How to tweak the firewall of OpenWrt 22.03 to support Softether VPN server

Hi, I'm running OpenWrt 22.03.5 r20134-5f15225c1e / LuCI ce20b4a6e0c86313c0c6e9c89eedf8f033f5e637 branch git-23.144.07943-874ba1e under a Nano Pi R4S board.

I have installed the softethervpn5-server from the web interface, and I used another PC to configure the Softether VPN server management tool. The configuration looks OK, and I have added a L2TP vpn user name for the client to login, also a TAP virtual device is created in the Softether management tool.

Now, I need to tweak the firewall to allow the traffic, it looks like I need to allow the 3 ports to open on the wlan. Here is what I have done in the LuCI web interface: See the image show below:

But after that, in my testing, the vpn client still fails to connect the router. Any ideas?

I see a similar question: Softether vpn server - Installing and Using OpenWrt - OpenWrt Forum, it looks like the version 4 works, but not version 5?

Also, like the above question like, there are some steps:

Using softethervpn5-server from luci
Access via server manager on another pc
create VPN hub, TAP devices
add TAP device to br_lan under devices?
open firewall ports?

I do not know how to "add TAP device to br_lan under devices?", it looks like in my Web LuCI interface's firewall setting, there is not such option to do that. Any suggestion? (You can see this link as a reference: Connecting to Softether server running on OpenWrt)


For some record, it looks like the version 5 does not work correctly.

I use Softether Management tool(from a Windows PC) to config the OpenWrt's Softether vpn settings, but when I restart the OpenWrt, I see that I can't log in to the Management tool by my previously set admin password.

I just checked that the latest management tool I can find today is:softether-vpn_admin_tools-v4.41-9787-rtm-2023.03.14-win32, while I see in github, the latest SoftetherVPN is 5.02.5180. I guess that the management tool version should match the server version, so I have to uninstall the version 5 in openwrt, and install the version 4 of SoftetherVPN server.

Also, I see that the firewall setting in my original post is NOT correct. In each rule, I have set two ports, in-fact, the source port is not needed. So I'm using the setting below:

By the above changes, I see that the L2TP VPN client can connect to the server, and I see the username and password also get verified. But at the last stage, I see that the L2TP client(in Windows PC) can't get an IP address from the server, so the connection is still failed.

Any ideas?

I'm still got the 720 Error message, it said that:

720 error(A connection to the remote computer could not be established. You might need to change the network settings for this connection)

Here is my setting in the SoftEther VPN management tool, it looks like those settings are quite simple, see the image shots below, note that I do NOT enable the SecureNAT.



Any ideas? Thanks. My guess is that I need to tweak my firewall on the OpenWrt?