version: OpenWrt 24.10.0 r28427-6df0e3d02a
package: softether vpn5-server
issue: It looks like any packets from softethervpn are gone out without go through local network stack.
root@OpenWrt:~# tcpdump -n -i any arp
tcpdump: WARNING: any: That device doesn't support promiscuous mode
(Promiscuous mode not supported on the "any" device)
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
22:25:16.410441 br-lan Out ARP, Request who-has 192.168.1.1 tell 192.168.1.111, length 28
22:25:16.410450 eth0 Out ARP, Request who-has 192.168.1.1 tell 192.168.1.111, length 28
# no response
I tried use ubuntu 24 as a gateway router and installed softether vpn5-server on it for test, and everything works fine.
I also have disabled the firewall but with no luck.
The strange thing is, if enable secureNAT, the gateway (192.168.1.1) will be reachable.
News: I found a workaround, which is to bind the hub to a tap interface
Limitations within the Linux or UNIX operating system prevent communication with IP addresses assigned to the network adapter locally bridged from the VPN side (Virtual Hub side). The cause of this restriction lies with OS's internal kernel codes rather than with the SoftEther VPN. When wishing to communicate in any form with a UNIX computer used for local bridging from the VPN side (Virtual Hub side), (for instance, when running both the VPN Server / VPN Bridge service & the HTTP Server service and wishing to grant access to the server service from the VPN side as well), prepare and connect a local bridge network adapter and physically connect both it and the existing network adapter to the same segment (as explained in 3.6 Local Bridges, it is recommended to prepare a network adapter for exclusive use in local bridging for this and other situations).