how to make a Tunnel
-
- Posts: 2
- Joined: Sun Oct 16, 2022 2:01 am
how to make a Tunnel
hello
in here almost all internet is blocked, so i need to make a tunnel between one inside vps and one out country vps to make openvpn and l2tp.
i install softether on inside vps and connected on l2tp and openvpn , now how can i send trrafic from inside vps to outside vps and make a tunnel and use free internet ?
thanks
in here almost all internet is blocked, so i need to make a tunnel between one inside vps and one out country vps to make openvpn and l2tp.
i install softether on inside vps and connected on l2tp and openvpn , now how can i send trrafic from inside vps to outside vps and make a tunnel and use free internet ?
thanks
-
- Posts: 1470
- Joined: Sun Feb 14, 2021 10:31 am
Re: how to make a Tunnel
In the blocked country setup SE Server with a vHUB as follows:
- no bridge
- no SecureNAT
- no L3
- no VPN Azure
- yes IPsec/L2TP
- yes OpenVPN/MS-SSTP
- add VPN users
On the VPS in unblocked country setup SE Server with a vHUB as follows:
- no bridge
- yes SecureNAT (with all defaults)
- no L3
- no VPN Azure
- no IPsec/L2TP
- no OpenVPN/MS-SSTP
- add only 1 VPN user
Now cascade from the blocked SE Server to the unblocked SE Server on port 443 to avoid detection.
- no bridge
- no SecureNAT
- no L3
- no VPN Azure
- yes IPsec/L2TP
- yes OpenVPN/MS-SSTP
- add VPN users
On the VPS in unblocked country setup SE Server with a vHUB as follows:
- no bridge
- yes SecureNAT (with all defaults)
- no L3
- no VPN Azure
- no IPsec/L2TP
- no OpenVPN/MS-SSTP
- add only 1 VPN user
Now cascade from the blocked SE Server to the unblocked SE Server on port 443 to avoid detection.
-
- Posts: 5
- Joined: Wed Oct 19, 2022 2:08 pm
Re: how to make a Tunnel
Hi, In my country every thing is closed. In blocked country I have telnet on port 443 with unblocked vps.
But the cascade connection failed. I think my country uses smart content filtering. So they close every suspected packet.
What should I do?
But the cascade connection failed. I think my country uses smart content filtering. So they close every suspected packet.
What should I do?
-
- Posts: 1470
- Joined: Sun Feb 14, 2021 10:31 am
Re: how to make a Tunnel
The cascade failed because your telnet already occupies port 443. Start the unblocked SE on a few non-standard ports, then allow/forward them on the VPS and re-try cascading on various ports.
Incidentally, can you connect to https://www.vpngate.net/en/ VPNs on 443? Also, are you able to run SE on Linux? If not, can you run a server edition of Windows with access to RRAS console?
Incidentally, can you connect to https://www.vpngate.net/en/ VPNs on 443? Also, are you able to run SE on Linux? If not, can you run a server edition of Windows with access to RRAS console?
-
- Posts: 2
- Joined: Sun Oct 16, 2022 2:01 am
Re: how to make a Tunnel
thanks a lotsolo wrote: ↑Tue Oct 18, 2022 11:53 pmIn the blocked country setup SE Server with a vHUB as follows:
- no bridge
- no SecureNAT
- no L3
- no VPN Azure
- yes IPsec/L2TP
- yes OpenVPN/MS-SSTP
- add VPN users
On the VPS in unblocked country setup SE Server with a vHUB as follows:
- no bridge
- yes SecureNAT (with all defaults)
- no L3
- no VPN Azure
- no IPsec/L2TP
- no OpenVPN/MS-SSTP
- add only 1 VPN user
Now cascade from the blocked SE Server to the unblocked SE Server on port 443 to avoid detection.
worked well with this, just Radius not work in this case.
-
- Posts: 2
- Joined: Tue Oct 25, 2022 5:19 pm
Re: how to make a Tunnel
may i ask where are u from ?
-
- Posts: 25
- Joined: Fri Nov 11, 2022 9:45 am
Re: how to make a Tunnel
Hi @Zo0OX
I was looking for this solution more than 2 weeks , finally found it here.
First I was searching for a site-to-site solution since I thought my issue could be solved using site-to-site.
After testing your answer I could connect to VPS-1 which itself has been connected to VPS-2 and VPS-2 would give me IP address
I already was able to do this using SSH and would call it *multi hop ssh tunnel*:
Client ==> ssh ==> VPS-1 ==> ssh ==> VPS-2
to bypass the nationwide firewall.
Now my question is, what is the name of this solution?
Regards
I was looking for this solution more than 2 weeks , finally found it here.
First I was searching for a site-to-site solution since I thought my issue could be solved using site-to-site.
After testing your answer I could connect to VPS-1 which itself has been connected to VPS-2 and VPS-2 would give me IP address
I already was able to do this using SSH and would call it *multi hop ssh tunnel*:
Client ==> ssh ==> VPS-1 ==> ssh ==> VPS-2
to bypass the nationwide firewall.
