Сабж. Настройка проводилась по этой инструкции, ну и гуглилось все, что можно при этом.
Вроде сервер поднимается, и все на стороне сервера происходит штатно и без ошибок. На клиентской стороне использовался Linux клиент через терминал. При попытке соединения сервер выдает такой вот лог:
Log0
2024-01-22 10:56:33.247 On the TCP Listener (Port 443), a Client (IP address xx.xx.xx.xx, Host name «broadband-xx-xx-xx-xx.ip.moscow.rt.ru», Port number 53626) has connected.
2024-01-22 10:56:33.247 For the client (IP address: xx.xx.xx.xx, host name: «broadband-xx-xx-xx-xx.ip.moscow.rt.ru», port number: 53626), connection «CID-26» has been created.
2024-01-22 10:56:33.297 SSL communication for connection «CID-26» has been started. The encryption algorithm name is «TLS_AES_256_GCM_SHA384».
2024-01-22 10:56:33.513 [HUB «VPN»] The connection «CID-26» (IP address: xx.xx.xx.xx, Host name: broadband-xx-xx-xx-xx.ip.moscow.rt.ru, Port number: 53626, Client name: «SoftEther VPN Client», Version: 4.43, Build: 9799) is attempting to connect to the Virtual Hub. The auth type provided is «Password authentication» and the user name is «alex».
2024-01-22 10:56:33.513 [HUB «VPN»] Connection «CID-26»: Successfully authenticated as user «alex».
2024-01-22 10:56:33.513 [HUB «VPN»] Connection «CID-26»: The new session «SID-ALEX-4» has been created. (IP address: xx.xx.xx.xx, Port number: 53626, Physical underlying protocol: «Standard TCP/IP (IPv4)»)
2024-01-22 10:56:33.513 [HUB «VPN»] Session «SID-ALEX-4»: The parameter has been set. Max number of TCP connections: 2, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2024-01-22 10:56:33.513 [HUB «VPN»] Session «SID-ALEX-4»: VPN Client details: (Client product name: «SoftEther VPN Client», Client version: 443, Client build number: 9799, Server product name: «SoftEther VPN Server (64 bit)», Server version: 443, Server build number: 9799, Client OS name: «Linux», Client OS version: «Unknown Linux Version», Client product ID: «—«, Client host name: «alex-ubuntu», Client IP address: «192.168.1.5», Client port number: 53626, Server host name: «xx-xx-xx-xx», Server IP address: «xx-xx-xx-xx», Server port number: 443, Proxy host name: «», Proxy IP address: «0.0.0.0», Proxy port number: 0, Virtual Hub name: «VPN», Client unique ID: «YYYYYYYYYYYYYYYYYYYYYYYYYYYY»)
2024-01-22 10:56:34.867 On the TCP Listener (Port 443), a Client (IP address xx.xx.xx.xx, Host name «broadband-xx-xx-xx-xx.ip.moscow.rt.ru», Port number 41658) has connected.
2024-01-22 10:56:34.867 For the client (IP address: xx.xx.xx.xx, host name: «broadband-xx-xx-xx-xx.ip.moscow.rt.ru», port number: 41658), connection «CID-27» has been created.
2024-01-22 10:56:34.928 SSL communication for connection «CID-27» has been started. The encryption algorithm name is «TLS_AES_256_GCM_SHA384».
2024-01-22 10:56:34.979 Connection «CID-27» has been terminated.
После этого соединение обрывается. Т.е. видно что с сертификатом все ок, соединение устанавливается, но отчего то сразу обрывается.
Ок, пытаемся соединяться через NetworkManager (хотя на оф. сайте и есть предупреждение, что оно может не работать).
Выдает такое:
Log1
2024-01-22 13:14:07.343 On the TCP Listener (Port 443), a Client (IP address xx-xx-xx-xx, Host name «broadband-xx-xx-xx-xx.ip.moscow.rt.ru», Port number 55758) has connected.
2024-01-22 13:14:07.343 For the client (IP address: xx-xx-xx-xx, host name: «broadband-xx-xx-xx-xx.ip.moscow.rt.ru», port number: 55758), connection «CID-5» has been created.
