Selecting external ip for SoftEther Server
-
- Posts: 4
- Joined: Wed Oct 08, 2014 8:41 pm
Selecting external ip for SoftEther Server
I'd like to select only one external ip address for my SoftEther server on my VPS. I have four external IPs and SoftEther listens on all four network interfaces.
I see there is a choice to add or delete a port number --through GUI or vpncmd-- for SoftEther to listen on, but no choice as to choosing the network interface.
Any suggestion how to make it work for only one external ip out of four?
I see there is a choice to add or delete a port number --through GUI or vpncmd-- for SoftEther to listen on, but no choice as to choosing the network interface.
Any suggestion how to make it work for only one external ip out of four?
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Selecting external ip for SoftEther Server
SoftEther VPN server doesn't have such function.
How about using TCP repeater such as TcpProxy?
http://quietsche-entchen.de/cgi-bin/wik ... s/TcpProxy
How about using TCP repeater such as TcpProxy?
http://quietsche-entchen.de/cgi-bin/wik ... s/TcpProxy
-
- Posts: 20
- Joined: Thu Sep 19, 2013 6:35 am
Re: Selecting external ip for SoftEther Server: outgoing
I need to do have outgoing connections come from one IP address, not the lowest on the NIC.
I cannot see how to do with on my Windows 2008 server. I can of course change the allowed incoming IP connecting Softether through Remote Access and Routing, but any connection the VPN makes outgoing comes from the first, lowest IP.
My reason to want to do this is that my lowest IP address has a TOR exit node and as a result that that has put that IP on some blacklists. My second IP remains clean, and I would love to force the Softethervpn traffic, all of it TCP and UDP, to use my second "clean" IP.
I cannot see how to do with on my Windows 2008 server. I can of course change the allowed incoming IP connecting Softether through Remote Access and Routing, but any connection the VPN makes outgoing comes from the first, lowest IP.
My reason to want to do this is that my lowest IP address has a TOR exit node and as a result that that has put that IP on some blacklists. My second IP remains clean, and I would love to force the Softethervpn traffic, all of it TCP and UDP, to use my second "clean" IP.
-
- Posts: 4
- Joined: Wed Oct 08, 2014 8:41 pm
Re: Selecting external ip for SoftEther Server
thisjun
Thank you for your suggestion. I've checked that program you mentioned and there is not much info on the Internet for me to have a concept of how that might work.
There is no package of TcpProxy in Ubuntu's repositories. That's not a problem, though - I see there is a Debian package available on the website. Still, it's not clear to me how that is going to work on only one IP out of my four.
My guess is that TcpProxy puts itself in-between SoftEther server and each of network interfaces and tries to redirect all ports to a chosen destination--that is the chosen network interface.
Can you confirm whether or not I get this right? If not, can you explain it to me?
Appreciate your help.
Thank you for your suggestion. I've checked that program you mentioned and there is not much info on the Internet for me to have a concept of how that might work.
There is no package of TcpProxy in Ubuntu's repositories. That's not a problem, though - I see there is a Debian package available on the website. Still, it's not clear to me how that is going to work on only one IP out of my four.
My guess is that TcpProxy puts itself in-between SoftEther server and each of network interfaces and tries to redirect all ports to a chosen destination--that is the chosen network interface.
Can you confirm whether or not I get this right? If not, can you explain it to me?
Appreciate your help.
Last edited by paulalt on Fri Oct 31, 2014 5:02 pm, edited 1 time in total.
-
- Posts: 20
- Joined: Thu Sep 19, 2013 6:35 am
Re: Selecting external ip for SoftEther Server
Thanks I have not looked at TCP proxy it I doubted it would do what we need, the name gives it away.
What I would like is for softether server settings to have an ability bind itself to a particular IP when the server has more than one IP address on one or more interfaces, particularly being able to control the use of the outgoing IP address that outgoing traffic has.
Currently it simply uses the lowest IP that it finds that has the route to the internet.
