Page 1 of 1
Win10 VPN client network traffic will not enter the tunnel
Posted: Thu Dec 29, 2022 11:08 am
by dukedracula
1.Environmental Description
VPN server for windows, ver: softether-vpnserver_vpnbridge-v4.41-9782-beta-2022.11.17-windows-x86_x64-intel.exe
VPN client for windows, ver: softether-vpnclient-v4.41-9782-beta-2022.11.17-windows-x86_x64-intel.exe
2.Problem: Win10 network traffic will not enter the tunnel
In the win10 operating system, when the VPN tunnel was just established, the network traffic could enter the tunnel, but after about 30 seconds, the network traffic could not enter the tunnel. By analyzing the priority of the routing table, the network traffic should be able to enter the tunnel, but the network traffic did not enter the tunnel,And the VPN client is not added to the host route of the VPN server,Different from win7.The VPN client does not delete the default route of the physical network card.See the attachment for screenshots.
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Thu Dec 29, 2022 11:48 am
by eddiewu
Showing only the default route doesn't mean anything.
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Thu Dec 29, 2022 12:37 pm
by shakibamoshiri
If you have been connected into a full tunnel, your PC default route should be either
- deleted
- replaced
with the VPN servers default gateway.
If it did not happen, it is ether
- you may use a split tunnel
- the client does not have enough permission to delete/update default route
- network misconfiguration
- maybe SE client/server bug, but it is really unlikely
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Fri Dec 30, 2022 8:18 am
by dukedracula
shakibamoshiri wrote: ↑Thu Dec 29, 2022 12:37 pm
If you have been connected into a full tunnel, your PC default route should be either
- deleted
- replaced
with the VPN servers default gateway.
If it did not happen, it is ether
- you may use a split tunnel
- the client does not have enough permission to delete/update default route
- network misconfiguration
- maybe SE client/server bug, but it is really unlikely
1. I use a full tunnel, don't use split tunnel
2. I have used 4 win10 computers, and the problem is the same, so it is not my computer's problem.
3. I use the win10 computer to connect to another VPN server. There is no problem, so it is not a problem of permissions.
It's strange. I don't know if the VPN server configuration is wrong.
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Fri Dec 30, 2022 8:39 pm
by shakibamoshiri
It's strange. I don't know if the VPN server configuration is wrong.
who has configured the SE server and what is the configuration?
If you do not mention details, it cannot be easy to troubleshoot your issue.
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Mon Jan 02, 2023 3:38 pm
by dukedracula
shakibamoshiri wrote: ↑Fri Dec 30, 2022 8:39 pm
It's strange. I don't know if the VPN server configuration is wrong.
who has configured the SE server and what is the configuration?
If you do not mention details, it cannot be easy to troubleshoot your issue.
-Default installation, default configuration,SE vpn client never deletes the default route.
-I have also deployed SE Server on Centos, which has the same problem.
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Mon Jan 02, 2023 3:38 pm
by dukedracula
shakibamoshiri wrote: ↑Fri Dec 30, 2022 8:39 pm
It's strange. I don't know if the VPN server configuration is wrong.
who has configured the SE server and what is the configuration?
If you do not mention details, it cannot be easy to troubleshoot your issue.
-Default installation, default configuration,SE vpn client never deletes the default route.
-I have also deployed SE Server on Centos, which has the same problem.
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Mon Jan 02, 2023 4:18 pm
by shakibamoshiri
if you have default configuration for SE server, I think you have not enabled Secure-NAT and with out this, a client either
- can connect
- or you wont have default route
So check and make sure Secure NAT has been enabled.
Enabling Secure NAT
- ./vpncmd
- select 1 (Server Managment)
- ./SecureNatEnable
you can do it with GUI as well
- open GUI on Windows
- select your Hub
- check the properties
- go to secure NAT section
- enable secure NAT
The default DHCP broadcasts 192.168.30.10 ~ 192.168.30.200
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Tue Jan 03, 2023 2:13 am
by dukedracula
Hi, shakibamoshiri
My SE VPN Server configuration is as follows.Please check it, thank you.
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Tue Jan 03, 2023 2:14 am
by dukedracula
dukedracula wrote: ↑Tue Jan 03, 2023 2:13 am
Hi, shakibamoshiri
My SE VPN Server configuration is as follows.Please check it, thank you.
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Tue Jan 03, 2023 6:29 am
by shakibamoshiri
if you the Secure NAT has been enabled, check next step.
Open cmd prompt and run
screenshot
https://freeimage.host/i/HuZnAV2
and you should see just one "Default Gateway". If you had more than 1, then this could be the issue.
Try changing "metric" of that network adopter in your network setting
here is a guide
https://www.howtogeek.com/howto/27994/h ... n-windows/
set SE client network adopter's metric to 1
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Wed Jan 04, 2023 10:55 am
by dukedracula
hi,shakibamoshiri
Thank you for your support.I found the cause of the problem,The problem was caused by the network environment.You can verify that this problem has occurred in several environments I have built.
-The two-layer network will have problems.
-There is no problem with the three-layer network.
Please see the attachment.
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Wed Jan 04, 2023 1:47 pm
by shakibamoshiri
dukedracula wrote: ↑Wed Jan 04, 2023 10:55 am
hi,shakibamoshiri
Thank you for your support.I found the cause of the problem,The problem was caused by the network environment.You can verify that this problem has occurred in several environments I have built.
-The two-layer network will have problems.
-There is no problem with the three-layer network.
Please see the attachment.
Thank you , I did not have experience with this condition
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Wed Jan 04, 2023 1:51 pm
by vpnfail
dukedracula wrote: ↑Wed Jan 04, 2023 10:55 am
hi,shakibamoshiri
Thank you for your support.I found the cause of the problem,The problem was caused by the network environment.You can verify that this problem has occurred in several environments I have built.
-The two-layer network will have problems.
-There is no problem with the three-layer network.
Please see the attachment.
thanks for posting the solution!
Re: Win10 VPN client network traffic will not enter the tunnel
Posted: Thu Jan 05, 2023 12:22 am
by solo
vpnfail wrote: ↑Wed Jan 04, 2023 1:51 pm
thanks for posting the solution!
What solution? The cure for a self-inflicted wound?
From the very first post it is clear that the OP has created a network loop. It actually works for "about 30 seconds" but nobody had noticed nor commented on this critical fact. The traceroute displays several private ranges with a millisecond hop time - obviously all on the same LAN. When you make a,
completely useless, VPN connection over the same LAN, you generate an ARP broadcast storm which after "about 30 seconds" overwhelms the entire network and kills the connection - a classic VPN FAIL topology.
Incidentally, your aptly-named "vpn fail" project produces this warning:
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.