Softether VPN on Nethserver


(Sean Maloney) #1

I currently have Nethserver 6.6 installed and I have compiled the Softether VPN server onto it. However whenever I try to access any of the ports I am not able to connect and manage it. It will time out everytime. Even if I try and go through localhost it errors out.

I have created a custom network service for it with the ports 5555, 992, and 8888. The network service shows up in the web interface and says it is active. I have left 443 off and turned it off as a listener in the config for Softether. Also I have tried as green only, red and green, and localhost only.

Thanks for any help you can give


Community Digest 5 - September 2015
(Alessio Fattorini) #2

Sorry man but compile another vpn service on NethServer is hard to support.
Helping you is a bit tricky. Why are you doing this? Why you don’t use existing services? Ipsec or openvpn?


(Artem Fedai) #3

How you create those network services ?
Show pls iptables -L


(Stefano) #4

Nas: compiling and installing another vpn service on NS is, as Alessio said, triky and difficult and, let me say, unsupported, for many reasons:

  • it’s something that has been compiled (bad for security, maintenance and with unknown parameters for us)
  • it may collide with NS native features and configurations, even if no vpn package has been installed
  • it’s something not supported by NS
  • OP told us nothing about how he compiled/configured and how things are supposed to work.

I’d say that such a setup is a “you are on your own” case, so please, don’t feed it.
thank you


(Sean Maloney) #5

I understand this is not supported but want to try and roll these services into the same machine if possible without using virtual machines, which is my backup at the moment if I need to. Softether also does some neat bridging with VPN networks that I find very useful.

Zamboni I don’t understand why you feel the need to say “Don’t feed it”. Seems very counter intuitive for being open source. Aren’t we supposed to modify to fit our needs? If it can’t be done so be it I will move on. If it causes other issues like I said I understand it is not supported and it is going to be my responsibility to keep it secure.

I used the following to create the network service itself, it does show up in the web UI without an issue

config set fw_softether service status enabled TCPPort 8888,5555,992,1192 access private

Here is my iptables -L fw_softether is the service

http://pastebin.com/tCgEzQND

I can post the raw here if you want but seemed better to put it up there. fw_softether is the service that I want to connect to. It could use a few different ports but they are all giving me a timeout. Also I am connecting from the green network. I have tried changing it to be public and private with connecting from red side as well. It still didn’t work.

They are also in a listening state when I do a netstat -l

As for the VPN itself it is not actually running anything at the moment, just the executable itself. I am purely trying to get into the management of it so that I can start creating the connections that I need; so it is not actually hooking into anything on the system at the moment other then the ports.


(Sean Maloney) #6

So I redid everything from scratch and it works this time, not sure what has changed but I am able to configure and make changes as needed now with it showing in network services properly.

So thanks Alefattorini and Nas for taking the time to read my post.


(Giacomo Sanchietti) #7

It should be (open it even on red interface):

config set fw_softether service status enabled TCPPorts 8888,5555,992,1192 access public
signal-event firewall-adjust

basically, you missed a s inside the property name :smile:

I know that someone tried softheter on NethServer, but had bad side-effects. @filippo_carletti do you remember something?


(Sean Maloney) #8

OMG your probably right and I got it the second time around.

Thanks very much giacomo :smiley:

I’ll see if there are any issues but so far it is holding up and doesn’t seem to be causing any problems.


(Alessio Fattorini) #9

Can you explain us why add a software like this? Which new features it brings to the product in comparison to openvpn or ipsec? :smile: thank you


(Giacomo Sanchietti) #10

if nothing breaks, I would be very interested into including softether into NethServer.


(Sean Maloney) #11

It’s the layer 3 bridging where I can have multiple sites with different networks and route them through their software as if they were one network. Also the fact that there is a Windows app that can connect to the server and do all the administration tasks is fantastic for others who may need to add users or the like.

I will update this tomorrow once I have a chance to run through everything and make sure we are working properly, though I have ran through my testing with a virtual hub turned on and it is running beautifully.


(Stefano) #12

if you want support, then you’d find a suitable rpm (for RHEL6/centos6), install and try to make it work with NS rules (db/fragments/events)

no compiled binaries should be supported here


(Sean Maloney) #13

I was not asking for support from the developer at all. I was curious if anyone could help me with the problem that i had created for myself, which as you can see they were able to help me work through it without any issues between themselves. What you came in with is silly and not constructive at all. Don’t even know why you chimed in.


(Giacomo Sanchietti) #14

They have published the source code and even a spec on github, cool! :smiley:


(Stefano) #15

interesting but… ATM there’s no rpm, so are we going to maintain it?


(Alessio Fattorini) #16

@Sean_Maloney can you share with us your configuration and write down a short howto on that?


#17

agree with @alefattorini , @Sean_Maloney if you have some time an howto/config will be really appreciated… seems a nice package to evaluate/try/play :grin:


(Sean Maloney) #18

Sure I’ll do a write up and put it up in the how to when I have some free time. For now though it has been running all day with no issue.


Ttying Softether VPN on Nethserver
(Artem Fedai) #19

Whats the benefit of this vpn?


(Filippo Carletti) #20

I tried softether when it was opensourced, but it broke network connectivity. I used this rpm package:
http://projects.thepoch.com/softethervpn/softethervpn-4.04.9412-2.el6.x86_64.rpm
I didn’t investigate, I didn’t like softether all-in-one interface and stopped my tests.


Ttying Softether VPN on Nethserver