Win10 VPN client network traffic will not enter the tunnel

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
dukedracula
Posts: 7
Joined: Thu Dec 29, 2022 7:05 am

Win10 VPN client network traffic will not enter the tunnel

Post by dukedracula » Thu Dec 29, 2022 11:08 am

1.Environmental Description
VPN server for windows, ver: softether-vpnserver_vpnbridge-v4.41-9782-beta-2022.11.17-windows-x86_x64-intel.exe
VPN client for windows, ver: softether-vpnclient-v4.41-9782-beta-2022.11.17-windows-x86_x64-intel.exe
2.Problem: Win10 network traffic will not enter the tunnel
In the win10 operating system, when the VPN tunnel was just established, the network traffic could enter the tunnel, but after about 30 seconds, the network traffic could not enter the tunnel. By analyzing the priority of the routing table, the network traffic should be able to enter the tunnel, but the network traffic did not enter the tunnel,And the VPN client is not added to the host route of the VPN server,Different from win7.The VPN client does not delete the default route of the physical network card.See the attachment for screenshots.
You do not have the required permissions to view the files attached to this post.

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Win10 VPN client network traffic will not enter the tunnel

Post by eddiewu » Thu Dec 29, 2022 11:48 am

Showing only the default route doesn't mean anything.

shakibamoshiri
Posts: 285
Joined: Wed Dec 28, 2022 9:10 pm

Re: Win10 VPN client network traffic will not enter the tunnel

Post by shakibamoshiri » Thu Dec 29, 2022 12:37 pm

If you have been connected into a full tunnel, your PC default route should be either
- deleted
- replaced
with the VPN servers default gateway.

If it did not happen, it is ether
- you may use a split tunnel
- the client does not have enough permission to delete/update default route
- network misconfiguration
- maybe SE client/server bug, but it is really unlikely

dukedracula
Posts: 7
Joined: Thu Dec 29, 2022 7:05 am

Re: Win10 VPN client network traffic will not enter the tunnel

Post by dukedracula » Fri Dec 30, 2022 8:18 am

shakibamoshiri wrote:
Thu Dec 29, 2022 12:37 pm
If you have been connected into a full tunnel, your PC default route should be either
- deleted
- replaced
with the VPN servers default gateway.

If it did not happen, it is ether
- you may use a split tunnel
- the client does not have enough permission to delete/update default route
- network misconfiguration
- maybe SE client/server bug, but it is really unlikely
1. I use a full tunnel, don't use split tunnel

2. I have used 4 win10 computers, and the problem is the same, so it is not my computer's problem.

3. I use the win10 computer to connect to another VPN server. There is no problem, so it is not a problem of permissions.



It's strange. I don't know if the VPN server configuration is wrong.

shakibamoshiri
Posts: 285
Joined: Wed Dec 28, 2022 9:10 pm

Re: Win10 VPN client network traffic will not enter the tunnel

Post by shakibamoshiri » Fri Dec 30, 2022 8:39 pm

It's strange. I don't know if the VPN server configuration is wrong.
who has configured the SE server and what is the configuration?
If you do not mention details, it cannot be easy to troubleshoot your issue.

dukedracula
Posts: 7
Joined: Thu Dec 29, 2022 7:05 am

Re: Win10 VPN client network traffic will not enter the tunnel

Post by dukedracula » Mon Jan 02, 2023 3:38 pm

shakibamoshiri wrote:
Fri Dec 30, 2022 8:39 pm
It's strange. I don't know if the VPN server configuration is wrong.
who has configured the SE server and what is the configuration?
If you do not mention details, it cannot be easy to troubleshoot your issue.
-Default installation, default configuration,SE vpn client never deletes the default route.
-I have also deployed SE Server on Centos, which has the same problem.

dukedracula
Posts: 7
Joined: Thu Dec 29, 2022 7:05 am

Re: Win10 VPN client network traffic will not enter the tunnel

Post by dukedracula » Mon Jan 02, 2023 3:38 pm

shakibamoshiri wrote:
Fri Dec 30, 2022 8:39 pm
It's strange. I don't know if the VPN server configuration is wrong.
who has configured the SE server and what is the configuration?
If you do not mention details, it cannot be easy to troubleshoot your issue.
-Default installation, default configuration,SE vpn client never deletes the default route.
-I have also deployed SE Server on Centos, which has the same problem.

shakibamoshiri
Posts: 285
Joined: Wed Dec 28, 2022 9:10 pm

Re: Win10 VPN client network traffic will not enter the tunnel

Post by shakibamoshiri » Mon Jan 02, 2023 4:18 pm

if you have default configuration for SE server, I think you have not enabled Secure-NAT and with out this, a client either
- can connect
- or you wont have default route

So check and make sure Secure NAT has been enabled.

