You are not logged in.

#1 2018-01-26 08:09:13

luser
Member
Registered: 2016-08-27
Posts: 114

[solved] can anyone help set up softether vpn client manager?!?

I am trying to use softethervpn-client-manager from the aur to connect my laptop to a softether vpn server I have running on a Windows machine. I have searched for days trying to find a solution without success, although I have made some progress: I am able to use Windows to connect as a client quite successfully. So I exported its client config and imported it into Arch to use. When I try connecting, it shows as being connected in the client manager and on the server. . . but it's not working.

Here's the problem: when I connect, the server says it's connected with an ip of 192.168.30.101, but when you use the client manager interface to look at the vpn adapter, its IP address, subnet mask, gateway, dhcp server are all zero.

I am not at all sure what's wrong here. I've tried assigning an address to the vpn
adapter by using dhclient. The address lands in the right range 192.168.30.xxx, but it's not the same address as the server thinks it should be, and it doens't work. It ought to be set by the dhcp server on the vpn server. . .

When I use 'nmcli device status' to look at the adapter, it shows:

vpn_vpn		tun	unmanaged

I've tried to use nmcli to create a connection using the vpn adapter, but I'm not sure if I should continue with it as a tun type adapter, or try to change it to a vpn or ethernet type of connection. If I try to use it as a tun type adapter and set it to auto, well, I've had no luck there.

I am well out of my comfort zone here and have pretty limited knowledge of what I'm doing networking wise, so I'm really not sure how to proceed at this point. Until the virtual vpn adapter has an address, that the client side sees, I'm pretty stuck.

Last edited by luser (2018-03-07 20:58:41)


luser: an epithet applied by Windows users to linux users

Offline

#2 2018-03-07 20:58:07

luser
Member
Registered: 2016-08-27
Posts: 114

Re: [solved] can anyone help set up softether vpn client manager?!?

After even more messing around, I have edited this post to improve reliability and performance. I also have updated the script to start the vpn service, connect to the client service, and connect to the server.

I resolved the issues I was having when using dhclient to assign an ip address to the vpn virtual adapter. My vpn client virtual adapter is named vpn_vpn. I found that modifying the routing table right right after connecting to the vpn server doesn't work as well as first creating a new route to the vpn server ip via the active network adapter gateway before using dhclient to get an ip address for the virtual vpn adapter. Formerly it was necessary to create a new default route, but by adding a route to the server before calling dhclient, the default routes are created automatically.

I created a simple script to automate this. It determines the hardware adapter on the fly, so it can be used when I connect using my cellphone adapter or when using wifi. I also show the script to disconnect and stop the vpn service.

#!/bin/bash

# start vpn service
sudo vpnclient start
sleep 1

# connect to client service, then connect to server, allow time for server
# to wake up
vpncmd localhost /client /CMD remoteenable
vpncmd localhost /client /CMD accountconnect accountname
sleep 10

# get vpn server ip
serverip="$(getent hosts server.whateverdomain.com | cut -d ' ' -f 1)"
echo Server IP is $serverip
sleep 1

# get active hardware adapter name
hwadapter="$(ip route | sed -n '1 p' | cut -d ' ' -f 5)"
echo Adapter name is $hwadapter
sleep 1

# get default gateway of cellphone NIC connection
dgw="$(ip neigh show dev $hwadapter nud reachable | cut -d ' ' -f 1)"
echo Default Gateway is $dgw
sleep 1

# create new route to vpn server via default gateway of active adapter
sudo ip route add $serverip/32 via $dgw dev $hwadapter

# get address assigned to virtual vpn adapter
sudo dhclient vpn_vpn

# set up ip forwarding
sudo sysctl -w net.ipv4.ip_forward=1

I've been doing more testing and tweaking of this script. I'm not sure every sleep command is required, but it works much better that what I had before.

Now that I've had a chance to test it more exhaustively, I have discovered one issue that may or may not arise, depending upon whether the local router gateway is the same as the vpn server's router gateway. In other words, if your local network segment is the same as your vpn server segment, there can be problems accessing the server shares or other machines within the vpn lan. This is easily solved, if you only have one or two machines you want to access on the vpn lan. Just add another route after the script runs; you will need to know the gateway of the vpn server. For example, if the local subnet is 192.168.0.0/24 and the vpn server lan segment is the same, your virtual vpn server adapter gateway is 192.168.40.1, your vpn server is at 192.168.0.100, and you want to access its shares, just add the following after the script runs:

$ sudo ip route add 192.168.0.100/32 via 192.168.40.1 dev vpn_vpn

This is only necessary if your local internet connection for the client happens to be on the same network segment as your vpn server lan.

Here is the script to close the vpn client down:

#!/bin/bash

# disconnect client account from server
vpncmd localhost /client /CMD accountdisconnect accountname

# stop vpn client service
sudo vpnclient stop

# stop ipv4 forwarding
sudo sysctl -w net.ipv4.ip_forward=0

Hope someone finds this useful, and if anyone spots something that should be addressed, or ways to improve the code, please post.

Last edited by luser (2018-03-26 03:45:21)


luser: an epithet applied by Windows users to linux users

Offline

Board footer

Powered by FluxBB