Hi all.
I've got a corious problem.
After setting up a Softether VPN-Server on a machine (Debian wheezy) I starter the services
and everything worked fine. Connection from outside came in and were handled.
BUT:
Then setting up a VPN-bridge to my interface (eth2) to browse the internal network.
After some minutes the LAN went slow and other services (from other machines!) went nearly offline
e.g. DHCP, DNS and Gateway-Internetconnection.
The VPN-Server went very-very slow in ssh and all other processes. Killing the VPN-service
solves this problem immediately.
Can anyone help or give me a hint on this very problem?
Best regards
Cwe
Softether blocks LAN
-
Petrol
- Posts: 44
- Joined: Wed May 06, 2015 11:23 pm
Re: Softether blocks LAN
hello,
I'm not sure I understand correctly. You set up a local bridge (a tap interface) and your network almost went down, is that it ?
If I understood correctly, you might have SecureNAT and local bridge enabled simultaneously. This shouldn't happen because this makes packets to loop indefinitely and your cpu going to 100%.
Try to disable SecureNat feature.
I'm not sure I understand correctly. You set up a local bridge (a tap interface) and your network almost went down, is that it ?
If I understood correctly, you might have SecureNAT and local bridge enabled simultaneously. This shouldn't happen because this makes packets to loop indefinitely and your cpu going to 100%.
Try to disable SecureNat feature.
-
cwe_softether
- Posts: 3
- Joined: Wed May 20, 2015 6:31 am
Re: Softether blocks LAN
Hi Petrol,
thanks for reply. You are right - the bridge is done via tap-device.
The Lan goes down after some minutes.
I'll try to shut down the SNAT and will give you a reply after testing.
reg. Cwe
thanks for reply. You are right - the bridge is done via tap-device.
The Lan goes down after some minutes.
I'll try to shut down the SNAT and will give you a reply after testing.
reg. Cwe
-
cwe_softether
- Posts: 3
- Joined: Wed May 20, 2015 6:31 am
Re: Softether blocks LAN
Hi petrol
it's still not (completely) working. Here some details.
1.
- Softether with TAP-bridge
- No SNAT so no DHCP
Result: no valid IP-Address so internal LAN not browsable
2.
- Softether with TAP-bridge
- with SNAT and DHCP
Result: valid IP-Address BUT internal LAN not browsable
3.
- Softether with hardware-bridge eth2 no SNAT
- No SNAT so no DHCP
Result: no valid IP-Address so internal LAN not browsable
4.
Soft-Ether with hardware-bridge to eth2 and SNAT
- DHCP 192.x.x.81 - 192.x.x.99
- SNAT On (incl. DNS, Gate etc..)
Result: valid IP-Address (from LAN-DNS) and LAN NOT browsable; LAN down after some minutes
If I turn off DHCP the LAN is browsable and goes down after some Minutes
It would be best to use No.2 with TAP and DHCP from VPN but the internal net is not available
Best regards
Cwe
it's still not (completely) working. Here some details.
1.
- Softether with TAP-bridge
- No SNAT so no DHCP
Result: no valid IP-Address so internal LAN not browsable
2.
- Softether with TAP-bridge
- with SNAT and DHCP
Result: valid IP-Address BUT internal LAN not browsable
3.
- Softether with hardware-bridge eth2 no SNAT
- No SNAT so no DHCP
Result: no valid IP-Address so internal LAN not browsable
4.
Soft-Ether with hardware-bridge to eth2 and SNAT
- DHCP 192.x.x.81 - 192.x.x.99
- SNAT On (incl. DNS, Gate etc..)
Result: valid IP-Address (from LAN-DNS) and LAN NOT browsable; LAN down after some minutes
If I turn off DHCP the LAN is browsable and goes down after some Minutes
It would be best to use No.2 with TAP and DHCP from VPN but the internal net is not available
Best regards
Cwe
-
kh_tsang
- Posts: 551
- Joined: Wed Jul 24, 2013 12:09 pm
Re: Softether blocks LAN
1. Create a linux network bridge.
2. Add your network adapter to the linux network bridge.
3. Add a tap device.
4. Add the tap device to the linux network bridge.
5. Disable SecureNAT.
See if it works.
2. Add your network adapter to the linux network bridge.
3. Add a tap device.
4. Add the tap device to the linux network bridge.
5. Disable SecureNAT.
See if it works.
-
hatimux
- Posts: 20
- Joined: Fri May 15, 2015 10:20 am
Re: Softether blocks LAN
Hello,
Try adding a default route to your user machine (add the address of the virtual interface of your SecureNAT as the default gateway) while activating the DHCP function.
Try adding a default route to your user machine (add the address of the virtual interface of your SecureNAT as the default gateway) while activating the DHCP function.