Running SoftEther Server on Windows 2008R2 VMWare

[bfsinc]

I recently ran a P2V conversion on a server running SoftEther Server. Once I made that conversion and moved the machine on to a VSphere server, the VPN has stopped working. I can get connected and get an IP on the network, but I can neither browse the network nor the internet once connected.

Anyone else with a similar experience?

[kh_tsang]

I never tried that before but MAC spoofing required by local bridge usually may not work on datacenters.

Are you using local bridge?

[bfsinc]

Yes I'm using local bridging.

[kh_tsang]

Do you allow it in VMWare?

[bfsinc]

That's where I'm at a loss. I am new to the VMWare environment so I am not sure if/how to allow it.

[kh_tsang]

I have no idea about whether VMWare allows MAC Spoofing.
However, do you have a DHCP server in the virtual switch?

[bfsinc]

I switched the controller in to allow promiscuous on the Vsphere Client. I was able to successfully test it within my own network, but when I tried using my phone's hotspot, I couldn't connect.

[kh_tsang]

However, are you able to connect to the virtual switch in other places other than your phone's hotspot and your own network with the virtual switch? Also, which VPN protocol(s) do you use?

[bfsinc]

I had my laptop connected via the hotspot then tried to use the VPN. I am just using the default set up of SoftEther. None of this is in my wheelhouse

[kh_tsang]

How do you do your successful test in your network?

[bfsinc]

The only successful test I've done is when running on the same network that the server is running on. I was able to connect and get a new IP and browse the network.

[kh_tsang]

What do you see when the client fail to connect using your phone's hotspot?

[bfsinc]

It doesn't resolve the IP to the server, it seems.

[kh_tsang]

You should use the public IP(or a domain pointing at that IP) of the server to connect. In the firewall, you need to allow the incoming TCP ports that the server listens.

[bfsinc]

I am doing so and the IP is allowed through the firewall.

[kh_tsang]

Can you take a screenshot?

[bfsinc]

This is what I see when trying to connect while on my hotspot.

[kh_tsang]

Can you make a screenshot of the virtual switch settings?

[bfsinc]

This is the switch's properties on VSphere

[kh_tsang]

I can't see anything wrong here. Can the Windows Server browse the internet itself? If yes, can you try if VPN Azure works?

[bfsinc]

I can browse the internet on the box itself and the vpn azure does say it is connected

vpn745110264.vpnazure.net

response says that the connection is refused.

[kh_tsang]

You softether vpn server seems to be listening to port 443 correctly(changing the domain to softether.net will know your public IP), and the virtual hub can be detected when using VPN Azure.

Are you having something wrong with your Virtual Hub or vpn user configurations?

[bfsinc]

I have no idea. Before I changed the setting on VMWare, I could get connected and get an IP on the network, but I wasn't able to communicate with any of the machines on the network nor the internet. I've made the change now on the VMWare and I can't connect at all unless I am already inside my network.

[kh_tsang]

One more thing, this public IP is directly assigned to the VM or the VM is behind NAT?

[bfsinc]

The IP is assigned to the router and all traffic is directed to the VM (NAT)

[kh_tsang]

Where is the DHCP Server located? Inside/Outside the virtual switch?

Also, are the hosts you want to communicate in the same subnet as your client?

[bfsinc]

I went back on my router and noted that 444 was open, but not 443. I opened this port and was able to get everything to work in a good test. Thanks for the help!

[kh_tsang]

So my test works because of NAT-T......
The client should connect using NAT-T if you have configured the wrong port from my past experience.