I have installed SoftEther VPN server on one of the desktop and am using the wireless card. But i am not able to connect to the server through another computer which is using the URL to log in. I am however able to use the server which i use the local IP address.
Here is a screenshot of what i have forwarded:
WAN 500 --> 5555 LAN on Local
WAN 4500 --> 5555 LAN on Local
I am not able to get response and as you can see i am still getting connection error messages. Could you please advise what i could try next in order to resolve this issue?
In my last ditch effort i even opened all the ports on WAN. 0 ~ 9999 --> LAN on local 5555 But i still got the same message. Clearly there is another issue. Any help you can provide, i would be grateful
I suspect the reason why i am not able to connect to the listening port on the server machine is port forwarding. Regarding Port Forwarding setting for my Router to the server machine
-
- Posts: 4
- Joined: Fri Nov 19, 2021 11:19 am
Regarding Port Forwarding setting for my Router to the server machine
You do not have the required permissions to view the files attached to this post.
-
- Posts: 139
- Joined: Sat Feb 13, 2021 10:22 pm
Re: Regarding Port Forwarding setting for my Router to the server machine
When you say:
I have installed SoftEther VPN server on one of the desktop and am using the wireless card. But i am not able to connect to the server through another computer which is using the URL to log in. I am however able to use the server which i use the local IP address.
You mean: you cannot connect using the softether VPN client to the VPN? But managment of the VPN Server from inside the network is ok?
Network cards:
While a Wifi connection should work, a connection with a ethernet-cable ist more reliable, gives better performance, and has a lower latency. Try not to use Wifi if you want to get the best performance possible. Still, Wifi should work. But if the computer hosting SE-Server ist multihomed (more the one network card) make sure outgoing traffic of the SE Server goes trough the correct interface. It should even work if not if wifi and ethernet is connectet to the same router, but then why use wifi anyway? To make the wifi interface the default: in the windows network cards properties, open the IPv4 protocol, then advanced. There is a box with a "metric" value. Uncheck the "automatic" checkbox. Manually input a value. The card which will be used preferred should have a lower value then the other. So if for example you have a wifi card and an ethernet card. but want to send packets default using the Wifi interface, set the Wifi interface metric to 1, set the ethernet interface to 10
Regarding port forwards:
For a first try, disable any firewall on the Machine running SoftetherVPN Server (or better, add rules to allow incoming and outgoing traffic for all ports needed)
If you use only the softether client, a single port will be sufficent. one of thse which are listed under the Listener List. Of course also all of these are fine.
If you want to use clients which use L2TP over IPSec, add the ports: UDP port 500 and 4500. On the NAT, UDP 500 and 4500 should be transferred to the VPN Server. If any packet filters or firewalls are existing, open UDP 500 and 4500 (go to: https://www.softether.org/4-docs/2-howt ... VPN_Server and scroll to the bottom)
However, do not map (unless you know better) different external ports to different internal ports. Only use 1:1 mappings. So external port 443 has to be mapped to 443 on the VPN Server. The same or all other needed ports.
Now, if you create a new VPN connection with the VPN client specify not only the FQDN of the VPN Server but also the correct port (one of those Softether server is listening)
If this still does not work, start by finding out if you really have a public IPv4 address on you router which connects your network to the Internet.
I have installed SoftEther VPN server on one of the desktop and am using the wireless card. But i am not able to connect to the server through another computer which is using the URL to log in. I am however able to use the server which i use the local IP address.
You mean: you cannot connect using the softether VPN client to the VPN? But managment of the VPN Server from inside the network is ok?
Network cards:
While a Wifi connection should work, a connection with a ethernet-cable ist more reliable, gives better performance, and has a lower latency. Try not to use Wifi if you want to get the best performance possible. Still, Wifi should work. But if the computer hosting SE-Server ist multihomed (more the one network card) make sure outgoing traffic of the SE Server goes trough the correct interface. It should even work if not if wifi and ethernet is connectet to the same router, but then why use wifi anyway? To make the wifi interface the default: in the windows network cards properties, open the IPv4 protocol, then advanced. There is a box with a "metric" value. Uncheck the "automatic" checkbox. Manually input a value. The card which will be used preferred should have a lower value then the other. So if for example you have a wifi card and an ethernet card. but want to send packets default using the Wifi interface, set the Wifi interface metric to 1, set the ethernet interface to 10
Regarding port forwards:
For a first try, disable any firewall on the Machine running SoftetherVPN Server (or better, add rules to allow incoming and outgoing traffic for all ports needed)
If you use only the softether client, a single port will be sufficent. one of thse which are listed under the Listener List. Of course also all of these are fine.
