how to make a Tunnel

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Zo0OX
Posts: 2
Joined: Sun Oct 16, 2022 2:01 am

how to make a Tunnel

Post by Zo0OX » Sun Oct 16, 2022 2:07 am

hello

in here almost all internet is blocked, so i need to make a tunnel between one inside vps and one out country vps to make openvpn and l2tp.

i install softether on inside vps and connected on l2tp and openvpn , now how can i send trrafic from inside vps to outside vps and make a tunnel and use free internet ?

thanks

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: how to make a Tunnel

Post by solo » Tue Oct 18, 2022 11:53 pm

In the blocked country setup SE Server with a vHUB as follows:
- no bridge
- no SecureNAT
- no L3
- no VPN Azure
- yes IPsec/L2TP
- yes OpenVPN/MS-SSTP
- add VPN users

On the VPS in unblocked country setup SE Server with a vHUB as follows:
- no bridge
- yes SecureNAT (with all defaults)
- no L3
- no VPN Azure
- no IPsec/L2TP
- no OpenVPN/MS-SSTP
- add only 1 VPN user

Now cascade from the blocked SE Server to the unblocked SE Server on port 443 to avoid detection.

datawizard
Posts: 5
Joined: Wed Oct 19, 2022 2:08 pm

Re: how to make a Tunnel

Post by datawizard » Wed Oct 19, 2022 3:03 pm

Hi, In my country every thing is closed. In blocked country I have telnet on port 443 with unblocked vps.
But the cascade connection failed. I think my country uses smart content filtering. So they close every suspected packet.
What should I do?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: how to make a Tunnel

Post by solo » Wed Oct 19, 2022 10:26 pm

The cascade failed because your telnet already occupies port 443. Start the unblocked SE on a few non-standard ports, then allow/forward them on the VPS and re-try cascading on various ports.

Incidentally, can you connect to https://www.vpngate.net/en/ VPNs on 443? Also, are you able to run SE on Linux? If not, can you run a server edition of Windows with access to RRAS console?

Zo0OX
Posts: 2
Joined: Sun Oct 16, 2022 2:01 am

Re: how to make a Tunnel

Post by Zo0OX » Sat Oct 22, 2022 5:26 pm

solo wrote:
Tue Oct 18, 2022 11:53 pm
In the blocked country setup SE Server with a vHUB as follows:
- no bridge
- no SecureNAT
- no L3
- no VPN Azure
- yes IPsec/L2TP
- yes OpenVPN/MS-SSTP
- add VPN users

On the VPS in unblocked country setup SE Server with a vHUB as follows:
- no bridge
- yes SecureNAT (with all defaults)
- no L3
- no VPN Azure
- no IPsec/L2TP
- no OpenVPN/MS-SSTP
- add only 1 VPN user

Now cascade from the blocked SE Server to the unblocked SE Server on port 443 to avoid detection.
thanks a lot
worked well with this, just Radius not work in this case.

Hugsy
Posts: 2
Joined: Tue Oct 25, 2022 5:19 pm

Re: how to make a Tunnel

Post by Hugsy » Tue Oct 25, 2022 5:28 pm

may i ask where are u from ?

KatherineEddie
Posts: 25
Joined: Fri Nov 11, 2022 9:45 am

Re: how to make a Tunnel

Post by KatherineEddie » Fri Nov 11, 2022 9:55 am

Hi @Zo0OX
I was looking for this solution more than 2 weeks , finally found it here.
First I was searching for a site-to-site solution since I thought my issue could be solved using site-to-site.
After testing your answer I could connect to VPS-1 which itself has been connected to VPS-2 and VPS-2 would give me IP address

I already was able to do this using SSH and would call it *multi hop ssh tunnel*:
Client ==> ssh ==> VPS-1 ==> ssh ==> VPS-2
to bypass the nationwide firewall.

Now my question is, what is the name of this solution?
Regards

KatherineEddie
Posts: 25
Joined: Fri Nov 11, 2022 9:45 am

Re: how to make a Tunnel

Post by KatherineEddie » Sat Nov 12, 2022 6:49 am

KatherineEddie wrote:
Fri Nov 11, 2022 9:55 am
Hi @Zo0OX
I was looking for this solution more than 2 weeks , finally found it here.
First I was searching for a site-to-site solution since I thought my issue could be solved using site-to-site.
After testing your answer I could connect to VPS-1 which itself has been connected to VPS-2 and VPS-2 would give me IP address

I already was able to do this using SSH and would call it *multi hop ssh tunnel*:
Client ==> ssh ==> VPS-1 ==> ssh ==> VPS-2
to bypass the nationwide firewall.

