[SOLVED] Softether and centos 8.1

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
fc193
Posts: 2
Joined: Wed Mar 11, 2020 8:02 am

[SOLVED] Softether and centos 8.1

Post by fc193 » Wed Mar 11, 2020 8:40 am

Hello,
I need to setup a Remote Client PC to reach a VPN server using Softether. The client should communicate with the IP address hosted onto the VPN server (eth0) without going further on the VPN server LAN. I only have one ethernet interface available.

Using Centos 7, I was able to configure Softether for Remote Client VPN connection using the following model :

On the server side :
- Local bridge using a new tap device within softether
- Then, create a br0 bridge using bridge-utils (brctl) between the newly created tap device and an eth device (eth0)

This way, the client PC could easily access the hosted ip address of br0 interface, without having to wire another ethernet cable without IP address as mentionned in the Softether documentation.

But bridge-utils and brctl have disappear from centos 8, and nmcli doesn't seems to manage correctly tap device created by softether.

So, this model doesn't seems to work anymore.

What I've done :

Once the tap device is created by softether, it isn't managed/recognized by nmcli :

Code: Select all

# nmcli device
DEVICE     TYPE      STATE     CONNECTION
br0        bridge    connected  bridge-br0
eth0       ethernet  connected  slave-br0-eth0
lo         loopback  not managed  --
tap_sevpn  tun       not managed  --
So I manually add it using nmcli, it appears "not connected" :

Code: Select all

# nmcli device set tap_sevpn managed yes
# nmcli device
DEVICE     TYPE      STATE       CONNECTION
br0        bridge    connected    bridge-br0
eth0       ethernet  connected    slave-br0-eth0
tap_sevpn  tun       not connected  --
lo         loopback  not managed    --
If I try to manually connect it, i got an error message from nmcli :

Code: Select all

# nmcli device connect tap_sevpn
Error : failed to add or activate the new connection : cannot get interface name due to failed to determine interface name: error determine name for tun
If I insist trying to associate the tap device with the br0 bridge :

Code: Select all

# nmcli connection add type bridge-slave ifname tap_sevpn con-name slave-br0-tap_sevpn master br0
# nmcli con
NAME                 UUID                                  TYPE      DEVICE
bridge-br0           58426429-025a-439a-8c53-be913a0a682c  bridge    br0
slave-br0-eth0       9e61e793-8ceb-4fae-a83c-9c3547a5a8f0  ethernet  eth0
slave-br0-tap_sevpn  01f3c649-43ca-4bf5-bd71-9160a09378db  ethernet  --
The DEVICE field stays empty and the VPN isn't working as it was in centos 7

I also tried type 'tun' without success :

Code: Select all

# nmcli connection add type tun ifname tap_sevpn con-name slave-br0-tap_sevpn master br0
# nmcli con
NAME                 UUID                                  TYPE      DEVICE
bridge-br0           58426429-025a-439a-8c53-be913a0a682c  bridge    br0
slave-br0-eth0       9e61e793-8ceb-4fae-a83c-9c3547a5a8f0  ethernet  eth0
slave-br0-tap_sevpn  01f3c649-43ca-4bf5-bd71-9160a09378db  tun       --
Ad finally tried to create a sotether local bridge directly to br0 or eth0 without using tap device, but I can only acces the LAN behind my VPN server and not my VPN server itself. And I don't have any other eth device to bridge to.

Does anyone have successfully configured softether tap device using nmcli in RHEL 7 or 8 ?

Do I have an other solution ?

- Another way to configure local bridge?
- use Layer3 switch settings ?
- Use another type of intermediate device on the centos server on which I can link my local bridge before adding it to br0 interface ?

I can eventually use a L3 interconnection between PC VPN Client and tap device with dhcp and route announcement, and then activate ipv4_forwarding so that Remote Client can reach my /32 br0 IP address, as I don't need to get further in the server LAN.

Thanks for your help
Franck
Last edited by fc193 on Sun Mar 29, 2020 11:21 am, edited 1 time in total.

ddunston
Posts: 22
Joined: Fri Mar 13, 2020 11:33 pm

Re: Softether and centos 8.1

Post by ddunston » Sun Mar 15, 2020 2:13 am

It sounds like you just need remote access to the VPN Server over a secure connection so I'd suggest just using SSH. Lookup using public/private keys and/or two-factor authentication with Google or Duo.

I believe a VPN is an overkill for what is needed.

gg_user
Posts: 16
Joined: Sat May 13, 2017 6:39 pm

Re: Softether and centos 8.1

Post by gg_user » Sun Mar 22, 2020 12:12 pm

Hi,

1) You can use the utility iproute2:

Code: Select all

ip link add name br0 type bridge
ip link set dev br0 up
ip link set dev eth0 master br0
ip link set dev tap_sevpn master br0
2) You can build bridge-utils utility for centos 8

fc193
Posts: 2
Joined: Wed Mar 11, 2020 8:02 am

Re: Softether and centos 8.1

Post by fc193 » Sun Mar 29, 2020 11:21 am

gg_user wrote:
Sun Mar 22, 2020 12:12 pm
Hi,

1) You can use the utility iproute2:

Code: Select all

...ip link set dev tap_sevpn master br0
this works perfectly, thanks a lot.
Franck

Post Reply