Using VPN server tunnel to communicate with server itself
-
- Posts: 5
- Joined: Mon May 16, 2022 3:40 pm
Using VPN server tunnel to communicate with server itself
Dear forum members,
I installed SoftEther and setup VPN server with SecureNAT, VirtualDHCP (192.168.30.0/24) successfully.
Ping from my client (192.168.30.10) to the VPN server (192.168.30.1) works fine.
But the VPN connection couldn't be used from the VPN server back to the client, for example a ping from the server (192.168.30.1) to the
client 192.168.30.10 is not successful.
I'm looking for a solution to tunnel eclipse debugging with pydev which needs the following setup:
client -> https://webserver using the same host/ip address as VPN server
server debugging should use VPN tunnel (192.168.30.1) and connect to -> port 5678 to client (192.168.30.10)
Is this setup possible with SoftEther?
If yes, what needs to be changed in the configuration to either get a seperate interface for the private subnet (192.168.30.0/24) or to use
the VPN tunnel backwards?
Thank you for your help.
Best regards
Christof
I installed SoftEther and setup VPN server with SecureNAT, VirtualDHCP (192.168.30.0/24) successfully.
Ping from my client (192.168.30.10) to the VPN server (192.168.30.1) works fine.
But the VPN connection couldn't be used from the VPN server back to the client, for example a ping from the server (192.168.30.1) to the
client 192.168.30.10 is not successful.
I'm looking for a solution to tunnel eclipse debugging with pydev which needs the following setup:
client -> https://webserver using the same host/ip address as VPN server
server debugging should use VPN tunnel (192.168.30.1) and connect to -> port 5678 to client (192.168.30.10)
Is this setup possible with SoftEther?
If yes, what needs to be changed in the configuration to either get a seperate interface for the private subnet (192.168.30.0/24) or to use
the VPN tunnel backwards?
Thank you for your help.
Best regards
Christof
-
- Posts: 286
- Joined: Wed Nov 25, 2020 9:10 am
Re: Using VPN server tunnel to communicate with server itself
SecureNAT setup is internal to softether. So you won't see 192.168.30.0 assigned to the server.
Use a TAP device and local bridge instead should solve the problem, provided you are on Linux.
Use a TAP device and local bridge instead should solve the problem, provided you are on Linux.
-
- Posts: 1433
- Joined: Sun Feb 14, 2021 10:31 am
Re: Using VPN server tunnel to communicate with server itself
SoftEther offers VPN solutions in L2, L3 and SecureNAT mode. To achieve the described objectives in your preferred SecureNAT mode, install a SE client together with SE server on the same PC. The client must not use your vDHCP, set its vNIC to a static IP 192.168.30.2/24 and DG/DNS none.
-
- Posts: 5
- Joined: Mon May 16, 2022 3:40 pm
Re: Using VPN server tunnel to communicate with server itself
Hi Eddie,
I changed my setup according your comment. Now I'm using a bride with tap device and use a static subnet (192.168.3.0/24).
Unfortunately, I'm not able to set the ip address of the tap device of the vpn server (bridge) permanent.
I use ip addr add 192.168.3.1/24 dev tap_tap, but after reboot of the server the ip address is no longer set.
How could I set the ip address permanently (linux, debian)?
Thank you for your help.
Best regards
Christof
-
- Posts: 5
- Joined: Mon May 16, 2022 3:40 pm
Re: Using VPN server tunnel to communicate with server itself
Hi Solo,solo wrote: ↑Tue May 17, 2022 12:50 pmSoftEther offers VPN solutions in L2, L3 and SecureNAT mode. To achieve the described objectives in your preferred SecureNAT mode, install a SE client together with SE server on the same PC. The client must not use your vDHCP, set its vNIC to a static IP 192.168.30.2/24 and DG/DNS none.
I changed my setup according to Eddie's comment.
Now I'm using a bridge with tap device and use a static subnet (192.168.3.0/24).
Unfortunately, I'm not able to set the ip address of the tap device of the vpn server (bridge) permanent.
I use ip addr add 192.168.3.1/24 dev tap_tap, but after reboot of the server the ip address is no longer set.
How could I set the ip address permanently (linux, debian)?
Thank you for your help.
Best regards
Christof
-
- Posts: 286
- Joined: Wed Nov 25, 2020 9:10 am
Re: Using VPN server tunnel to communicate with server itself
That depends on how you start softether. Put the command in the startup script.
-
- Posts: 5
- Joined: Mon May 16, 2022 3:40 pm
Re: Using VPN server tunnel to communicate with server itself
Hello Eddir,
I created another systemd service to set the ip address of the tap interface which is dependant on the softether vpn server.service.
First I tried to exec the script with the ExecStartPost directive which didn't work for me.
Thank you for your help.
Best regards
Christof
-
- Posts: 286
- Joined: Wed Nov 25, 2020 9:10 am
Re: Using VPN server tunnel to communicate with server itself
ExecStartPost should work but you may need to add some delay before setting IP.
-
- Posts: 5
- Joined: Mon May 16, 2022 3:40 pm
Re: Using VPN server tunnel to communicate with server itself
Hello Eddie,
I use the following script as a service which shows that some time is needed before the tap device is in place.
# cat /usr/libexec/softether/vpnserver/set_ip_tap_device.sh
#!/bin/bash
retval=1
retries=3
while [ $retval -ne 0 ] && [ $retries -gt 0 ]
do
ip addr add 192.168.3.1/24 dev tap_tap
retval=$?
if [ $retval -ne 0 ] ; then
echo "Set tap ip failed, $retval. Retries: $retries"
sleep 2
else
echo "Set tap ip successful, $retval,"
fi
((retries--))
done
Output of systemctl:
# systemctl status softether-set-tap-ip.service
● softether-set-tap-ip.service - SoftEther Set tap IP Address
Loaded: loaded (/lib/systemd/system/softether-set-tap-ip.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2022-05-18 18:34:20 UTC; 12h ago
Main PID: 901 (code=exited, status=0/SUCCESS)
CPU: 8ms
May 18 18:34:18 systemd[1]: Started SoftEther Set tap IP Address.
May 18 18:34:18 set_ip_tap_device.sh[902]: Cannot find device "tap_tap"
May 18 18:34:18 set_ip_tap_device.sh[901]: Set tap ip failed, 1. Retries: 3
May 18 18:34:20 set_ip_tap_device.sh[901]: Set tap ip successful, 0,
May 18 18:34:20 systemd[1]: softether-set-tap-ip.service: Succeeded.
Have a good day
Christof