Solved SoftEther VPN server in CentOS 7 Hyper-V 2012R2 VM
-
Had a strange issue today with a new test VM running the current SoftEther release on a fresh CentOS 7 VM. I can connect just fine, using SSTP for example, but I can't
a) get the "local bridge" working
b) "SecureNAT" workingThe local bridge is basically supposed to be a Layer 2 bridge between the virtual VPN interface and a NIC in the VM. As suggested (and probably required), the vNIC is running in promiscuous mode (MAC spoofing allowed on the Hyper-V host). No packets are moving over the bridge as far as I can tell, the client doesn't even get a DHCP lease from my DHCP server, which should be reachable over the bridge.
The SecureNAT feature would be an alternative, but I would like to avoid it for some reason. I've got it running a single time, but wasn't able to get the same result twice on a second try. The client doesn't get a gateway and receives a subnet mask of 255.255.255.255, but can ping the "transfer net's" gateway. For example, I've set the SecureNAT network, let's call it transfer net, to 192.168.32.0/24, the VPN server got the 192.168.32.1. Also configured the "Virtual DHCP" feature and added a static route to the target net. The route gets pushed to the client, but at least in theory the client wouldn't be able to reach that network due to its subnet mask of 0xffffffff.
As said by the manual, I did not use the bridging mode and NAT mode at the same time. Wouldn't make much sense anyway.
Any ideas?
-
Have never used SoftEther, I'm afraid.
-
@scottalanmiller said in SoftEther VPN server in CentOS 7 Hyper-V 2012R2 VM:
Have never used SoftEther, I'm afraid.
Yeah, it looked interesting. I'm not the biggest fan of multi-purpose products, but options for SSTP servers on Linux are limited. SSTP is great for Windows roadwarriors, because the client is already built-in since Windows 7 (or Vista?) and the performance is still ok. IPSec over L2TP just doesn't work in every situation for roaming clients.
I can still fall back to SSTP on Windows RAS, but would need to buy new licenses for this. OpenVPN is also ok, but the TAP driver can be a real PITA on Windows in some situations. Would rather like to get SoftEther working.
-
Bridging issue solved, kind of a Late-Friday-Problem: Promiscuous mode was turned on, but on the wrong interface - the DMZ facing one.
It worked instantly the second I switched it off on the DMZ and instead turned it on on the target network interface.
How to turn on MAC spoofing / Promiscuous mode on Hyper-V using PowerShell
Get-VM -Name XXXXX | Get-VMNetworkAdapter | Where-Object { $_.MacAddress -eq "XXXXXXXX" } | Set-VMNetworkAdapter -MacAddressSpoofing On