Resolved - I installed SoftetherVPN server on Tomato router

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
roberthuang
Posts: 6
Joined: Tue Jul 14, 2015 5:58 pm

Resolved - I installed SoftetherVPN server on Tomato router

Post by roberthuang » Fri Jul 17, 2015 5:55 pm

I just installed SoftEtherVPN v4.15-9546-beta that I downloaded from http://files.lancethepants.com/Binaries/SoftEtherVPN/ on my Linksys E3200 router running on Tomato by Shibby version 124.

If I use SecureNAT without "local bridge" then everything works as expected. The VPN client from Internet can successfully connect to my router's wan interface (vlan2), get the IP from the SecureNAT DHCP pool and browse the Internet. I'd like to use "local bridge" rather than SecureNAT because SecureNAT is much slower. But the client won't get the IP from the router with this method.

I disabled SecureNAT and enabled "local bridge". I also created "Local Bridge" by using the physical interface br0. The VPN client can get connected but can't obtain IP address from the router. Eventually the client get a self-assigned IP of 169.254.xx.xx. I also tried Netgear R6250 running on Tomato by Shibby 130 with the same result.

I've tried bridging all the interfaces one bye one (br0,eth0,eth1,eth2,vlan1 and vlan2) with the SecureNAT disabled. The only successful test is when bridging WAN interface vlan2. In this case, I got another public IP from my ISP.

I'd like the client to get the private IP 192.168.1.xx from my router just like my other devices at home. Based on this article - Softether on R7000(http://dd-wrt.com/wiki/index.php/Softether_on_R7000), I need to create a virtual interface for bridging purposes. I don't know how I can do that. Please help.

Thank you very much.
You do not have the required permissions to view the files attached to this post.
Last edited by roberthuang on Wed Jul 22, 2015 4:52 pm, edited 1 time in total.

micsell
Posts: 6
Joined: Thu Jul 16, 2015 9:12 pm

Re: Help - I have installed SoftetherVPN server on Tomato ro

Post by micsell » Sat Jul 18, 2015 12:35 am

You need to perform several modifications:
1) In your vpn_server.config, make sure you have "bool TapMode true"
2) Let's assume you have named your device "vpn". Check that you have device named tap_vpn (ifconfig -a should show it). If you don't have it, you're probably missing the tap driver. "modprobe tap" on the router. If the driver is not available, you should install it on your router and make sure it's loaded before vpnserver starts.
3) After you see the device, you should add it to the bridge. "brctl addif tap_vpn br0" will add the interface to default bridge on the tomato router.
4) This would enable you to connect from LAN to the server. If you want to connect from WAN, you'll probably need some firewall rules to enable connections from outside.

roberthuang
Posts: 6
Joined: Tue Jul 14, 2015 5:58 pm

Re: Help - I have installed SoftetherVPN server on Tomato ro

Post by roberthuang » Sat Jul 18, 2015 3:33 pm

Thank you micsell for your reply.
1) In my vpn_server.config, I don't see the statement of "bool TapMode true".
2) "modprobe tap" command returns with "modprobe: module tap not found in modules.dep"
3) "modprobe tun" command can be executed successfully

I've listed all the detailed output of each command below. Can I use vlan1 (my lan interface) for the bridging purpose instead of using a tap device? Please continue helping me address this issue.

root@Robert:/tmp/home/root# ll /jffs/vpnserver/
drwx------ 2 root root 0 Jul 18 11:02 backup.vpn_server.config/
drwx------ 2 root root 0 Jul 10 21:31 chain_certs/
-rw-r--r-- 1 root root 1293708 Jul 10 18:12 hamcore.se2
-rw------- 1 root root 867 Jul 16 18:32 lang.config
drwx------ 3 root root 0 Jul 12 17:33 packet_log/
drwx------ 3 root root 0 Jul 10 21:31 security_log/
drwx------ 2 root root 0 Jul 17 20:02 server_log/
-rw------- 1 root root 16587 Jul 18 11:07 vpn_server.config
-rw------- 1 root root 15879 Jul 16 18:28 vpn_server.config.bak
-rw-r--r-- 1 root root 4159548 Jul 10 18:12 vpnbridge
-rw-r--r-- 1 root root 4159548 Jul 10 18:12 vpnclient
-rwx------ 1 root root 4159556 Jul 10 18:13 vpncmd*
-rwx------ 1 root root 4159548 Jul 10 18:13 vpnserver*
root@Robert:/tmp/home/root#
root@Robert:/tmp/home/root# grep -i TapMode /jffs/vpnserver/vpn_server.config
root@Robert:/tmp/home/root#
root@Robert:/tmp/home/root# brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.c40415099763 no eth1
eth2
vlan1
root@Robert:/tmp/home/root# ifconfig -a
br0 Link encap:Ethernet HWaddr C4:04:15:09:97:63
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:42385917 errors:0 dropped:0 overruns:0 frame:0
TX packets:59990592 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9347499451 (8.7 GiB) TX bytes:62625625182 (58.3 GiB)

