I am running ubuntu bionic under Linux Deploy on Android nougat (Tegra K1 chipset). I have built softether from source and the compile/config & client connection startup show no errors. However, although connection seems to succeed i am unable to access the vpn network (can still see local network & internet) ...
1. Is there some fundamental reason why this can't work?
2. If not, how to debug?
Other info:
-For reference, i have a native ubuntu bionic install on a laptop (on the same network), which connects just fine. Softether version and NIC/account setup are identical between the two. 'ifconfig' output of running NIC is identical. netstat output looks identical for vpnclient entries (except for differences in dynamically assigned port numbers). List of installed cyphers is also identical.
-No firewall on either ubuntu or android host.
SoftEther client within Linux Deploy
-
forestDwelr
- Posts: 4
- Joined: Fri Mar 15, 2019 8:45 am
Re: SoftEther client within Linux Deploy
One more comment:
Reading around other posts related to VM's etc it looks like making a bridge between softether and the dummy device setup by linux deploy would be a good place to start. However, when i tried to do this it fails because the kernel is compiled without CONFIG_BRIDGE.
It's probably not worthwhile to try and recompile the kernel (especially just as a guess) - any non-bridge ideas?
Reading around other posts related to VM's etc it looks like making a bridge between softether and the dummy device setup by linux deploy would be a good place to start. However, when i tried to do this it fails because the kernel is compiled without CONFIG_BRIDGE.
It's probably not worthwhile to try and recompile the kernel (especially just as a guess) - any non-bridge ideas?
-
cmd wh0ami
- Posts: 125
- Joined: Sun Jul 16, 2017 6:58 pm
Re: SoftEther client within Linux Deploy
A while back I installed and ran SoftEther on a Android cell phone using Linux Deploy and Busy Box. Here is a link to a post i made on it. Maybe your settings in linux deploy arent right read over my post and see if you can find a answer to your issue. I was kinda noob to linux when I wrote it, but I was able to figure it out, even though half the time I had no idea what I was talking about. (you'll see if you read it)
https://www.aspkin.com/forums/ip-addres ... erver.html
https://www.aspkin.com/forums/ip-addres ... erver.html
-
cmd wh0ami
- Posts: 125
- Joined: Sun Jul 16, 2017 6:58 pm
Re: SoftEther client within Linux Deploy
Here is another post I wrote a couple years ago on how to set up softether client. maybe your missing something. some of the things at the end aren't necessary with some versions of Ubuntu. But maybe you will find your answer.
https://www.aspkin.com/forums/ip-addres ... toral.html
https://www.aspkin.com/forums/ip-addres ... toral.html
-
forestDwelr
- Posts: 4
- Joined: Fri Mar 15, 2019 8:45 am
Re: SoftEther client within Linux Deploy
Thanks for the links.
Setting up the server and having it work over LTE is impressive! but seems quite a different problem to getting the client to work over wifi which is what i'm struggling with.
New Info:
Setting up the server and having it work over LTE is impressive! but seems quite a different problem to getting the client to work over wifi which is what i'm struggling with.
New Info:
- My suspicion about needing a bridge was incorrect. I actually made myself a custom android kernel with CONFIG_BRIDGE present ... bridging then succeeded but did not solve the issue (by which i mean that on closer inspection linux deploy isn't really using 'dummy0' anyway).
- I realized that using 'ping -I vpn_vpn_eth' instead of the default i/f, i can actually reach the VPN network.
-
forestDwelr
- Posts: 4
- Joined: Fri Mar 15, 2019 8:45 am
Re: SoftEther client within Linux Deploy
Finally working!
What really had me scratching my head about this was that after firing up the client connection, the output from "ip route" looked correct - that is to say, it was consistent with the output from a native ubuntu install where everything is working correctly.
Digging a bit deeper ... i guess
>ip route
really means...
>ip route show table main
...So there is an assumption that 'main' is being used. Quick look at "ip rule list" shows up the key difference between linux deploy and native ubuntu:
root> ip rule list
0: from all lookup local
10000: from all fwmark 0xc0000/0xd0000 lookup 99
10500: from all oif dummy0 lookup 1002
10500: from all oif wlan0 lookup 1005
13000: from all fwmark 0x10063/0x1ffff lookup 97
13000: from all fwmark 0x10064/0x1ffff lookup 1005
14000: from all oif dummy0 lookup 1002
14000: from all oif wlan0 lookup 1005
15000: from all fwmark 0x0/0x10000 lookup 99
16000: from all fwmark 0x0/0x10000 lookup 98
17000: from all fwmark 0x0/0x10000 lookup 97
19000: from all fwmark 0x64/0x1ffff lookup 1005
22000: from all fwmark 0x0/0xffff lookup 1005
23000: from all fwmark 0x0/0xffff lookup main
32000: from all unreachable
The standard "from all look up main" rule isn't there!
... from here (given that the "ip route" output looks sensible), it's clear that the following solves the problem:
>ip rule add from all lookup main
Obviously no longer SoftEther related, but this does lead me to wonder what are all these ip rules? can they be deleted?
What really had me scratching my head about this was that after firing up the client connection, the output from "ip route" looked correct - that is to say, it was consistent with the output from a native ubuntu install where everything is working correctly.
Digging a bit deeper ... i guess
>ip route
really means...
>ip route show table main
...So there is an assumption that 'main' is being used. Quick look at "ip rule list" shows up the key difference between linux deploy and native ubuntu:
root> ip rule list
0: from all lookup local
10000: from all fwmark 0xc0000/0xd0000 lookup 99
10500: from all oif dummy0 lookup 1002
10500: from all oif wlan0 lookup 1005
13000: from all fwmark 0x10063/0x1ffff lookup 97
13000: from all fwmark 0x10064/0x1ffff lookup 1005
14000: from all oif dummy0 lookup 1002
14000: from all oif wlan0 lookup 1005
15000: from all fwmark 0x0/0x10000 lookup 99
16000: from all fwmark 0x0/0x10000 lookup 98
17000: from all fwmark 0x0/0x10000 lookup 97
19000: from all fwmark 0x64/0x1ffff lookup 1005
22000: from all fwmark 0x0/0xffff lookup 1005
23000: from all fwmark 0x0/0xffff lookup main
32000: from all unreachable
The standard "from all look up main" rule isn't there!
... from here (given that the "ip route" output looks sensible), it's clear that the following solves the problem:
>ip rule add from all lookup main
Obviously no longer SoftEther related, but this does lead me to wonder what are all these ip rules? can they be deleted?