Win10 VPN client network traffic will not enter the tunnel
-
- Posts: 7
- Joined: Thu Dec 29, 2022 7:05 am
Win10 VPN client network traffic will not enter the tunnel
1.Environmental Description
VPN server for windows, ver: softether-vpnserver_vpnbridge-v4.41-9782-beta-2022.11.17-windows-x86_x64-intel.exe
VPN client for windows, ver: softether-vpnclient-v4.41-9782-beta-2022.11.17-windows-x86_x64-intel.exe
2.Problem: Win10 network traffic will not enter the tunnel
In the win10 operating system, when the VPN tunnel was just established, the network traffic could enter the tunnel, but after about 30 seconds, the network traffic could not enter the tunnel. By analyzing the priority of the routing table, the network traffic should be able to enter the tunnel, but the network traffic did not enter the tunnel,And the VPN client is not added to the host route of the VPN server,Different from win7.The VPN client does not delete the default route of the physical network card.See the attachment for screenshots.
VPN server for windows, ver: softether-vpnserver_vpnbridge-v4.41-9782-beta-2022.11.17-windows-x86_x64-intel.exe
VPN client for windows, ver: softether-vpnclient-v4.41-9782-beta-2022.11.17-windows-x86_x64-intel.exe
2.Problem: Win10 network traffic will not enter the tunnel
In the win10 operating system, when the VPN tunnel was just established, the network traffic could enter the tunnel, but after about 30 seconds, the network traffic could not enter the tunnel. By analyzing the priority of the routing table, the network traffic should be able to enter the tunnel, but the network traffic did not enter the tunnel,And the VPN client is not added to the host route of the VPN server,Different from win7.The VPN client does not delete the default route of the physical network card.See the attachment for screenshots.
You do not have the required permissions to view the files attached to this post.
-
- Posts: 286
- Joined: Wed Nov 25, 2020 9:10 am
Re: Win10 VPN client network traffic will not enter the tunnel
Showing only the default route doesn't mean anything.
-
- Posts: 289
- Joined: Wed Dec 28, 2022 9:10 pm
Re: Win10 VPN client network traffic will not enter the tunnel
If you have been connected into a full tunnel, your PC default route should be either
- deleted
- replaced
with the VPN servers default gateway.
If it did not happen, it is ether
- you may use a split tunnel
- the client does not have enough permission to delete/update default route
- network misconfiguration
- maybe SE client/server bug, but it is really unlikely
- deleted
- replaced
with the VPN servers default gateway.
If it did not happen, it is ether
- you may use a split tunnel
- the client does not have enough permission to delete/update default route
- network misconfiguration
- maybe SE client/server bug, but it is really unlikely
-
- Posts: 7
- Joined: Thu Dec 29, 2022 7:05 am
Re: Win10 VPN client network traffic will not enter the tunnel
1. I use a full tunnel, don't use split tunnelshakibamoshiri wrote: ↑Thu Dec 29, 2022 12:37 pmIf you have been connected into a full tunnel, your PC default route should be either
- deleted
- replaced
with the VPN servers default gateway.
If it did not happen, it is ether
- you may use a split tunnel
- the client does not have enough permission to delete/update default route
- network misconfiguration
- maybe SE client/server bug, but it is really unlikely
2. I have used 4 win10 computers, and the problem is the same, so it is not my computer's problem.
3. I use the win10 computer to connect to another VPN server. There is no problem, so it is not a problem of permissions.
It's strange. I don't know if the VPN server configuration is wrong.
-
- Posts: 289
- Joined: Wed Dec 28, 2022 9:10 pm
Re: Win10 VPN client network traffic will not enter the tunnel
who has configured the SE server and what is the configuration?It's strange. I don't know if the VPN server configuration is wrong.
If you do not mention details, it cannot be easy to troubleshoot your issue.
-
- Posts: 7
- Joined: Thu Dec 29, 2022 7:05 am
Re: Win10 VPN client network traffic will not enter the tunnel
-Default installation, default configuration,SE vpn client never deletes the default route.shakibamoshiri wrote: ↑Fri Dec 30, 2022 8:39 pmwho has configured the SE server and what is the configuration?It's strange. I don't know if the VPN server configuration is wrong.
If you do not mention details, it cannot be easy to troubleshoot your issue.
-I have also deployed SE Server on Centos, which has the same problem.
-
- Posts: 7
- Joined: Thu Dec 29, 2022 7:05 am
Re: Win10 VPN client network traffic will not enter the tunnel
-Default installation, default configuration,SE vpn client never deletes the default route.shakibamoshiri wrote: ↑Fri Dec 30, 2022 8:39 pmwho has configured the SE server and what is the configuration?It's strange. I don't know if the VPN server configuration is wrong.
If you do not mention details, it cannot be easy to troubleshoot your issue.
-I have also deployed SE Server on Centos, which has the same problem.
-
- Posts: 289
- Joined: Wed Dec 28, 2022 9:10 pm
Re: Win10 VPN client network traffic will not enter the tunnel
if you have default configuration for SE server, I think you have not enabled Secure-NAT and with out this, a client either
- can connect
- or you wont have default route
So check and make sure Secure NAT has been enabled.
