I am familiar with OpenVpn configuration and has been using it for quite a while now but today I wanted to try SoftEther VPN so after a few hours of banging my head I get the client connected to a VPN server but it refuses to give me any kind of connectivity.
### VPN is Connected
VPN Client>AccountList
AccountList command - Get List of VPN Connection Settings
Item |Value
----------------------------+--------------------------------------------------------
VPN Connection Setting Name |public-vpn-260.opengw.net
Status |Connected
VPN Server Hostname |public-vpn-222.opengw.net:443 (Direct TCP/IP Connection)
Virtual Hub |VPNGATE
Virtual Network Adapter Name|tun0
The command completed successfully.
My firewall config:
root@AhmarRouter:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan isp'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option network 'guest'
config rule
option name 'Guest DNS'
option src 'guest'
option dest_port '53'
option target 'ACCEPT'
option family 'ipv4'
list proto 'tcp'
list proto 'udp'
config rule
option name 'Guest DHCP'
list proto 'udp'
option src 'guest'
option dest_port '67-68'
option target 'ACCEPT'
option family 'ipv4'
config redirect
option target 'DNAT'
option name 'Router Torrent'
option src 'wan'
option src_dport '51413'
option dest 'lan'
option dest_ip '192.168.1.254'
option dest_port '51413'
list proto 'tcp'
list proto 'udp'
config redirect
option target 'DNAT'
option name 'Laptop Torrent'
option src 'wan'
option src_dport '51414'
option dest 'lan'
option dest_ip '192.168.1.135'
option dest_port '51414'
list proto 'tcp'
list proto 'udp'
config redirect
option target 'DNAT'
option name 'Remote SSH'
option src 'wan'
option src_dport '65051'
option dest 'lan'
option dest_ip '192.168.1.1'
option dest_port '22'
list proto 'tcp'
list proto 'udp'
config redirect
option target 'DNAT'
option name 'Remote Torrent'
option src 'wan'
option dest 'lan'
option dest_ip '192.168.1.254'
option dest_port '9091'
option src_dport '65052'
list proto 'tcp'
list proto 'udp'
config redirect
option target 'DNAT'
option name 'Remote SSH AP254'
option src 'wan'
option dest 'lan'
option dest_ip '192.168.1.254'
option dest_port '22'
option src_dport '65053'
list proto 'tcp'
list proto 'udp'
config redirect
option target 'DNAT'
option name 'Remote ISP'
option src 'wan'
option src_dport '65054'
option dest 'wan'
option dest_ip '192.168.10.1'
option dest_port '80'
list proto 'tcp'
list proto 'udp'
config rule
option src 'lan'
option name 'Block Internet Access'
option family 'ipv4'
option target 'REJECT'
option dest 'wan'
list src_mac '18:E7:77:95:1A:4B'
list src_mac 'AC:57:75:BB:E3:2B'
list proto 'tcp'
list proto 'udp'
option enabled '0'
config redirect 'adblock_dns_53'
option name 'Adblock DNS, port 53'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
config redirect 'adblock_dns_853'
option name 'Adblock DNS, port 853'
option src 'lan'
option proto 'tcp udp'
option src_dport '853'
option dest_port '853'
option target 'DNAT'
config redirect 'adblock_dns_5353'
option name 'Adblock DNS, port 5353'
option src 'lan'
option proto 'tcp udp'
option src_dport '5353'
option dest_port '5353'
option target 'DNAT'
config rule
option dest_port '137 138 139 445'
option src 'guest'
option name 'Guest SMB'
option dest 'lan'
list dest_ip '192.168.1.254'
option target 'ACCEPT'
option family 'ipv4'
list proto 'tcp'
list proto 'udp'
option enabled '0'
config forwarding
option src 'guest'
option dest 'wan'
config rule
option name 'Guest DNS'
option dest_port '53'
option target 'ACCEPT'
option family 'ipv4'
list proto 'tcp'
list proto 'udp'
option src 'vpn'
config rule
option name 'Guest DHCP'
list proto 'udp'
option dest_port '67-68'
option target 'ACCEPT'
option family 'ipv4'
option src 'vpn'
config zone
option name 'vpnse'
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'vpnse vpn'
config rule
option src 'wan'
option dest_port '443'
option target 'ACCEPT'
option proto 'tcp'
option name 'SoftEther 443'
config rule
option src 'wan'
option dest_port '992'
option target 'ACCEPT'
option proto 'tcp'
option name 'SoftEther 992'
config rule
option src 'wan'
option dest_port '1194'
option target 'ACCEPT'
option proto 'tcp'
option name 'SoftEther 1194'
config rule
option src 'wan'
option dest_port '5555'
option target 'ACCEPT'
option proto 'tcp'
option name 'SoftEther 5555'
config forwarding
option src 'lan'
option dest 'vpnse'
My network config:
root@AhmarRouter:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config atm-bridge 'atm'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
option vci '103'
option vpi '0'
option atmdev '0'
option unit '0'
config dsl 'dsl'
option annex 'a2p'
option ds_snr_offset '0'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option delegate '0'
config device 'lan_eth0_1_dev'
option name 'eth0.1'
option macaddr '34:8a:ae:ad:72:a6'
config interface 'wan'
option proto 'pppoe'
option delegate '0'
option username '7701b'
option password '******'
option ipv6 '0'
option peerdns '0'
list dns '8.8.8.8'
list dns '8.8.4.4'
option keepalive '3 5'
option metric '10'
option ifname 'eth0.2'
config device 'wan_dsl0_dev'
option name 'dsl0'
option macaddr '34:8a:ae:ad:72:a7'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0 1 2 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '5 6t'
config interface 'guest'
option proto 'static'
option delegate '0'
option ipaddr '192.168.101.1'
option netmask '255.255.255.0'
option type 'bridge'
config interface 'isp'
option ifname 'eth0.2'
option delegate '0'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.10.5'
list dns '192.168.10.1'
config interface 'vpn'
option proto 'none'
option ifname 'vpn_tun0'
option delegate '0'
Can someone please point me in the right direction as to what is happening with softether vpn server and why the traffic won't go through with it, as it does with OpenVpn? Thanks
root@AhmarRouter:~# ping -I vpn_tun0 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss
root@AhmarRouter:~# ifconfig vpn_tun0
vpn_tun0 Link encap:Ethernet HWaddr 5E:4F:F5:7F:2B:DB
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:421 errors:0 dropped:0 overruns:0 frame:0
TX packets:83 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:114493 (111.8 KiB) TX bytes:3542 (3.4 KiB)