OpenVpn same "PUSH_REPLY" for tap or tun mode (L2 or L3)

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
seba85
Posts: 6
Joined: Mon Aug 07, 2017 2:29 pm

OpenVpn same "PUSH_REPLY" for tap or tun mode (L2 or L3)

Post by seba85 » Mon Apr 25, 2022 8:16 pm

Hi!
i'm trying to connect to a softethervpn server from a 3G mobile router that has a OpenVpn service.
I would like to use a L2 (tap) connection and all goes fine until the ifconfig of the connection.
The server replyes with an "PUSH_REPLY" as the one of a bridge (L3) connection, not the one for a L2.
The client (on the 3G mobile router) expects a subnet mask like '255.255.255.0' or similar but it receive two next ips 'x.x.x.x' 'x.x.x.x+1' and exit with error 1.
(tomorrow i'll post the log of the connection, where it's clear what i say)

Opening the source code of softether i found this (between ##### my notes to the code)

Code: Select all

if (se->Mode == OPENVPN_MODE_L3) ####seems it replyes only for L3 mode, there is no else and another if for the L2 neither#####
{
	// Add such as the IP address that was acquired from the DHCP server
	// if the L3 mode to the option character string
	DHCP_OPTION_LIST *cao = &se->IpcAsync->L3ClientAddressOption;
	char ip_client[64];
	char ip_tunnel_endpoint[64];
	UINT ip_tunnel_endpoint_32;
	char ip_network[64];
	char ip_subnet_mask[64];
	char ip_dns1[64];
	char ip_dns2[64];
	char ip_wins1[64];
	char ip_wins2[64];
	char ip_defgw[64];

	ClearStr(ip_dns1, sizeof(ip_dns1));
	ClearStr(ip_dns2, sizeof(ip_dns2));
	ClearStr(ip_wins1, sizeof(ip_wins1));
	ClearStr(ip_wins2, sizeof(ip_wins2));
	ClearStr(ip_defgw, sizeof(ip_defgw));

	IPToStr32(ip_client, sizeof(ip_client),
		cao->ClientAddress);

	// Generate a virtual gateway address to be passed to the OpenVPN
	ip_tunnel_endpoint_32 = Endian32(cao->ClientAddress);
	ip_tunnel_endpoint_32++; ####here where it's generated the couple of adjacent ips x.x.x.x and x.x.x.x+1####
	ip_tunnel_endpoint_32 = Endian32(ip_tunnel_endpoint_32);
	IPToStr32(ip_tunnel_endpoint, sizeof(ip_tunnel_endpoint), ip_tunnel_endpoint_32);
Now the question: it's right like it is? someone has tried a tap connection between a OpenVpn Client and the SoftEtherVPN?
i'm wrong? i miss some step?

Thanks in andance for any preciuos help!

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: OpenVpn same "PUSH_REPLY" for tap or tun mode (L2 or L3)

Post by solo » Tue Apr 26, 2022 9:28 am

My tap/L2/bridge OpenVPN connection is working fine. Setup on Ubuntu SoftEther/OpenVPN server with vHUB bridged to a tap and dnsmasq/iptables nat.

Windows OpenVPN L2 client's log

Code: Select all

Tue Apr 26 15:49:51 2022 MANAGEMENT: >STATE:1650952191,GET_CONFIG,,,
Tue Apr 26 15:49:52 2022 SENT CONTROL [vpn16803666.softether.net]: 'PUSH_REQUEST' (status=1)
Tue Apr 26 15:49:52 2022 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10'
Tue Apr 26 15:49:52 2022 OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 26 15:49:52 2022 open_tun, tt->ipv6=0
Tue Apr 26 15:49:52 2022 TAP-WIN32 device [Local Area Connection 6] opened: \\.\Global\{8B4A5AC1...}.tap
Tue Apr 26 15:49:52 2022 TAP-Windows Driver Version 9.9 
Tue Apr 26 15:49:52 2022 Successful ARP Flush on interface [65544] {8B4A5AC1-E4DF-4837-93E8-FA6949A564C4}
Tue Apr 26 15:49:57 2022 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Tue Apr 26 15:49:57 2022 Initialization Sequence Completed
Tue Apr 26 15:49:57 2022 MANAGEMENT: >STATE:1650952197,CONNECTED,SUCCESS,,127.0.0.1
Then Win DHCP client gets config from dnsmasq on Linux and all is OK.

seba85
Posts: 6
Joined: Mon Aug 07, 2017 2:29 pm

Re: OpenVpn same "PUSH_REPLY" for tap or tun mode (L2 or L3)

Post by seba85 » Fri Apr 29, 2022 10:31 am

Thanks a lot for the help.
i'll try as soon as i can and i'll post the results.

thanks again

seba85
Posts: 6
Joined: Mon Aug 07, 2017 2:29 pm

Re: OpenVpn same "PUSH_REPLY" for tap or tun mode (L2 or L3)

Post by seba85 » Mon May 02, 2022 9:03 am

hi, i tried your suggestion but the problem persists.

