SoftEther VPN User Forum

SoftEther VPN User Forum
https://www.vpnusers.com/

Access VPN network from server

https://www.vpnusers.com/viewtopic.php?f=7&t=7667

Page 1 of 1

Access VPN network from server

Posted: Fri Mar 17, 2017 1:13 pm
by wquintal
Hi , i'm running a Soft Ether VPN server on FreeBSD with Digital Ocean. My issue is that i have a web server connect to my vpn network witch is located inside my home behind a firewall and a nginx server on the FreeBSD machine for reverse proxy to the web server but i cant route the packet from the server because softether does not create a interface like OpenVPN would do (i used that before for the same purpose) or create rout. What are the option to overcome this issue ? a new virtual adapter with a bridge on it ?

Re: Access VPN network from server

Posted: Fri Mar 17, 2017 9:53 pm
by moatazelmasry
Yes you can try creating a bridge, or you can try a tap device, but I'm not sure you can do this on digitalocean

Re: Access VPN network from server

Posted: Fri Mar 17, 2017 10:21 pm
by wquintal
Yes i can load the kernel module and create a tap adapter , set the bridge on my tap0 device on the Server Manager from windows. Where im stuck is should i assign the same ip adresse as the gateway on the tap0 device with the route to the network but i think is not good to assigne ip adresse to bridge ?

Instead i try to only add a route but this doesn't work

[... ifconfig ... ]
tap0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether 00:bd:7b:2a:11:00
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
groups: tap
➜ ~ sudo route add -host 10.1.8.1 -interface tap0
Password:
add host 10.1.8.1: gateway tap0
➜ ~ ping 10.1.8.1
PING 10.1.8.1 (10.1.8.1): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 10.1.8.1 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss

10.1.8.0/24 is the vpn network and 10.1.8.1 is the ip adresse of the nat

this is the routing table

Routing tables

Internet:
Destination Gateway Flags Netif Expire
default X.X.X.X UGS vtnet0
10.1.8.0/24 00:bd:7b:2a:11:00 US tap0
10.1.8.1 00:bd:7b:2a:11:00 UHS tap0

Re: Access VPN network from server

Posted: Sun Mar 19, 2017 11:33 am
by moatazelmasry
No, do not assign an IP to the bride.

One thing to be aware of, is that the bridge tun/tap documentation is talking about Linux, not FreeBSD, so this might not be tested.

I don't fully understand your environment. You have SE installed on FreeBSD on DigitalOcean.
You have a VPN Server at Home, which is behind a NAT.

You are trying to achieve a site to site VPN connection? Is that right?

Re: Access VPN network from server

Posted: Thu Mar 30, 2017 6:47 am
by thisjun
Tap mode localbridge isn't supported in FreeBSD.
Please try prepare 2 NICs on same switch, and create localbridge to one of them and assign an IP address to the other.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/