I need to setup a Remote Client PC to reach a VPN server using Softether. The client should communicate with the IP address hosted onto the VPN server (eth0) without going further on the VPN server LAN. I only have one ethernet interface available.
Using Centos 7, I was able to configure Softether for Remote Client VPN connection using the following model :
On the server side :
- Local bridge using a new tap device within softether
- Then, create a br0 bridge using bridge-utils (brctl) between the newly created tap device and an eth device (eth0)
This way, the client PC could easily access the hosted ip address of br0 interface, without having to wire another ethernet cable without IP address as mentionned in the Softether documentation.
But bridge-utils and brctl have disappear from centos 8, and nmcli doesn't seems to manage correctly tap device created by softether.
So, this model doesn't seems to work anymore.
What I've done :
Once the tap device is created by softether, it isn't managed/recognized by nmcli :
Code: Select all
# nmcli device
DEVICE TYPE STATE CONNECTION
br0 bridge connected bridge-br0
eth0 ethernet connected slave-br0-eth0
lo loopback not managed --
tap_sevpn tun not managed --
Code: Select all
# nmcli device set tap_sevpn managed yes
# nmcli device
DEVICE TYPE STATE CONNECTION
br0 bridge connected bridge-br0
eth0 ethernet connected slave-br0-eth0
tap_sevpn tun not connected --
lo loopback not managed --
Code: Select all
# nmcli device connect tap_sevpn
Error : failed to add or activate the new connection : cannot get interface name due to failed to determine interface name: error determine name for tun
Code: Select all
# nmcli connection add type bridge-slave ifname tap_sevpn con-name slave-br0-tap_sevpn master br0
# nmcli con
NAME UUID TYPE DEVICE
bridge-br0 58426429-025a-439a-8c53-be913a0a682c bridge br0
slave-br0-eth0 9e61e793-8ceb-4fae-a83c-9c3547a5a8f0 ethernet eth0
slave-br0-tap_sevpn 01f3c649-43ca-4bf5-bd71-9160a09378db ethernet --
I also tried type 'tun' without success :
Code: Select all
# nmcli connection add type tun ifname tap_sevpn con-name slave-br0-tap_sevpn master br0
# nmcli con
NAME UUID TYPE DEVICE
bridge-br0 58426429-025a-439a-8c53-be913a0a682c bridge br0
slave-br0-eth0 9e61e793-8ceb-4fae-a83c-9c3547a5a8f0 ethernet eth0
slave-br0-tap_sevpn 01f3c649-43ca-4bf5-bd71-9160a09378db tun --
Does anyone have successfully configured softether tap device using nmcli in RHEL 7 or 8 ?
Do I have an other solution ?
- Another way to configure local bridge?
- use Layer3 switch settings ?
- Use another type of intermediate device on the centos server on which I can link my local bridge before adding it to br0 interface ?
I can eventually use a L3 interconnection between PC VPN Client and tap device with dhcp and route announcement, and then activate ipv4_forwarding so that Remote Client can reach my /32 br0 IP address, as I don't need to get further in the server LAN.
Thanks for your help
Franck