2024-01-22 13:14:07.393 SSL communication for connection «CID-5» has been started. The encryption algorithm name is «TLS_AES_256_GCM_SHA384».
2024-01-22 13:14:08.293 SSTP PPP Session [xx-xx-xx-xx:55758]: A new PPP session (Upper protocol: SSTP) is started. IP Address of PPP Client: xx-xx-xx-xx (Hostname: «broadband-xx-xx-xx-xx.ip.moscow.rt.ru»), Port Number of PPP Client: 55758, IP Address of PPP Server: 10.194.166.59, Port Number of PPP Server: 443, Client Software Name: «Microsoft SSTP VPN Client», IPv4 TCP MSS (Max Segment Size): 0 bytes
2024-01-22 13:14:08.485 On the TCP Listener (Port 0), a Client (IP address xx-xx-xx-xx, Host name «broadband-xx-xx-xx-xx.ip.moscow.rt.ru», Port number 55758) has connected.
2024-01-22 13:14:08.485 For the client (IP address: xx-xx-xx-xx, host name: «broadband-xx-xx-xx-xx.ip.moscow.rt.ru», port number: 55758), connection «CID-6» has been created.
2024-01-22 13:14:08.485 SSL communication for connection «CID-6» has been started. The encryption algorithm name is «(null)».
2024-01-22 13:14:08.485 [HUB «DEFAULT»] The connection «CID-6» (IP address: xx-xx-xx-xx, Host name: broadband-xx-xx-xx-xx.ip.moscow.rt.ru, Port number: 55758, Client name: «Microsoft SSTP VPN Client», Version: 4.43, Build: 9799) is attempting to connect to the Virtual Hub. The auth type provided is «External server authentication» and the user name is «alex».
2024-01-22 13:14:08.485 [HUB «DEFAULT»] Connection «CID-6»: User authentication failed. The user name that has been provided was «alex».
2024-01-22 13:14:08.515 Connection «CID-6» terminated by the cause «User authentication failed.» (code 9).
2024-01-22 13:14:08.515 Connection «CID-6» has been terminated.
2024-01-22 13:14:08.515 The connection with the client (IP address xx-xx-xx-xx, Port number 55758) has been disconnected.
2024-01-22 13:14:08.789 SSTP PPP Session [xx-xx-xx-xx:55758]: «MS-CHAP v2» (Microsoft Challenge and Response Protocol Version 2.0) user authentication failed.
2024-01-22 13:14:08.789 SSTP PPP Session [xx-xx-xx-xx:55758]: A PPP protocol error occurred, or the PPP session has been disconnected.
2024-01-22 13:14:08.911 Connection «CID-5» terminated by the cause «Connection has been disconnected.» (code 3).
2024-01-22 13:14:08.911 Connection «CID-5» has been terminated.
2024-01-22 13:14:08.911 The connection with the client (IP address xx-xx-xx-xx, Port number 55758) has been disconnected.
Т.е. MSChap2.0 авторизация не проходт. Х.з. почему, т.к. заявлена её поддержка.
Вопрос: WTF? Кому то удалось нормально поднять SSTP на этом сервере, может быть есть подводные камни, или я что-то не учел?
-
Вопрос задан
-
3085 просмотров
-
ProductStar × РБК
Профессия: Инженер по информационной безопасности
9 месяцев
Далее
-
Stepik
Профессия «Инженер технической поддержки» — ваш старт в IT
4 недели
Далее
-
Merion Academy
Онлайн-курс по сетевым технологиям Huawei
2 месяца
Далее
Короче, я его таки победил. Почти…
Оказалось, что по умолчанию в случае с соединением через NetworkManager соединение шло через профиль Default, а SSTP был настроен на профиле VPN. Отчего так я разбираться не стал, и просто удалил ненужный профиль.
Еще была проблема в обрыве РРР соединения, тоже нигде не написано что там надо сделать для его поддержания.
2024-01-22 13:14:08.789 SSTP PPP Session [xx-xx-xx-xx:55758]: A PPP protocol error occurred, or the PPP session has been disconnected.
Поставил режим посылки РРР эхо пакетов.
spoiler
Так заработало.
