Difficulty Connecting via SoftEther Dynamic DNS; VPN Azure Works Fine

[brunosilva]

Body:

Hello fellow SoftEther users,

I've encountered a peculiar connection issue with my SoftEther client setup, and I'm looking for some insights or solutions.

Setup:
SoftEther VPN client installed on a Windows PC within LAN A.
SoftEther VPN server set up in a different location, LAN B.
Connection attempts are made using port 443.
Also enabled the "VPN over ICMP / DNS Function" on the server to test, but without success.
SoftEther VPN Client version: 4.34, Build 9745.

Issue:
While in LAN A, when trying to connect using the server's public IP or the SoftEther Dynamic DNS (e.g., exampleDNS.softether.net), my client fails to establish a connection. However, switching to the VPN Azure setting (e.g., exampleDNS.vpnazure.net), results in a successful connection.

Now, when I shift my Windows PC's connection to my iPhone's 4G network, both the VPN Azure and SoftEther Dynamic DNS connection methods work perfectly.

Worth noting: From LAN A, I'm able to successfully ping the public IP address of LAN B, also exampleDNS.softether.net, and exampleDNS.vpnazure.net (which resolves to a different public IP).

This behavior leads me to believe there might be a specific restriction or block in LAN A. Has anyone encountered a similar scenario or has suggestions on potential fixes? Any advice would be deeply appreciated.

Additional Note:
Some may wonder why not continue using the VPN Azure setting if it works. The primary reason is the noticeable difference in performance. The VPN Azure method is significantly slower, and for my day-to-day tasks and requirements, speed is of the essence. I'd very much prefer utilizing the SoftEther Dynamic DNS setting if possible, given its better performance.

Thank you in advance!

[solo]

It is a peculiar issue indeed, really unheard of. Start with an update to v4.42 https://www.softether-download.com/file ... PN_Client/
Then verify that "public IP address of LAN B" == "nslookup vpn-LAN-B.softether.net"
Next from Windows SE client try to connect using direct "public IP address of LAN B" with and then without NAT-T.

?

[brunosilva]

It is a peculiar issue indeed, really unheard of. Start with an update to v4.42 https://www.softether-download.com/file ... PN_Client/
Then verify that "public IP address of LAN B" == "nslookup vpn-LAN-B.softether.net"
Next from Windows SE client try to connect using direct "public IP address of LAN B" with and then without NAT-T.

?

Hello solo
Thank you for your suggestions. Following them, I undertook the following steps:

Client Update:
I successfully updated the SoftEther client to version 4.42, build 9798 as you recommended.

Direct Connection Attempt using SoftEther Dynamic DNS:
I tried connecting using the URL vpn-LAN-B.softether.net, but was unable to establish a connection.

DNS Resolution:
I used the nslookup vpn-LAN-B.softether.net command and was able to confirm that the resolved IP address does indeed match the public IP of LAN B.

Connection Attempt using Public IP:
In the SoftEther client, I replaced LAN-B-DNS.softether.net with the direct public IP of LAN B for connection. Unfortunately, this also did not result in a successful connection.

Disable NAT-T:
I toggled the "Disable NAT-T" option in the SoftEther client as suggested. This too, regrettably, did not lead to a successful connection.

Connection via VPN Azure:
I then attempted a connection using the LAN-B-DNS.vpnazure.net URL. This method allowed a successful connection.

DNS Swap in VPN Azure Connection:
I tried switching the DNS from LAN-B-DNS.vpnazure.net back to LAN-B-DNS.softether.net. As before, this change led to a failed connection.

Every failed mention, is the error code 1.

I hope this detailed account helps shed light on the peculiar nature of the issue. The VPN Azure connection workaround is intriguing, but it would be ideal to understand and possibly resolve the primary connection issue. Any further insights or recommendations would be greatly appreciated.

Thank you for your continued assistance.

[solo]

Hello, can you please on the PC with this dysfunctional SoftEther client connection, in a browser enter https://public-IP-of-LAN-B:443
What do you get? If nothing, tmp disable firewall and AV.

[brunosilva]

Hello, can you please on the PC with this dysfunctional SoftEther client connection, in a browser enter https://public-IP-of-LAN-B:443
What do you get? If nothing, tmp disable firewall and AV.

Hi solo, I attempted connecting to LAN-B's public IP https://xxx.xxx.xxx.xxx:443 from both my LAN-A PC and my 4G iPhone. No success on either, though my 4G iPhone connection to the LAN-B server works successfully.

[solo]

Code: Select all

SoftEther VPN Server / Bridge

For VPN users:

    Connect to this VPN Server
        by Official SoftEther VPN Client (download)
        by L2TP/IPsec, OpenVPN or SSTP traditional clients

For VPN administrators:

    Manage this VPN Server or VPN Bridge
        by SoftEther VPN Server Manager GUI for Windows / macOS (download) (Recommended)
        by SoftEther VPN Command Line Management Utility (vpncmd) for CUI
        by JSON-RPC API from your favorite programming language (JavaScript, TypeScript, Java, Python, Ruby, C#, ... etc.)
        (ID: 'administrator', Password: same to the VPN Server's password. Default: empty)
        by Built-in HTML5 Web Administration Console (New, under construction)
        (ID: 'administrator', Password: same to the VPN Server's password. Default: empty)

    If you want to disable this embedded web server and JSON-RPC server:
        Stop the daemon.
        Modify the value of "bool DisableJsonRpcWebApi" from "false" to "true" on the vpn_server.config or vpn_bridge.config.
        Restart the daemon.

This is the expected response in a browser. If you don't get it, then you have not forwarded SE port on the server. Until then, all your connection attempts will be hit-or-miss, depending on ISP.