ping - but no connection possible

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
daniel@netcius.net
Posts: 7
Joined: Sun Aug 14, 2022 9:21 am

ping - but no connection possible

Post by daniel@netcius.net » Tue Dec 13, 2022 5:16 pm

Hi

I have a softether server behind a standard 1Gbe Internet router. Port-forwarding to 443. That all works perfectly fine and is (as far as I can tell) box standard.

Now I am having this very strange effect: Trying to connect to one specific remote site
- sometimes (mostly) works as expected - but sometime it doesn't.
- It seems to depend on the type of internet connection. E.g., using my laptop, if I use my
- home WLAN (so my home Internet connection) it works fine
- phone as a hotspot it doesn't.
- When it doesn't work, it gets stuck at "contacting [server.name]" - so one could think it is a DNS issue
- but it isn't - as I can still NSLOOKUP and also PING the [server.name] when over such a connection (I appreciate that I rather ping the remote router than the server - but it shows that the DNS resolution work as always).

I am wondering if some kind of proxy or NAT translation down the network path could create that problem - but what could I do against it.

It is also mysterious that this issue appears only in relation to that one remote site. To other remote servers - with as far as I can tell are near identical in terms of internet connection, hardware and software configuration - I can always connect.

Any hints would be appreciated.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: ping - but no connection possible

Post by solo » Wed Dec 14, 2022 1:53 am

Please run traceroute/tracert 1.1.1.1 from the server and look for private IP range immediately after the router, like these:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

?

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: ping - but no connection possible

Post by eddiewu » Wed Dec 14, 2022 2:19 am

The port forwarding is probably not working. Your connection can still succeed with NAT-T, but NAT-T strongly depends on the network you are using.

daniel@netcius.net
Posts: 7
Joined: Sun Aug 14, 2022 9:21 am

Re: ping - but no connection possible

Post by daniel@netcius.net » Wed Dec 14, 2022 11:07 am

solo wrote:
Wed Dec 14, 2022 1:53 am
Please run traceroute/tracert 1.1.1.1 from the server and look for private IP range immediately after the router, like these:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

?
Hi - if I correctly understand you meant on the server (which I cannot connect to sometimes).

Did that - looks perfectly normal to me:

Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

1 20 ms 20 ms 20 ms 192.168.139.1 (which is the local IP of the router)
2 27 ms 21 ms 24 ms ...

Also, it appear unlikely to me that it is the server which has the issue: It would only ever receive connections on port 443 from the local router. How could it even theoretically distinguish between different connections I use on my client host?

daniel@netcius.net
Posts: 7
Joined: Sun Aug 14, 2022 9:21 am

Re: ping - but no connection possible

Post by daniel@netcius.net » Wed Dec 14, 2022 11:09 am

eddiewu wrote:
Wed Dec 14, 2022 2:19 am
The port forwarding is probably not working. Your connection can still succeed with NAT-T, but NAT-T strongly depends on the network you are using.
Hi - thanks

but

- port forwarding works if the request comes from a certain connection - how could it make a difference for the local port forwarding from where in the Internet the request came?

- I have tried with and without NAT-T - makes no difference

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: ping - but no connection possible

Post by solo » Wed Dec 14, 2022 11:16 am

Hello, so what's on #2 of the traceroute? A public or private IP?

If it is private then your port forwarding is useless.

daniel@netcius.net
Posts: 7
Joined: Sun Aug 14, 2022 9:21 am

Re: ping - but no connection possible

Post by daniel@netcius.net » Wed Dec 14, 2022 11:22 am

solo wrote:
Wed Dec 14, 2022 11:16 am
Hello, so what's on #2 of the traceroute? A public or private IP?

If it is private then your port forwarding is useless.
No, already the next hop is a public IP (sorry, just didn't post for privacy)

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: ping - but no connection possible

Post by solo » Wed Dec 14, 2022 11:30 am

daniel@netcius.net wrote:
Tue Dec 13, 2022 5:16 pm
- phone as a hotspot it doesn't.
Using the hotspot browse https://your.server.public.ip.addr:443/
- what do you get?

daniel@netcius.net
Posts: 7
Joined: Sun Aug 14, 2022 9:21 am

Re: ping - but no connection possible

Post by daniel@netcius.net » Thu Dec 15, 2022 10:39 am

Thanks to everyone trying to help!

The problem has been resolved. The issue was a routing issue - with a SoftEther client being active and have routing adjustment selected.

I am still not 100% clear why that was only an issue when coming from certain connections but not from others - but I guess it will have something to do that that back-connection points to the public IP which I was using when the connection worked.

Post Reply