SoftEther VPN Problem

  • 1
  • Question
  • Updated 2 years ago
  • Answered

I am using SoftEther VPN on Raspberry Pis

I used K6OZY videos and got all up and running, made some Qs etc. Ran for 3 days non stop, then went belly up after slowing RTT to 500 msec. Have 6500 in Maine on TimeWarner/Spectrum cable with R7000 router and Maestro in Mass on FiOS with action Tec and also tried R7000. A few strange messages on action Tec led me to suspect FiOS so brought in Charter/Spectrum cable after no support from Verizon.

SoftEther apprears to connect fine and shows all normal signs including ip lists. maestro sees radio, and SW versions of Maestro to choose from then hangs at just the Smeters on the screen. After 5 minutes it will allow the MENUs to be chosen and it has both 6500 and Maestro IPs on the two networks. But shows no network activity.

Tried SSDR on the computer in Mass. and it sees radio but hangs after selection.

SSDR on the computer in Maine, via VNC, works fine no problem.

Talked to TimeWarner/Spectrum and they say no problem or reason VPN wont work.

Of course, Port Forwarding on the Maine R7000 is fine.
BTW I switched to the R7000 after the Cisco didn't work

I have no idea what the 6500/Maestro should be trying to do at this point, but what ever it is, it isn't doing it.

ANY HELP appreciated. It was great for 3 days and I would like to get it back going again.

BTW, in the course of trying to find a solution I have reloaded and resetup both Raspberry Pis


Thanks

Ric KV1W


Photo of Ric KV1W

Ric KV1W

  • 45 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2314 Posts
  • 956 Reply Likes
What kind of wifi on the pi and how close to the router? I found that the built in pi wifi is poor, and you need to mod the pi with an external antenna for it to work properly.

(Edited)
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 199 Reply Likes
Hi Rick

This is tough to debug.  As mine is working fine (Maestro, RPI Softether Bridge --> Softether Server --> Radio), I thought I would see what could do to do some testing.

I started by logging onto to the remote computer and seeing if I could ping the Maestro.  In my case, the radio is 192.168.1.146 and the Maestro (100 miles away) shows up as 192.168.1.147.  However, no joy or responds to ping.  So much for that.

So, since it worked before, maybe it is a configuration issue.  If you log into the Pi on the Maestro using the Softether Server Manager, check and make sure that the network device attached to the bridge is the right device.

On my working device, I logged into the PI just to see the ifconfig.  This is the PI connected to the Maestro.

eth0 is the active Subnet for the house (remote end)

eth1 is the device connected directly to the Maestro.  There is no DHCP range, so that gives us 169.254.254.82.  

eth0      Link encap:Ethernet  HWaddr b8:27:eb:49:89:b7
          inet addr:192.168.113.12  Bcast:192.168.113.255  Mask:255.255.255.0
          inet6 addr: fe80::dc06:f0b0:1789:de75/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:40382347 errors:0 dropped:38239 overruns:0 frame:0
          TX packets:30985086 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2333423592 (2.1 GiB)  TX bytes:3705654491 (3.4 GiB)

eth1      Link encap:Ethernet  HWaddr 18:a6:f7:0e:6f:58
          inet addr:169.254.238.82  Bcast:169.254.255.255  Mask:255.255.0.0
          inet6 addr: fe80::445b:2ca9:c04b:c8f9/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:7484722 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30551387 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:774548945 (738.6 MiB)  TX bytes:3572166417 (3.3 GiB)

I then started Softether Server Manager on my Windows desktop and connected Softether on the RPI.

Check to make sure that under Local Bridge setting that the Virtual Hub is correct.  In my case, it is eth1 (the 169.254.238.82 net).



That is the only thing I can think it might be unless there is a sitting issue on softether on the radio end.  You can test that by taking any computer you have an using the Softether Client to connect to the radio end and see if you can ping the radio or bring up SSDR.  If you can't bring up SSDR and get it to work, then go over your settings for Softether on the radio end.

I wish I had a simple answer.

Mike va3mw
Photo of Ric KV1W

Ric KV1W

  • 45 Posts
  • 0 Reply Likes

thanks to Ria and Mike for their rapid responses.

Let me provide a little more configuration info.