Now my question is, what is the name of this solution?
Regards

After some search, according to this simple explanation (https://www.astrill.com/network/multi-hop-vpn) the method is called: multi-hop(s)-vpn with which we use more than one VPN servers to get to the final destination.

KatherineEddie
Posts: 25
Joined: Fri Nov 11, 2022 9:45 am

Re: how to make a Tunnel

Post by KatherineEddie » Sun Nov 13, 2022 9:40 am

out of curiosity I would like to test more than two hops (> double VPN) and it was working perfectly.

Code: Select all

client ===> VPN-S1 ===> VPN-S2 ===> VPN-S3 ===> destination
Then I would like to test more than one cascade, connecting to two servers (VPN servers), a kind of HA (high availability) and worked as well.
The client IP address was assigned randomly, sometimes from CC1, sometimes from CC2.

Code: Select all

                ========> CC1 ======> VPN-S-A (e.g. 10.11.30.1/24)
client ====> VPN-S1
                ========> CC2 ======> VPN-S-B (e.g 10.12.30.1/24)

Parham
Posts: 2
Joined: Fri Nov 04, 2022 11:53 pm

Re: how to make a Tunnel

Post by Parham » Thu Nov 24, 2022 8:59 am

solo wrote:
Tue Oct 18, 2022 11:53 pm
In the blocked country setup SE Server with a vHUB as follows:
- no bridge
- no SecureNAT
- no L3
- no VPN Azure
- yes IPsec/L2TP
- yes OpenVPN/MS-SSTP
- add VPN users

On the VPS in unblocked country setup SE Server with a vHUB as follows:
- no bridge
- yes SecureNAT (with all defaults)
- no L3
- no VPN Azure
- no IPsec/L2TP
- no OpenVPN/MS-SSTP
- add only 1 VPN user

Now cascade from the blocked SE Server to the unblocked SE Server on port 443 to avoid detection.
Thanks a lot solo I was looking for a solution for a month, This would really help us. I just have a few questions that I would very appreciate if you answer:
1.is it possible to keep another vHUB on the VPS in unblocked country with VPN connections except of what you said meanwhile? (To have direct SSTP VPN connection to foreign VPS when is possible)
2.I have configured V2ray on the VPS in unblocked country and forwarded packets from VPS with blocked country to it using iptables. does this make problem ? should I remove forwarding?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: how to make a Tunnel

Post by solo » Thu Nov 24, 2022 10:30 am

Hi Parham, yes for direct SSTP but only SSTP as other protocols are easily blocked, and yes for V2ray co-existence as long as there is no port conflict.

Incidentally, SoftEther server in a blocked country may be indirectly detected unless the following vpn_server.config mod is applied:

Code: Select all

	declare DDnsClient
	{
		bool Disabled true

	declare ServerConfiguration
	{
		bool DisableNatTraversal true

mjthelearner
Posts: 28
Joined: Fri Nov 25, 2022 6:08 am

Re: how to make a Tunnel

Post by mjthelearner » Fri Nov 25, 2022 6:59 am

hello dear guys

Im from iran and these days as you know we have a lot problems with internet access with the world.

I have a running Ubuntu VPS Server with 79.100.101.233 public ip and it be accessible from internal Iran IP's, we call INTRANET.
on INTRANET all ports are open , also all ports are working , so the most vpn protocols are working, such as openvpn, l2tp, gre and IPIP.
but most of service,ip and protocols outside of iran are blocked due extreme censorship and ip filtering. ive installed SE vpn server on this server and can access to all protocoles like L2TP, all clients accessing to 79.100.101.233 ip address.

on this server i can access to another Server outside of Iran , connected throughout the ppp connection, its located in London with this public IP [88.150.153.198].

now in my 1st server79.100.101.233, i have access to London Server [88.150.153.198].
by default , the Softether Clients are directing to server 1 Ip 79.100.101.233, how can i route them to London Location?
ppp0 [ local IP = 10.8.0.150 , GW IP= 10.8.0.1 , PUBLIC=88.150.153.198]

