sibianul Posted July 26, 2017 Posted July 26, 2017 I installed the SoftetherVPN using the script provided in Armbian distribution, than I configured it from my windows machine, using the VPN Server manager application downloaded from softether website. When I try to connect from my iPhone I get an error "The L2TP-VPN server did not respond. Try reconnecting. If the problem persists ..." What I didn't do , is opening ports in my router, do I need to forward 443, 992, 1194, 5555 to my BananaPi IP in my router ? Some more details I posted on the softether forum, but it seems there is noone around to answer, and alot of spam is posted daily Thank you. VPN Tools>check Check command - Check whether SoftEther VPN Operation is Possible --------------------------------------------------- SoftEther VPN Operation Environment Check Tool Copyright (c) SoftEther VPN Project. All Rights Reserved. If this operation environment check tool is run on a system and that system passes, it is most likely that Soft Ether VPN software can operate on that system. This check may take a while. Please wait... Checking 'Kernel System'... Pass Checking 'Memory Operation System'... Pass Checking 'ANSI / Unicode string processing system'... Pass Checking 'File system'... Pass Checking 'Thread processing system'... Pass Checking 'Network system'... Pass All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system. The command completed successfully. VPN Tools>
sibianul Posted July 26, 2017 Author Posted July 26, 2017 I think I will try to open all ports I see in VPN Server manager, as I opened the 5555 port, forwarded to my BananaPi IP, but I'm still not able to connect to the VPN. Any other ideea of what to check, is welcome.
Igor Posted July 26, 2017 Posted July 26, 2017 15 minutes ago, sibianul said: I think I will try to open all ports I see in VPN Server manager, as I opened the 5555 port, forwarded to my BananaPi IP, but I'm still not able to connect to the VPN. Now it's perhaps time for VPN server and client debugging, checking their manual / FAQ. Regarding your router, there is nothing else to do.
lampra Posted July 26, 2017 Posted July 26, 2017 I have a working installation of softether vpn server running on a cubietruck with the latest armbian (debian) Jessie mainline release. You do not need to open port 5555 on the router if you do not need to administrate the vpn server from outside your local network. If you have other servers on the machine, I would recommend that you disable the rest of the administration ports (443 etc) You need to port forward UDP ports 500 and 4500 to you server. 1. First you need to have a startup script (i do not know if the armbian script is doing that automatically). Take a look here https://www.softether.org/4-docs/1-manual/7._Installing_SoftEther_VPN_Server/7.3_Install_on_Linux_and_Initial_Configurations 2. You also need to decide if the ip to the client will be provided by the vpn server installation or the router. If it will be provided by the router, don't enable dhcp server on the vpn server installation. 3. You need to setup a user in the hub and the relevant authentication method. Try at first only password for quick testing 4. Setup a vpn connection on your phone. I do not use iphone so i can not provide any help. On android it is straight forward, for password authentication you provide username, password, the server (ip or dynamic dns) and the IPsec Pre-Shared Key. Take a look here: https://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server/1.Setup_L2TP%2F%2F%2F%2FIPsec_VPN_Server_on_SoftEther_VPN_Server
sibianul Posted July 26, 2017 Author Posted July 26, 2017 Thank you guys, I have forwarded those 2 ports also, as lampra suggested and now I can connect on my VPN. Awesome! ... but The internet is working on my mobile, through the VPN, but I wanted the VPN to be able to access a website hosted on the BananaPi (and not open up that port to public), if I try to connect to 192.168.1.40 nothing loads on my mobile. Now I have to find the DHCP setting and disable it in the VPN software , as I think this could be the problem, I don;t want my VPN to assign IP's, but let my router do this.
lampra Posted July 26, 2017 Posted July 26, 2017 I am not sure if your new problem is the dhcp server, even if it is enabled in the vpn server. I host owncloud on my cubietruck and I am not always able to connect and eg upload photos. I have not tracked down if the problem is at the server side or the client side. If your webserver uses port 443, then this might be the problem. You need to disable this port in the administative interface of the vpn server. If not, you might need a local bridge but this is complicated for me. I purchased usb to ethernet as I did not want to play with tun-tap devices for the site to site vpn bridge.