Now my question is, what is the name of this solution?
Regards
-
- Posts: 25
- Joined: Fri Nov 11, 2022 9:45 am
Re: how to make a Tunnel
KatherineEddie wrote: ↑Fri Nov 11, 2022 9:55 amHi @Zo0OX
I was looking for this solution more than 2 weeks , finally found it here.
First I was searching for a site-to-site solution since I thought my issue could be solved using site-to-site.
After testing your answer I could connect to VPS-1 which itself has been connected to VPS-2 and VPS-2 would give me IP address
I already was able to do this using SSH and would call it *multi hop ssh tunnel*:
Client ==> ssh ==> VPS-1 ==> ssh ==> VPS-2
to bypass the nationwide firewall.
Now my question is, what is the name of this solution?
Regards
After some search, according to this simple explanation (https://www.astrill.com/network/multi-hop-vpn) the method is called: multi-hop(s)-vpn with which we use more than one VPN servers to get to the final destination.
-
- Posts: 25
- Joined: Fri Nov 11, 2022 9:45 am
Re: how to make a Tunnel
out of curiosity I would like to test more than two hops (> double VPN) and it was working perfectly.
Then I would like to test more than one cascade, connecting to two servers (VPN servers), a kind of HA (high availability) and worked as well.
The client IP address was assigned randomly, sometimes from CC1, sometimes from CC2.
Code: Select all
client ===> VPN-S1 ===> VPN-S2 ===> VPN-S3 ===> destination
The client IP address was assigned randomly, sometimes from CC1, sometimes from CC2.
Code: Select all
========> CC1 ======> VPN-S-A (e.g. 10.11.30.1/24)
client ====> VPN-S1
========> CC2 ======> VPN-S-B (e.g 10.12.30.1/24)
-
- Posts: 2
- Joined: Fri Nov 04, 2022 11:53 pm
Re: how to make a Tunnel
Thanks a lot solo I was looking for a solution for a month, This would really help us. I just have a few questions that I would very appreciate if you answer:solo wrote: ↑Tue Oct 18, 2022 11:53 pmIn the blocked country setup SE Server with a vHUB as follows:
- no bridge
- no SecureNAT
- no L3
- no VPN Azure
- yes IPsec/L2TP
- yes OpenVPN/MS-SSTP
- add VPN users
On the VPS in unblocked country setup SE Server with a vHUB as follows:
- no bridge
- yes SecureNAT (with all defaults)
- no L3
- no VPN Azure
- no IPsec/L2TP
- no OpenVPN/MS-SSTP
- add only 1 VPN user
Now cascade from the blocked SE Server to the unblocked SE Server on port 443 to avoid detection.
1.is it possible to keep another vHUB on the VPS in unblocked country with VPN connections except of what you said meanwhile? (To have direct SSTP VPN connection to foreign VPS when is possible)
2.I have configured V2ray on the VPS in unblocked country and forwarded packets from VPS with blocked country to it using iptables. does this make problem ? should I remove forwarding?
-
- Posts: 1470
- Joined: Sun Feb 14, 2021 10:31 am
Re: how to make a Tunnel
Hi Parham, yes for direct SSTP but only SSTP as other protocols are easily blocked, and yes for V2ray co-existence as long as there is no port conflict.
Incidentally, SoftEther server in a blocked country may be indirectly detected unless the following vpn_server.config mod is applied:
Incidentally, SoftEther server in a blocked country may be indirectly detected unless the following vpn_server.config mod is applied:
Code: Select all
declare DDnsClient
{
bool Disabled true
declare ServerConfiguration
{
bool DisableNatTraversal true
-
- Posts: 28
- Joined: Fri Nov 25, 2022 6:08 am
Re: how to make a Tunnel
hello dear guys
Im from iran and these days as you know we have a lot problems with internet access with the world.
I have a running Ubuntu VPS Server with 79.100.101.233 public ip and it be accessible from internal Iran IP's, we call INTRANET.
on INTRANET all ports are open , also all ports are working , so the most vpn protocols are working, such as openvpn, l2tp, gre and IPIP.
but most of service,ip and protocols outside of iran are blocked due extreme censorship and ip filtering. ive installed SE vpn server on this server and can access to all protocoles like L2TP, all clients accessing to 79.100.101.233 ip address.
on this server i can access to another Server outside of Iran , connected throughout the ppp connection, its located in London with this public IP [88.150.153.198].
now in my 1st server79.100.101.233, i have access to London Server [88.150.153.198].
by default , the Softether Clients are directing to server 1 Ip 79.100.101.233, how can i route them to London Location?
ppp0 [ local IP = 10.8.0.150 , GW IP= 10.8.0.1 , PUBLIC=88.150.153.198]
Im from iran and these days as you know we have a lot problems with internet access with the world.
