Page 1 of 1
[BUG] DHCP lease time 300000000sec = 10days only
Posted: Fri Feb 24, 2023 5:45 pm
by PizzaProgram
I would like to set DHCP lease time of the Virtual NAT to infinite.
The setup does not allow to set it to 1 sec. (That would be the official "infinite")
DHCP setup.jpg
If I set it to 300-450M sec (= 10-15 years) :
SIZE=200 - it is still expiring after ca. 10 days!
I've tested with 5.01 developer version too.
Result: The SAME :-(
DHCP expire.jpg
SIZE=150
How do i set those IP addresses to be fixed forever?
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Fri Feb 24, 2023 7:29 pm
by shakibamoshiri
PizzaProgram wrote: ↑Fri Feb 24, 2023 5:45 pm
I would like to set DHCP lease time of the Virtual NAT to infinite.
The setup does not allow to set it to 1 sec. (That would be the official "infinite")
DHCP setup.jpg
If I set it to 300-450M sec (= 10-15 years) :
SIZE=200 - it is still expiring after ca. 10 days!
I've tested with 5.01 developer version too.
Result: The SAME :-(
DHCP expire.jpg
SIZE=150
How do i set those IP addresses to be fixed forever?
1. using MAC:se:00:00:00:00:00 in NOTE section + dnsmasq
Code: Select all
# If you’d like to have dnsmasq assign static IPs to some clients, bind the LAN computers NIC MAC addresses:
# dhcp-host=ae:00:00:00:00:01,192.168.100.111
# dhcp-host=ae:00:00:00:00:02,192.168.100.112
2. statically being set by the client
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Fri Feb 24, 2023 10:30 pm
by PizzaProgram
Thank you very much the quick answer!
1.
using MAC:se:00:00:00:00:00 in NOTE section + dnsmasq
A NOTE section of what?
- Somewhere in the server's config file?
Please tell me more about this.
I've found your prev. topic about DHCP speed measuring before, but it does not tell, where to put those lines.
https://www.vpnusers.com/viewtopic.php?t=68065
2.
statically being set by the client
You mean manually setting the VPN's adapter like any other adapter?
Doing this for 2-300 clients one by one is a huge extra work.
Isn't this a bug, that should be reported and fixed?
Why only 10 days?
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Fri Feb 24, 2023 10:40 pm
by PizzaProgram
... and the other problem with these methods:
SIZE=150 - How will the client get the "static routing table" pushed from the server ?
That built-in SecureNAT is working perfectly fine, if that "max 10 days" problem could be solved... ?
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Fri Feb 24, 2023 11:48 pm
by solo
The max is 6.9 days
The min is 0.69 days
If you don't like it, use an external DHCP server.
You could modify the source code, in TcpIp.c
Code: Select all
// Lease time
a = GetDhcpOption(o, DHCP_ID_LEASE_TIME);
if (a != NULL && a->Size == 4)
{
ret->LeaseTime = READ_UINT(a->Data);
}
...remove the "if" line but it may have unintended consequences.
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Sat Feb 25, 2023 12:19 am
by PizzaProgram
Recompiling the whole thing would be too difficult for me,
but Thank you (again) for the quick and detailed information! :-)
An other, completely different approach:
SIZE=150 - Is it possible to add "names" to the PCs, so no mater what the current IP assigned by SecureNAT, it would "find" it ?
- what is the "domain" field good for at the SecureNAT edit config window?
SecureNAT is a DHCP server itself, so theoretically should we able to resolve the IP by any name?
For example,
- if the HUB name is RobertoPizzaHUB
- and the PC name is DeliveryPC
than something like:
$> ping DeliveryPC.RobertoPizzaHUB.myServer.softether.org
should give back the current IP address of that PC that SecureNAT ?
... or maybe a MACaddress based name?
... or is there any other method to give a specific name to a user maybe? (I could create as many users, as many PCs there are...)
PS: can I donate you via PayPal? You have helped me a lot already!
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Sat Feb 25, 2023 12:34 am
by solo
PizzaProgram wrote: ↑Sat Feb 25, 2023 12:19 am
Recompiling the whole thing would be too difficult for me,
but Thank you (again) for the quick and detailed information! :-)
An other, completely
different approach:...
Wait, what OS and SE version are you using? Instead of recompiling a binary patch is possible. I could look into it, no promises though.
(please donate to University of Tsukuba :-)
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Sat Feb 25, 2023 1:29 am
by PizzaProgram
I will start renting the VPS probably tomorrow, but I'm still not 100% sure what OS should I choose.
I'm a bit lame with linux, but for stability for the next 10-20years it seems more logical to choose
Debian,
unless You recommend me something else?