On another subject the only bug I have found with the wonderful project is that Softether's NAT DCHP server leaks DCHP services on the LAN side when not even logging into the VPN. I reported that in another post.
What I would like is for softether server settings to have an ability bind itself to a particular IP when the server has more than one IP address on one or more interfaces, particularly being able to control the use of the outgoing IP address that outgoing traffic has.
Currently it simply uses the lowest IP that it finds that has the route to the internet.
On another subject the only bug I have found with the wonderful project is that Softether's NAT DCHP server leaks DCHP services on the LAN side when not even logging into the VPN. I reported that in another post.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Selecting external ip for SoftEther Server
> My guess is that TcpProxy puts itself in-between SoftEther server and each
> of network interfaces and tries to redirect all ports to a chosen
> destination--that is the chosen network interface.
> Can you confirm weather or not I get this right? If not, can you explain it
> to me?
Please run SoftEther on an unused port.
You don't need to redirect all ports. It's enough only one port.
> of network interfaces and tries to redirect all ports to a chosen
> destination--that is the chosen network interface.
> Can you confirm weather or not I get this right? If not, can you explain it
> to me?
Please run SoftEther on an unused port.
You don't need to redirect all ports. It's enough only one port.
-
- Posts: 202
- Joined: Wed Jul 10, 2013 2:07 pm
Re: Selecting external ip for SoftEther Server
paulalt wrote:
> Any suggestion how to make it work for only one external ip out of four?
I'm not sure if I understand your problem correctly, but this is what i would try:
Let SoftEther listen on a very unusual port like 23456 or anything else.
Using iptables to redirect incomming traffic on the wanted interface to the SE port. (and maybe blocking port 23456 on all other interfaces)
"iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 443 -j REDIRECT --to-port 23456" and maybe forward udp too:
"iptables -t nat -A PREROUTING -i eth2 -p udp --dport 443 -j REDIRECT --to-port 23456"
So, it looks like SE would listen only on eth2 port 443 and you can run other services on eth1/443 or eth0/443....
> Any suggestion how to make it work for only one external ip out of four?
I'm not sure if I understand your problem correctly, but this is what i would try:
Let SoftEther listen on a very unusual port like 23456 or anything else.
Using iptables to redirect incomming traffic on the wanted interface to the SE port. (and maybe blocking port 23456 on all other interfaces)
"iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 443 -j REDIRECT --to-port 23456" and maybe forward udp too:
"iptables -t nat -A PREROUTING -i eth2 -p udp --dport 443 -j REDIRECT --to-port 23456"
So, it looks like SE would listen only on eth2 port 443 and you can run other services on eth1/443 or eth0/443....
-
- Posts: 20
- Joined: Thu Sep 19, 2013 6:35 am
Re: Selecting external ip for SoftEther Server
I am using windows. But I can see that is not what I need. Softether there is working on the ETH0, whatever IP are on the network card.
But I want softether to be bound to a particular IP address, especially for the outgoing forwarded connections which are on all ports.
My server has two IP addresses. Call then 123.456.89.1 and 123.456.89.2 I want the outgoing traffic to go on 123.456.89.2 only.
In fact I would not mind if the incoming and outgoing traffic used the second IP.
I would like to be able to bind softether to use a particular IP, not just a Network interface. Currently this cannot be done.
But I want softether to be bound to a particular IP address, especially for the outgoing forwarded connections which are on all ports.
My server has two IP addresses. Call then 123.456.89.1 and 123.456.89.2 I want the outgoing traffic to go on 123.456.89.2 only.
In fact I would not mind if the incoming and outgoing traffic used the second IP.
I would like to be able to bind softether to use a particular IP, not just a Network interface. Currently this cannot be done.
-
- Posts: 4
- Joined: Wed Oct 08, 2014 8:41 pm
Re: Selecting external ip for SoftEther Server
thisjun wrote:
> Please run SoftEther on an unused port.
> You don't need to redirect all ports. It's enough only one port.