If you want to use clients which use L2TP over IPSec, add the ports: UDP port 500 and 4500. On the NAT, UDP 500 and 4500 should be transferred to the VPN Server. If any packet filters or firewalls are existing, open UDP 500 and 4500 (go to: https://www.softether.org/4-docs/2-howt ... VPN_Server and scroll to the bottom)
However, do not map (unless you know better) different external ports to different internal ports. Only use 1:1 mappings. So external port 443 has to be mapped to 443 on the VPN Server. The same or all other needed ports.
Now, if you create a new VPN connection with the VPN client specify not only the FQDN of the VPN Server but also the correct port (one of those Softether server is listening)
If this still does not work, start by finding out if you really have a public IPv4 address on you router which connects your network to the Internet.
-
- Posts: 4
- Joined: Fri Nov 19, 2021 11:19 am
Re: Regarding Port Forwarding setting for my Router to the server machine
Thank you for your detailed response @nobody12. When i connect using 192.168.1.6/tcp i am able to connect from a different laptop on local network however when I use the URL 234281.softether.net to connect I am only able to connect through UDP protocol and not through tcp from a client computer. As you pointed out that a connection through a ethernet is more reliable i have even tried to connect through ethernet and turning off the wifi, I was still not able to connect using the TCP; I had connected laptop which designated as vpn server to the router but client laptop was on a different network. I had even tried to bridge the connection with the router to the server laptop but same result. I did disable the windows firewall on the server but that did not change the results although this was not done when i connected the ethernet to the laptop.
Couple of question:
After making these changes i am still getting the same error:
This would imply there is issue with port forwarding still right?
Couple of question:
Since I am able to connect through UDP, I would image I do not need to make any changes to interface?make sure outgoing traffic of the SE Server goes trough the correct interface.
Do you mean this was not suppose to be done ? Where I had mapped port 500 and 4500 to 5555? So 500 should be mapped to 500 and same for 4500? Although port 5555 was mapped to 5555: I added port 1194, 443, 992 with 1:1 mapping as you have suggested, while the firewall(windows Defender) was turned off.However, do not map (unless you know better) different external ports to different internal ports. Only use 1:1 mappings. So external port 443 has to be mapped to 443 on the VPN Server. The same or all other needed ports.
After making these changes i am still getting the same error:
Code: Select all
Error (Error Code 1):
Connection to the server failed. Check network connection and make sure that address and port number of destination server are correct.
You do not have the required permissions to view the files attached to this post.
-
- Posts: 139
- Joined: Sat Feb 13, 2021 10:22 pm
Re: Regarding Port Forwarding setting for my Router to the server machine
There are still strange NAT mappings:
500 -> 5555
4500 -> 5555
also those higher ports.
if 192.168.1.6 is the SE server ip, remove all these you only need exactly one port (unless you use L2TP).
Also check if your router needs firewall rules to allow traffic to a port in addition of the NAT mappings.
And, then if it still does not work, what kind of internet are you using?
Do you have a public IPv4 or not?
Also: do not try to connect from the internal network to the vpn. That might not work. Go to a location where you are outside in the internet.
which port to you try to connect to? you may try to use telnet and test if you can connect to this port.
(activate the telnet client frorm windows features, then start a cmd window)
telnet hostname portnumber
what happens?
500 -> 5555
4500 -> 5555
also those higher ports.
if 192.168.1.6 is the SE server ip, remove all these you only need exactly one port (unless you use L2TP).
Also check if your router needs firewall rules to allow traffic to a port in addition of the NAT mappings.
And, then if it still does not work, what kind of internet are you using?
Do you have a public IPv4 or not?
Also: do not try to connect from the internal network to the vpn. That might not work. Go to a location where you are outside in the internet.
which port to you try to connect to? you may try to use telnet and test if you can connect to this port.