SIZE=85 (Currently all my test are temporary running on my home server, which is Win7 32bit)
I will install a version, whatever you recommend. Probably latest would be best? 5.02
But this high-CPU Issue sounds bad:
https://github.com/SoftEtherVPN/SoftEth ... sions/1774
Instead of recompiling a binary patch is possible. I could look into it, no promises though
IMHO a simple "hidden option" inside the server's .conf file would be the best approach, don't you think?
Code: Select all
declare VirtualDhcpServer
{
bool DhcpEnabled true
uint DhcpExpireTimeSpan 300000000
...
bool DhcpAllowExtendedTime false ## <<... could be set to true manually
...
OFF: That new API-development looks good at 5.02, maybe I can use that later to monitor ALL my clients over the whole country in a summarized view.
(Just like I'm doing it now, based on an OpenVPN server made by somebody else ... who is demanding now +70% money pro month, which I can not effort any more.)
I'm planning to set a regular donation pro month for You, if everything goes well. (Sorry, I'm not a rich guy at all, living in the 2th poorest country of Europe.)
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Sat Feb 25, 2023 1:47 am
by PizzaProgram
I've found the official DHCP lease time criteria:
https://www.informit.com/articles/artic ... 4&seqNum=3
MAX = 2^32 - 2 ;
INFINITE = 2^32 ;
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Sat Feb 25, 2023 5:37 am
by shakibamoshiri
PizzaProgram wrote: ↑Fri Feb 24, 2023 10:30 pm
Thank you very much the quick answer!
1.
using MAC:se:00:00:00:00:00 in NOTE section + dnsmasq
A NOTE section of what?
- Somewhere in the server's config file?
Please tell me more about this.
I've found your prev. topic about DHCP speed measuring before, but it does not tell, where to put those lines.
https://www.vpnusers.com/viewtopic.php?t=68065
2.
statically being set by the client
You mean manually setting the VPN's adapter like any other adapter?
Doing this for 2-300 clients one by one is a huge extra work.
Isn't this a bug, that should be reported and fixed?
Why only 10 days?
1.
Virtual MAC address reservation
http://www.softether.org/5-download/history
2.
In dnsmasq.conf file
who said manually :)
Code: Select all
#!/bin/bash
declare -ir min_ip_range=10;
declare -ir max_ip_range=200;
for (( index=$min_ip_range; index <= $max_ip_range; ++index )); do
if (( index <= 99 )); then
echo "dhcp-host=ae:00:00:00:00:${index},192.168.100.${index}"
else
echo "dhcp-host=ae:00:00:00:0${index%??}:${index#?},192.168.100.${index}"
fi
done
output
Code: Select all
dhcp-host=ae:00:00:00:00:10,192.168.100.10
dhcp-host=ae:00:00:00:00:11,192.168.100.11
dhcp-host=ae:00:00:00:00:12,192.168.100.12
dhcp-host=ae:00:00:00:00:13,192.168.100.13
dhcp-host=ae:00:00:00:00:14,192.168.100.14
dhcp-host=ae:00:00:00:00:15,192.168.100.15
dhcp-host=ae:00:00:00:00:16,192.168.100.16
dhcp-host=ae:00:00:00:00:17,192.168.100.17
dhcp-host=ae:00:00:00:00:18,192.168.100.18
dhcp-host=ae:00:00:00:00:19,192.168.100.19
dhcp-host=ae:00:00:00:00:20,192.168.100.20
...
...
dhcp-host=ae:00:00:00:01:92,192.168.100.192
dhcp-host=ae:00:00:00:01:93,192.168.100.193
dhcp-host=ae:00:00:00:01:94,192.168.100.194
dhcp-host=ae:00:00:00:01:95,192.168.100.195
dhcp-host=ae:00:00:00:01:96,192.168.100.196
dhcp-host=ae:00:00:00:01:97,192.168.100.197
dhcp-host=ae:00:00:00:01:98,192.168.100.198
dhcp-host=ae:00:00:00:01:99,192.168.100.199
dhcp-host=ae:00:00:00:02:00,192.168.100.200
Isn't this a bug, that should be reported and fixed?
I did not use/check this part, maybe.
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Sun Feb 26, 2023 1:50 am
by solo
PizzaProgram wrote: ↑Sat Feb 25, 2023 1:29 am
Currently all my test are temporary running on my home server, which is Win7 32bit
That's a fine choice.
I've created a binary patch to fix the lease issue but then discovered a BUG indeed in the code which can be exploited without any patching. Simply enter 4294967295 for lease time and you will get...
