VPN server on debian launches inifinite sessions

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
rhouben
Posts: 1
Joined: Mon Jun 20, 2022 9:38 am

VPN server on debian launches inifinite sessions

Post by rhouben » Tue Jun 21, 2022 7:55 am

Hello,

I've recently installed the softether-vpnserver software in order to see if we can use it to serve VPNs to several customers. However, after installing and taking the steps documented on the website, we couldn't get a connection going and system load spiked.

Investigating the logs we found the following behavior (some IP addresses elided for security reasons):

Code: Select all

2022-06-20 09:30:09.937 ------------------------------------------------------
2022-06-20 09:30:09.937 SoftEther VPN Server Developer Edition Version 5.01 Build 9674   (English)
2022-06-20 09:30:09.937 Compiled 2020/12/03 09:35:09 by Unknown at Unknown
2022-06-20 09:30:09.937 Log Messages are written with UTF-8 Encoding Format.
2022-06-20 09:30:09.937 The SoftEther VPN Server has been started.
2022-06-20 09:30:09.937 IPsec Module: The IPsec ver 2.0 (ISAKMP/IKEv1) processing module is started.
2022-06-20 09:30:09.937 Loading the configuration file.
2022-06-20 09:30:09.988 Monitoring the directory "/var/log/softether". If the amount of available free disk space becomes less than 100.00 MBytes, the backup files for log files and configurations that are saved on the sub-directories of this directory will be automatically deleted in the order of oldest first. The amount of free disk space that determines when to start deletion can be modified by changing the "AutoDeleteCheckDiskFreeSpaceMin" item in the configuration file.
2022-06-20 09:30:09.998 Virtual Hub "BastionVPN" has been started.
2022-06-20 09:30:09.998 The MAC address of Virtual Hub "BastionVPN" is "00-AE-33-DC-03-19".
2022-06-20 09:30:10.018 [HUB "BastionVPN"] SecureNAT has started. The SecureNAT session "SID-SECURENAT-1" was created.
2022-06-20 09:30:10.018 [HUB "BastionVPN"] The Virtual Hub is now online.
2022-06-20 09:30:10.018 TCP Listener (port 992) is starting.
2022-06-20 09:30:10.018 TCP Listener (port 1194) is starting.
2022-06-20 09:30:10.018 TCP Listener (port 992) has started. Now listening for connection from client.
2022-06-20 09:30:10.018 TCP Listener (port 1194) has started. Now listening for connection from client.
2022-06-20 09:30:10.018 TCP Listener (port 5555) is starting.
2022-06-20 09:30:10.018 TCP Listener (port 5555) has started. Now listening for connection from client.
2022-06-20 09:30:10.018 [HUB "BastionVPN"] The Local Bridge connection "eth0" has started. The bridge session "SID-LOCALBRIDGE-2" was created.
2022-06-20 09:30:10.018 The configuration file has been loaded.
2022-06-20 09:30:10.018 Starting the automatically saving background task. The interval between auto-saves is 300 seconds. You can change the interval by changing the parameter AutoSaveConfigSpan in the configuration file.
2022-06-20 09:30:10.524 [HUB "BastionVPN"] Session "SID-LOCALBRIDGE-2": A Local Bridge connection to physical Ethernet interface "eth0" was started.
2022-06-20 09:30:16.661 [HUB "BastionVPN"] SecureNAT: It has been detected that the Kernel-mode NAT for SecureNAT can be run on the interface "ipv4_rawsocket_virtual_router". The Kernel-mode NAT is starting. The TCP, UDP and ICMP NAT processings will be performed with high-performance via Kernel-Mode hereafter. The parameters of Kernel-mode NAT: IP Address = "10.171.7.254", Subnet Mask = "255.255.255.252", Default Gateway = "10.171.7.253", Broadcast Address = "10.171.7.255", Virtual MAC Address: "DA-2F-EA-9B-8C-84", DHCP Server Address: "10.171.7.253", DNS Server Address: "1.2.3.4"

