SoftEther VPN User Forum

SoftEther VPN User Forum
https://www.vpnusers.com/

Best way to configure DHCP Client on Linux vpnclient

https://www.vpnusers.com/viewtopic.php?f=7&t=67905

Page 1 of 1

Best way to configure DHCP Client on Linux vpnclient

Posted: Sun Nov 13, 2022 3:03 pm
by darwin.ranzone
I have Ubuntu 22.02 VPN Client and VPN Server

I didnt find documentation on how to do what i wanted so i had ti figure out on my own how to make it work
basically i added all iptables commands and ip route commands inside the softether-vpnclient.service and softether-vpnserver.service

but i do get some errors on the systemd status for DHCLIENT so i feel i could have done it better maybe someone can advise how i can improve this?

Here is my config:

Code: Select all

[Unit]
Description=SoftEther VPN Client
After=network.target auditd.service
ConditionPathExists=!/usr/local/libexec/softether/vpnclient/do_not_run

[Service]
Type=forking
EnvironmentFile=-/usr/local/libexec/softether/vpnclient
ExecStart=/usr/local/libexec/softether/vpnclient/vpnclient start
ExecStartPost=/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
ExecStartPost=/usr/bin/sleep 1
ExecStartPost=/sbin/dhclient -q vpn_sevpn
ExecStop=/usr/local/libexec/softether/vpnclient/vpnclient stop
KillMode=process
Restart=on-failure

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/usr/local/libexec/softether/vpnclient
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYSLOG CAP_SETUID

[Install]
WantedBy=multi-user.target
I have since changed to Statically Assign the IP instead, but ideally i would ;like to manage my VPN clients centrally on the server, is there a community approved way of doing this?

Code: Select all


[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/usr/local/libexec/softether/vpnserver/do_not_run

[Service]
Type=forking
TasksMax=infinity
EnvironmentFile=-/usr/local/libexec/softether/vpnserver
ExecStart=/usr/local/libexec/softether/vpnserver/vpnserver start
ExecStartPost=/usr/bin/sleep 1
ExecStartPost=/sbin/ip address flush tap_sevpn
ExecStartPost=/sbin/ip addr add 192.168.7.23/24 dev tap_sevpn
ExecStartPost=/sbin/ip route add 192.168.1.0/24 via 192.168.7.100
ExecStartPost=/sbin/iptables -t nat -A POSTROUTING -o enp1s0 -s 192.168.7.0/24 -j SNAT --to-source 192.168.1.23
ExecStop=/usr/local/libexec/softether/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/usr/local/libexec/softether/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYSLOG CAP_SETUID

[Install]
WantedBy=multi-user.target

Re: The best place to place static routes and iptables rules

Posted: Sun Nov 13, 2022 7:51 pm
by solo
Install "iptables-persistent" and increase "sleep" to 3.

Re: The best place to place static routes and iptables rules

Posted: Sun Mar 05, 2023 5:16 am
by darwin.ranzone
but iptables is fine and it is working reliably,
my issue is with DHCLIENT part

Re: Best way to configure DHCP Client on Linux vpnclient

Posted: Sun Mar 05, 2023 7:28 am
by shakibamoshiri
Mostly a bad idea to assign IP using systemd.
It is better to look for other solution something like this one
https://www.vpnusers.com/viewtopic.php? ... 163#p98480

Re: Best way to configure DHCP Client on Linux vpnclient

Posted: Wed Mar 08, 2023 9:45 pm
by PizzaProgram
Hi,

I'm new here too. A few days ago I wanted to achieve similar goal (fixed IP for all clients forever) + pushed routing via SE's built-in SecureNAT.

Sadly it does not work (yet?). Neither on 4.x nor on 5.02 latest developer edition. Opened a topic here:
https://www.vpnusers.com/viewtopic.php?f=7&t=68161

Than opened a Github issue, donated, nothing happened yet.
https://github.com/SoftEtherVPN/SoftEth ... ssues/1792

Than I've realised it would be much easier for the SE programmers, if we could set Fix IP simply for the USER.
https://github.com/SoftEtherVPN/SoftEth ... 1453611876

Currently the only possibility to set fixed IP on the client side manually.
I really hope a programmer will spend an hour to do this soon, because it seems I'm not the only one who is wishing to use Fixed IPs managed on server side via SE ...
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/