Enabling Secure NAT
- ./vpncmd
- select 1 (Server Managment)
- ./SecureNatEnable
you can do it with GUI as well
- open GUI on Windows
- select your Hub
- check the properties
- go to secure NAT section
- enable secure NAT
The default DHCP broadcasts 192.168.30.10 ~ 192.168.30.200
- can connect
- or you wont have default route
So check and make sure Secure NAT has been enabled.
Enabling Secure NAT
- ./vpncmd
- select 1 (Server Managment)
- ./SecureNatEnable
you can do it with GUI as well
- open GUI on Windows
- select your Hub
- check the properties
- go to secure NAT section
- enable secure NAT
The default DHCP broadcasts 192.168.30.10 ~ 192.168.30.200
-
- Posts: 7
- Joined: Thu Dec 29, 2022 7:05 am
Re: Win10 VPN client network traffic will not enter the tunnel
Hi, shakibamoshiri
My SE VPN Server configuration is as follows.Please check it, thank you.
My SE VPN Server configuration is as follows.Please check it, thank you.
You do not have the required permissions to view the files attached to this post.
-
- Posts: 7
- Joined: Thu Dec 29, 2022 7:05 am
Re: Win10 VPN client network traffic will not enter the tunnel
dukedracula wrote: ↑Tue Jan 03, 2023 2:13 amHi, shakibamoshiri
My SE VPN Server configuration is as follows.Please check it, thank you.
You do not have the required permissions to view the files attached to this post.
-
- Posts: 289
- Joined: Wed Dec 28, 2022 9:10 pm
Re: Win10 VPN client network traffic will not enter the tunnel
if you the Secure NAT has been enabled, check next step.
Open cmd prompt and run
screenshot
https://freeimage.host/i/HuZnAV2
and you should see just one "Default Gateway". If you had more than 1, then this could be the issue.
Try changing "metric" of that network adopter in your network setting
here is a guide
https://www.howtogeek.com/howto/27994/h ... n-windows/
set SE client network adopter's metric to 1
Open cmd prompt and run
Code: Select all
ipconfig | findstr "Default"
https://freeimage.host/i/HuZnAV2
and you should see just one "Default Gateway". If you had more than 1, then this could be the issue.
Try changing "metric" of that network adopter in your network setting
here is a guide
https://www.howtogeek.com/howto/27994/h ... n-windows/
set SE client network adopter's metric to 1
-
- Posts: 7
- Joined: Thu Dec 29, 2022 7:05 am
Re: Win10 VPN client network traffic will not enter the tunnel
hi,shakibamoshiri
Thank you for your support.I found the cause of the problem,The problem was caused by the network environment.You can verify that this problem has occurred in several environments I have built.
-The two-layer network will have problems.
-There is no problem with the three-layer network.
Please see the attachment.
Thank you for your support.I found the cause of the problem,The problem was caused by the network environment.You can verify that this problem has occurred in several environments I have built.
-The two-layer network will have problems.
-There is no problem with the three-layer network.
Please see the attachment.
You do not have the required permissions to view the files attached to this post.
-
- Posts: 289
- Joined: Wed Dec 28, 2022 9:10 pm
Re: Win10 VPN client network traffic will not enter the tunnel
Thank you , I did not have experience with this conditiondukedracula wrote: ↑Wed Jan 04, 2023 10:55 amhi,shakibamoshiri
Thank you for your support.I found the cause of the problem,The problem was caused by the network environment.You can verify that this problem has occurred in several environments I have built.
-The two-layer network will have problems.
-There is no problem with the three-layer network.
Please see the attachment.
-
- Posts: 12
- Joined: Mon Jan 02, 2023 2:11 pm
- Contact:
Re: Win10 VPN client network traffic will not enter the tunnel
thanks for posting the solution!dukedracula wrote: ↑Wed Jan 04, 2023 10:55 amhi,shakibamoshiri
Thank you for your support.I found the cause of the problem,The problem was caused by the network environment.You can verify that this problem has occurred in several environments I have built.
-The two-layer network will have problems.
-There is no problem with the three-layer network.
Please see the attachment.
Free VPN that works. For V2Ray, WireGuard and OpenVPN - https://vpn.fail/
Real-time free proxy list. SOCKS, HTTP & V2RAY - https://vpn.fail/free-proxy
Real-time free proxy list. SOCKS, HTTP & V2RAY - https://vpn.fail/free-proxy
-
- Posts: 1432
- Joined: Sun Feb 14, 2021 10:31 am
Re: Win10 VPN client network traffic will not enter the tunnel
What solution? The cure for a self-inflicted wound?
From the very first post it is clear that the OP has created a network loop. It actually works for "about 30 seconds" but nobody had noticed nor commented on this critical fact. The traceroute displays several private ranges with a millisecond hop time - obviously all on the same LAN. When you make a, completely useless, VPN connection over the same LAN, you generate an ARP broadcast storm which after "about 30 seconds" overwhelms the entire network and kills the connection - a classic VPN FAIL topology.
Incidentally, your aptly-named "vpn fail" project produces this warning:
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.