FreeBSD setup and operation
Posted: Mon Oct 17, 2022 10:08 pm
I'm attempting to set this up on 12.3, but will soon move the server involved to 13.1.
Right now its a "proof of concept" so I stuck the code (loaded as a package), grabbed the windows configuration GUI problem and ran into a few problems.
First, with a bridge enabled the software continually tries to tamper with the interface MTU (1500) -- raising it. While the adapter can do jumbo frames up to 8k, it wants more -- and as it resets it whacks out the interface with an up/down cycle, and also due to other hosts not liking them on the same switch, it causes general mayhem.
2022-10-17 18:02:37.569 Administration mode [RPC-35]: The Local Bridge connection definition "VPN" --> "igb0" has been added.
2022-10-17 18:02:37.569 [HUB "VPN"] The Local Bridge connection "igb0" has started. The bridge session "SID-LOCALBRIDGE-3" was created.
2022-10-17 18:02:37.852 [HUB "VPN"] Session "SID-LOCALBRIDGE-3": A Local Bridge connection to physical Ethernet interface "igb0" was started.
2022-10-17 18:02:46.570 [HUB "VPN"] Session "SID-LOCALBRIDGE-3": The physical Ethernet interface "igb0" has an MTU value set to 1514. It is necessary to send and receive an Ethernet packet which has 2848 bytes. The MTU is now changed to 2848.
2022-10-17 18:02:59.403 [HUB "VPN"] Session "SID-LOCALBRIDGE-3": The physical Ethernet interface "igb0" has an MTU value set to 2848. It is necessary to send and receive an Ethernet packet which has 2962 bytes. The MTU is now changed to 2962.
2022-10-17 18:03:09.666 [HUB "VPN"] Session "SID-LOCALBRIDGE-3": The physical Ethernet interface "igb0" has an MTU value set to 2962. It is necessary to send and receive an Ethernet packet which has 4088 bytes. The MTU is now changed to 4088.
2022-10-17 18:03:20.007 Administration mode [RPC-35]: The Local Bridge connection definition "VPN" --> "igb0" has been deleted.
2022-10-17 18:03:20.136 [HUB "VPN"] The Local Bridge connection "igb0" has stopped.
This continues until it runs into the jumbo frame limit (8k) and keeps trying to raise it further, which trashes communication as each of those changes down/ups the interface.
I found no way to stop this other than shut down the bridge -- but that may be causing the next problem, as it may have to be there for the rest to work.
I successfully loaded the certificate and CA I need to use, and then attempted to configure a Windows 11 client. After some fumbling (I'll figure out certificates, which I want to use, once I have the basics working) including making sure the CAs are in the right place and such I have gotten to here:
2022-10-17 17:44:50.263 On the TCP Listener (Port 4443), a Client (IP address 172.58.146.152, Host name "172.58.146.152", Port number 19244) has connected.
2022-10-17 17:44:50.263 For the client (IP address: 172.58.146.152, host name: "172.58.146.152", port number: 19244), connection "CID-6" has been created.
2022-10-17 17:44:50.503 SSL communication for connection "CID-6" has been started. The encryption algorithm name is "TLS_AES_256_GCM_SHA384".
2022-10-17 17:44:57.822 SSTP PPP Session [172.58.146.152:19244]: A new PPP session (Upper protocol: SSTP) is started. IP Address of PPP Client: 172.58.146.152 (Hostname: "172.58.146.152"), Port Number of PPP Client: 19244, IP Address of PPP Server: 192.168.10.100, Port Number of PPP Server: 4443, Client Software Name: "Microsoft SSTP VPN Client", IPv4 TCP MSS (Max Segment Size): 0 bytes
2022-10-17 17:44:58.389 On the TCP Listener (Port 0), a Client (IP address 172.58.146.152, Host name "172.58.146.152", Port number 19244) has connected.
2022-10-17 17:44:58.389 For the client (IP address: 172.58.146.152, host name: "172.58.146.152", port number: 19244), connection "CID-7" has been created.
2022-10-17 17:44:58.389 SSL communication for connection "CID-7" has been started. The encryption algorithm name is "(null)".
2022-10-17 17:44:58.389 [HUB "VPN"] The connection "CID-7" (IP address: 172.58.146.152, Host name: 172.58.146.152, Port number: 19244, Client name: "Microsoft SSTP VPN Client", Version: 4.38, Build: 9760) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "karl".
2022-10-17 17:44:58.389 [HUB "VPN"] Connection "CID-7": Successfully authenticated as user "karl".
