Debian TAP local bridge need help

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
scorpian
Posts: 4
Joined: Wed Jul 01, 2015 8:06 am

Debian TAP local bridge need help

Post by scorpian » Wed Jul 01, 2015 8:27 am

I have a small network behind router.
- Router IP: 192.168.2.1
- VPN Server IP: 192.168.2.30
- VPN Server OS: Debian 8.1 x64

Downloaded and installed the vpncmd, vpnserver, vpnbridge packages from
- https://launchpad.net/~paskal-07/+archi ... ftethervpn
softether-vpn (4.04.9412-0~47~ubuntu14.04.1)
I searched the web for a guide to configuare softether and know that using local bridge prevent access to the server itself and need to use TAP local bridge.

Here the situation
Install vpncmd, vpnserver, vpnbridge packages --- OK
Run vpncmd check, the last item "Network System" --- Connect Failed. (0), Failed
Running local bridge on 1 physical NIC, client able to connect to create L2TP VPN connection.
Client able to ping and access the computers, except the VPN server.

After searching the web, I know that I need to use TAP bridge in order to gaint access to the server.

So I install bridge-utils and follow some guides on the web. But cannot find any guide exactly the same situation as mine, here are what I have done.
- Forwarded 500, 4500 ports to VPN server.
- Remove physical NIC bridge
- Disable SecureNAT (It was disabled anyway)
- Create a TAP bridge tap_softether
- Start vpnserver
- run a script after the vpnserver is up
==================================
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 tap_softether

ifconfig tap_softether 0.0.0.0 promisc up

ifconfig eth0 0.0.0.0 promisc up

ifconfig br0 192.168.2.30 netmask 255.255.255.0 broadcast 192.168.2.255

route add default gw 192.168.2.1
==================================

After running the script
- VPN server
. Cannot ping the router, but able to ping other computer
. Cannot ping the VPN client computer.
. No access to the Internet.
- Client
. Able to create L2TP connection
. Able to ping any comupter, including the VPN server and router

So here the main problems:
1. VPN server cannot access Internet.
2. VPN server cannot access the router.
3. VPN server cannot access VPN client.

Any help is appreciate.
Thanks in advance.
Top
kh_tsang
Posts: 551
Joined: Wed Jul 24, 2013 12:09 pm

Re: Debian TAP local bridge need help

Post by kh_tsang » Wed Jul 01, 2015 8:38 am

Can you show the result of running the following commands after you run the scripts?

ifconfig -a
ip route show
Top
scorpian
Posts: 4
Joined: Wed Jul 01, 2015 8:06 am

Re: Debian TAP local bridge need help

Post by scorpian » Wed Jul 01, 2015 8:47 am

Hello kh_tsang,

Thanks for your reply, here the result

ifconfig -a
=============================================================
br0 Link encap:Ethernet HWaddr 00:ac:a6:5d:05:28
inet addr:192.168.2.30 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::2ac:a6ff:fe5d:528/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20 errors:0 dropped:0 overruns:0 frame:0
TX packets:65 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1751 (1.7 KiB) TX bytes:9457 (9.2 KiB)

eth0 Link encap:Ethernet HWaddr 6c:62:6d:d1:56:e7
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:168666 errors:0 dropped:0 overruns:0 frame:0
TX packets:158763 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:85307348 (81.3 MiB) TX bytes:19193852 (18.3 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4168 errors:0 dropped:0 overruns:0 frame:0
TX packets:4168 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:446344 (435.8 KiB) TX bytes:446344 (435.8 KiB)

tap_softether Link encap:Ethernet HWaddr 00:ac:a6:5d:05:28
inet6 addr: fe80::2ac:a6ff:fe5d:528/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:81 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:170 (170.0 B) TX bytes:12103 (11.8 KiB)
=============================================================

ip route show
=============================================================
default via 192.168.2.1 dev br0
default via 192.168.2.1 dev eth0 proto static metric 1024
169.254.0.0/16 dev br0 scope link metric 1000
192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.30
192.168.2.1 dev eth0 proto static scope link metric 1024
=============================================================

Best regards.
Top
kh_tsang
Posts: 551
Joined: Wed Jul 24, 2013 12:09 pm

Re: Debian TAP local bridge need help

Post by kh_tsang » Wed Jul 01, 2015 8:52 am

How about running the following scripts as well as your original?

ip route del default via 192.168.2.1 dev eth0
ip route del 192.168.2.1 dev eth0
Top
scorpian
Posts: 4
Joined: Wed Jul 01, 2015 8:06 am

Re: Debian TAP local bridge need help

Post by scorpian » Wed Jul 01, 2015 9:49 am

Hello kh_tsang,

Thanks for your help.

After runing two command you suggested.
ip route show
============================================
default via 192.168.2.1 dev br0
169.254.0.0/16 dev br0 scope link metric 1000
192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.30
============================================

The result:
- VPN client
. everything seems OK
- VPN server
. Able to access router (fixed)
. Able to access Internet (fixed)
. Able to access VPN client (fixed)

About VPN server cannot ping VPN client, properly it is the problem of android, I was using android as the client and VPN server cannot ping the Android phone, I use now the other computer to build L2TP connection and VPN server able to ping the VPN client and vice vesa.

So properly the VPN will be alright now, I will then try to access the shared resource over the VPN and if any other problem arose, I will post then.

Really thanks for your help.
Best regards.
Top
Post Reply

Return to “SoftEther VPN General Discussion”