Selecting external ip for SoftEther Server

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
paulalt
Posts: 4
Joined: Wed Oct 08, 2014 8:41 pm

Selecting external ip for SoftEther Server

Post by paulalt » Wed Oct 08, 2014 8:57 pm

I'd like to select only one external ip address for my SoftEther server on my VPS. I have four external IPs and SoftEther listens on all four network interfaces.

I see there is a choice to add or delete a port number --through GUI or vpncmd-- for SoftEther to listen on, but no choice as to choosing the network interface.

Any suggestion how to make it work for only one external ip out of four?

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Selecting external ip for SoftEther Server

Post by thisjun » Thu Oct 16, 2014 8:39 am

SoftEther VPN server doesn't have such function.
How about using TCP repeater such as TcpProxy?
http://quietsche-entchen.de/cgi-bin/wik ... s/TcpProxy

GerryB
Posts: 20
Joined: Thu Sep 19, 2013 6:35 am

Re: Selecting external ip for SoftEther Server: outgoing

Post by GerryB » Fri Oct 17, 2014 10:46 am

I need to do have outgoing connections come from one IP address, not the lowest on the NIC.

I cannot see how to do with on my Windows 2008 server. I can of course change the allowed incoming IP connecting Softether through Remote Access and Routing, but any connection the VPN makes outgoing comes from the first, lowest IP.

My reason to want to do this is that my lowest IP address has a TOR exit node and as a result that that has put that IP on some blacklists. My second IP remains clean, and I would love to force the Softethervpn traffic, all of it TCP and UDP, to use my second "clean" IP.

paulalt
Posts: 4
Joined: Wed Oct 08, 2014 8:41 pm

Re: Selecting external ip for SoftEther Server

Post by paulalt » Fri Oct 17, 2014 8:27 pm

thisjun

Thank you for your suggestion. I've checked that program you mentioned and there is not much info on the Internet for me to have a concept of how that might work.
There is no package of TcpProxy in Ubuntu's repositories. That's not a problem, though - I see there is a Debian package available on the website. Still, it's not clear to me how that is going to work on only one IP out of my four.

My guess is that TcpProxy puts itself in-between SoftEther server and each of network interfaces and tries to redirect all ports to a chosen destination--that is the chosen network interface.
Can you confirm whether or not I get this right? If not, can you explain it to me?

Appreciate your help.
Last edited by paulalt on Fri Oct 31, 2014 5:02 pm, edited 1 time in total.

GerryB
Posts: 20
Joined: Thu Sep 19, 2013 6:35 am

Re: Selecting external ip for SoftEther Server

Post by GerryB » Sat Oct 18, 2014 8:10 am

Thanks I have not looked at TCP proxy it I doubted it would do what we need, the name gives it away.

What I would like is for softether server settings to have an ability bind itself to a particular IP when the server has more than one IP address on one or more interfaces, particularly being able to control the use of the outgoing IP address that outgoing traffic has.

Currently it simply uses the lowest IP that it finds that has the route to the internet.

On another subject the only bug I have found with the wonderful project is that Softether's NAT DCHP server leaks DCHP services on the LAN side when not even logging into the VPN. I reported that in another post.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Selecting external ip for SoftEther Server

Post by thisjun » Thu Oct 30, 2014 7:44 am

> My guess is that TcpProxy puts itself in-between SoftEther server and each
> of network interfaces and tries to redirect all ports to a chosen
> destination--that is the chosen network interface.
> Can you confirm weather or not I get this right? If not, can you explain it
> to me?

Please run SoftEther on an unused port.
You don't need to redirect all ports. It's enough only one port.

qupfer
Posts: 202
Joined: Wed Jul 10, 2013 2:07 pm

Re: Selecting external ip for SoftEther Server

Post by qupfer » Thu Oct 30, 2014 8:51 am

paulalt wrote:
> Any suggestion how to make it work for only one external ip out of four?