eth0 Link encap:Ethernet HWaddr C4:04:15:09:97:63
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:97700185 errors:0 dropped:0 overruns:0 frame:0
TX packets:92810867 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1968725813 (1.8 GiB) TX bytes:2696417057 (2.5 GiB)
Interrupt:179 Base address:0x4000

eth1 Link encap:Ethernet HWaddr C4:04:15:09:97:65
UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:2116843 errors:0 dropped:0 overruns:0 frame:263425
TX packets:3620415 errors:10835 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:262475745 (250.3 MiB) TX bytes:1794413004 (1.6 GiB)
Interrupt:163

eth2 Link encap:Ethernet HWaddr C4:04:15:09:97:66
UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:4943532 errors:0 dropped:0 overruns:0 frame:105878
TX packets:8761159 errors:485 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:614748806 (586.2 MiB) TX bytes:449169118 (428.3 MiB)
Interrupt:169

ifb0 Link encap:Ethernet HWaddr 02:91:5C:E6:F0:B2
UP BROADCAST RUNNING NOARP PROMISC MTU:1500 Metric:1
RX packets:58953029 errors:0 dropped:166 overruns:0 frame:0
TX packets:58952863 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:631955453 (602.6 MiB) TX bytes:631898515 (602.6 MiB)

ifb1 Link encap:Ethernet HWaddr BE:51:96:9F:87:EF
BROADCAST NOARP PROMISC MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:37534 errors:0 dropped:0 overruns:0 frame:0
TX packets:37534 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3823646 (3.6 MiB) TX bytes:3823646 (3.6 MiB)

vlan1 Link encap:Ethernet HWaddr C4:04:15:09:97:63
UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:38632624 errors:0 dropped:0 overruns:0 frame:0
TX packets:50583335 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8867010089 (8.2 GiB) TX bytes:52600834124 (48.9 GiB)

vlan2 Link encap:Ethernet HWaddr 68:7F:74:12:22:47
inet addr:173.230.xx.xx Bcast:173.230.174.95 Mask:255.255.255.224
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:59067560 errors:0 dropped:0 overruns:0 frame:0
TX packets:42227362 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:60062589080 (55.9 GiB) TX bytes:5930099471 (5.5 GiB)

root@Robert:/tmp/home/root# modprobe tap
modprobe: module tap not found in modules.dep
root@Robert:/tmp/home/root#
root@Robert:/tmp/home/root# modprobe -l |grep tap
root@Robert:/tmp/home/root#
root@Robert:/tmp/home/root# modprobe -l |grep tun
/lib/modules/2.6.36.4brcmarm/kernel/net/ipv4/tunnel4.ko
/lib/modules/2.6.36.4brcmarm/kernel/drivers/net/tun.ko
/lib/modules/2.6.36.4brcmarm/kernel/net/ipv6/tunnel6.ko
root@Robert:/tmp/home/root#

micsell
Posts: 6
Joined: Thu Jul 16, 2015 9:12 pm

Re: Help - I have installed SoftetherVPN server on Tomato ro

Post by micsell » Sat Jul 18, 2015 7:04 pm

1) You will need Tomato with tap module. Without that bridging will not work. The easiest way to do it is to install openvpn (or download a version of firmware with openvpn included). Openvpn comes with tap module.
2) After that, edit your vp_server.config file and add the parameter I've mentioned. It should look similar to this:
declare LocalBridgeList
{
bool DoNotDisableOffloading false

declare LocalBridge0
{
string DeviceName vpn
string HubName default
bool LimitBroadcast false
bool MonitorMode false
bool NoPromiscuousMode false
string TapMacAddress 00-AA-BB-CC-DD-EE
bool TapMode true
}
}
Don't forget to stop vpnserver before you edit the file
3) You need to add the tap device as I specified - to br0. vlan1 is wireless, eth0 is LAN, and you will add tap_vpn to the bridge.
To test it's woking, issue brctl show:
#brctl show
bridge name bridge id STP enabled interfaces
br0 8000.c8b371481417 no eth1
tap_vpn
vlan1

roberthuang
Posts: 6
Joined: Tue Jul 14, 2015 5:58 pm

Re: Help - I have installed SoftetherVPN server on Tomato ro

Post by roberthuang » Sun Jul 19, 2015 12:40 am

Thank you micsell. You are really helpful!