Enabling Secure NAT
- ./vpncmd
- select 1 (Server Managment)
- ./SecureNatEnable


you can do it with GUI as well
- open GUI on Windows
- select your Hub
- check the properties
- go to secure NAT section
- enable secure NAT

The default DHCP broadcasts 192.168.30.10 ~ 192.168.30.200

dukedracula
Posts: 7
Joined: Thu Dec 29, 2022 7:05 am

Re: Win10 VPN client network traffic will not enter the tunnel

Post by dukedracula » Tue Jan 03, 2023 2:13 am

Hi, shakibamoshiri
My SE VPN Server configuration is as follows.Please check it, thank you.
You do not have the required permissions to view the files attached to this post.

dukedracula
Posts: 7
Joined: Thu Dec 29, 2022 7:05 am

Re: Win10 VPN client network traffic will not enter the tunnel

Post by dukedracula » Tue Jan 03, 2023 2:14 am

dukedracula wrote:
Tue Jan 03, 2023 2:13 am
Hi, shakibamoshiri
My SE VPN Server configuration is as follows.Please check it, thank you.
You do not have the required permissions to view the files attached to this post.

shakibamoshiri
Posts: 285
Joined: Wed Dec 28, 2022 9:10 pm

Re: Win10 VPN client network traffic will not enter the tunnel

Post by shakibamoshiri » Tue Jan 03, 2023 6:29 am

if you the Secure NAT has been enabled, check next step.

Open cmd prompt and run

Code: Select all

ipconfig | findstr "Default"
screenshot
https://freeimage.host/i/HuZnAV2

and you should see just one "Default Gateway". If you had more than 1, then this could be the issue.
Try changing "metric" of that network adopter in your network setting
here is a guide
https://www.howtogeek.com/howto/27994/h ... n-windows/

set SE client network adopter's metric to 1

dukedracula
Posts: 7
Joined: Thu Dec 29, 2022 7:05 am

Re: Win10 VPN client network traffic will not enter the tunnel

Post by dukedracula » Wed Jan 04, 2023 10:55 am

hi,shakibamoshiri
Thank you for your support.I found the cause of the problem,The problem was caused by the network environment.You can verify that this problem has occurred in several environments I have built.
-The two-layer network will have problems.
-There is no problem with the three-layer network.
Please see the attachment.
You do not have the required permissions to view the files attached to this post.

shakibamoshiri
Posts: 285
Joined: Wed Dec 28, 2022 9:10 pm

Re: Win10 VPN client network traffic will not enter the tunnel

Post by shakibamoshiri » Wed Jan 04, 2023 1:47 pm

dukedracula wrote:
Wed Jan 04, 2023 10:55 am
hi,shakibamoshiri
Thank you for your support.I found the cause of the problem,The problem was caused by the network environment.You can verify that this problem has occurred in several environments I have built.
-The two-layer network will have problems.
-There is no problem with the three-layer network.
Please see the attachment.
Thank you , I did not have experience with this condition

vpnfail
Posts: 14
Joined: Mon Jan 02, 2023 2:11 pm
Contact:

Re: Win10 VPN client network traffic will not enter the tunnel

Post by vpnfail » Wed Jan 04, 2023 1:51 pm

dukedracula wrote:
Wed Jan 04, 2023 10:55 am
hi,shakibamoshiri
Thank you for your support.I found the cause of the problem,The problem was caused by the network environment.You can verify that this problem has occurred in several environments I have built.
-The two-layer network will have problems.
-There is no problem with the three-layer network.
Please see the attachment.
thanks for posting the solution!
Free VPN that works. For V2Ray, WireGuard and OpenVPN - https://vpn.fail/
Real-time free proxy list. SOCKS, HTTP & V2RAY - https://vpn.fail/free-proxy

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Win10 VPN client network traffic will not enter the tunnel

Post by solo » Thu Jan 05, 2023 12:22 am

vpnfail wrote:
Wed Jan 04, 2023 1:51 pm
thanks for posting the solution!
What solution? The cure for a self-inflicted wound?

From the very first post it is clear that the OP has created a network loop. It actually works for "about 30 seconds" but nobody had noticed nor commented on this critical fact. The traceroute displays several private ranges with a millisecond hop time - obviously all on the same LAN. When you make a, completely useless, VPN connection over the same LAN, you generate an ARP broadcast storm which after "about 30 seconds" overwhelms the entire network and kills the connection - a classic VPN FAIL topology.

Incidentally, your aptly-named "vpn fail" project produces this warning:
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

Post Reply