Best way to configure DHCP Client on Linux vpnclient

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
darwin.ranzone
Posts: 8
Joined: Wed Jul 15, 2020 2:38 pm

Best way to configure DHCP Client on Linux vpnclient

Post by darwin.ranzone » Sun Nov 13, 2022 3:03 pm

I have Ubuntu 22.02 VPN Client and VPN Server

I didnt find documentation on how to do what i wanted so i had ti figure out on my own how to make it work
basically i added all iptables commands and ip route commands inside the softether-vpnclient.service and softether-vpnserver.service

but i do get some errors on the systemd status for DHCLIENT so i feel i could have done it better maybe someone can advise how i can improve this?

Here is my config:

Code: Select all

[Unit]
Description=SoftEther VPN Client
After=network.target auditd.service
ConditionPathExists=!/usr/local/libexec/softether/vpnclient/do_not_run

[Service]
Type=forking
EnvironmentFile=-/usr/local/libexec/softether/vpnclient
ExecStart=/usr/local/libexec/softether/vpnclient/vpnclient start
ExecStartPost=/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
ExecStartPost=/usr/bin/sleep 1
ExecStartPost=/sbin/dhclient -q vpn_sevpn
ExecStop=/usr/local/libexec/softether/vpnclient/vpnclient stop
KillMode=process
Restart=on-failure

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/usr/local/libexec/softether/vpnclient
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYSLOG CAP_SETUID

[Install]
WantedBy=multi-user.target
I have since changed to Statically Assign the IP instead, but ideally i would ;like to manage my VPN clients centrally on the server, is there a community approved way of doing this?

Code: Select all


[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/usr/local/libexec/softether/vpnserver/do_not_run

[Service]
Type=forking
TasksMax=infinity
EnvironmentFile=-/usr/local/libexec/softether/vpnserver
ExecStart=/usr/local/libexec/softether/vpnserver/vpnserver start
ExecStartPost=/usr/bin/sleep 1
ExecStartPost=/sbin/ip address flush tap_sevpn
ExecStartPost=/sbin/ip addr add 192.168.7.23/24 dev tap_sevpn
ExecStartPost=/sbin/ip route add 192.168.1.0/24 via 192.168.7.100
ExecStartPost=/sbin/iptables -t nat -A POSTROUTING -o enp1s0 -s 192.168.7.0/24 -j SNAT --to-source 192.168.1.23
ExecStop=/usr/local/libexec/softether/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/usr/local/libexec/softether/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYSLOG CAP_SETUID

[Install]
WantedBy=multi-user.target


Last edited by darwin.ranzone on Sun Mar 05, 2023 5:22 am, edited 2 times in total.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: The best place to place static routes and iptables rules

Post by solo » Sun Nov 13, 2022 7:51 pm

Install "iptables-persistent" and increase "sleep" to 3.

darwin.ranzone
Posts: 8
Joined: Wed Jul 15, 2020 2:38 pm

Re: The best place to place static routes and iptables rules

Post by darwin.ranzone » Sun Mar 05, 2023 5:16 am

but iptables is fine and it is working reliably,
my issue is with DHCLIENT part

shakibamoshiri
Posts: 285
Joined: Wed Dec 28, 2022 9:10 pm

Re: Best way to configure DHCP Client on Linux vpnclient

Post by shakibamoshiri » Sun Mar 05, 2023 7:28 am

Mostly a bad idea to assign IP using systemd.
It is better to look for other solution something like this one
https://www.vpnusers.com/viewtopic.php? ... 163#p98480

PizzaProgram
Posts: 43
Joined: Fri Aug 12, 2022 6:57 pm
Contact:

Re: Best way to configure DHCP Client on Linux vpnclient

Post by PizzaProgram » Wed Mar 08, 2023 9:45 pm

Hi,

I'm new here too. A few days ago I wanted to achieve similar goal (fixed IP for all clients forever) + pushed routing via SE's built-in SecureNAT.

Sadly it does not work (yet?). Neither on 4.x nor on 5.02 latest developer edition. Opened a topic here:
https://www.vpnusers.com/viewtopic.php?f=7&t=68161

Than opened a Github issue, donated, nothing happened yet.
https://github.com/SoftEtherVPN/SoftEth ... ssues/1792

Than I've realised it would be much easier for the SE programmers, if we could set Fix IP simply for the USER.
https://github.com/SoftEtherVPN/SoftEth ... 1453611876

Currently the only possibility to set fixed IP on the client side manually.
I really hope a programmer will spend an hour to do this soon, because it seems I'm not the only one who is wishing to use Fixed IPs managed on server side via SE ...

Post Reply