will appear as tap_tap1 in ifconfig.
Tap device is created by the softether vpn server automatically when you add it, with name as "tap_" as the prefix in ifconfig. Bridge it to your original LAN adapter using a linux bridge. Do not add tap1 with your own linux command.
For example, after adding tap1 in the softether vpn server manager, the adapter will appear as tap_tap1 in ifconfig.
-
andy22
- Posts: 3
- Joined: Thu Aug 06, 2015 1:24 pm
Re: Can't ping VPN server host (linux)
kh_tsang wrote:
> You do not need to assign IP on the second interface of your Synology.
I was talking about using the physical second nic aka eth1. I was assuming the setup with the second physical NIC does not involve setting up a linux bridge, but rather having the VPN server on a different ip/hostname. So it becomes reachable and is just directly routed on the NAS or do i also need to setup a real bridge between the two physical adapters?
> You do not need to assign IP on the second interface of your Synology.
I was talking about using the physical second nic aka eth1. I was assuming the setup with the second physical NIC does not involve setting up a linux bridge, but rather having the VPN server on a different ip/hostname. So it becomes reachable and is just directly routed on the NAS or do i also need to setup a real bridge between the two physical adapters?
-
kh_tsang
- Posts: 551
- Joined: Wed Jul 24, 2013 12:09 pm
Re: Can't ping VPN server host (linux)
andy22 wrote:
> kh_tsang wrote:
> > You do not need to assign IP on the second interface of your Synology.
>
> I was talking about using the physical second nic aka eth1. I was assuming the setup
> with the second physical NIC does not involve setting up a linux bridge, but rather
> having the VPN server on a different ip/hostname. So it becomes reachable and is just
> directly routed on the NAS or do i also need to setup a real bridge between the two
> physical adapters?
No. Otherwise, there will be a loop.
Also, an IP is not required on eth1. So your server can listen on eth0 and eth1 is used only for the bridge.
> kh_tsang wrote:
> > You do not need to assign IP on the second interface of your Synology.
>
> I was talking about using the physical second nic aka eth1. I was assuming the setup
> with the second physical NIC does not involve setting up a linux bridge, but rather
> having the VPN server on a different ip/hostname. So it becomes reachable and is just
> directly routed on the NAS or do i also need to setup a real bridge between the two
> physical adapters?
No. Otherwise, there will be a loop.
Also, an IP is not required on eth1. So your server can listen on eth0 and eth1 is used only for the bridge.