SotherVPN Server DCHP

[GerryB]

I installed VPN server and to my alarm it seemed to be acting as a DCHP server to anyone on the local network, not just to those logged in.

I assumed the DCHP would be on the virtual LAN AFTER a connection had been made with the server. It seems that when the server is running it is leaking as DCHP services to anyone on the LAN/WAN side. There were no logged in connections.

I am working where there is a very helpful LAN administrator and he came straight to me wondering what was going on and it I had a a DCHP server or router on the network. I denied it, but on stopping softethervpn server stopped DCHP. The softethervpn server was competing with the LAN official DCHP service, so people were being given my local DCHP IP address as if for a logged in account, without logging in and they could not connect to the internet. Simply plugging in their computer on the LAN they got if unlucky my softethervpn address not the correct local IP address

As it happens I do not need the server at this end currently, but other admins my complain. Is there something wrong with my config?

Windows 8

[inten]

Manage Virtual Hub > Virtual NAT and Virtual DHCP Server (Secure NAT) > Secure NAT Config > [attachment=0]Untitled11.png[/attachment]

[GerryB]

Thanks and if course if I use the server again on this LAN. I will untick the box and fix the IPs.

It is correct to have DCHP is offering IP address to connecting clients... But it is working without logging in, and offering IP addresses on other adapters. That is the error.

It says virtual DCHP, so it surely means this DCHP virtual server gives out IP addresses to the connecting clients to on the virtual ethernet connector... ONCE they have logged in.

But when the SoftetherVPN server and its DCHP server is running it is working on other real ethernet connections which includes my main LAN connections which is also the gateway to the internet. So my computer suddenly becomes a DCHP server on the local network, offering IP addresses to any computer on the wired network. Those computers are not even attempting to log in to me at all. They get an ip address from my Windows 8 machine on plugging theirs in anywhere in the complex. Either they get an IP from the official LAN DCHP server or from my rogue Windows 8 machine with softethervpn server running but nobody logged in. Once they have my IP range they cannot connect to the internet.

I do not think the DCHP server should be seen by anything other than giving IP address only to those logging into the VPN server, and then connecting to the virtual adapter.

Gerry

[inten]

Do you have a bridged connection from the VPN Server to your LAN?

[GerryB]

No bridge. I have not bridged networkd adapters.

[mesa57]

It is a little bit of guessing this way. But is you're virtual dhcp server in the same subnet as you're local lan ? Also check the subnet mask for that.

[GerryB]

No. Different networks altogether. In fact set up very much as the default/suggested config.

I am not sure how any clients can the DCHP before logging in.

It would be interesting to see if anyone else has had this problem.

Set up softhervpns server with the virtual hub set for NAT traversal. Then plug in another computer directly whose ethernet is set as DCHP client, and see if the computer gets given an IP address meant for the NAT network, without doing anything. That is what occurred here.

Gerry

[mesa57]

Maybe wireshark can help you tracing what happens.

[GerryB]

Since I last posted this I have set up Softhervpn server in a number of environments. The same problems arises. It sets you up as a competing DCHP server on the LAN.

Softether's secure NAT's DCHP server is promiscuously offering IP and route to ANYONE seeking an IP and route on the server's LAN side, that is connecting normally on the server's home or corporate internal network.

This is dangerous as there is usually a home router or corporate DCHP server that the softether DCHP which competes with and can end up offering a wrong IP and route to innocent direct connections on the LAN side, whose owners soon call support they cannot connect and get internet. These failing local connections on the LAN draws attention to the computer with a Softether server pretty quickly.

Softether's sercure NAT DCHP server should be ISOLATED such that it can only offer IP addresses to those authenticated VPN connections from the WAN side, not to the whole LAN which occurs now.

Gerry


I resolve the problem by fixing IP and route on the client side, and no server DCHP, but it is clumsy.


Dr Gerry Bulger

[thisjun]

How is this method ?

I suppose HUB-A which connected user .
1. Create a virtual HUB-B.
2. Create a localbridge between the HUB-B and LAN.
3. Create a cascade connection between HUB-A and HUB-B.
4. Enable the DHCP packet filtering by security policy on the cascade connection.

[thisjun]

Please try to increase the interface metric number of the virtual NIC.

[nightmares88]

I'm having a problem where by my Server always says
"Error (Error Code 2):
Protocol error occurred. Error was returned from the destination server."

But sometimes connects fine.


I need help.

[Mada]

It is my understanding that the virtual hub just extends one physical Ethernet segment. You can then connect it to other, offsite, physical Ethernet segments??

So, if DHCP server is enabled it will reach all attached computers? If it is disabled you need a separate DHCP server somewhere on one of the physical segments? If that DHCP server hands out private adresses you also need a function for address translation (NAT)? Maybe using the virtual NAT function without DHCP would work?

[thisjun]

>>Catotech
Why do you use virtual DHCP and physical DHCP on same segment?

>>nightmares88
I think your problem is not corresponding to DHCP.