2022-10-17 17:44:58.389 [HUB "VPN"] Connection "CID-7": The new session "SID-KARL-[SSTP]-2" has been created. (IP address: 172.58.146.152, Port number: 19244, Physical underlying protocol: "Legacy VPN - SSTP")
2022-10-17 17:44:58.389 [HUB "VPN"] Session "SID-KARL-[SSTP]-2": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2022-10-17 17:44:58.389 [HUB "VPN"] Session "SID-KARL-[SSTP]-2": VPN Client details: (Client product name: "Microsoft SSTP VPN Client", Client version: 438, Client build number: 9760, Server product name: "SoftEther VPN Server (64 bit) (Open Source)", Server version: 438, Server build number: 9760, Client OS name: "Microsoft SSTP VPN Client", Client OS version: "-", Client product ID: "-", Client host name: "172.58.146.152", Client IP address: "172.58.146.152", Client port number: 19244, Server host name: "192.168.10.100", Server IP address: "192.168.10.100", Server port number: 4443, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "VPN", Client unique ID: "474A5C384098E408C77393EC362CE77C")
2022-10-17 17:44:58.670 SSTP PPP Session [172.58.146.152:19244]: Trying to request an IP address from the DHCP server.
2022-10-17 17:45:03.677 SSTP PPP Session [172.58.146.152:19244]: Acquiring an IP address from the DHCP server failed. To accept a PPP session, you need to have a DHCP server. Make sure that a DHCP server is working normally in the Ethernet segment which the Virtual Hub belongs to. If you do not have a DHCP server, you can use the Virtual DHCP function of the SecureNAT on the Virtual Hub instead.
2022-10-17 17:45:11.777 SSTP PPP Session [172.58.146.152:19244]: The VPN Client sent a packet though an IP address of the VPN Client hasn't been determined.
2022-10-17 17:45:11.777 SSTP PPP Session [172.58.146.152:19244]: A PPP protocol error occurred, or the PPP session has been disconnected.
2022-10-17 17:45:11.809 Connection "CID-6" terminated by the cause "Connection has been disconnected." (code 3).
2022-10-17 17:45:11.809 Connection "CID-6" has been terminated.
2022-10-17 17:45:11.809 The connection with the client (IP address 172.58.146.152, Port number 19244) has been disconnected.
There IS a DHCP server on the base network but I see nowhere I can specify its address (it is not on the same host where the connection is coming into.) If the problem is that the bridge has been shut down and its needed to get the packets on the wire then fixing the "I wanna crank up the MTU" problem is the gating factor, and I can't find a place to shut that off, if it can be shut off.
Any suggestions?
Right now its a "proof of concept" so I stuck the code (loaded as a package), grabbed the windows configuration GUI problem and ran into a few problems.
First, with a bridge enabled the software continually tries to tamper with the interface MTU (1500) -- raising it. While the adapter can do jumbo frames up to 8k, it wants more -- and as it resets it whacks out the interface with an up/down cycle, and also due to other hosts not liking them on the same switch, it causes general mayhem.
2022-10-17 18:02:37.569 Administration mode [RPC-35]: The Local Bridge connection definition "VPN" --> "igb0" has been added.
2022-10-17 18:02:37.569 [HUB "VPN"] The Local Bridge connection "igb0" has started. The bridge session "SID-LOCALBRIDGE-3" was created.
2022-10-17 18:02:37.852 [HUB "VPN"] Session "SID-LOCALBRIDGE-3": A Local Bridge connection to physical Ethernet interface "igb0" was started.
2022-10-17 18:02:46.570 [HUB "VPN"] Session "SID-LOCALBRIDGE-3": The physical Ethernet interface "igb0" has an MTU value set to 1514. It is necessary to send and receive an Ethernet packet which has 2848 bytes. The MTU is now changed to 2848.
2022-10-17 18:02:59.403 [HUB "VPN"] Session "SID-LOCALBRIDGE-3": The physical Ethernet interface "igb0" has an MTU value set to 2848. It is necessary to send and receive an Ethernet packet which has 2962 bytes. The MTU is now changed to 2962.
2022-10-17 18:03:09.666 [HUB "VPN"] Session "SID-LOCALBRIDGE-3": The physical Ethernet interface "igb0" has an MTU value set to 2962. It is necessary to send and receive an Ethernet packet which has 4088 bytes. The MTU is now changed to 4088.
2022-10-17 18:03:20.007 Administration mode [RPC-35]: The Local Bridge connection definition "VPN" --> "igb0" has been deleted.
2022-10-17 18:03:20.136 [HUB "VPN"] The Local Bridge connection "igb0" has stopped.
This continues until it runs into the jumbo frame limit (8k) and keeps trying to raise it further, which trashes communication as each of those changes down/ups the interface.
I found no way to stop this other than shut down the bridge -- but that may be causing the next problem, as it may have to be there for the rest to work.