I have two networks, one in Maine and one in Mass. 192.168.2.0 and 192.168.1.0 respectively.
In each case the Pi eth0 is connected directly to the Ethernet switch.
Pi WiFi is not used in either case.
The Pis are static ip to 192.168.2.7 and 192.168.1.151 respectively
The radio is static at 192.168.2.8 and the Maestro Static at 192.168.1.8

In the Server Manager I sometimes see the Pi DHCPing a second address, but not always. Could be a hint. I think it needs a second one to use, not sure.
The ip table seems to populate slowly, a few refreshes to get all the addresses.

I keep thinking it is a problem with one or both local networks, but can't find any problems.
On the Maestro end I reduced it to only the Maestro, one Windows machine and the Pi, but no joy.

Hopefully the added info and various discussions will lead to unearthing the problem

Thanks
Ric KV1W



Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 199 Reply Likes
I see your problem.

You actually need 3 networks.  

Radio End - is needs to be a normal Softether server receiving inbound requests
Operator End - one interface is configured at 192.168.1.xxx.  This is one side of the PI.

On a 2nd NIC port (eth1?) this has to be different than 192.168.1.xxx.  In my case, it is 169.254.... and to make it simple, I didn't do anything special to that port when I installed in on the PI.  Again, in my case, this is a USB/NIC card adapter and from my note above, it is labled as eth1.  This is the 3rd network.

Since there is no DHCP server on this subnet  of 2 devices, it defaults to 168.254.... on both the Maestro and the PI.  This allows the Maestro to talk to eth1.  Softether Bridge Server on the PI will then route the packets out eth0 and off to the radio.

Your simple fix might be to turn on DHCP on the Maestro.  DHCP will fail but your connection will happen as long as you haven't set a static IP address on eth1.

Make sense?

Mike va3mw
Photo of Ric KV1W

Ric KV1W

  • 45 Posts
  • 0 Reply Likes

Mike
this all makes sense, except, I have had it running with only one physical Ethernet
I will keep searching my brain. Thanks for pointing to this. Certainly part of the puzzle!!

Ric


Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 199 Reply Likes
I haven't tested this...

But, so have it functional on one NIC, then I think you will still require to have 2 unique subnets and you will have to bridge the NIC that has the Maestro to the radio end.  If you don't you might end up in some sort of a network loop (I'm trying to wrap my head around this).

You might find that adding a second NIC might result in less hair pulling out.  :)

73
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 199 Reply Likes
More on this as I can't seem to edit the above comment.

This is what my cabling looks like.  My Softether server on the radio end is a Window PC, but of course, it can be a RPI.  

The goal is to have L2 packets on the same subnet be carried across the Internet and somehow show up on the Maestro terminal.  If the L2 packets don't make it, the Maestro can't see the radio (vita 49 packets).  

You are getting that far, but your routing information is messed up somehow.



73
(Edited)
Photo of Ric KV1W

Ric KV1W

  • 45 Posts
  • 0 Reply Likes

Mike et al,

I am working on a diagram so we can communicate better.
I think the routing problem is the root of things.
Independent of Masetro and 6500, I don't see Maine computers on the network display in Mass (Windoz stuff) even though I see their ip in the Softether list

I will send cabling disgram later today
Thanks for listening and interating

ric


Photo of Ric KV1W

Ric KV1W

  • 45 Posts
  • 0 Reply Likes

Cabling Diagram for KV1W

Mike,

this should be easier than describing it all

Ric

Photo of Ric KV1W

Ric KV1W

  • 45 Posts
  • 0 Reply Likes
I just caught an error in the drawing, the Maine R Pi is at 192.168.2.7 not 1.151, copy error
Photo of Ric KV1W

Ric KV1W

  • 45 Posts
  • 0 Reply Likes
Official Response

Good Evening All,

Well, I have the Maestro working !!
Short answer: Maestro and 6500 need to be on the same subnet.
Even though the Maestro is physically on the 192.168.1.x section,
I gave it the address of 192.168.2.151 and it works via the RPi units in VPN
NOW, I have a lot more to learn about network configurations
It must be that when it worked previously it had a .2.x address via DHCP and I didn't even realize it

BTW, RTT is better with FiOS than with the Charter/Spectrum by about 10 ms

Thanks to all that provided the trace trails so I would find the answer
Ric KV1W


Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2314 Posts
  • 956 Reply Likes
I am surprised that wasn't already the case. 
Glad you got it figured out.
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 199 Reply Likes
I agree with Ria.  I sort of assumed with the dust settled it was on the same subnet.   In your diagram, is all your traffic going through your VPN connection or just the Maestro?  I guess not, since it is a different subnet.

How do you have Softether configured to pick up only your Radio subnet?