Code: Select all

May  2 08:54:49 Teltonika daemon.notice openvpn(client_casa)[8432]: OpenVPN 2.3.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 27 2020
May  2 08:54:49 Teltonika daemon.notice openvpn(client_casa)[8432]: library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.06

May  2 08:54:57 Teltonika daemon.notice openvpn(client_casa)[8432]: SENT CONTROL [vpn-01121985.softether.net]: 'PUSH_REQUEST' (status=1)
May  2 08:54:57 Teltonika daemon.notice openvpn(client_casa)[8432]: PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DOMAIN lan,dhcp-option DNS 192.168.30.1,route-gateway 192.168.30.14,redirect-gateway def1,r
May  2 08:54:57 Teltonika daemon.notice openvpn(client_casa)[8432]: OPTIONS IMPORT: timers and/or timeouts modified
May  2 08:54:57 Teltonika daemon.notice openvpn(client_casa)[8432]: OPTIONS IMPORT: --ifconfig/up options modified
May  2 08:54:57 Teltonika daemon.notice openvpn(client_casa)[8432]: OPTIONS IMPORT: route options modified
May  2 08:54:57 Teltonika daemon.notice openvpn(client_casa)[8432]: OPTIONS IMPORT: route-related options modified
May  2 08:54:57 Teltonika daemon.notice openvpn(client_casa)[8432]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May  2 08:54:57 Teltonika daemon.warn openvpn(client_casa)[8432]: WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
May  2 08:54:57 Teltonika daemon.notice openvpn(client_casa)[8432]: TUN/TAP device tap0 opened
May  2 08:54:57 Teltonika daemon.notice openvpn(client_casa)[8432]: TUN/TAP TX queue length set to 100
May  2 08:54:57 Teltonika daemon.notice openvpn(client_casa)[8432]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
May  2 08:54:57 Teltonika daemon.notice openvpn(client_casa)[8432]: /sbin/ifconfig tap0 192.168.30.13 netmask 192.168.30.14 mtu 1500 broadcast 255.255.255.253
May  2 08:54:57 Teltonika daemon.err openvpn(client_casa)[8432]: Linux ifconfig failed: external program exited with error status: 1
May  2 08:54:57 Teltonika daemon.notice openvpn(client_casa)[8432]: Exiting due to fatal error
The ip of the push reply is different than before, replyes with the ip subnet of the VHub that i created, but still in the wronf format.
the second ip, that should be a subnetmask is the next ip of the first one.

any idea?
solo wrote:
Tue Apr 26, 2022 9:28 am
My tap/L2/bridge OpenVPN connection is working fine. Setup on Ubuntu SoftEther/OpenVPN server with vHUB bridged to a tap and dnsmasq/iptables nat.

Then Win DHCP client gets config from dnsmasq on Linux and all is OK.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: OpenVpn same "PUSH_REPLY" for tap or tun mode (L2 or L3)

Post by solo » Mon May 02, 2022 11:17 am

seba85 wrote:
Mon May 02, 2022 9:03 am
hi, i tried your suggestion but the problem persists.
Hello, let's recap:
- L2 client connects with "dev tap" - server responds with the exact and fixed 'PUSH_REPLY,ping 3,ping-restart 10'
- L3 client connects with "dev tun" - server responds with 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig x.x.x.x y.y.y.y,dhcp-option... etc...'

It's in the code...

Code: Select all

// Return the PUSH_REPLY
Format(option_str, sizeof(option_str),
	"PUSH_REPLY,ping %u,ping-restart %u",
	(OPENVPN_PING_SEND_INTERVAL / 1000),
	(OPENVPN_RECV_TIMEOUT / 1000));

if (se->Mode == OPENVPN_MODE_L3)
{
	// Add such as the IP address that was acquired from the DHCP server
	// if the L3 mode to the option character string
	DHCP_OPTION_LIST *cao = &se->IpcAsync->L3ClientAddressOption;
	char ip_client[64];
	char ip_tunnel_endpoint[64];
	UINT ip_tunnel_endpoint_32;
	char ip_network[64];
	char ip_subnet_mask[64];
	...
	...
Which means that your client connects with "dev tun" and requests L3 mode. Change it to "dev tap" for L2. Test it out on a Windows OpenVPN client and your connection log will be like mine.

Post Reply