Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Setting up a VPN with SoftEther

Rick Hadley - W0FG
Rick Hadley - W0FG Member ✭✭
edited November 2019 in Third-Party Software
I'm trying to set up a SoftEther VPN to let me use my iPad and Stu's app while we're on vacation. I've got it installed on the desktop PC and am trying to get the settings right on the iPad.  I'm not getting a connection, so I obviously have something set wrong, but this is way out of my field of expertise.  Anyone out there running SoftEther who can give me a hand?  I'd be glad to set up a telephone call and/or TeamViewer session to get things straightened out.
«1

Answers

  • KY6LA_Howard
    KY6LA_Howard Member ✭✭✭
    edited January 2017
    Assuming you have set everything up correctly on your PC, have yet set up your Router to Port Forward to your PC?
  • Rick Hadley - W0FG
    Rick Hadley - W0FG Member ✭✭
    edited January 2018
    No, and I think that's where I'm lost.  I've never done any network setup that required port forwarding before.
  • Rick Hadley - W0FG
    Rick Hadley - W0FG Member ✭✭
    edited January 2018
    Bump.  Help please!
  • KY6LA_Howard
    KY6LA_Howard Member ✭✭✭
    edited January 2017
    Tied up today. Am available after 11pm Pacifc. Ky6la at ky6la dot com
  • VK7WH Winston
    VK7WH Winston Member ✭✭✭
    edited February 2017
    To Rick
    (and Howard - for information.)

    I am also contemplating using SoftEther to setup a VPN and, like you Rick, this is is also something new for me. At the moment I am successfully using Parallels to control my remote site but a VPN would appear to be a better solution for my setup .

    I have studied all the documentation but I am still uncertain about the correct procedure. For example, In my setup, the remote site will be my main station and my home will be merely an access point. Should I setup a Softether VPN Server at the remote site and the Client at home, or vice versa? Or should I setup a remote (external) VPN Server and setup Clients at home AND the remote site? These question alone probably best explain my newbie status as far as VPNs are concerned.

    Rich, would you be good enough to share any information you may obtain from Howard which you think could also help me (with Howard's permission , of course) either here on the Community, (preferred, as it may also assist others), or direct if you prefer. My email is winston.henry@bigpond.com

    Many thanks

    Winston.
  • KY6LA_Howard
    KY6LA_Howard Member ✭✭✭
    edited February 2017
    Your VPN Server should be at your Remote site because the Radio needs to be on the Same IP Subnet as the VPN.. that way any client anywhere can login to the VPN and obtain a local IP
  • Rick Hadley - W0FG
    Rick Hadley - W0FG Member ✭✭
    edited January 2018
    I've installed SoftEther on mty shack PC, and attempted to set up a client on my iPad, but still have been unable to get them to connect.
  • VK7WH Winston
    VK7WH Winston Member ✭✭✭
    edited December 2016
    Thanks Howard, that makes sense. Sometimes I can't see the forest for the trees!
  • VK7WH Winston
    VK7WH Winston Member ✭✭✭
    edited December 2016
    Rick, have you tried to connect from another PC or laptop running the client software. I am going to download the software and try to set this up over the couple of days. I'll let you know how I get on. Winston
  • Rob Fissel
    Rob Fissel Member
    edited January 2016
    Rick,

    We have no idea what kind of router you have. Port forwarding in most routers is very straight forward. You may wish to google your router make/model along with port forwarding, as I'm sure someone out there has listed a step by step on how to port forward. 

    Be aware that if you're trying to use an iPad, you'll have to configure L2TP to work within the SoftEther server software. 

    If this is all starting to sound a little heavy, no worries. There are plenty of us in the forums that can likely lend a hand. With some basic networking and PC experience, setting up a SoftEther VPN is a piece of cake, but without it, I can certainly understand how daunting it may appear to be. 

    73,

    Rob
  • Rob G6EIH
    Rob G6EIH Member
    edited January 2019
    Never been able to get this working and I guess I'm missing something ****, how about one of you guys writing up an install guide.
  • K1VL
    K1VL Member ✭✭
    edited March 2018
    There are a number of networking steps to go through to have your SoftEther setup work properly. 