I'm not sure if I understand your problem correctly, but this is what i would try:

Let SoftEther listen on a very unusual port like 23456 or anything else.
Using iptables to redirect incomming traffic on the wanted interface to the SE port. (and maybe blocking port 23456 on all other interfaces)
"iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 443 -j REDIRECT --to-port 23456" and maybe forward udp too:
"iptables -t nat -A PREROUTING -i eth2 -p udp --dport 443 -j REDIRECT --to-port 23456"

So, it looks like SE would listen only on eth2 port 443 and you can run other services on eth1/443 or eth0/443....

GerryB
Posts: 20
Joined: Thu Sep 19, 2013 6:35 am

Re: Selecting external ip for SoftEther Server

Post by GerryB » Thu Oct 30, 2014 11:06 am

I am using windows. But I can see that is not what I need. Softether there is working on the ETH0, whatever IP are on the network card.

But I want softether to be bound to a particular IP address, especially for the outgoing forwarded connections which are on all ports.

My server has two IP addresses. Call then 123.456.89.1 and 123.456.89.2 I want the outgoing traffic to go on 123.456.89.2 only.

In fact I would not mind if the incoming and outgoing traffic used the second IP.

I would like to be able to bind softether to use a particular IP, not just a Network interface. Currently this cannot be done.

paulalt
Posts: 4
Joined: Wed Oct 08, 2014 8:41 pm

Re: Selecting external ip for SoftEther Server

Post by paulalt » Fri Oct 31, 2014 5:21 pm

thisjun wrote:

> Please run SoftEther on an unused port.
> You don't need to redirect all ports. It's enough only one port.


This much I could have guessed myself. Your assumption isn't correct, and to be clear, I may want to have a hub on the server which combine all 4 types of vpn on all known ports.
That's why I want to use - for this purpose - just one network interface and not four available.

dajhorn
Posts: 137
Joined: Mon Mar 24, 2014 3:59 am

Re: Selecting external ip for SoftEther Server

Post by dajhorn » Fri Nov 07, 2014 12:40 am

@paulalt, SoftEther does not implement interface binding, so you must use a wrapper like `authbind` to get the desired result.

* http://manpages.ubuntu.com/manpages/tru ... ind.1.html

You can use `iptables` to do the same thing, but it is much more difficult to get the configuration right, and running a Tor exit node greatly increases the exposure of any mistakes.

For a fancier solution, try running SoftEther and Tor in separate LXC containers.

paulalt
Posts: 4
Joined: Wed Oct 08, 2014 8:41 pm

Re: Selecting external ip for SoftEther Server

Post by paulalt » Thu Nov 20, 2014 10:10 pm

dajhorn wrote:
> @paulalt, SoftEther does not implement interface binding, so you must use a
> wrapper like `authbind` to get the desired result.
>

Thank you for your suggestion. It's not the ideal solution but close to what I wanted.

flameboy
Posts: 7
Joined: Tue Nov 30, 2021 10:21 pm

Re: Selecting external ip for SoftEther Server

Post by flameboy » Tue Nov 30, 2021 10:24 pm

YOU IDIOTS.YOU FOOLS. I WASTED A WHOLE DAY ON YOUR GARBAGE SOFTWARE THAT CANNOT BIND TO A PARTICULAR IP ADDRESS?

HOW AM I SUPPOSED TO USE PORT 443 WHEN I RUN OTHER WEBSITES ON THE SERVER?
ARE YOU NOT SMART ENOUGH TO THINK OF THESE THINGS BUT SMART ENOUGH TO MAKE THIS SOFTWARE?

flameboy
Posts: 7
Joined: Tue Nov 30, 2021 10:21 pm

Re: Selecting external ip for SoftEther Server

Post by flameboy » Tue Nov 30, 2021 11:04 pm

I've been a software engineer for over 2 decades, and I do not have the skill set to do what SoftEther does.

BUT EVERYONE TIME I WRITE A SERVER I MAKE SURE IT HAS A WAY TO SELECT WHAT IP TO BIND TO IN ANY OS THAT HAS MORE THAN 1 IP.