sibianul Posted July 26, 2017 Author Posted July 26, 2017 Apache server as I know doesn't use 443 port, is this commmand helping? As it seems that port is only used by vpnserver root@banana:~# sudo netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1590/master tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 964/vpnserver tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 14289/smbd tcp 0 0 0.0.0.0:992 0.0.0.0:* LISTEN 964/vpnserver tcp 0 0 127.0.0.1:10023 0.0.0.0:* LISTEN 1238/postgrey.pid - tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 1575/amavisd-new (m tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 4635/mysqld tcp 0 0 0.0.0.0:1194 0.0.0.0:* LISTEN 964/vpnserver tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 14289/smbd tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1590/master tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 711/memcached tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 763/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1/init tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 1590/master tcp 0 0 0.0.0.0:5555 0.0.0.0:* LISTEN 964/vpnserver tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 722/sshd tcp6 0 0 :::25 :::* LISTEN 1590/master tcp6 0 0 :::443 :::* LISTEN 964/vpnserver tcp6 0 0 :::445 :::* LISTEN 14289/smbd tcp6 0 0 :::992 :::* LISTEN 964/vpnserver tcp6 0 0 ::1:10024 :::* LISTEN 1575/amavisd-new (m tcp6 0 0 :::1194 :::* LISTEN 964/vpnserver tcp6 0 0 :::587 :::* LISTEN 1590/master tcp6 0 0 :::139 :::* LISTEN 14289/smbd tcp6 0 0 :::110 :::* LISTEN 763/dovecot tcp6 0 0 :::143 :::* LISTEN 1/init tcp6 0 0 :::80 :::* LISTEN 326/apache2 tcp6 0 0 :::465 :::* LISTEN 1590/master tcp6 0 0 :::5555 :::* LISTEN 964/vpnserver tcp6 0 0 :::22 :::* LISTEN 722/sshd udp 0 0 127.0.0.1:11211 0.0.0.0:* 711/memcached udp 0 0 127.0.0.1:500 0.0.0.0:* 964/vpnserver udp 0 0 192.168.1.40:500 0.0.0.0:* 964/vpnserver udp 0 0 0.0.0.0:20559 0.0.0.0:* 964/vpnserver udp 0 0 192.168.1.255:137 0.0.0.0:* 14352/nmbd udp 0 0 192.168.1.40:137 0.0.0.0:* 14352/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 14352/nmbd udp 0 0 192.168.1.255:138 0.0.0.0:* 14352/nmbd udp 0 0 192.168.1.40:138 0.0.0.0:* 14352/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 14352/nmbd udp 0 0 0.0.0.0:35488 0.0.0.0:* 963/vpnserver udp 0 0 127.0.0.1:1194 0.0.0.0:* 964/vpnserver udp 0 0 192.168.1.40:1194 0.0.0.0:* 964/vpnserver udp 0 0 0.0.0.0:46305 0.0.0.0:* 964/vpnserver udp 0 0 127.0.0.1:4500 0.0.0.0:* 964/vpnserver udp 0 0 192.168.1.40:4500 0.0.0.0:* 964/vpnserver udp 0 0 0.0.0.0:34214 0.0.0.0:* 964/vpnserver udp 0 0 0.0.0.0:59310 0.0.0.0:* 964/vpnserver udp6 0 0 ::1:500 :::* 964/vpnserver udp6 0 0 fe80::56:4ff:fe41:d:500 :::* 964/vpnserver udp6 0 0 ::1:1194 :::* 964/vpnserver udp6 0 0 fe80::56:4ff:fe41::1194 :::* 964/vpnserver udp6 0 0 ::1:4500 :::* 964/vpnserver udp6 0 0 fe80::56:4ff:fe41::4500 :::* 964/vpnserver I could only find this section in the VPN manager that has something to do with the DHCP, is this the place where I can enable/disable the DHCP server ? I think now it's disabled .
lampra Posted July 27, 2017 Posted July 27, 2017 This might help you http://www.vpnusers.com/viewtopic.php?f=7&t=3872
lampra Posted August 21, 2017 Posted August 21, 2017 (edited) On 27/7/2017 at 11:36 AM, lampra said: This might help you http://www.vpnusers.com/viewtopic.php?f=7&t=3872 I tested the solution and it works fine for me. I am able to reach servers in the lan on the same machine now As proposed, I created the following /etc/network/interfaces.d/softether.cfg file: allow-hotplug tap_MyVirtualHub iface tap_MyVirtualHub inet dhcp metric 300 Edit: To clarify, this solution if for accessing servers on the same machine that the vpn server is running on. Edited August 22, 2017 by lampra
Simon D Greve Posted August 22, 2017 Posted August 22, 2017 On 7/26/2017 at 8:48 PM, lampra said: I have a working installation of softether vpn server running on a cubietruck with the latest armbian (debian) Jessie mainline release. You do not need to open port 5555 on the router if you do not need to administrate the vpn server from outside your local network. If you have other servers on the machine, I would recommend that you disable the rest of the administration ports (443 etc) You need to port forward UDP ports 500 and 4500 to you server. 1. First you need to have a startup script (i do not know if the armbian script is doing that automatically). Take a look here https://www.softether.org/4-docs/1-manual/7._Installing_SoftEther_VPN_Server/7.3_Install_on_Linux_and_Initial_Configurations 2. You also need to decide if the ip to the client will be provided by the vpn server installation or the router. If it will be provided by the router, don't enable dhcp server on the vpn server installation. 3. You need to setup a user in the hub and the relevant authentication method. Try at first only password for quick testing 4. Setup a vpn connection on your phone. I do not use iphone so i can not provide any help. On android it is straight forward, for password authentication you provide username, password, the server (ip or dynamic dns) and the IPsec Pre-Shared Key. Take a look here: https://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server/1.Setup_L2TP%2F%2F%2F%2FIPsec_VPN_Server_on_ SoftEther _VPN_Server Thanks mate, i dont know whats difference but this works for me
Recommended Posts