This much I could have guessed myself. Your assumption isn't correct, and to be clear, I may want to have a hub on the server which combine all 4 types of vpn on all known ports.
That's why I want to use - for this purpose - just one network interface and not four available.
> Please run SoftEther on an unused port.
> You don't need to redirect all ports. It's enough only one port.
This much I could have guessed myself. Your assumption isn't correct, and to be clear, I may want to have a hub on the server which combine all 4 types of vpn on all known ports.
That's why I want to use - for this purpose - just one network interface and not four available.
-
- Posts: 137
- Joined: Mon Mar 24, 2014 3:59 am
Re: Selecting external ip for SoftEther Server
@paulalt, SoftEther does not implement interface binding, so you must use a wrapper like `authbind` to get the desired result.
* http://manpages.ubuntu.com/manpages/tru ... ind.1.html
You can use `iptables` to do the same thing, but it is much more difficult to get the configuration right, and running a Tor exit node greatly increases the exposure of any mistakes.
For a fancier solution, try running SoftEther and Tor in separate LXC containers.
* http://manpages.ubuntu.com/manpages/tru ... ind.1.html
You can use `iptables` to do the same thing, but it is much more difficult to get the configuration right, and running a Tor exit node greatly increases the exposure of any mistakes.
For a fancier solution, try running SoftEther and Tor in separate LXC containers.
-
- Posts: 4
- Joined: Wed Oct 08, 2014 8:41 pm
Re: Selecting external ip for SoftEther Server
dajhorn wrote:
> @paulalt, SoftEther does not implement interface binding, so you must use a
> wrapper like `authbind` to get the desired result.
>
Thank you for your suggestion. It's not the ideal solution but close to what I wanted.
> @paulalt, SoftEther does not implement interface binding, so you must use a
> wrapper like `authbind` to get the desired result.
>
Thank you for your suggestion. It's not the ideal solution but close to what I wanted.
-
- Posts: 7
- Joined: Tue Nov 30, 2021 10:21 pm
Re: Selecting external ip for SoftEther Server
YOU IDIOTS.YOU FOOLS. I WASTED A WHOLE DAY ON YOUR GARBAGE SOFTWARE THAT CANNOT BIND TO A PARTICULAR IP ADDRESS?
HOW AM I SUPPOSED TO USE PORT 443 WHEN I RUN OTHER WEBSITES ON THE SERVER?
ARE YOU NOT SMART ENOUGH TO THINK OF THESE THINGS BUT SMART ENOUGH TO MAKE THIS SOFTWARE?
HOW AM I SUPPOSED TO USE PORT 443 WHEN I RUN OTHER WEBSITES ON THE SERVER?
ARE YOU NOT SMART ENOUGH TO THINK OF THESE THINGS BUT SMART ENOUGH TO MAKE THIS SOFTWARE?
-
- Posts: 7
- Joined: Tue Nov 30, 2021 10:21 pm
Re: Selecting external ip for SoftEther Server
I've been a software engineer for over 2 decades, and I do not have the skill set to do what SoftEther does.
BUT EVERYONE TIME I WRITE A SERVER I MAKE SURE IT HAS A WAY TO SELECT WHAT IP TO BIND TO IN ANY OS THAT HAS MORE THAN 1 IP.
To think that you are entitled to just OWN a network a adapter is presumptuous, rude, or just ignorant. What if that adapter had a whole C-class on it, and you just think you have to right to bind 0.0.0.0 on whatever port you want?
ESPECIALLY since the main feature of this VPN is hiding in SSL, you don't think the server it's running on might have other SSL sites on it?
And if it does, well it's just out of luck then, because it cant use those bindings with your VPN software. So this VPN is useless to us.
Seriously, it's not hard to bind a single IP address on an adapter.
Your VPN has a bazillion features so one of them could EASILY to be BIND TO SPECIFIC IP ADDRESSES. Make that a feature so people can use your software otherwise it's really not usable.