Осталось только понять, что надо сделать на Android клиентах настроить. SSTP Max клиент что-то той же фигней страдает с обрывом РРР, пока не понял как его настроить.
UPD: Android тоже работает нормально, с OpenSSTPClient, правда VerifyHostname при этом не работает, пришлось отключить. Но соединение работает нормально, и через сотового провайдера, и через WiFi.
Пригласить эксперта
Войдите, чтобы написать ответ
-
Показать ещё
Загружается…
Минуточку внимания
Hello everybody!
There is still no fix for this issue in several topics on the forum as I can see, but here is my situation anyway for better understanding:
Via vpnazure I’m trying to connect using SSTP native windows connection. I pass all password’s checks, get all attributes from remote network DHCP, get status «connected» and during the next phase named «identification» within 5-10 seconds I get «PPP protocol error» and disconnection.
SoftEther client with the same settings from the same computer works fine.
What I see on server’s side:
——————————
2015-10-14 15:05:15.441 On the TCP Listener (Port 0), a Client (IP address ***.***.***.***, Host name «InternetProviderName», Port number 55890) has connected.
2015-10-14 15:05:15.441 For the client (IP address: ***.***.***.***, host name: «InternetProviderName», port number: 55890), connection «CID-315-F93F3FE8DE» has been created.
2015-10-14 15:05:15.441 SSL communication for connection «CID-315-F93F3FE8DE» has been started. The encryption algorithm name is «RC4-MD5».
2015-10-14 15:05:16.720 SSTP PPP Session [***.***.***.***:55890]: A new PPP session (Upper protocol: SSTP) is started. IP Address of PPP Client: ***.***.***.*** (Hostname: «InternetProviderName»), Port Number of PPP Client: 55890, IP Address of PPP Server: 192.168.0.232, Port Number of PPP Server: 57315, Client Software Name: «Microsoft SSTP VPN Client», IPv4 TCP MSS (Max Segment Size): 0 bytes
2015-10-14 15:05:18.904 On the TCP Listener (Port 0), a Client (IP address ***.***.***.***, Host name «InternetProviderName», Port number 55890) has connected.
2015-10-14 15:05:18.904 For the client (IP address: ***.***.***.***, host name: «InternetProviderName», port number: 55890), connection «CID-316-9F95D6EB1E» has been created.
2015-10-14 15:05:18.904 SSL communication for connection «CID-316-9F95D6EB1E» has been started. The encryption algorithm name is «(null)».
2015-10-14 15:05:18.919 [HUB «VPNHubName»] The connection «CID-316-9F95D6EB1E» (IP address: ***.***.***.***, Host name: InternetProviderName, Port number: 55890, Client name: «Microsoft SSTP VPN Client», Version: 4.19, Build: 9582) is attempting to connect to the Virtual Hub. The auth type provided is «External server authentication» and the user name is «VpnHubUserName».
2015-10-14 15:05:18.935 [HUB «VPNHubName»] Connection «CID-316-9F95D6EB1E»: Successfully authenticated as user «VpnHubUserName».
2015-10-14 15:05:18.935 [HUB «VPNHubName»] Connection «CID-316-9F95D6EB1E»: The new session «SID-UsNm-[SSTP]-24» has been created. (IP address: ***.***.***.***, Port number: 55890, Physical underlying protocol: «Legacy VPN — SSTP»)
2015-10-14 15:05:18.935 [HUB «VPNHubName»] Session «SID-UsNm-[SSTP]-24»: The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2015-10-14 15:05:18.935 [HUB «VPNHubName»] Session «SID-UsNm-[SSTP]-24»: VPN Client details: (Client product name: «Microsoft SSTP VPN Client», Client version: 419, Client build number: 9582, Server product name: «SoftEther VPN Server (64 bit)», Server version: 419, Server build number: 9582, Client OS name: «Microsoft SSTP VPN Client», Client OS version: «-«, Client product ID: «-«, Client host name: «InternetProviderName», Client IP address: «***.***.***.***», Client port number: 55890, Server host name: «192.168.0.232», Server IP address: «192.168.0.232», Server port number: 57315, Proxy host name: «», Proxy IP address: «0.0.0.0», Proxy port number: 0, Virtual Hub name: «VPNHubName», Client unique ID: «2BDD50D52367DA4D5EBFABF2632FDC74»)
2015-10-14 15:05:19.887 SSTP PPP Session [***.***.***.***:55890]: Trying to request an IP address from the DHCP server.