    When first installing SoftEther make sure you setup the VPN server and the VPN bridge. Flex Radio SmartSDR requires Ethernet broadcasts to find the 6000 series radio. Bridging allows broadcasts to pass through the VPN tunnel while routing typically does not. 

    Follow these instructions:
    https://www.softether.org/4-docs/2-howto/1.VPN_for_On-premise/2.Remote_Access_VPN_to_LAN 

    If you are going to use the SoftEther client on a PC or Mac then pick one of the ports the server uses. I would recommend port 443 or 5555, assuming your ISP does not block these ports. You will need to configure a rule on your router to forward TCP port 443 or 5555 from your outside WAN (internet facing) interface to the internal IP address of the computer you installed the SoftEther server. Once you configure the port number you chose on the SoftEther client on a PC or Mac you should should get a connection.

    If you will be using a iPad or IPhone remotely via the built-in iOS L2TP client you will need to setup additional port forwarding rules on your router. Those additional forwarded ports are:

     UDP 1701, UDP 500 and UDP 4500

    Again, these ports are from your outside WAN (internet facing) interface to the internal IP address of the computer you installed the SoftEther server. 

    I hope this helps!

    Carmine
    W1EQX
  • Rick Hadley - W0FG
    Rick Hadley - W0FG Member ✭✭
    edited August 2016
    Thanks,.  I'll give that a shot.  I didn't have the last 3 UDP ports set up.
  • K1VL
    K1VL Member ✭✭
    edited February 2016
    Also, first test to ensure the SoftEther server is setup correctly before configuring ports. Set up your iPad to connect to the server's internal IP address while the iPad is on the internal wireless network. This may sound counterintuitive but it will ensure that you don't have any server related configuration issues.

    Once you test that the VPN does authenticate and connect internally, configure the additional L2TP/IPSec UDP ports I had indicated in my previous post and give it a try over the internet. Don't forget to to reconfigure the native L2TP VPN client to point to the external address of your router.

    Carmine
    W1EQX
  • Rob G6EIH
    Rob G6EIH Member
    edited January 2019
    Thanks for all the info, I'll be giving this another go now.
  • Rick, K7FYI
    Rick, K7FYI Member
    edited August 2016
    Thanks for the clear instructions.  I had this all set up yesterday (...the day after receiving my 6300).
  • Mike W8MM
    Mike W8MM Member ✭✭
    edited November 2019
    Wow, ... I don't know where to start with my tale of woeful newbieness.  I'm a pretty successful RF engineer, but I'm probably dangerous when it comes to IT experimentation (which is what I would call my recent actions).

    After abandoning attempts to use my router's built-in VPN facility because of a lack of bridging function, I took the accumulated advice and installed SoftEther on a boot-camped Mac Mini running Windows 10.  It sits in a rack fixture with my 6700's and I only use it to locally trouble shoot radio configurations and attached plumbing.

    My router is a Draytek Vigor3900 (don't ask, I'm stuck with it).  I have fiber-to-the-house high speed internet from Cincinnati Bell using an Alcatel-Lucent 7342 ISAM FTTU GPON edge device.  CinBell formerly connected that to a ZyXEL router which was subsequently replaced by the Draytek to support Jive/Panasonic VOIP.

    So, I downloaded the SoftEther VPN software to the boot-camped Mac Mini and installed it to the best of my ability.  In the Draytek router, I port redirected UDP 500 & 4500 and TCP 5555 to the static local LAN IP of the Mini. 

    I set up the L2TP VPN facility of my ATT-LTE-connected iPad Pro with all the correct info.  It wouldn't connect a successful VPN session.

    After some head scratching and reading some SoftEther user group threads, I tried connecting the iPad to the local server IP on the local lan via WiFi.  It connected to the VPN server just fine and K6TU Remote worked just right with a newly assigned IP address ... so I thought it was working locally OK.

    Then I tried via WAN via ATT again.  Still nothing.

    Then I checked out the server logs in SoftEther and could see the successful connection items.  What I could not see any evidence of was any trace of WAN attempts.  Not one single reaction from the VPN server at all.