I have a running Ubuntu VPS Server with 79.100.101.233 public ip and it be accessible from internal Iran IP's, we call INTRANET.
on INTRANET all ports are open , also all ports are working , so the most vpn protocols are working, such as openvpn, l2tp, gre and IPIP.
but most of service,ip and protocols outside of iran are blocked due extreme censorship and ip filtering. ive installed SE vpn server on this server and can access to all protocoles like L2TP, all clients accessing to 79.100.101.233 ip address.
on this server i can access to another Server outside of Iran , connected throughout the ppp connection, its located in London with this public IP [88.150.153.198].
now in my 1st server79.100.101.233, i have access to London Server [88.150.153.198].
by default , the Softether Clients are directing to server 1 Ip 79.100.101.233, how can i route them to London Location?
ppp0 [ local IP = 10.8.0.150 , GW IP= 10.8.0.1 , PUBLIC=88.150.153.198]
Code: Select all
eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet 79.100.101.233 netmask 255.255.255.0 broadcast 79.100.101.255
ether 1e:00:dc:01:5b:f0 txqueuelen 1000 (Ethernet)
RX packets 11278 bytes 2847416 (2.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9246 bytes 2615651 (2.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.150 netmask 255.255.255.255 destination 10.8.0.1
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 3131 bytes 591444 (591.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3795 bytes 520249 (520.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
-
- Posts: 1470
- Joined: Sun Feb 14, 2021 10:31 am
Re: how to make a Tunnel
You will have even more problems if you keep openly publishing your servers' public IPs. Edit out your post and remove/change the IPs.mjthelearner wrote: ↑Fri Nov 25, 2022 6:59 amIm from iran and these days as you know we have a lot problems with internet access with the world.
As for your VPN configuration issues, consider instead SoftEther "multi-hop" VPN solution described above.
-
- Posts: 28
- Joined: Fri Nov 25, 2022 6:08 am
Re: how to make a Tunnel
thank you , i will look into it,
the IP's are changed, not actual my own IP.
as i read a lot question on forum, many users have the same problem, why there is no clear and step by step configuration?
if i find a way to work, ill try to make a clear instruction.
thank you
the IP's are changed, not actual my own IP.
as i read a lot question on forum, many users have the same problem, why there is no clear and step by step configuration?
if i find a way to work, ill try to make a clear instruction.
thank you
-
- Posts: 28
- Joined: Fri Nov 25, 2022 6:08 am
Re: how to make a Tunnel
its working perfectly, thank yousolo wrote: ↑Tue Oct 18, 2022 11:53 pmIn the blocked country setup SE Server with a vHUB as follows:
- no bridge
- no SecureNAT
- no L3
- no VPN Azure
- yes IPsec/L2TP
- yes OpenVPN/MS-SSTP
- add VPN users
On the VPS in unblocked country setup SE Server with a vHUB as follows:
- no bridge
- yes SecureNAT (with all defaults)
- no L3
- no VPN Azure
- no IPsec/L2TP
- no OpenVPN/MS-SSTP
- add only 1 VPN user
Now cascade from the blocked SE Server to the unblocked SE Server on port 443 to avoid detection.
-
- Posts: 2
- Joined: Fri Nov 04, 2022 11:53 pm
Re: how to make a Tunnel
Thanks a lot bro. I configured them and It's working nice but an Error is occurring every few hours on Cascade connection from Blocked country SE to Unblocked SE:solo wrote: ↑Thu Nov 24, 2022 10:30 amHi Parham, yes for direct SSTP but only SSTP as other protocols are easily blocked, and yes for V2ray co-existence as long as there is no port conflict.
Incidentally, SoftEther server in a blocked country may be indirectly detected unless the following vpn_server.config mod is applied:
Code: Select all
declare DDnsClient { bool Disabled true declare ServerConfiguration { bool DisableNatTraversal true
Error 131: Several VPN Servers on the same IP address. You can specify the destination server's private IP or hostname concretely such as "Global IP address or host name/192.168.x.x". Or if a NAT is used on the server's side, configure the NAT to open, relay or transfer appropriate ports. (code 131)
sometimes the cascade disconnects and when disconnects, this Error occurred for a while and it's unable for Cascade connection to unblocked country SE.
I'm not sure what does "Several VPN Servers" means? does it mean other VPN services or Other SoftEther Services or is it caused by DHCP of vHUB?
as I said I had configured V2ray(x-ui) and Openconnect(Ocserv) on this server too (although I had disabled the ocserv as I guessed maybe this is causing the problem but not uninstalled yet) and also on v2ray I'm not using any config with Port 443.and also on VPS in unblocked country I add another vHUB for Cascade and as I said I have enabled SSTP on it (I disabled L2TP & OVPN). I even changed the unblocked country vHUBs DHCP IPs .I also changed the port of cascade Connection too and I feel that maybe it's disconnecting fewer but I still have this problem. also I have Certificate with Let's Encrypt
sorry if it was long I describe everything that might be the reason