BUT EVERYONE TIME I WRITE A SERVER I MAKE SURE IT HAS A WAY TO SELECT WHAT IP TO BIND TO IN ANY OS THAT HAS MORE THAN 1 IP.
To think that you are entitled to just OWN a network a adapter is presumptuous, rude, or just ignorant. What if that adapter had a whole C-class on it, and you just think you have to right to bind 0.0.0.0 on whatever port you want?
ESPECIALLY since the main feature of this VPN is hiding in SSL, you don't think the server it's running on might have other SSL sites on it?
And if it does, well it's just out of luck then, because it cant use those bindings with your VPN software. So this VPN is useless to us.
Seriously, it's not hard to bind a single IP address on an adapter.
Your VPN has a bazillion features so one of them could EASILY to be BIND TO SPECIFIC IP ADDRESSES. Make that a feature so people can use your software otherwise it's really not usable.
-
- Posts: 7
- Joined: Tue Nov 30, 2021 10:21 pm
Re: Selecting external ip for SoftEther Server
Any VPN server that cannot select what IP:PORT to bind to is UNUSABLE TRASH.
THIS IS NOT A VPN SERVER IT'S SOMETHING ELSE.
THIS IS NOT A VPN SERVER IT'S SOMETHING ELSE.
-
- Posts: 286
- Joined: Wed Nov 25, 2020 9:10 am
Re: Selecting external ip for SoftEther Server
First, softether does allow you to bind an IP.
Second, even it does not, it’s easy to setup redirect from the http server you are using.
You are such a smart software engineer that doesn’t know these stuffs. Amazing.
Second, even it does not, it’s easy to setup redirect from the http server you are using.
You are such a smart software engineer that doesn’t know these stuffs. Amazing.
-
- Posts: 7
- Joined: Tue Nov 30, 2021 10:21 pm
Re: Selecting external ip for SoftEther Server
Why does this thread exist then?
Where do you bind the IP? I was searching wading through all junk settings waiting to find it.
I didn't write some fake ass VPN software that lacks basic featuresYou are such a smart software engineer that doesn’t know these stuffs. Amazing.
-
- Posts: 7
- Joined: Tue Nov 30, 2021 10:21 pm
Re: Selecting external ip for SoftEther Server
This is SCAM language right here.
If it has it tell us where there is because there's a thread full of people looking at it. A WHOLE THREAD DEVOTED TO THIS ISSUE and you just come in and say "uuuhh actually guys you're all wrong"
Then saying "Even if it does not"
So it still MIGHT NOT HAVE IT?? You just undermined your own statement? If it has it, you haven't told us where it is, and nobody else could find it. So it looks like THAT FEATURE IS MISSING, doesn't it?
And NO I WILL NOT HACK AROUND WITH OTHER 3rd PARTY SOFTWARE TO GET A FEATURE THAT SHOULD COME STANDARD IN *ANY SERVER*.
This is basic software design. And you're going to trust your VPN to the same people who can't bind an IP address? Utter foolishness.
If you write a server and don't write a way to bind IPs you're not writing a server, your agenda is elsewhere. This is not a VPN server.
-
- Posts: 2
- Joined: Wed Dec 01, 2021 1:06 pm
Re: Selecting external ip for SoftEther Server
What kind of server programmer makes their server unable to bind to a specific ip?
Name ONE OTHER SERVER.
There's not a single one.
All web servers allow you choose the IP to bind to, All FTP servers, even the BITCOIN client allows your to choose what IP to bind to because it's p2p. Anyone who writes a server considers the fact that they need to allow the user to configure the IP it runs on.
Not allowing you to bind to an IP means they have no experience in writing servers.
Name ONE OTHER SERVER.
There's not a single one.
All web servers allow you choose the IP to bind to, All FTP servers, even the BITCOIN client allows your to choose what IP to bind to because it's p2p. Anyone who writes a server considers the fact that they need to allow the user to configure the IP it runs on.
Not allowing you to bind to an IP means they have no experience in writing servers.