SoftEther VPN User Forum

I have a small network behind router.
- Router IP: 192.168.2.1
- VPN Server IP: 192.168.2.30
- VPN Server OS: Debian 8.1 x64

Downloaded and installed the vpncmd, vpnserver, vpnbridge packages from
- https://launchpad.net/~paskal-07/+archi ... ftethervpn
softether-vpn (4.04.9412-0~47~ubuntu14.04.1)
I searched the web for a guide to configuare softether and know that using local bridge prevent access to the server itself and need to use TAP local bridge.

Here the situation
Install vpncmd, vpnserver, vpnbridge packages --- OK
Run vpncmd check, the last item "Network System" --- Connect Failed. (0), Failed
Running local bridge on 1 physical NIC, client able to connect to create L2TP VPN connection.
Client able to ping and access the computers, except the VPN server.

After searching the web, I know that I need to use TAP bridge in order to gaint access to the server.

So I install bridge-utils and follow some guides on the web. But cannot find any guide exactly the same situation as mine, here are what I have done.
- Forwarded 500, 4500 ports to VPN server.
- Remove physical NIC bridge
- Disable SecureNAT (It was disabled anyway)
- Create a TAP bridge tap_softether
- Start vpnserver
- run a script after the vpnserver is up
==================================
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 tap_softether

ifconfig tap_softether 0.0.0.0 promisc up

ifconfig eth0 0.0.0.0 promisc up

ifconfig br0 192.168.2.30 netmask 255.255.255.0 broadcast 192.168.2.255

route add default gw 192.168.2.1
==================================

After running the script
- VPN server
. Cannot ping the router, but able to ping other computer
. Cannot ping the VPN client computer.
. No access to the Internet.
- Client
. Able to create L2TP connection
. Able to ping any comupter, including the VPN server and router

So here the main problems:
1. VPN server cannot access Internet.
2. VPN server cannot access the router.
3. VPN server cannot access VPN client.

Any help is appreciate.
Thanks in advance.

Can you show the result of running the following commands after you run the scripts?

ifconfig -a
ip route show

Hello kh_tsang,

Thanks for your reply, here the result

ifconfig -a
=============================================================
br0 Link encap:Ethernet HWaddr 00:ac:a6:5d:05:28
inet addr:192.168.2.30 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::2ac:a6ff:fe5d:528/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20 errors:0 dropped:0 overruns:0 frame:0
TX packets:65 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1751 (1.7 KiB) TX bytes:9457 (9.2 KiB)

eth0 Link encap:Ethernet HWaddr 6c:62:6d:d1:56:e7
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:168666 errors:0 dropped:0 overruns:0 frame:0
TX packets:158763 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:85307348 (81.3 MiB) TX bytes:19193852 (18.3 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4168 errors:0 dropped:0 overruns:0 frame:0
TX packets:4168 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:446344 (435.8 KiB) TX bytes:446344 (435.8 KiB)

tap_softether Link encap:Ethernet HWaddr 00:ac:a6:5d:05:28
inet6 addr: fe80::2ac:a6ff:fe5d:528/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:81 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:170 (170.0 B) TX bytes:12103 (11.8 KiB)
=============================================================

ip route show
=============================================================
default via 192.168.2.1 dev br0
default via 192.168.2.1 dev eth0 proto static metric 1024
169.254.0.0/16 dev br0 scope link metric 1000
192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.30
192.168.2.1 dev eth0 proto static scope link metric 1024
=============================================================

Best regards.

How about running the following scripts as well as your original?

ip route del default via 192.168.2.1 dev eth0
ip route del 192.168.2.1 dev eth0

Hello kh_tsang,

Thanks for your help.

After runing two command you suggested.
ip route show
============================================
default via 192.168.2.1 dev br0
169.254.0.0/16 dev br0 scope link metric 1000
192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.30
============================================

The result:
- VPN client
. everything seems OK
- VPN server
. Able to access router (fixed)
. Able to access Internet (fixed)
. Able to access VPN client (fixed)

About VPN server cannot ping VPN client, properly it is the problem of android, I was using android as the client and VPN server cannot ping the Android phone, I use now the other computer to build L2TP connection and VPN server able to ping the VPN client and vice vesa.

So properly the VPN will be alright now, I will then try to access the shared resource over the VPN and if any other problem arose, I will post then.

Really thanks for your help.
Best regards.