Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
AnimatedAneurin
Posts: 6
Joined: Tue Oct 19, 2021 6:13 pm

Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"

Post by AnimatedAneurin » Fri Apr 08, 2022 12:25 am

Hello All!

I'm currently experiencing issues with my Softether VPN Server Setup and can't figure out what the issue is or how to resolve it, and I'm hoping someone maybe able to help me figure it out?

--

My Goal: RemotePC-to-LAN topology that works for LAN and WAN clients. Ultimately, I would like my clients to access my corporate network so they can receive their group policies and windows updates, etc.

--

My Setup is as followed:

3 Networks involved:
Corporate Network - 192.168.5.X - DHCP and VPN Servers
LAN Network - 192.168.1.X - ESXi Host and VPN Servers
WAN - External Clients

(VPN Server: SoftEther Corporate Network is Bridged, 2nd NIC is LAN Network as Static Public IP is not an option)

Physical ESXi Host that hosts the below VMs:
Domain Controller/DHCP Server - VM - Windows Server 2016
SoftEther VPN Server - VM - Windows Server 2016
Client - Physical Machine - Windows 10 Pro - Using WiFi and 4G Networks to test LAN and WAN connections.

Notable configurations:

Promiscuous Mode enabled through Virtual Switch across all NICs
Port Forwarded 443 on Home Router for VPN Server

--

My LAB Issue:

I am able to connect my Client device to my VPN Server (using WiFi) but unable to ping other devices on the Corporate network and unable to obtain a DHCP IP Address from my DHCP Server.
I am unable to connect my Client device to my VPN Server using 4G, I receive an immediate error.
This setup worked previously, but unsure why this has happened.

--

Troubleshooting:

Checked Client side and Server Side Logs - No errors with clear indication, but noticed error code 11 server side.
Updated and Restarted VMs.
Turned off Firewalls on all devices.
Double checked Promiscuous mode was enabled.
DHCP Server not picking up client in Address Leases.
DHCP Server unable to ping client, client unable to ping DHCP.
VPN Server able to ping Client, Client able to ping VPN Server (WiFi).
Saw a forum that mentioned a regkey that may cause issues - DisableDHCPMediaSense - Non-existent on my machines.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"

Post by solo » Fri Apr 08, 2022 2:11 am

Physical ESXi Host that hosts the below VMs:
192.168.5.X - Domain Controller/DHCP Server
192.168.1.X - bridged SoftEther VPN Server

Is it a correct interpretation? Please describe routing method between the two subnets.

morad
Posts: 1
Joined: Fri Apr 08, 2022 5:17 am

Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"

Post by morad » Fri Apr 08, 2022 5:22 am

I have the same issue.
Image
https://ibb.co/5W8TdcZ

After creating a VPN server and successfully adding some routers as clients, I’m able to see all the routers and ping them from the server, but I cannot reach any devices behind these routers, for example
I’m able to ping router one ping 192.168.30.17 from the server but I cannot ping 192.168.8.10

any ideas?

AnimatedAneurin
Posts: 6
Joined: Tue Oct 19, 2021 6:13 pm

Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"

Post by AnimatedAneurin » Fri Apr 08, 2022 8:38 am

solo wrote:
Fri Apr 08, 2022 2:11 am
Physical ESXi Host that hosts the below VMs:
192.168.5.X - Domain Controller/DHCP Server
192.168.1.X - bridged SoftEther VPN Server

Is it a correct interpretation? Please describe routing method between the two subnets.
So the VPN Server has 2 NICs, 1 on the Corporate Network and 1 on the LAN Network.
The Corporate NIC is bridged with the Virtual Hub, so that Clients when connected to the VPN Server they should get routed by my Standalone Windows DHCP Server.
Clients should connect to my VPN Server through the SoftEther Dynamic DNS.

Assigning the IP Manually on the Client NIC does not work either.

Not sure if the above is what you're after, if not please let me know and I'll do my best to provide better information.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"

Post by solo » Fri Apr 08, 2022 8:57 am

Let's put aside VPN for now. Can you ping between the 192.168.5.X and 192.168.1.X networks?
"They should get routed by my Standalone Windows DHCP Server", or no?