    So, ....... then I started messing around with the settings (bad idea).   After only a few clicks and further attempts to connect, some script kiddie took over my Windows 10 session with a pop-up browser appearance that said my IP address had been blocked by my service provider and I should call 855-202-1848 to resolve the issue.  It warned not to turn off the computer or dire things woiuld happen, all the while making a max-volume beeping noise.

    Well, ... the heck with that.  I forced re-boot and selected under the Recover Menu to "RESET" Windows 10 to clear all apps, files, etc., and reloaded the OS in a pristine manner. 

    Now, I'm still a bit confused about why the WAN connection didn't work.  I've posed a question to Cincinnati Bell tech support to see if they're somehow blocking or filtering ports 500, 4500, or 5555.  I'll see what they say.

    Then, I think I'll try SoftEther on OSX on the Mini (only use boot camp & Windows for local radio testing as needed) as a way to keep the script kiddies guessing a bit longer.

    Any suggestions?
  • Mike W8MM
    Mike W8MM Member ✭✭
    edited December 2016
    OK .... Success!!!!!!!!!!!!!!

    After I read page 334 of 474 in the Draytek instruction book, a sightly obscure sentence told me to make sure certain VPN services were "un-checked" if one wanted to run a VPN server on the LAN side of the router.

    Voila!!!  Connections!!!!!
  • W5UN_Dave
    W5UN_Dave Member ✭✭
    edited November 2016
    HELP! I had SoftEther server working fine with my iPad. Then my computer died. I loaded up a new computer, installed SoftEther and set it up as before. Now my iPad WILL NOT CONNECT. I have a client installed on my notebook computer, and it connects just fine. When attempting to connect the iPad I get the following error message "The L2TP-VPN server did not respond" I triple checked all settings and am convinced it is setup exactly as on the old computer. (BTW all port forwarding rules are in place as before, since nothing changed here)

    One thing I noticed on the server is that Port 443 says error.

    all help will be appreciated.

  • Rick - W5FCX
    Rick - W5FCX Member ✭✭
    edited December 2016
    OK.  I finally got SoftEther to work - here's how...

    My setup is I have a lake house where there's no restrictions on antennas, so I placed the 6700 there. It has a (slow) Windstream DSL connection, with about 3 Mb down and .5 Mb upload - not great, but usable for the moment.

    On a new "Radio PC" at the lake house, I installed SoftEther VPN Server.  I added a Local Bridge connection so the Ethernet packets on the LAN managed by the DSL modem/router can be bridged via the VPN to my home network.  SoftEther creates a "virtual Ethernet cable" tunneled through a VPN connection, which is how it bridges the two networks and allows UDP broadcasts like SmartSDR to Flex radios to get through.

    One of the great things about SoftEther is it has a built-in Dynamic DNS service, which creates a DNS entry at softether.net for your Internet router.  In my case, I ended up with something like myradiopc.softether.net, which will always point to my DSL modem's IP address, even when the IP address periodically changes.  This is how I now address the lake modem when connecting to any service (VPN, RDP).

    Next, on the DSL router, I added port forwarding for ports 500 (UDP), 4500 (UDP), 5555 (TCP) to the Radio PC IP address.  For the bridge connection, I added a port forwarding mapping rule to map port 8443 (TCP) to 443 on the Radio PC.  That's because port scanners look for 443 on the Internet and I'd prefer to make that port harder to find.  Also, I mapped 23389 (TCP) to 3389 so I can use Windows Remote Desktop to remote into the Radio PC.

    I also have both TeamViewer and Splashtop Streamer installed, so I now have three ways to remote into the PC desktop for maintenance, in case the VPN is down for any reason. (it's a 2 hour drive to the lake house, so would prefer not to be forced to do that too often)

    On my local (home) PC, I installed SoftEther VPN Bridge, then added a Local Bridge to my home network.  In the Security Rules, I blocked everything related to IPv6 and DHCP, to prevent those packets from crossing the bridge (there's a different DHCP server on each network segment I don't want cross-talking and polluting IP assignments).

    This allowed SmartSDR to discover the radio!  So far so good... but cannot connect to the remote radio's IP just yet, as the radio IP address is on the lake network segment, not my local home network.  To address this, I simply added a new IP address on my home PC network adapter that's actually on my lake network.  Now this seems a bit counterintuitive, but it works because the SoftEther Bridge and Local Bridges extend the layer 2 ethernet frames of both networks - I just needed a way to create a route table entry on the local network that enabled my home PC to participate on the lake network.