To think that you are entitled to just OWN a network a adapter is presumptuous, rude, or just ignorant. What if that adapter had a whole C-class on it, and you just think you have to right to bind 0.0.0.0 on whatever port you want?

ESPECIALLY since the main feature of this VPN is hiding in SSL, you don't think the server it's running on might have other SSL sites on it?
And if it does, well it's just out of luck then, because it cant use those bindings with your VPN software. So this VPN is useless to us.

Seriously, it's not hard to bind a single IP address on an adapter.

Your VPN has a bazillion features so one of them could EASILY to be BIND TO SPECIFIC IP ADDRESSES. Make that a feature so people can use your software otherwise it's really not usable.

flameboy
Posts: 7
Joined: Tue Nov 30, 2021 10:21 pm

Re: Selecting external ip for SoftEther Server

Post by flameboy » Wed Dec 01, 2021 12:48 am

Any VPN server that cannot select what IP:PORT to bind to is UNUSABLE TRASH.
THIS IS NOT A VPN SERVER IT'S SOMETHING ELSE.

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: Selecting external ip for SoftEther Server

Post by eddiewu » Wed Dec 01, 2021 1:59 am

First, softether does allow you to bind an IP.
Second, even it does not, it’s easy to setup redirect from the http server you are using.
You are such a smart software engineer that doesn’t know these stuffs. Amazing.

flameboy
Posts: 7
Joined: Tue Nov 30, 2021 10:21 pm

Re: Selecting external ip for SoftEther Server

Post by flameboy » Wed Dec 01, 2021 3:33 am

eddiewu wrote:
Wed Dec 01, 2021 1:59 am
First, softether does allow you to bind an IP.
Second, even it does not, it’s easy to setup redirect from the http server you are using.
You are such a smart software engineer that doesn’t know these stuffs. Amazing.
Why does this thread exist then?
Where do you bind the IP? I was searching wading through all junk settings waiting to find it.
You are such a smart software engineer that doesn’t know these stuffs. Amazing.
I didn't write some fake ass VPN software that lacks basic features

flameboy
Posts: 7
Joined: Tue Nov 30, 2021 10:21 pm

Re: Selecting external ip for SoftEther Server

Post by flameboy » Wed Dec 01, 2021 1:01 pm

eddiewu wrote:
Wed Dec 01, 2021 1:59 am
Second, even it does not, it’s easy to setup redirect from the http server you are using.
This is SCAM language right here.
If it has it tell us where there is because there's a thread full of people looking at it. A WHOLE THREAD DEVOTED TO THIS ISSUE and you just come in and say "uuuhh actually guys you're all wrong"

Then saying "Even if it does not"

So it still MIGHT NOT HAVE IT?? You just undermined your own statement? If it has it, you haven't told us where it is, and nobody else could find it. So it looks like THAT FEATURE IS MISSING, doesn't it?

And NO I WILL NOT HACK AROUND WITH OTHER 3rd PARTY SOFTWARE TO GET A FEATURE THAT SHOULD COME STANDARD IN *ANY SERVER*.
This is basic software design. And you're going to trust your VPN to the same people who can't bind an IP address? Utter foolishness.

If you write a server and don't write a way to bind IPs you're not writing a server, your agenda is elsewhere. This is not a VPN server.

8vtwo
Posts: 2
Joined: Wed Dec 01, 2021 1:06 pm

Re: Selecting external ip for SoftEther Server

Post by 8vtwo » Wed Dec 01, 2021 11:43 pm

What kind of server programmer makes their server unable to bind to a specific ip?

Name ONE OTHER SERVER.
There's not a single one.
All web servers allow you choose the IP to bind to, All FTP servers, even the BITCOIN client allows your to choose what IP to bind to because it's p2p. Anyone who writes a server considers the fact that they need to allow the user to configure the IP it runs on.

Not allowing you to bind to an IP means they have no experience in writing servers.

Post Reply