2015-10-14 15:05:21.899 [HUB «VPNHubName»] Session «SID-LOCALBRIDGE-14»: The DHCP server of host «88-5A-92-EA-06-06» (192.168.0.1) on this session allocated, for host «SID-UsNm-[SSTP]-24» on another session «CA-70-B5-82-AA-F6», the new IP address 192.168.0.182.
2015-10-14 15:05:21.899 SSTP PPP Session [***.***.***.***:55890]: An IP address is assigned. IP Address of Client: 192.168.0.182, Subnet Mask: 255.255.255.0, Default Gateway: 192.168.0.1, Domain Name: «», DNS Server 1: 192.168.0.10, DNS Server 2: 192.168.0.1, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0, IP Address of DHCP Server: 192.168.0.1, Lease Lifetime: 684000 seconds
2015-10-14 15:05:21.899 SSTP PPP Session [***.***.***.***:55890]: The IP address and other network information parameters are set successfully. IP Address of Client: 192.168.0.182, Subnet Mask: 255.255.255.0, Default Gateway: 192.168.0.1, DNS Server 1: 192.168.0.10, DNS Server 2: 192.168.0.1, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0
2015-10-14 15:05:33.599 SSTP PPP Session [***.***.***.***:55890]: A PPP protocol error occurred, or the PPP session has been disconnected.
2015-10-14 15:05:33.599 [HUB «VPNHubName»] Session «SID-UsNm-[SSTP]-24»: The session has been terminated. The statistical information is as follows: Total outgoing data size: 168727 bytes, Total incoming data size: 1424 bytes.
2015-10-14 15:05:33.630 Connection «CID-315-F93F3FE8DE» terminated by the cause «Connection has been disconnected.» (code 3).
2015-10-14 15:05:33.630 Connection «CID-315-F93F3FE8DE» has been terminated.
2015-10-14 15:05:33.630 The connection with the client (IP address ***.***.***.***, Port number 55890) has been disconnected.
2015-10-14 15:05:33.630 Connection «CID-316-9F95D6EB1E» terminated by the cause «The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected.» (code 11).
2015-10-14 15:05:33.630 Connection «CID-316-9F95D6EB1E» has been terminated.
2015-10-14 15:05:33.630 The connection with the client (IP address ***.***.***.***, Port number 55890) has been disconnected.
——————————
I’m trying to configure a SoftEther VPN server to authenticate with a freeipa/freeradius server I have set up. I am using my iPhone to connect to the VPN server. However, my VPN server doesn’t ever seem to want to open a connection to my radius server to authenticate me, and my iPhone is telling me «authentication failed». I’m using netstat to watch outgoing connections on the VPN server (ubuntu) and incoming connections on my auth server (centOS), and it seems my SoftEther server never seems to even try to connect to my authentication server. Even when I run radiusd -X, nothing ever appears when I try to make the connection.
I’ve found this person ( http://www.vpnusers.com/viewtopic.php?t=3126 ) having the same problem as me, but the solution of adding a * user with radius authentication did not solve anything. As far as I can tell, there’s still no connection going from my Ubuntu-based VPN server to my CentOS-based Auth server. What should I look at? I don’t have any firewalls on, and have checked my radius settings in the SoftEther configuration menu multiple times. Everything seems OK.
