New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@Freek First thing, Does your vps provider enable tun for you by default?
Thanks for the quick reply!
Yes, this is on Xen PV which should have tun/tap enabled by default. I've used it in the past
So I followed @calimansi 's and @ClownJugglar 's steps and am now able to connect, but I'm not getting an IP.
I was unsure about some things, so here are the assumptions I made:
I read this step too late and created a TAP device after starting dhcpd. Also, I was unsure which IP to assign to the TAP interface so I just went with 10.0.0.1, is that OK?
To makeup for creating the device after starting dhcpd, I rebooted the server, this should be sufficient right?
I used this IPtable rule instead of calamansi 's IPtable tule.
Thanks in advance.
Thank you! Changing UDP->TCP fixed it.
Anyone figure out how to get the linux client out of easy mode so that it can be administered via the client manager gui?
This project has potential but they need to concentrate on linux a bit!
Small bump, still haven't been able to fix my issue above. I can connect via OpenVPN but I can't get an IP. Would love to use this.
This is how I set it up:
`./vpscmd
natdisable, dhcpdisable, securenatdisable //Disable all the NAT stuff;
bridgecreate /DEVICE:tap0 /TAP:yes //If this doesn't work, try setting it up through Softether's Windows Management interface;
EXIT
run: ifconfig tap_tap0 192.168.1.254
edit: /etc/default/isc-dhcp-server
INTERFACES="tap_tap0"
apt-get install isc-dhcp-server apt-get install
edit: /etc/dhcp/dhcpd.conf
ddns-update-style none;
option domain-name "XXX";
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
range 192.168.1.150 192.168.1.200;
}
run: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source VPS.IP.ADDRESS.HERE
Open the generated .OVPN file:
Change 'tun' to 'tap', as we've setup a TAP bridge.
Also, without doing this, I kept getting an authentication failure`
Thanks guys!
I managed to get things up and running. The key was in the iptables command. The Iptables command given by calamansi/clownjuggelar is for OpenVZ. Was trying to set it up on XenPV. Here are the steps I did:
http://pastebin.com/EYXphBsj
I noticed that DNS requests aren't being tunneled. Can anyone else confirm this?
I contacted the developer of Softether and he said this:
The SoftEther VPN client attempts to connect by all method automatically.
User can't specify connecting method expressly
@freek anychance of a guide ? would love to get this going without using the slower secureNAT.
Sure, I'll write one up in the next few days.
I am just waiting for the dev of Softether to answer my question on how to tunnel DNS requests as well.
If someone could shed some light on how to tunnel DNS requests I can finish my tutorial and submit it to LowEndBox...... I have everything covered so far I believe. The initial server setup (with SecureNAT or Local Bridge on Xen/OpenVZ), client setup (OpenVPN & SoftEther), how to upgrade SoftEther, just need to know how to tunnel DNS requests.....
@Freek
Looking forward to your guide! How about writing the guide in the meantime and once they reply edit it for the DNS requests?
Thanks and good work!
@Freek
Looking forward to the tutorial too! I tried to setup a local bridge following your pastebin post earlier but it didn't worked out for me (connected but no DHCP address was assigned). So far only SecureNAT works for me at the cost of speed.
Attention! I've discovered it's quite possible that the Chinese firewall got the ability to detect & block softether VPN recently, the test servers I used were all immediately blocked and remained inaccessible from mainland China so far, but all are accessible from other locations according to just-ping.
@dnobori Many of the IP's on VPNGate were also blocked.
Any luck connecting over DNS/ICMP (not tunneling DNS)?
i believe that you cant explicitly connect via any of the tunneling method
it will also connect with whatever that suite best.
ICMP so far, not seeing it yet,
But DNS yes, I've seen it. It will shown as "VPN over DNS" when you view properties of connected server when using softether client
it will also connect with whatever that suite best.
Correct.
You mean tunnel DNS requests as well? If so, this is different. AFAIK It just means VPN over port 53 in case all other ports are broken?
PS. My tutorial is ready any day now. Sorry for the delay. Busy with all kinds of stuff.
Yes, and is it over TCP or UDP?
@Freek - any chance you can release your how to with just what you have so far?
Hi there. I'm sorry I didn't get back to you guys. I've been kinda busy. I will see if I can find my notes from back then and setup everything to see if it's still up to date.
Please allow another week or so for me to do so. If I don't respond, PM me and nag me because I tend to forget things!
From what I saw, this software is closed source?
A no-no for VPN software, by my standards anyway.
@spekk they were planning on open sourcing it, if I remember correctly.
Is there anyway to get it on Ubuntu? I only successfully get it on CentOS.
I managed to deploy it on Debian, so it should work.
How did you do it?
wow.. such a great software.. I installled it on centos.
btw, how can I use dns tunnel on openvpn server?? I didnt see any option to enable or disable it
@dnwk I have a post about debian-based installation. http://linc01n.github.io/blog/2013/03/19/softether-on-vps/
followed your tutorial.. work great on my centos
btw, is there any way to connect over dns?
seems nobody know.. or, maybe the function cant be used
Has anyone had the problem with softether that you can log into the vpn (l2tp, server is using SecureNat DHCP) but not get out to the internet?
it looks like there is no open source yet? Anyway, that VPN over ICMP, and VPN over DNS made me change my mind about this program, I will see how I can try it