    Now it works!  I'm able to run SmartSDR on my home PC and operate the Flex 6700 radio remotely.

    But not done quite yet... I found the audio to be choppy at first, so I went into the SoftEther Bridge settings and turned on Compression and blocked all other services that aren't required to reduce the amount of cross-bridge network chatter.

    That's what worked for me.  Hope that's helpful.

    Rick
    KG5PJB
     




  • EA4GLI
    EA4GLI Member ✭✭✭
    edited November 2016
    Thanks for the detail information . I am sure it will be helpful to many.
    I would like to let you guy know that you do not want to connect 2 networks that are on the same subnet. So if you are in 192.168.1.x at home make sure your remote is at 192.168.2.x or anything that is not 192.168.1.x

    If both networks are on the same subnet you will see the Flex radio when you are connected but you will have a lot of dropped packets and poor performance.... and because you can see the flex you might think that the VPN works and it is just a bad internet connection.
  • Ria
    Ria Member ✭✭✭
    edited October 2016
    I set it up similarly but I used a Raspberry Pi as my VPN endpoint. This way the VPN is on its own hardware. 

    My home network is in the class A RFC1918 CIDR anyway which most people do not use for home networks. 

    The bridge took care of everything for me, I get an IP from my home DHCP server as well. 

  • Harold Rosee
    Harold Rosee Member ✭✭
    edited November 2019
    OK, I am getting ready to tackle this but have a basic question first.

    I have two computers in the shack. My "main faster" computer is where I run SmartSdr.  The other computer is just a backup and runs some security cameras.

    Should I install the VPN on the computer that I run SmartSdr on or the backup which mainly sits idle?  Or does it really matter?

    Thanks,

    Harold
    W5ZZT
  • Ria
    Ria Member ✭✭✭
    edited October 2016
    I would try to run it on the PC you do not use SmartSDR on, for two reasons.

    1. You want your SmartSDR PC dedicated to that, and no extraneous drivers/software to mess it up, especially on the network side.

    2. If you ever need to reboot your SmartSDR PC, you'll remain connected while the reboot is in progress and you won't have to worry if the VPN came back up.

    That does not mean it won't work on your SmartSDR PC, it's just not what I would personally do. 

    SoftEther doesn't use much CPU as you can run it on a Raspberry pi or other small PC. 

  • Harold Rosee
    Harold Rosee Member ✭✭
    edited October 2016
    Thanks Ria.

    I will take your advice and install it on the second PC.  I am hoping this is not as hard as it looks:) 

    Here goes.......
  • Ria
    Ria Member ✭✭✭
    edited October 2016
    If you really want to get fancy, get a Raspberry Pi and install it there. Just plug it in and forget it even exists. Consumes only a couple of watts too. $60 on amazon for the full kit...

  • K6OZY
    K6OZY Member ✭✭
    edited March 2018
    There's a video for that:  
    https://www.youtube.com/watch?v=Jduyr5vRqzA
  • Harold Rosee
    Harold Rosee Member ✭✭
    edited November 2019
    OK guys. Help me out a little.

    1. I installed the VPN Server.
    2. Installed the Bridge
    3. Connect server and bridge
    4. Accepted the default DDNS name.
    5. Set up L2tp..i think with encryption...Can't remember.
    5. Added a user name and password
    6. Port forwarded 443,992,1194,5555 to the PC the server is on. Checked them all at canyouseeme.com. They are open

    Then I went into the iphone and GUESSED at what it wants in the different fields.  It fails to connect.
    I am sure I have things wrong on both sides but don't know where to start troubleshooting.  I am an old mainframe guy so I need a little direction on how to figure out whats going on.

    Any suggestions?  The iphone just saying failed to connect doesn't give me a clue where to start.

    Thanks in advance for any help.

    Harold
  • K6OZY
    K6OZY Member ✭✭
    edited September 2016
    You need UDP 450, UDP 4500 too.   Are you doing a SoftEther Bridge to SoftEther Server for remote Maestro access?

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.