Some relevant logs from the VPN server from my previous attempt. First is the server_log:
2018-03-07 09:27:44.044 IPsec Client 129 (101.228.5.143:9174 -> 139.59.11.15:500): A new IPsec client is created. 2018-03-07 09:27:44.044 IPsec IKE Session (IKE SA) 96 (Client: 129) (101.228.5.143:9174 -> 139.59.11.15:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x5ED58142400E3F18, Responder Cookie: 0x2F7F930343D2DC71, DH Group: MODP 1536 (Group 5), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds 2018-03-07 09:27:47.033 IPsec Client 129 (101.228.5.143:34307 -> 139.59.11.15:4500): The port number information of this client is updated. 2018-03-07 09:27:47.033 IPsec Client 129 (101.228.5.143:34307 -> 139.59.11.15:4500): 2018-03-07 09:27:47.033 IPsec IKE Session (IKE SA) 96 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): This IKE SA is established between the server and the client. 2018-03-07 09:27:48.448 IPsec IKE Session (IKE SA) 96 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): The client initiates a QuickMode negotiation. 2018-03-07 09:27:48.448 IPsec ESP Session (IPsec SA) 127 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0x501BEE7A, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds 2018-03-07 09:27:48.448 IPsec ESP Session (IPsec SA) 127 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x94BD648, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds 2018-03-07 09:27:49.034 IPsec IKE Session (IKE SA) 96 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): The server initiates a QuickMode negotiation. 2018-03-07 09:27:49.034 IPsec ESP Session (IPsec SA) 128 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xF49E5AA4, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds 2018-03-07 09:27:49.034 IPsec ESP Session (IPsec SA) 128 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x0, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds 2018-03-07 09:27:49.550 IPsec ESP Session (IPsec SA) 128 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): The SPI which has been pending is now set. New SPI: 0x68C14DD 2018-03-07 09:27:49.550 IPsec ESP Session (IPsec SA) 128 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): This IPsec SA is established between the server and the client. 2018-03-07 09:27:49.975 IPsec Client 129 (101.228.5.143:34307 -> 139.59.11.15:4500): The L2TP Server Module is started. 2018-03-07 09:27:51.117 IPsec ESP Session (IPsec SA) 127 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): This IPsec SA is established between the server and the client. 2018-03-07 09:27:51.117 L2TP PPP Session [101.228.5.143:1701]: A new PPP session (Upper protocol: L2TP) is started. IP Address of PPP Client: 101.228.5.143 (Hostname: «Jons-iPhone»), Port Number of PPP Client: 1701, IP Address of PPP Server: 139.59.11.15, Port Number of PPP Server: 1701, Client Software Name: «L2TP VPN Client», IPv4 TCP MSS (Max Segment Size): 1314 bytes 2018-03-07 09:27:51.997 On the TCP Listener (Port 0), a Client (IP address 101.228.5.143, Host name «101.228.5.143», Port number 1701) has connected. 2018-03-07 09:27:51.997 For the client (IP address: 101.228.5.143, host name: «101.228.5.143», port number: 1701), connection «CID-286» has been created. 2018-03-07 09:27:51.997 SSL communication for connection «CID-286» has been started. The encryption algorithm name is «(null)». 2018-03-07 09:27:51.997 [HUB «VPN»] The connection «CID-286» (IP address: 101.228.5.143, Host name: 101.228.5.143, Port number: 1701, Client name: «L2TP VPN Client», Version: 4.22, Build: 9634) is attempting to connect to the Virtual Hub. The auth type provided is «External server authentication» and the user name is «dwebtron2». 2018-03-07 09:27:56.648 IPsec ESP Session (IPsec SA) 128 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): This IPsec SA is deleted. 2018-03-07 09:28:12.204 [HUB «VPN»] Connection «CID-286»: User authentication failed. The user name that has been provided was «dwebtron2». 2018-03-07 09:28:12.234 Connection «CID-286» terminated by the cause «User authentication failed.» (code 9). 2018-03-07 09:28:12.234 Connection «CID-286» has been terminated. 2018-03-07 09:28:12.234 The connection with the client (IP address 101.228.5.143, Port number 1701) has been disconnected. 2018-03-07 09:28:12.507 L2TP PPP Session [101.228.5.143:1701]: «PAP» (Password Authentication Protocol, a clear-text password authentication protocol) user authentication failed. 2018-03-07 09:28:12.507 L2TP PPP Session [101.228.5.143:1701]: A PPP protocol error occurred, or the PPP session has been disconnected. 2018-03-07 09:28:12.659 IPsec ESP Session (IPsec SA) 127 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): This IPsec SA is deleted. 2018-03-07 09:28:12.659 IPsec IKE Session (IKE SA) 96 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): The server initiates a QuickMode negotiation. 