I successfully loaded the certificate and CA I need to use, and then attempted to configure a Windows 11 client. After some fumbling (I'll figure out certificates, which I want to use, once I have the basics working) including making sure the CAs are in the right place and such I have gotten to here:
2022-10-17 17:44:50.263 On the TCP Listener (Port 4443), a Client (IP address 172.58.146.152, Host name "172.58.146.152", Port number 19244) has connected.
2022-10-17 17:44:50.263 For the client (IP address: 172.58.146.152, host name: "172.58.146.152", port number: 19244), connection "CID-6" has been created.
2022-10-17 17:44:50.503 SSL communication for connection "CID-6" has been started. The encryption algorithm name is "TLS_AES_256_GCM_SHA384".
2022-10-17 17:44:57.822 SSTP PPP Session [172.58.146.152:19244]: A new PPP session (Upper protocol: SSTP) is started. IP Address of PPP Client: 172.58.146.152 (Hostname: "172.58.146.152"), Port Number of PPP Client: 19244, IP Address of PPP Server: 192.168.10.100, Port Number of PPP Server: 4443, Client Software Name: "Microsoft SSTP VPN Client", IPv4 TCP MSS (Max Segment Size): 0 bytes
2022-10-17 17:44:58.389 On the TCP Listener (Port 0), a Client (IP address 172.58.146.152, Host name "172.58.146.152", Port number 19244) has connected.
2022-10-17 17:44:58.389 For the client (IP address: 172.58.146.152, host name: "172.58.146.152", port number: 19244), connection "CID-7" has been created.
2022-10-17 17:44:58.389 SSL communication for connection "CID-7" has been started. The encryption algorithm name is "(null)".
2022-10-17 17:44:58.389 [HUB "VPN"] The connection "CID-7" (IP address: 172.58.146.152, Host name: 172.58.146.152, Port number: 19244, Client name: "Microsoft SSTP VPN Client", Version: 4.38, Build: 9760) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "karl".
2022-10-17 17:44:58.389 [HUB "VPN"] Connection "CID-7": Successfully authenticated as user "karl".
2022-10-17 17:44:58.389 [HUB "VPN"] Connection "CID-7": The new session "SID-KARL-[SSTP]-2" has been created. (IP address: 172.58.146.152, Port number: 19244, Physical underlying protocol: "Legacy VPN - SSTP")
2022-10-17 17:44:58.389 [HUB "VPN"] Session "SID-KARL-[SSTP]-2": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2022-10-17 17:44:58.389 [HUB "VPN"] Session "SID-KARL-[SSTP]-2": VPN Client details: (Client product name: "Microsoft SSTP VPN Client", Client version: 438, Client build number: 9760, Server product name: "SoftEther VPN Server (64 bit) (Open Source)", Server version: 438, Server build number: 9760, Client OS name: "Microsoft SSTP VPN Client", Client OS version: "-", Client product ID: "-", Client host name: "172.58.146.152", Client IP address: "172.58.146.152", Client port number: 19244, Server host name: "192.168.10.100", Server IP address: "192.168.10.100", Server port number: 4443, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "VPN", Client unique ID: "474A5C384098E408C77393EC362CE77C")
2022-10-17 17:44:58.670 SSTP PPP Session [172.58.146.152:19244]: Trying to request an IP address from the DHCP server.
2022-10-17 17:45:03.677 SSTP PPP Session [172.58.146.152:19244]: Acquiring an IP address from the DHCP server failed. To accept a PPP session, you need to have a DHCP server. Make sure that a DHCP server is working normally in the Ethernet segment which the Virtual Hub belongs to. If you do not have a DHCP server, you can use the Virtual DHCP function of the SecureNAT on the Virtual Hub instead.
2022-10-17 17:45:11.777 SSTP PPP Session [172.58.146.152:19244]: The VPN Client sent a packet though an IP address of the VPN Client hasn't been determined.
2022-10-17 17:45:11.777 SSTP PPP Session [172.58.146.152:19244]: A PPP protocol error occurred, or the PPP session has been disconnected.
2022-10-17 17:45:11.809 Connection "CID-6" terminated by the cause "Connection has been disconnected." (code 3).
2022-10-17 17:45:11.809 Connection "CID-6" has been terminated.
2022-10-17 17:45:11.809 The connection with the client (IP address 172.58.146.152, Port number 19244) has been disconnected.
There IS a DHCP server on the base network but I see nowhere I can specify its address (it is not on the same host where the connection is coming into.) If the problem is that the bridge has been shut down and its needed to get the packets on the wire then fixing the "I wanna crank up the MTU" problem is the gating factor, and I can't find a place to shut that off, if it can be shut off.
Any suggestions?