AnimatedAneurin
Posts: 6
Joined: Tue Oct 19, 2021 6:13 pm

Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"

Post by AnimatedAneurin » Fri Apr 08, 2022 9:08 am

solo wrote:
Fri Apr 08, 2022 8:57 am
Let's put aside VPN for now. Can you ping between the 192.168.5.X and 192.168.1.X networks?
"They should get routed by my Standalone Windows DHCP Server", or no?
DHCP Server can only ping networks on the 192.168.5.X subnet as it only has one NIC.
VPN Server can ping both subnets - 192.168.1.X and 192.168.5.X - as it has two NICs.
Client can only ping 192.168.1.X subnet when on WiFi, but can ping VPN Server on 192.168.5.X when connected to it by VPN but not the DHCP Server which is also on the 192.168.5.X network.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"

Post by solo » Fri Apr 08, 2022 1:06 pm

For a test please remove the bridge and enable SecureNAT. If now a VPN client can ping the 192.168.5.X DHCP server, you have not resolved the issue of promiscuous mode. I've not used ESXi but it seems to involve a couple of settings, eg:
promiscuous mode enabled
mac address changes enabled
forged transmits enabled
vSwitch vs pSwitch?

AnimatedAneurin
Posts: 6
Joined: Tue Oct 19, 2021 6:13 pm

Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"

Post by AnimatedAneurin » Fri Apr 08, 2022 6:44 pm

solo wrote:
Fri Apr 08, 2022 1:06 pm
For a test please remove the bridge and enable SecureNAT. If now a VPN client can ping the 192.168.5.X DHCP server, you have not resolved the issue of promiscuous mode. I've not used ESXi but it seems to involve a couple of settings, eg:
promiscuous mode enabled
mac address changes enabled
forged transmits enabled
vSwitch vs pSwitch?
I have made sure the below is enabled on my Virtual Switch:

promiscuous mode
mac address changes
forged transmits

Removed the bridge connection and enabled SecureNAT - Issue still persists.

Still getting an IP Address of 169.254.X.X

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"

Post by solo » Fri Apr 08, 2022 8:30 pm

AnimatedAneurin wrote:
Fri Apr 08, 2022 6:44 pm
Removed the bridge connection and enabled SecureNAT - Issue still persists.
Still getting an IP Address of 169.254.X.X
Wow that's rather unexpected. Forget "Corporate Network", "LAN Network", etc. You simply have a VPN client-only issue.

If you still can't resolve it, then assuming your SNAT runs with defaults, your client's firewall is off, connect the client and post as code:
  • netstat -r
  • ipconfig /all
  • dhcptest --quiet --query --wait --timeout 10

AnimatedAneurin
Posts: 6
Joined: Tue Oct 19, 2021 6:13 pm

Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"

Post by AnimatedAneurin » Fri Apr 08, 2022 9:34 pm

solo wrote:
Fri Apr 08, 2022 8:30 pm
AnimatedAneurin wrote:
Fri Apr 08, 2022 6:44 pm
Removed the bridge connection and enabled SecureNAT - Issue still persists.
Still getting an IP Address of 169.254.X.X
Wow that's rather unexpected. Forget "Corporate Network", "LAN Network", etc. You simply have a VPN client-only issue.

If you still can't resolve it, then assuming your SNAT runs with defaults, your client's firewall is off, connect the client and post as code:
  • netstat -r
  • ipconfig /all
  • dhcptest --quiet --query --wait --timeout 10
Managed to get my Network working again!
I updated my VMWare Tools on my DHCP Server and reapplied DMZ on my VPN Server and that seems to have fixed it.
Not sure if forums get closed down automatically or manually but would like to keep this open for about a week or 2, just in case the issue reoccurs.
The above info seems useful too, so if it does happen I'll make sure to come back to this.

Thanks Solo for replying to my forum and trying to help me out, I really appreciate it as Networking/VPNs aren't my strongpoint :)

Post Reply