2022-06-20 09:30:55.045 On the TCP Listener (Port 5555), a Client (IP address 172.16.41.1, Host name "cr100iNG-Core.systemec.private", Port number 43216) has connected.
2022-06-20 09:30:55.045 For the client (IP address: 172.16.41.1, host name: "cr100iNG-Core.systemec.private", port number: 43216), connection "CID-1" has been created.
2022-06-20 09:30:55.055 Connection "CID-1" has been terminated.
2022-06-20 09:30:55.055 The connection with the client (IP address 172.16.41.1, Port number 43216) has been disconnected.
2022-06-20 09:41:19.859 On the TCP Listener (Port 5555), a Client (IP address 172.16.41.1, Host name "cr100iNG-Core.systemec.private", Port number 34079) has connected.
2022-06-20 09:41:19.859 For the client (IP address: 172.16.41.1, host name: "cr100iNG-Core.systemec.private", port number: 34079), connection "CID-2" has been created.
2022-06-20 09:41:19.859 Connection "CID-2" has been terminated.
2022-06-20 09:41:19.859 The connection with the client (IP address 172.16.41.1, Port number 34079) has been disconnected
.
2022-06-20 10:26:42.407 On the TCP Listener (Port 5555), a Client (IP address 172.16.41.1, Host name "cr100iNG-Core.systemec.private", Port number 45855) has connected.
2022-06-20 11:20:56.613 On the TCP Listener (Port 0), a Client (IP address 172.16.41.1, Host name "cr100iNG-Core.systemec.private", Port number 1701) has connected.
2022-06-20 11:20:56.613 For the client (IP address: 172.16.41.1, host name: "cr100iNG-Core.systemec.private", port number: 1701), connection "CID-7" has been created.
2022-06-20 11:20:56.613 SSL communication for connection "CID-7" has been started. The encryption algorithm name is "(null)".
2022-06-20 11:20:56.623 [HUB "BastionVPN"] The connection "CID-7" (IP address: 172.16.41.1, Host name: cr100iNG-Core.systemec.private, Port number: 1701, Client name: "L2TP VPN Client - Microsoft", Version: 5.01, Build: 9674) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "dvoijen".
2022-06-20 11:20:56.623 [HUB "BastionVPN"] Connection "CID-7": Successfully authenticated as user "dvoijen".
2022-06-20 11:20:56.623 [HUB "BastionVPN"] Connection "CID-7": The new session "SID-DVOIJEN-[L2TP]-3" has been created. (IP address: 172.16.41.1, Port number: 1701, Physical underlying protocol: "Legacy VPN - L2TP")
2022-06-20 11:20:56.623 [HUB "BastionVPN"] Session "SID-DVOIJEN-[L2TP]-3": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2022-06-20 11:20:56.623 [HUB "BastionVPN"] Session "SID-DVOIJEN-[L2TP]-3": VPN Client details: (Client product name: "L2TP VPN Client - Microsoft", Client version: 501, Client build number: 9674, Server product name: "SoftEther VPN Server Developer Edition (64 bit) (Open Source)", Server version: 501, Server build number: 9674, Client OS name: "L2TP VPN Client - Microsoft", Client OS version: "-", Client product ID: "-", Client host name: "NB-DVOIJEN.systemec.local", Client IP address: "172.16.41.1", Client port number: 1701, Server host name: "0.0.0.0", Server IP address: "0.0.0.0", Server port number: 1701, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "BastionVPN", Client unique ID: "1A5A0E1913AE2270073E7E5CF4885EDC")
2022-06-20 11:21:00.631 L2TP PPP Session [172.16.41.1:1701]: Trying to request an IP address from the DHCP server.
2022-06-20 11:21:00.631 [HUB "BastionVPN"] SecureNAT: The DHCP entry 1 has been created. MAC address: CA-C3-51-C6-F2-3B, IP address: 192.168.165.10, host name: NB-DVOIJEN.systemec.local, expiration span: 7200 seconds
2022-06-20 11:21:00.631 [HUB "BastionVPN"] Session "SID-SECURENAT-1": The DHCP server of host "5E-1D-A1-99-95-D0" (192.168.165.1) on this session allocated, for host "SID-DVOIJEN-[L2TP]-3" on another session "CA-C3-51-C6-F2-3B", the new IP address 192.168.165.10.