2018-03-07 09:28:12.659 IPsec ESP Session (IPsec SA) 129 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0x309391F7, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds 2018-03-07 09:28:12.659 IPsec ESP Session (IPsec SA) 129 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x0, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds 2018-03-07 09:28:12.659 IPsec IKE Session (IKE SA) 96 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): This IKE SA is deleted. 2018-03-07 09:28:12.659 IPsec ESP Session (IPsec SA) 129 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): This IPsec SA is deleted. 2018-03-07 09:28:12.659 IPsec ESP Session (IPsec SA) 127 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): This IPsec SA is deleted. 2018-03-07 09:28:12.659 IPsec ESP Session (IPsec SA) 128 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): This IPsec SA is deleted. 2018-03-07 09:28:12.659 IPsec ESP Session (IPsec SA) 129 (Client: 129) (101.228.5.143:34307 -> 139.59.11.15:4500): This IPsec SA is deleted. 2018-03-07 09:28:23.730 IPsec Client 129 (101.228.5.143:34307 -> 139.59.11.15:4500): This IPsec Client is deleted.
Next is the security_log :
2018-03-07 09:27:51.997 The connection «CID-286» (IP address: 101.228.5.143, Host name: 101.228.5.143, Port number: 1701, Client name: «L2TP VPN Client», Version: 4.22, Build: 9634) is attempting to connect to the Virtual Hub. The auth type provided is «External server authentication» and the user name is «dwebtron2». 2018-03-07 09:28:12.204 Connection «CID-286»: User authentication failed. The user name that has been provided was «dwebtron2».
Futher looking at my host, I’m not seeing any TAP device on the host, is this going to be an issue?
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
5: veth100i0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
12: veth103i0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr103i0 state UP group default qlen 1000
13: fwbr103i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
14: fwpr103p0@fwln103i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
15: fwln103i0@fwpr103p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr103i0 state UP group default qlen 1000
17: veth104i0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr104i0 state UP group default qlen 1000
18: fwbr104i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
19: fwpr104p0@fwln104i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
20: fwln104i0@fwpr104p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr104i0 state UP group default qlen 1000
22: veth105i0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr105i0 state UP group default qlen 1000
23: fwbr105i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
24: fwpr105p0@fwln105i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
25: fwln105i0@fwpr105p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr105i0 state UP group default qlen 1000
27: veth106i0@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr106i0 state UP group default qlen 1000
28: fwbr106i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
29: fwpr106p0@fwln106i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
30: fwln106i0@fwpr106p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr106i0 state UP group default qlen 1000
32: veth108i0@if31: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr108i0 state UP group default qlen 1000
33: fwbr108i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
34: fwpr108p0@fwln108i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
35: fwln108i0@fwpr108p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr108i0 state UP group default qlen 1000
37: veth102i0@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr102i0 state UP group default qlen 1000
38: fwbr102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
39: fwpr102p0@fwln102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
40: fwln102i0@fwpr102p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr102i0 state UP group default qlen 1000
42: veth109i0@if41: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr109i0 state UP group default qlen 1000
43: fwbr109i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
44: fwpr109p0@fwln109i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
45: fwln109i0@fwpr109p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr109i0 state UP group default qlen 1000
Hi Everyone,
I’m planning to work remotely from my office, and I tried to turn on the SoftEther VPN service that I’ve had running. We’ve used this in the past quite effectively. Once we got it setup, it has worked well.
This time however, when I attempt to connect my client, it goes through the process and then immediately terminates the session.
I get something like this in the vpn server_log:
2022-05-16 08:53:19.726 L2TP PPP Session [1.146.152.113:1701]: Acquiring an IP address from the DHCP server failed. To accept a PPP session, you need to have a DHCP server. Make sure that a DHCP server is working normally in the Ethernet segment which the Virtual Hub belongs to. If you do not have a DHCP server, you can use the Virtual DHCP function of the SecureNAT on the Virtual Hub instead.