I finally got the VPN client working with the local bridge setup.

There are only one small issue left. Every time I restart the vpnserver, the status of local bridge shows error in stead of operating. See the attached screenshot. I have to manually delete the local bridge and re-create it to make the local bridge work. How can I fix this problem.
You do not have the required permissions to view the files attached to this post.

micsell
Posts: 6
Joined: Thu Jul 16, 2015 9:12 pm

Re: Help - I have installed SoftetherVPN server on Tomato ro

Post by micsell » Sun Jul 19, 2015 5:53 pm

You'll need to load the tap driver after boot. Add "modprobe tap" to your startup script.

roberthuang
Posts: 6
Joined: Tue Jul 14, 2015 5:58 pm

Re: Help - I have installed SoftetherVPN server on Tomato ro

Post by roberthuang » Mon Jul 20, 2015 12:59 pm

micsell wrote:
> You'll need to load the tap driver after boot. Add "modprobe tap"
> to your startup script.

Hi micsell,

I just need to delete the local bridge and re-create it in the SoftEther GUI then the status will change from "error" to "operating". I don't need to anything else. That means the tap driver has already loaded. The thing is I have to do it every time after power recycle. But I get message of "modprobe: module tap not found in modules.dep" when I type in "modprobe tap" in linux. I don't know why.

FYI, if I can add tap to the existing interface vlan1, the new tap interface will become tap_vlan1. If I create another interface, for example tap21 in the router's built-in OpenVPN, the new tap interface becomes tap_tap21. After that I execute "brctl addif br0 tap_vlan1 (or tap_tap21)", then my VPN client can get the IP in Local Bridge mode.

micsell
Posts: 6
Joined: Thu Jul 16, 2015 9:12 pm

Re: Help - I have installed SoftetherVPN server on Tomato ro

Post by micsell » Mon Jul 20, 2015 2:20 pm

How do you start vpnserver? Is it script on the router?
If so, you should add the brutal command after "vpnserver start"

roberthuang
Posts: 6
Joined: Tue Jul 14, 2015 5:58 pm

Re: Help - I have installed SoftetherVPN server on Tomato ro

Post by roberthuang » Mon Jul 20, 2015 10:59 pm

micsell wrote:
> How do you start vpnserver? Is it script on the router?
> If so, you should add the brutal command after "vpnserver start"

I put the command of "/nas/vpnserver/vpnserver start" under "Administration" -> "Scripts" ->"WAN up" of the router. So the vpnserver will automatically start up when the WAN interface is up. See the attached screenshot.

Now I think the issue is from Tomato firmware. As in the tomato GUI, I go to "VPN Tunneling" -> "OpenVPN Server", choose "TAP" for Interface Type in the "Basic" tab, then click on the "Start Now" button. Only by doing this I can create the virtual tap interface "tap_vlan1 or ""tap21". Even though the tap device is created, I still get the message of "modprobe: module tap not found in modules.dep" when I enter "modprobe tap". Also the tap interface will be gone after the power recycle of the router. I really need to find a command (not in Tomato GUI) to create the tap interface.
You do not have the required permissions to view the files attached to this post.

micsell
Posts: 6
Joined: Thu Jul 16, 2015 9:12 pm

Re: Help - I have installed SoftetherVPN server on Tomato ro

Post by micsell » Tue Jul 21, 2015 8:01 am

Do the following:

openvpn --mktun --dev tap_vpn

experiment with whether it should be before or after the vpnserver start

roberthuang
Posts: 6
Joined: Tue Jul 14, 2015 5:58 pm

Re: Help - I have installed SoftetherVPN server on Tomato ro

Post by roberthuang » Tue Jul 21, 2015 11:15 pm

micsell wrote:
> Do the following:
>
> openvpn --mktun --dev tap_vpn
>
> experiment with whether it should be before or after the vpnserver start

Thank you micsell very much for your help. The command needs to run before the vpnserver starts.

All issues have been resolved. SoftEtherVPN is up and running on my router. My friends in China is happy with the speed.

Post Reply