2022-06-20 11:21:00.631 L2TP PPP Session [172.16.41.1:1701]: An IP address is assigned. IP Address of Client: 192.168.165.10, Subnet Mask: 255.255.255.0, Default Gateway: 0.0.0.0, Domain Name: "", DNS Server 1: 0.0.0.0, DNS Server 2: 0.0.0.0, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0, IP Address of DHCP Server: 192.168.165.1, Lease Lifetime: 7200 seconds
2022-06-20 11:21:00.631 L2TP PPP Session [172.16.41.1:1701]: The IP address and other network information parameters are set successfully. IP Address of Client: 192.168.165.10, Subnet Mask: 255.255.255.0, Default Gateway: 0.0.0.0, DNS Server 1: 0.0.0.0, DNS Server 2: 0.0.0.0, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0
2022-06-20 11:21:04.097 [HUB "BastionVPN"] SecureNAT: The UDP session 1 has been created. Connection source 192.168.165.10:137, Connection destination 255.255.255.255:137
2022-06-20 11:21:04.097 [HUB "BastionVPN"] SecureNAT: The UDP session 2 has been created. Connection source 172.16.41.102:40060, Connection destination 255.255.255.255:137
2022-06-20 11:21:04.097 [HUB "BastionVPN"] SecureNAT: The UDP session 3 has been created. Connection source 172.16.41.102:55284, Connection destination 255.255.255.255:137
2022-06-20 11:21:04.108 [HUB "BastionVPN"] SecureNAT: The UDP session 4 has been created. Connection source 172.16.41.102:41020, Connection destination 255.255.255.255:137
2022-06-20 11:21:04.108 [HUB "BastionVPN"] SecureNAT: The UDP session 5 has been created. Connection source 172.16.41.102:57036, Connection destination 255.255.255.255:137
2022-06-20 11:21:04.108 [HUB "BastionVPN"] SecureNAT: The UDP session 6 has been created. Connection source 172.16.41.102:44755, Connection destination 255.255.255.255:137
2022-06-20 11:21:04.108 [HUB "BastionVPN"] SecureNAT: The UDP session 7 has been created. Connection source 192.168.165.10:137, Connection destination 172.16.41.102:40060
2022-06-20 11:21:04.108 [HUB "BastionVPN"] SecureNAT: The UDP session 8 has been created. Connection source 172.16.41.102:39001, Connection destination 255.255.255.255:137
2022-06-20 11:21:04.108 [HUB "BastionVPN"] SecureNAT: The UDP session 9 has been created. Connection source 172.16.41.102:41796, Connection destination 255.255.255.255:137
2022-06-20 11:21:04.108 [HUB "BastionVPN"] SecureNAT: The UDP session 10 has been created. Connection source 172.16.41.102:47275, Connection destination 255.255.255.255:137
2022-06-20 11:21:04.108 [HUB "BastionVPN"] SecureNAT: The UDP session 11 has been created. Connection source 172.16.41.102:54659, Connection destination 255.255.255.255:137

... And so on. At this point it starts creating new UDP sessions at what appears to be the maximum rate the processor can manage, the log file fills up, and any actual clients can't get a connection because the server is entirely too busy.

The server configuration is the default that comes with debian 11; I've only added the bare minimum of instructions as indicated on https://www.softether.org/4-docs/1-manu ... ver_Manual to set up a virtual hub for testing purposes.

Stranger still, my colleague attempted to install softether on a windows server with default settings and did not run into this problem.

Clearly I've missed something somewhere; if anyone has any suggestions where to start looking I'd highly appreciate it.


--Rens Houben.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: VPN server on debian launches inifinite sessions

Post by solo » Tue Jun 21, 2022 8:52 am

rhouben wrote:
Tue Jun 21, 2022 7:55 am
SoftEther VPN Server Developer Edition Version 5.01 Build 9674 (English)
Try the RTM edition or check the developer's site https://github.com/SoftEtherVPN/SoftEtherVPN/issues

Post Reply