(activate the telnet client frorm windows features, then start a cmd window)
telnet hostname portnumber
what happens?
-
- Posts: 4
- Joined: Fri Nov 19, 2021 11:19 am
Re: Regarding Port Forwarding setting for my Router to the server machine
As you have pointed out regarding strange mapping. I have fixed them so 500 and 4500 is pointing to 500 and 4500. I also ran an service at https://www.canyouseeme.org/ to find open ports but for some reason it is showing all ports as closed. Below i have attached a screen shot from nmap. This one below is for my router which is 192.168.1.1. Although i had opened the ports 5555 from my earlier screen shot, for some reason it is not being shown as open.
The one below is from the laptop which is running as the server:
Output:
Although running tracert on that web address is point to my external IP though.
The one below is from the laptop which is running as the server:
Yes can confirm i have a public IPv4Do you have a public IPv4 or not?
I have been using my mobile network internet to connect to the VPN server when using the web address to login.Also: do not try to connect from the internal network to the vpn. That might not work. Go to a location where you are outside in the internet.
which port to you try to connect to?
telnet hostname portnumber
Output:
Code: Select all
telnet vpn881***781.softether.net 5555
Connecting To vpn881***781.softether.net...Could not open connection to the host, on port 5555: Connect failed
-
- Posts: 139
- Joined: Sat Feb 13, 2021 10:22 pm
Re: Regarding Port Forwarding setting for my Router to the server machine
Well, I am not at your site and I dont know the make and model of your router, and I dont know about your internet connection.
But assuming that your port forwardings are working (running a portscan from the internal network to the internal ip of you router might not give correct results most likely), aut a port scan from the internet only shows closed ports, I would now check if your router needs more then just the entry of the port forward.
What router are you using?
Also, find out if you really have a public IPv4 Address:
On your router, enable managment access from the internet using http or https (check if the port used for mamagent is not forwarded!). Assign a string password for the router managment.
Then go surfing somewhere else and try to acess your routers Web-UI. If you cannot access it, chances are good you dont have a public IPv4.but behind a provider NAT.
You also might get information about your IP Adress from inside the routers Web-UI.
What company are you using for internet-access?
But assuming that your port forwardings are working (running a portscan from the internal network to the internal ip of you router might not give correct results most likely), aut a port scan from the internet only shows closed ports, I would now check if your router needs more then just the entry of the port forward.
What router are you using?
Also, find out if you really have a public IPv4 Address:
On your router, enable managment access from the internet using http or https (check if the port used for mamagent is not forwarded!). Assign a string password for the router managment.
Then go surfing somewhere else and try to acess your routers Web-UI. If you cannot access it, chances are good you dont have a public IPv4.but behind a provider NAT.
You also might get information about your IP Adress from inside the routers Web-UI.
What company are you using for internet-access?
-
- Posts: 4
- Joined: Fri Nov 19, 2021 11:19 am
Re: Regarding Port Forwarding setting for my Router to the server machine
Thanks for your help @nobody12. I have just discovered that i am behind a CGNAT thus port forwarding has been disabled by the ISP. I guess that is the reason why the connection has been rejecting. I am looking at ways of TCP punching.
-
- Posts: 139
- Joined: Sat Feb 13, 2021 10:22 pm
Re: Regarding Port Forwarding setting for my Router to the server machine
OK, so I was right with my guess: No public Ipv4 Address
My condolences to your Situation.
I think If you buy "internet access" from someone, that the provider actively and before signing thecontract must inform if you are located behind a NAT.
But most people internet access needs are opening a browser and search. And of course you pay 5Euros less for a one way connection. And then everybody only looks at the price 1st.
Maybe, ask them if they offer an IPv4 for a moderate charge, much easier and also much better regarding quality and speed of the VPN
My condolences to your Situation.
I think If you buy "internet access" from someone, that the provider actively and before signing thecontract must inform if you are located behind a NAT.
But most people internet access needs are opening a browser and search. And of course you pay 5Euros less for a one way connection. And then everybody only looks at the price 1st.
Maybe, ask them if they offer an IPv4 for a moderate charge, much easier and also much better regarding quality and speed of the VPN