Code: Select all

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet 79.100.101.233  netmask 255.255.255.0  broadcast 79.100.101.255
        ether 1e:00:dc:01:5b:f0  txqueuelen 1000  (Ethernet)
        RX packets 11278  bytes 2847416 (2.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9246  bytes 2615651 (2.6 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.150  netmask 255.255.255.255  destination 10.8.0.1
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 3131  bytes 591444 (591.4 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3795  bytes 520249 (520.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: how to make a Tunnel

Post by solo » Fri Nov 25, 2022 7:48 am

mjthelearner wrote:
Fri Nov 25, 2022 6:59 am
Im from iran and these days as you know we have a lot problems with internet access with the world.
You will have even more problems if you keep openly publishing your servers' public IPs. Edit out your post and remove/change the IPs.

As for your VPN configuration issues, consider instead SoftEther "multi-hop" VPN solution described above.

mjthelearner
Posts: 28
Joined: Fri Nov 25, 2022 6:08 am

Re: how to make a Tunnel

Post by mjthelearner » Fri Nov 25, 2022 7:58 am

thank you , i will look into it,
the IP's are changed, not actual my own IP.

as i read a lot question on forum, many users have the same problem, why there is no clear and step by step configuration?

if i find a way to work, ill try to make a clear instruction.

thank you

mjthelearner
Posts: 28
Joined: Fri Nov 25, 2022 6:08 am

Re: how to make a Tunnel

Post by mjthelearner » Fri Nov 25, 2022 8:21 am

solo wrote:
Tue Oct 18, 2022 11:53 pm
In the blocked country setup SE Server with a vHUB as follows:
- no bridge
- no SecureNAT
- no L3
- no VPN Azure
- yes IPsec/L2TP
- yes OpenVPN/MS-SSTP
- add VPN users

On the VPS in unblocked country setup SE Server with a vHUB as follows:
- no bridge
- yes SecureNAT (with all defaults)
- no L3
- no VPN Azure
- no IPsec/L2TP
- no OpenVPN/MS-SSTP
- add only 1 VPN user

Now cascade from the blocked SE Server to the unblocked SE Server on port 443 to avoid detection.
its working perfectly, thank you

Parham
Posts: 2
Joined: Fri Nov 04, 2022 11:53 pm

Re: how to make a Tunnel

Post by Parham » Sun Nov 27, 2022 11:40 am

solo wrote:
Thu Nov 24, 2022 10:30 am
Hi Parham, yes for direct SSTP but only SSTP as other protocols are easily blocked, and yes for V2ray co-existence as long as there is no port conflict.

Incidentally, SoftEther server in a blocked country may be indirectly detected unless the following vpn_server.config mod is applied:

Code: Select all

	declare DDnsClient
	{
		bool Disabled true

	declare ServerConfiguration
	{
		bool DisableNatTraversal true
Thanks a lot bro. I configured them and It's working nice but an Error is occurring every few hours on Cascade connection from Blocked country SE to Unblocked SE:
Error 131: Several VPN Servers on the same IP address. You can specify the destination server's private IP or hostname concretely such as "Global IP address or host name/192.168.x.x". Or if a NAT is used on the server's side, configure the NAT to open, relay or transfer appropriate ports. (code 131)

sometimes the cascade disconnects and when disconnects, this Error occurred for a while and it's unable for Cascade connection to unblocked country SE.
I'm not sure what does "Several VPN Servers" means? does it mean other VPN services or Other SoftEther Services or is it caused by DHCP of vHUB?
as I said I had configured V2ray(x-ui) and Openconnect(Ocserv) on this server too (although I had disabled the ocserv as I guessed maybe this is causing the problem but not uninstalled yet) and also on v2ray I'm not using any config with Port 443.and also on VPS in unblocked country I add another vHUB for Cascade and as I said I have enabled SSTP on it (I disabled L2TP & OVPN). I even changed the unblocked country vHUBs DHCP IPs .I also changed the port of cascade Connection too and I feel that maybe it's disconnecting fewer but I still have this problem. also I have Certificate with Let's Encrypt

sorry if it was long I describe everything that might be the reason

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: how to make a Tunnel

Post by solo » Sun Nov 27, 2022 12:16 pm

Parham wrote:
Sun Nov 27, 2022 11:40 am
Error 131: Several VPN Servers on the same IP address...
Please check this post Re: Error 131.

Post Reply