ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Solved SoftEther VPN server in CentOS 7 Hyper-V 2012R2 VM

    IT Discussion
    softether hyper-v promiscuous mode routing nat
    2
    4
    3.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • thwrT
      thwr
      last edited by thwr

      Had a strange issue today with a new test VM running the current SoftEther release on a fresh CentOS 7 VM. I can connect just fine, using SSTP for example, but I can't

      a) get the "local bridge" working
      b) "SecureNAT" working

      The local bridge is basically supposed to be a Layer 2 bridge between the virtual VPN interface and a NIC in the VM. As suggested (and probably required), the vNIC is running in promiscuous mode (MAC spoofing allowed on the Hyper-V host). No packets are moving over the bridge as far as I can tell, the client doesn't even get a DHCP lease from my DHCP server, which should be reachable over the bridge.

      The SecureNAT feature would be an alternative, but I would like to avoid it for some reason. I've got it running a single time, but wasn't able to get the same result twice on a second try. The client doesn't get a gateway and receives a subnet mask of 255.255.255.255, but can ping the "transfer net's" gateway. For example, I've set the SecureNAT network, let's call it transfer net, to 192.168.32.0/24, the VPN server got the 192.168.32.1. Also configured the "Virtual DHCP" feature and added a static route to the target net. The route gets pushed to the client, but at least in theory the client wouldn't be able to reach that network due to its subnet mask of 0xffffffff.

      As said by the manual, I did not use the bridging mode and NAT mode at the same time. Wouldn't make much sense anyway.

      Any ideas?

      1 Reply Last reply Reply Quote 1
      • scottalanmillerS
        scottalanmiller
        last edited by

        Have never used SoftEther, I'm afraid.

        thwrT 1 Reply Last reply Reply Quote 0
        • thwrT
          thwr @scottalanmiller
          last edited by

          @scottalanmiller said in SoftEther VPN server in CentOS 7 Hyper-V 2012R2 VM:

          Have never used SoftEther, I'm afraid.

          Yeah, it looked interesting. I'm not the biggest fan of multi-purpose products, but options for SSTP servers on Linux are limited. SSTP is great for Windows roadwarriors, because the client is already built-in since Windows 7 (or Vista?) and the performance is still ok. IPSec over L2TP just doesn't work in every situation for roaming clients.

          I can still fall back to SSTP on Windows RAS, but would need to buy new licenses for this. OpenVPN is also ok, but the TAP driver can be a real PITA on Windows in some situations. Would rather like to get SoftEther working.

          1 Reply Last reply Reply Quote 0
          • thwrT
            thwr
            last edited by thwr

            Bridging issue solved, kind of a Late-Friday-Problem: Promiscuous mode was turned on, but on the wrong interface - the DMZ facing one.

            It worked instantly the second I switched it off on the DMZ and instead turned it on on the target network interface.

            How to turn on MAC spoofing / Promiscuous mode on Hyper-V using PowerShell

            Get-VM -Name XXXXX | Get-VMNetworkAdapter | Where-Object { $_.MacAddress -eq "XXXXXXXX" } | Set-VMNetworkAdapter -MacAddressSpoofing On
            1 Reply Last reply Reply Quote 2
            • 1 / 1
            • First post
              Last post