3

I followed this guide in setting up a Softether VPN server on a Digital Ocean Ubuntu 14.04 instance. I installed Softether vpn client and openvpn on my laptop (ubuntu 14.10).

The server logs indicate that both clients can connect OK but I am unable to ping or telnet to the server. Also, when I connect with openvpn, I lose all internet, except skype.

With openvpn client netstat -nr reports as the following. 

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.30.14   128.0.0.0       UG        0 0          0 tun0
0.0.0.0         192.168.4.1     0.0.0.0         UG        0 0          0 eth0
54.158.28.151   192.168.4.1     255.255.255.255 UGH       0 0          0 eth0
128.0.0.0       192.168.30.14   128.0.0.0       UG        0 0          0 tun0
192.168.4.0     0.0.0.0         255.255.252.0   U         0 0          0 eth0
192.168.30.14   0.0.0.0         255.255.255.255 UH        0 0          0 tun0

With Softether client, netstat -nr reports the following:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.4.1     0.0.0.0         UG        0 0          0 eth0
192.168.4.0     0.0.0.0         255.255.252.0   U         0 0          0 eth0

Ping to telnet to 192.168.30.14 times out.

Softether vpn client ifconfig -a reports the following.

vpn_markadapter Link encap:Ethernet HWaddr 00:ac:c5:ff:ce:ec 
 inet6 addr: fe80::2ac:c5ff:feff:ceec/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1620 errors:0 dropped:0 overruns:0 frame:0
TX packets:1234 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:500 
RX bytes:118928 (118.9 KB) TX bytes:104989 (104.9 KB)

openvpn client, ifconfig -a:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:192.168.30.13  P-t-P:192.168.30.14      Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:280 errors:0 dropped:0 overruns:0 frame:0
      TX packets:534 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100 
      RX bytes:38199 (38.1 KB)  TX bytes:60461 (60.4 KB)

Openvpn console:

Thu May 28 19:10:12 2015 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu May 28 19:10:12 2015 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu May 28 19:10:12 2015 Attempting to establish TCP connection with [AF_INET]128.199.126.151:5555 [nonblock]
Thu May 28 19:10:13 2015 TCP connection established with [AF_INET]128.199.126.151:5555
Thu May 28 19:10:13 2015 TCPv4_CLIENT link local: [undef]
Thu May 28 19:10:13 2015 TCPv4_CLIENT link remote: [AF_INET]128.199.126.151:5555
Thu May 28 19:10:13 2015 TLS: Initial packet from [AF_INET]128.199.126.151:5555, sid=16ccbc28 f3c5eca8
Thu May 28 19:10:13 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu May 28 19:10:14 2015 VERIFY OK: depth=0, CN=[128.199.126.151], O=[128.199.126.151], OU=[128.199.126.151], C=US
Thu May 28 19:10:14 2015 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 28 19:10:14 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu May 28 19:10:14 2015 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 28 19:10:14 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu May 28 19:10:14 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu May 28 19:10:14 2015 [[128.199.126.151]] Peer Connection Initiated with [AF_INET]128.199.126.151:5555
Thu May 28 19:10:16 2015 SENT CONTROL [[128.199.126.151]]: 'PUSH_REQUEST' (status=1)
Thu May 28 19:10:16 2015 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DNS 192.168.30.1,route-gateway 192.168.30.14,redirect-gateway def1'
Thu May 28 19:10:16 2015 OPTIONS IMPORT: timers and/or timeouts modified
Thu May 28 19:10:16 2015 OPTIONS IMPORT: --ifconfig/up options modified
Thu May 28 19:10:16 2015 OPTIONS IMPORT: route options modified
Thu May 28 19:10:16 2015 OPTIONS IMPORT: route-related options modified
Thu May 28 19:10:16 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu May 28 19:10:16 2015 ROUTE_GATEWAY 192.168.4.1/255.255.252.0 IFACE=eth0 HWADDR=b8:ac:6f:50:18:af
Thu May 28 19:10:16 2015 TUN/TAP device tun0 opened
Thu May 28 19:10:16 2015 TUN/TAP TX queue length set to 100
Thu May 28 19:10:16 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu May 28 19:10:16 2015 /sbin/ip link set dev tun0 up mtu 1500
Thu May 28 19:10:16 2015 /sbin/ip addr add dev tun0 local 192.168.30.13 peer 192.168.30.14
Thu May 28 19:10:16 2015 /sbin/ip route add 128.199.126.151/32 via 192.168.4.1
Thu May 28 19:10:16 2015 /sbin/ip route add 0.0.0.0/1 via 192.168.30.14
Thu May 28 19:10:16 2015 /sbin/ip route add 128.0.0.0/1 via 192.168.30.14
Thu May 28 19:10:16 2015 Initialization Sequence Completed
markhorrocks
  • 471
  • 2
  • 9
  • 24

3 Answers3

1

If the client is linux, you need to add "dhclient tunx" command at the end of softether startup script. Adding sleep delay time also good to make sure vpn already connected before launching dhclient command.

Juraganet
  • 36
  • 3
0

Your config is okay. It looks like something blocked your outgoing traffic. I'm not sure what it is, could be firewall.

Juraganet
  • 36
  • 3
0

I needed to install Softether vpnclient on the server, then in vpnserver DhcpEnable and finally restart SSH. DhcpTable showed me my connected IP address.

On my laptop, I needed to run dhclient on the adpater to get an IP address. Then I could ssh into my server.

markhorrocks
  • 471
  • 2
  • 9
  • 24