Softether VPN Client No Connectivity

I am familiar with OpenVpn configuration and has been using it for quite a while now but today I wanted to try SoftEther VPN so after a few hours of banging my head I get the client connected to a VPN server but it refuses to give me any kind of connectivity.

### VPN is Connected

VPN Client>AccountList
AccountList command - Get List of VPN Connection Settings
Item                        |Value
----------------------------+--------------------------------------------------------
VPN Connection Setting Name |public-vpn-260.opengw.net
Status                      |Connected
VPN Server Hostname         |public-vpn-222.opengw.net:443 (Direct TCP/IP Connection)
Virtual Hub                 |VPNGATE
Virtual Network Adapter Name|tun0
The command completed successfully.

My firewall config:

root@AhmarRouter:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan isp'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config zone
        option name 'guest'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option network 'guest'

config rule
        option name 'Guest DNS'
        option src 'guest'
        option dest_port '53'
        option target 'ACCEPT'
        option family 'ipv4'
        list proto 'tcp'
        list proto 'udp'

config rule
        option name 'Guest DHCP'
        list proto 'udp'
        option src 'guest'
        option dest_port '67-68'
        option target 'ACCEPT'
        option family 'ipv4'

config redirect
        option target 'DNAT'
        option name 'Router Torrent'
        option src 'wan'
        option src_dport '51413'
        option dest 'lan'
        option dest_ip '192.168.1.254'
        option dest_port '51413'
        list proto 'tcp'
        list proto 'udp'

config redirect
        option target 'DNAT'
        option name 'Laptop Torrent'
        option src 'wan'
        option src_dport '51414'
        option dest 'lan'
        option dest_ip '192.168.1.135'
        option dest_port '51414'
        list proto 'tcp'
        list proto 'udp'

config redirect
        option target 'DNAT'
        option name 'Remote SSH'
        option src 'wan'
        option src_dport '65051'
        option dest 'lan'
        option dest_ip '192.168.1.1'
        option dest_port '22'
        list proto 'tcp'
        list proto 'udp'

config redirect
        option target 'DNAT'
        option name 'Remote Torrent'
        option src 'wan'
        option dest 'lan'
        option dest_ip '192.168.1.254'
        option dest_port '9091'
        option src_dport '65052'
        list proto 'tcp'
        list proto 'udp'

config redirect
        option target 'DNAT'
        option name 'Remote SSH AP254'
        option src 'wan'
        option dest 'lan'
        option dest_ip '192.168.1.254'
        option dest_port '22'
        option src_dport '65053'
        list proto 'tcp'
        list proto 'udp'

config redirect
        option target 'DNAT'
        option name 'Remote ISP'
        option src 'wan'
        option src_dport '65054'
        option dest 'wan'
        option dest_ip '192.168.10.1'
        option dest_port '80'
        list proto 'tcp'
        list proto 'udp'

config rule
        option src 'lan'
        option name 'Block Internet Access'
        option family 'ipv4'
        option target 'REJECT'
        option dest 'wan'
        list src_mac '18:E7:77:95:1A:4B'
        list src_mac 'AC:57:75:BB:E3:2B'
        list proto 'tcp'
        list proto 'udp'
        option enabled '0'

config redirect 'adblock_dns_53'
        option name 'Adblock DNS, port 53'
        option src 'lan'
        option proto 'tcp udp'
        option src_dport '53'
        option dest_port '53'
        option target 'DNAT'

config redirect 'adblock_dns_853'
        option name 'Adblock DNS, port 853'
        option src 'lan'
        option proto 'tcp udp'
        option src_dport '853'
        option dest_port '853'
        option target 'DNAT'

config redirect 'adblock_dns_5353'
        option name 'Adblock DNS, port 5353'
        option src 'lan'
        option proto 'tcp udp'
        option src_dport '5353'
        option dest_port '5353'
        option target 'DNAT'

config rule
        option dest_port '137 138 139 445'
        option src 'guest'
        option name 'Guest SMB'
        option dest 'lan'
        list dest_ip '192.168.1.254'
        option target 'ACCEPT'
        option family 'ipv4'
        list proto 'tcp'
        list proto 'udp'
        option enabled '0'

config forwarding
        option src 'guest'
        option dest 'wan'

config rule
        option name 'Guest DNS'
        option dest_port '53'
        option target 'ACCEPT'
        option family 'ipv4'
        list proto 'tcp'
        list proto 'udp'
        option src 'vpn'

config rule
        option name 'Guest DHCP'
        list proto 'udp'
        option dest_port '67-68'
        option target 'ACCEPT'
        option family 'ipv4'
        option src 'vpn'

config zone
        option name 'vpnse'
        option output 'ACCEPT'
        option forward 'REJECT'
        option input 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'vpnse vpn'

config rule
        option src 'wan'
        option dest_port '443'
        option target 'ACCEPT'
        option proto 'tcp'
        option name 'SoftEther 443'

config rule
        option src 'wan'
        option dest_port '992'
        option target 'ACCEPT'
        option proto 'tcp'
        option name 'SoftEther 992'

config rule
        option src 'wan'
        option dest_port '1194'
        option target 'ACCEPT'
        option proto 'tcp'
        option name 'SoftEther 1194'

config rule
        option src 'wan'
        option dest_port '5555'
        option target 'ACCEPT'
        option proto 'tcp'
        option name 'SoftEther 5555'

config forwarding
        option src 'lan'
        option dest 'vpnse'

My network config:

root@AhmarRouter:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config atm-bridge 'atm'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'
        option vci '103'
        option vpi '0'
        option atmdev '0'
        option unit '0'

config dsl 'dsl'
        option annex 'a2p'
        option ds_snr_offset '0'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option delegate '0'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr '34:8a:ae:ad:72:a6'

config interface 'wan'
        option proto 'pppoe'
        option delegate '0'
        option username '7701b'
        option password '******'
        option ipv6 '0'
        option peerdns '0'
        list dns '8.8.8.8'
        list dns '8.8.4.4'
        option keepalive '3 5'
        option metric '10'
        option ifname 'eth0.2'

config device 'wan_dsl0_dev'
        option name 'dsl0'
        option macaddr '34:8a:ae:ad:72:a7'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0 1 2 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '2'
        option ports '5 6t'

config interface 'guest'
        option proto 'static'
        option delegate '0'
        option ipaddr '192.168.101.1'
        option netmask '255.255.255.0'
        option type 'bridge'

config interface 'isp'
        option ifname 'eth0.2'
        option delegate '0'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.10.5'
        list dns '192.168.10.1'

config interface 'vpn'
        option proto 'none'
        option ifname 'vpn_tun0'
        option delegate '0'

Can someone please point me in the right direction as to what is happening with softether vpn server and why the traffic won't go through with it, as it does with OpenVpn? Thanks

root@AhmarRouter:~# ping -I vpn_tun0 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss

root@AhmarRouter:~# ifconfig vpn_tun0
vpn_tun0  Link encap:Ethernet  HWaddr 5E:4F:F5:7F:2B:DB
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:421 errors:0 dropped:0 overruns:0 frame:0
          TX packets:83 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:114493 (111.8 KiB)  TX bytes:3542 (3.4 KiB)

Last time i used Softether i followed this guide: https://wordpress.tirlins.com/2015/03/setting-up-softether-vpn-on-openwrt/

I also directly added the vpn adapter to the LAN bridge.

PS: Nowdays i use/recommend Wireguard.

2 Likes