Mike 
Photo of Ric KV1W

Ric KV1W

  • 45 Posts
  • 0 Reply Likes

GM Ria & Mike,

My intent when I started the Softether project was to pass all traffic as there are many things that go between the 2 QTHs besides the Maestro. So I just set out to link the two networks as if they were one, but they must also operate independently when not linked by the VPN. When it first worked I saw all computers on both ends with Windoz discovery etc. but then something changed. At this point I am not sure what, or how it worked. But for now, I have set the Maestro set to an address from the other subnet and it works fine. NOW to learn a lot more about network setup so I can make a more intelligent setup. Maybe setup up one subnet that spans 512 rather than 256? Or squeeze all into 256, but with two routers doing DHCP it will be tricky.

I think I can eventually get that kind of setup.

Mike, I assume I am passing a lot of traffic now, but not too sure. Looking at Softether logs is a bit of a challenge with my present level of understanding. They didn't teach this stuff in EE in 1967 ;o)  but I will assume I can learn HI HI

Thanks again to both of you. Your hints and questions led to the solution.

Ric  KV1W

Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2314 Posts
  • 956 Reply Likes
Hi Ric,

Normally you can have a site to site VPN that is segmented and routed. But this won't work for the maestro and radio because it requires both to be on the same subnet. So you would need to have a site to site that is just bridged.

There are a few ways I see around this.

1. Connect the pi to the maestro directly. This way only it is on the remote network. Other clients that need to connect to the remote network should have their own vpn client. This way you can connect/disconnect at will.

Or

2. Put a second NIC in the PC and have two LANs. This could get messy as you have routing issues to deal with.
Photo of Ric KV1W

Ric KV1W

  • 45 Posts
  • 0 Reply Likes

Thanks Ria,

This will be a good learning experience. But lots of fun now I am past the frustration.
This is a longer term project. So probably next fall as from May to Oct I will be where the radio is!

Ric

Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 199 Reply Likes
Hi Ric

As someone in a similar situation to you, now is the time to test this.  Essentially what you want is something called 'split tunneling' so that all your outside traffic does not traverse the VPN.  I'm sure you don't want all your windows updates and Netflix traffic going through your VPN.

To test this, I often go to different web pages from different computers in my network and see what my outside IP address is.  

If it is alway the 'far' end, I am moving too much traffic over my VPN tunnel.

The simple way is to connect the Maestro to a unique NIC card on your local PC and do a bridge for that NIC card only to the far end.

Good luck,

Mike va3mw
Photo of Ric KV1W

Ric KV1W

  • 45 Posts
  • 0 Reply Likes

Hey Mike and Ria,

Why can't I use the RPi connected to the Mass. network via Ethernet as I have it AND then bridge the WiFi to the Maestro.

I just need some info to properly setup up theRPi wlan0
Such as interfaces file and perhaps wpa_applicant if applicable

then I just choose this wifi on the Maestro and it will bridge only the Maestro to the 192.168.2.0 network in Maine

What do you think nd do you have the info?

Ric


Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2314 Posts
  • 956 Reply Likes
I'm not 100% sure but I don't think the wifi interface supports bridging. You probably can use an external dongle, however.
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 199 Reply Likes
I think you can if wlan0 can be identified as the bridge device in Softether on the RPI.  I thought about trying that, but I went the following way:

I do exactly what Ria says and I have the 2nd NIC on the RPI (dongle) connected to a LAN port on an old dual band Access Point I have.  I then connect to the AP with the Maestro and the AP talks to the RPI.

Over 12,000,000 packets in the last 30  hours and I have dropped only 44.

Mike va3mw
Photo of Ric KV1W

Ric KV1W

  • 45 Posts
  • 0 Reply Likes

Good Evening Ria & Mike,

Well, yes you can use the built in wlan0. I found a document that guides the install of the required software via: apt-get install hostapd isc-dhcp-server
https://learn.adafruit.com/setting-up-a-raspberry-pi-as-a-wifi-access-point.
Didn't need the bridge to eth0, but just the part to get the wifi on line so Maestro could connect.

So, now I have it working and the Maestro picks up the wifi and the eth0 ties into the local Ethernet and VPNs to the other end where there is the other RPi on the network there.

So the only VPN traffic is indeed the Maestro

I do admit, it would have been easier to go to BestBuy and get an Ethernet dongle, but just wanted to do it.

73,

Ric KV1W

Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2314 Posts
  • 956 Reply Likes
The hostapd config is fairly common, but I've never tried it the other way around (wired internet to wifi LAN). Glad to know it works.