2022-05-16 08:53:29.648 L2TP PPP Session [1.146.152.113:1701]: The VPN Client sent a packet though an IP address of the VPN Client hasn’t been determined.
2022-05-16 08:53:29.648 L2TP PPP Session [1.146.152.113:1701]: A PPP protocol error occurred, or the PPP session has been disconnected.
I tried turning on SecureNAT, but that seemed to create even more problems. How can I diagnose this issue?
Logged
SOLVED: I restarted the bridge service and all is well!
service bridge restart
Logged
it has always been this way. We should find a way to have softether do this. This need to be done also on a regular basis. if you have it working in sme9 yiu might have a cron added to make it work.
other workaround i used was to have softether use its own local network.
Logged
That’s a good question! I don’t remember writing a cron to do this, but then again I don’t remember what I had for breakfast, so, you know …
I did try to use the SecureNAT and DHCP functions, but it still seemed to block traffic from the VPN which defeats the purpose!
Logged
I had been using softether for years on SME9 needed a cron to restart bridge every 24hrs, when I updated RSLs server to SME10 reinstalled softether and the bridge interface with latest versions, deleted the cron, been fine since..
[root@server ~]# rpm -q smeserver-bridge-interface
smeserver-bridge-interface-0.2-7.el7.sme.noarch
[root@server ~]# rpm -q smeserver-softethervpn-server
smeserver-softethervpn-server-4.34-7.el7.sme.x86_64
[root@server ~]# systemctl status bridge
● bridge.service — Bridge Interface for VPN use.
Loaded: loaded (/usr/lib/systemd/system/bridge.service; enabled; vendor preset: enabled)
Active: active (exited) since Thu 2022-04-14 11:03:02 AEST; 1 months 3 days ago
Main PID: 1395 (code=exited, status=0/SUCCESS)
Memory: 0B
CGroup: /system.slice/bridge.service
Apr 14 11:02:56 server.rsl.org.au systemd[1]: Starting Bridge Interface for VPN use….
Apr 14 11:03:02 server.rsl.org.au bridge-run[1395]: Starting Bridge Service: [ OK ]
Apr 14 11:03:02 server.rsl.org.au systemd[1]: Started Bridge Interface for VPN use..
Logged
—
qui scribit bis legit
Hi Terry,
I’ve just run the same commands here:
[root@mail ~]# rpm -q smeserver-bridge-interface
smeserver-bridge-interface-0.2-7.el7.sme.noarch
[root@mail ~]# rpm -q smeserver-softethervpn-server
smeserver-softethervpn-server-4.34-7.el7.sme.x86_64
[root@mail ~]# systemctl status bridge
● bridge.service — Bridge Interface for VPN use.
Loaded: loaded (/usr/lib/systemd/system/bridge.service; enabled; vendor preset: enabled)
Active: active (exited) since Mon 2022-05-16 09:41:42 AWST; 2 days ago
Process: 22449 ExecStop=/sbin/e-smith/systemd/bridge-run stop (code=exited, status=1/FAILURE)
Process: 22861 ExecStart=/sbin/e-smith/systemd/bridge-run start (code=exited, status=0/SUCCESS)
Main PID: 22861 (code=exited, status=0/SUCCESS)
Memory: 0B
CGroup: /system.slice/bridge.serviceMay 16 09:41:39 mail.logicaldevelopments.com.au systemd[1]: bridge.service failed.
May 16 09:41:39 mail.logicaldevelopments.com.au systemd[1]: Starting Bridge Interface for VPN use….
May 16 09:41:42 mail.logicaldevelopments.com.au bridge-run[22861]: Starting Bridge Service: [ OK ]
May 16 09:41:42 mail.logicaldevelopments.com.au systemd[1]: Started Bridge Interface for VPN use..
It seems to be working OK now. Maybe there was a software update the caused the bridge to not restart or something?
Logged
yeah, not sure mate…on yours looking at the time stamp, service only been up a short time..mine has been running for over a month, so fingers crossed its all up from here for you..
there have been some recent updates to do with dchp etc as well, details, when escapes me..
Logged
—
qui scribit bis legit
if you see anything after next update, Terry, then we will know !
Logged