Sofether+dhcrelay: is it possible?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
stfun00b
Posts: 2
Joined: Tue Apr 14, 2020 8:11 pm

Sofether+dhcrelay: is it possible?

Post by stfun00b » Wed Apr 15, 2020 11:13 am

Greetings.

I have SoftEther vpn server installed on my CentOS VM. Isc-dhcp-server provides IPs to vpn clients.
I'm trying to use external DHCP server with dhcp relay on the VM with SoftEther vpn server and have some troubles with it.

Currently DHCP relay listens on tap interface, receives client's DISCOVER, forwards it to DHCP server, receives OFFER from DHCP server but does not send OFFER to vpn client.

UDP ports 67-68 enabled on iptables, tap interface settings:
4: tap_eth6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN qlen 500
link/ether 00:ac:16:dc:55:7a brd ff:ff:ff:ff:ff:ff
inet 10.71.249.254/24 brd 10.71.249.255 scope global tap_eth6
DHCP relay: isc-dhcrelay-4.1.1-P1

Any advices appreciated

OliverTejada
Posts: 46
Joined: Mon Apr 13, 2020 8:08 pm

Re: Sofether+dhcrelay: is it possible?

Post by OliverTejada » Wed Apr 15, 2020 1:30 pm

I'm assuming you already have a localbridge between your VirtualHub and the physical network, right? because the reason why DHCP transactions might not transparently be passing through your VirtualHub localbridge onto the physical network could be because the Virtualization software does not allow Guest VMs to use promiscuous mode, and this is pretty normal when using VMWare and Hyper-V.

Not only does this prevent you from communicating properly with your external DHCP server, but also disrupts communication with the entire physical network, and only allows you to communicate with the server where the VPN server is running. You can verify this by connecting to VPN server (preferably a computer), setting yourself a static UNUSED IP address within the real pool, and try pinging external stuff to see if there is any response. If you're lucky, you might be able to reach other hosts in the physical network inside the VPN.

If the test was successful, my advice when it comes to the whole DHCP issue would be to use SoftEther's SecureNAT DHCP server function ONLY (without Virtual NAT function itself). Configure its DHCP server to lease the desired IP addresses, Subnet Mask, and Gateway along with DNS servers then enable "SecureNAT" for the DHCP in order for your DHCP to work.

Note: Do not confuse virtualNAT with SecureNAT

Post Reply