Code: Select all
op=BOOTREPLY chaddr=E8:F6:46:F6:25:CE hops=0 xid=DD59761C secs=0 flags=0000
ciaddr=0.0.0.0 yiaddr=192.168.30.10 siaddr=192.168.30.1 giaddr=0.0.0.0 sname= file=
6 options:
53 (DHCP Message Type): offer
54 (Server Identifier): 192.168.30.1
51 (IP Address Lease Time): 4294967295 (7101 weeks, 3 days, 6 hours, 28 minutes, and 15 secs)
1 (Subnet Mask): 255.255.255.0
3 (Router Option): 192.168.30.1
6 (Domain Name Server Option): 192.168.30.1
Description . . . . . . . . . . . : VPN Client Adapter - VPN
Physical Address. . . . . . . . . : 5E-68-60-B3-FD-02
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.30.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.30.1
Lease Obtained. . . . . . . . . . : Sunday, 26 February 2023 12:37:56 PM
Lease Expires . . . . . . . . . . : Tuesday, 19 January 2038 2:14:07 PM
This works with SE v4.38.0.9760
Not tested on other builds.
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Sun Feb 26, 2023 2:28 am
by PizzaProgram
COLOR=#00FF40 SIZE=150 WOW! Thank you VERY MUCH, this sounds great !
COLOR=#FF0000
... but I don't fully understand this:
I've created a binary patch ... This works with SE v4.38.0.9760
SIZE=150 1. You mean, If I simply download and install 4.38 from the official download page, it will work now?
https://www.softether-download.com/en.a ... =softether
SIZE=150 2. That version seems to be much older than the current ones. May I ask: Why didn't you patch the latest, to make a:
- SIZE=150 4.42 or even better, a :
- SIZE=150 5.03 based on the developer version?
https://www.softether.org/5-download/history
SIZE=150 3. If yes : did you compile it for Win32 only?
The final VPS server will be probably Debian, because it's faster, cheaper, more stable. Even if I know windows better... Do You agree ?
SIZE=150 4. ... or is the WIN64 version more stable than the linux one?
I will have to choose the server type until tomorrow.
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Sun Feb 26, 2023 2:36 am
by solo
4.38 is the latest, stable, RTM version you should use.
The bug may be exploitable in the betas and DE you mentioned.
Just enter 4294967295. Patching is not required.
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Sun Feb 26, 2023 3:07 am
by PizzaProgram
... and which OS?
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Sun Feb 26, 2023 3:16 am
by solo
Any OS. Try it for now on your W7 on the version you already have.
Should the GUI reject 4294967295 then stop the service and enter it directly in vpn_server.config
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Mon Feb 27, 2023 9:13 pm
by PizzaProgram
Some news about testing:
I was curious how the Development 5.01 version reacts to this high number:
1. The GUI accepted the 4294967295 seconds fine, saved it.
2. The client got the IP and the lease time was actually 130+ years :-)
3. But SE manager's "IP Lease table on virtual DHCP manager" windows shows:
Expires at 2023-07-17 19:31. :-(
That's = ca. 18 days + 17h + 50m = ca. 1619400 sec
So the problem remains:
- If the user turns off his spare-PC or Laptop for 3 weeks, the IP address will be lost, and I have to start to reconfigure everything again. (IP based database access, VNC, RDP, shared printers, etc...)
That's not very promising.
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Tue Feb 28, 2023 12:39 am
by solo
As you've cozied up with the devs, ask them to revise this "2000000000" constant in Virtual.c
Code: Select all
// Expiration date
if (vo->DhcpExpireTimeSpan == 0 || vo->DhcpExpireTimeSpan == INFINITE)
{
v->DhcpExpire = INFINITE;
}
else
{
v->DhcpExpire = MAKESURE(DHCP_MIN_EXPIRE_TIMESPAN,
MIN(vo->DhcpExpireTimeSpan * 1000, 2000000000),
INFINITE);
}
Let us know the new github's issue # ;-)
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Tue Feb 28, 2023 1:39 am
by solo
...that said, 4294967295 should work as expected because:
- a DHCP client will not negotiate lease renewal before currently assigned expiration time which is stored locally in the registry and preserved after a reboot
- SE server does indeed display shorter expiration but it is "ephemeral" and not stored anywhere
In any case, if SE vDHCP works like say dnsmasq, it'd ping a prospect IP to verify vacancy before re-assignment, so such expiration inconsistencies should not result in conflicts (hopefully, lol).
But as SE server does not store the lease table, if you reboot it, you'll end up with IP mess no matter what nominal lease expiration time.
In conclusion, let go of SecureNAT - it's meant for testing only, not for such large production environment. On both Linux and Windows there are decent DHCP servers available. Better yet, let go of DHCP too, as in your setup context, I'd rather opt for static VPN IP assignments.
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Wed Mar 01, 2023 9:33 pm
by PizzaProgram
@shakibamoshiri
I've just tried the "Note" trick, you have recommended, by setting
fixed-MAC.png
Restarted the server, but still got totally mixed up IPs :-(
Why can't SE simply save the DHCP list from memory to a .conf file
- every 5 min,
-- if it changed at all
-- and if the release time is over 5 min. ? (to exclude short-therm IPs)
- and load back, when it starts.
Used latest 5.02 builds from both server + client.
2. In dnsmasq.conf file
Do I still have to edit that too ?
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Wed Mar 01, 2023 10:22 pm
by shakibamoshiri
Where did you add this part?
It should be added to a DNS/DHCP server called "dnsmasq" which you should install ot on Debian/Ubuntu via "apt install dnsmasq".
Then add the desired MACs to dnsmasq file called "dnsmasq.conf"
Do not forget to disable SE server SecureNAT.
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Thu Mar 02, 2023 10:36 am
by PizzaProgram
Thank you VERY much for all your time!
Turning OFF SecureNAT is
not an option for me. Sorry.
Rather I would like to see that function
fixed!
Opened a GitHub issue
https://github.com/SoftEtherVPN/SoftEth ... ssues/1792
(Also just made a one-time donation ahead (45.000HUF = ca. 116EUR).
Sorry, but that's the max I could give. I live in the 2th poorest country in Europe.
Will set 25% of that amount as regular monthly donation, if this problem is getting solved and I can finally start using SE.)
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Thu Mar 02, 2023 11:17 am
by shakibamoshiri
PizzaProgram wrote: ↑Thu Mar 02, 2023 10:36 am
Thank you VERY much for all your time!
Turning OFF SecureNAT is
not an option for me. Sorry.
Rather I would like to see that function
fixed!
Opened a GitHub issue
https://github.com/SoftEtherVPN/SoftEth ... ssues/1792
(Also just made a one-time donation ahead (45.000HUF = ca. 116EUR).
Sorry, but that's the max I could give. I live in the 2th poorest country in Europe.
Will set 25% of that amount as regular monthly donation, if this problem is getting solved and I can finally start using SE.)
Basically for knowing about each client IP address you have these two choices
1. a DHCP server with "FOREVER" lease time (server side)
2. statically IP assignment to each user (user side)
Solution #1 using SE server DHCP seems buggy so you are left with other DHCPs like "dnsmasq" .
For any reason if you cannot use other DCHP servers, depending upon how much skills you have and your need, you can get to know each client IP address
dynamically using SE server RPC-JSON API.
You can request (= send rpc) to SE server and get JSON replay which tells you who has what IP address.
Thank you for the donation. Any ways you contribute is appreciated
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Thu Mar 02, 2023 4:28 pm
by solo
Again - why don't you "...opt for static VPN IP assignments..."?
- no need for SecureNAT
- no need for a DHCP server
- no-brainer?
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Thu Mar 02, 2023 7:50 pm
by PizzaProgram
Dear @solo , Dear @shakibamoshiri, :-)
Believe me, I'm doing nothing else than thinking about your suggestions, while searching + learning.
1. My best hope is still: someone would fix/enhance the SecureNAT code in an hour, I'll upgrade the server in 5 min, and all my problems go away.
2. I've looked at debian's dnsmasq + DHCP_Server, but it's too complicated, too risky, too much trouble.
It drops up more questions than solutions. For example:
- What is the "interface" ? The SE? The VPS's ?
- How to prevent a DNS server to work as a DNS server ? (Because I do NOT want connected clients recognise it as one.)
(It's very easy to do it under SecureNAT -> simply by deleting DNS line)
- How to prevent users connected to the server could go out to the web through it?
(It's very easy to do it under SecureNAT -> simply by deleting GATEWAY line)
3. About manually configured fix IPs on client side...
- I'm still hoping to be able to set up 1 "superadmin-HUB" later somehow, to be able to reach ALL the other clients in All the other HUBs.
... with the right Layer 3 setup + DHCP route pushing
https://www.vpnusers.com/viewtopic.php?f=7&t=68165
If the clients do not get the DHCP + route automatically, I won't be able to do it later without have to reconfigure each client one by one.
Re: [BUG] DHCP lease time 300000000sec = 10days only
Posted: Thu Mar 02, 2023 10:48 pm
by solo
Alright, since you insist on DHCP and prefer Windows, you can replace SecureNAT with a combination of "Microsoft Loopback Adapter" and "Open DHCP Server" on your VPS and "all my problems go away".