Skip to content
- Quick links
- The team
- FAQ
- Login
- Register
- Board indexSoftEther VPN Software ForumsSoftEther VPN General Discussion
Post Reply
- Print view
16 posts• Page 1 of 1
- mf_2
- Posts: 16
- Joined: Wed Oct 05, 2022 9:38 pm
I cannot access a VPN client computer from other LAN clients
- Quote
Postby mf_2 » Mon Feb 06, 2023 8:14 am
Hi all,
I am running a LAN in the 192.168.0.x IP range and a SoftEther VPN in the 192.168.30.x IP range.
Now I am trying to ping a VPN client (192.168.30.10) from my OPSI server (software distribution) in the LAN (192.168.0.239).
However it cannot reach the VPN client. Whenever I run the OPSI client software on the client machine, it registers at the OPSI server with IP 192.168.0.230. This is the IP of SoftEther server - which of course is not the IP of the VPN client machine.
Thus all subsequent communication from the OPSI server to the client fails because the OPSI server uses the SE server's IP address as the VPN client's IP address. How can I a) make the OPSI server (or any local client for that matter) see the 192.168.30.x subnet and b) make the VPN client report its correct IP address to anyone that might be asking (such as the OPSI server)?
Best regards
mf_2
Top
- solo
- Posts: 1448
- Joined: Sun Feb 14, 2021 10:31 am
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby solo » Mon Feb 06, 2023 10:54 am
Hello,
to access a VPN client computer from other LAN clients, do:
on 192.168.0.230
- install MLA https://learn.microsoft.com/en-us/troub ... ck-adapter
- bridge SoftEther's hub to it
- assign a static IP to it, presumably the vacant 192.168.30.2
- start the "Routing and Remote Access" service
- run: netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
on 192.168.0.1
- add a static route equivalent of: ip route add 192.168.30.0/24 via 192.168.0.230
on every 192.168.30.x client PC
- run: netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
Test ping from any 192.168.0.x to any 192.168.30.x
Top
- mf_2
- Posts: 16
- Joined: Wed Oct 05, 2022 9:38 pm
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby mf_2 » Mon Feb 06, 2023 12:47 pm
Thank you for the quick help.
I tried all steps but the ping won't go through:
Code: Select all
ping 192.168.30.10Pinging 192.168.30.10 with 32 bytes of data:Reply from 192.168.30.2: Destination host unreachable.Reply from 192.168.0.230: TTL expired in transit.Reply from 192.168.0.230: TTL expired in transit.Reply from 192.168.0.230: TTL expired in transit.Ping statistics for 192.168.30.10: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Interestingly enough the first packet caused a different message than the three following packets.
Do you know what is going wrong?
Top
- solo
- Posts: 1448
- Joined: Sun Feb 14, 2021 10:31 am
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby solo » Mon Feb 06, 2023 1:55 pm
Yes, one more step :-)
PC needs a reboot after installing MLA.
Also double-check MLA-to-vHUB bridge status in SE.
Top
- mf_2
- Posts: 16
- Joined: Wed Oct 05, 2022 9:38 pm
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby mf_2 » Mon Feb 06, 2023 2:07 pm
Thank you, it works now!
Top
- mf_2
- Posts: 16
- Joined: Wed Oct 05, 2022 9:38 pm
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby mf_2 » Mon Feb 06, 2023 7:43 pm
Now I am running into another issue and I am not sure if this should be a new thread or it will be okay in this one.
Now I am trying to ping my OPSI server (192.168.0.230 or opsiserver.contoso.int) from my VPN client but the ping fails.
The ping works like a charm from a client of the 192.168.0.x range (ie. 192.168.0.230).
What do I have to set up where to make the client a) see the OPSI server by its IP address and b) make it able to resolve the DNS name for the server as well? The server is properly joined to the contoso.int domain.
A tracert of 192.168.0.239 already times out at the first hop.
Top
- solo
- Posts: 1448
- Joined: Sun Feb 14, 2021 10:31 am
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby solo » Mon Feb 06, 2023 10:32 pm
Let's continue in this thread. It sounds like the same-lan-subnet issue (not all VPN clients would be affected by it).
Fix it from SE "Edit the static routing table to push" with this entry:
Code: Select all
192.168.0.239/255.255.255.255/192.168.30.1Top
- mf_2
- Posts: 16
- Joined: Wed Oct 05, 2022 9:38 pm
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby mf_2 » Tue Feb 07, 2023 7:56 am
Thank you, now the client can see the server!
Top
- mf_2
- Posts: 16
- Joined: Wed Oct 05, 2022 9:38 pm
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby mf_2 » Tue Feb 07, 2023 8:16 am
And the next one (sorry):
From my OPSI server (192.168.0.239) I cannot ping the VPN client (192.168.30.10).
I can ping the VPN server (192.168.30.1) and the MLA (192.168.30.2) just fine.
How come I cannot ping the VPN client?
Other clients such as my Windows machine 192.168.0.232 is also unable to ping 192.168.30.10.
My domain controller / SE server can ping 192.168.0.30.10. just fine.
What am I missing here?
Top
- solo
- Posts: 1448
- Joined: Sun Feb 14, 2021 10:31 am
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby solo » Tue Feb 07, 2023 10:35 am
So 192.168.30.10 can ping 192.168.0.239 but does not respond to a reciprocal ping?
Please make the VPN connection and post as code:
from 192.168.30.10
Code: Select all
ipconfig /allnetstat -rtracert 192.168.0.239from 192.168.0.239
Code: Select all
netstat -rtracert 192.168.30.10Top
- mf_2
- Posts: 16
- Joined: Wed Oct 05, 2022 9:38 pm
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby mf_2 » Tue Feb 07, 2023 2:15 pm
Yes, it does not respond to a reciprocal ping.
The output (in German, but the information should still be extractable)
ipconfig /all
Code: Select all
C:\Users\MAF>ipconfig /allWindows-IP-Konfiguration Hostname . . . . . . . . . . . . : MFLAPTOP2-CONTOSO Primäres DNS-Suffix . . . . . . . : CONTOSO-CORP.INT Knotentyp . . . . . . . . . . . . : Hybrid IP-Routing aktiviert . . . . . . : Nein WINS-Proxy aktiviert . . . . . . : Nein DNS-Suffixsuchliste . . . . . . . : CONTOSO-CORP.INTDrahtlos-LAN-Adapter WLAN: Medienstatus. . . . . . . . . . . : Medium getrennt Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : Intel(R) Wi-Fi 6E AX211 160MHz Physische Adresse . . . . . . . . : 28-6B-35-34-E6-0D DHCP aktiviert. . . . . . . . . . : Ja Autokonfiguration aktiviert . . . : JaPPP-Adapter ICCS: Verbindungsspezifisches DNS-Suffix: CONTOSO-CORP.INT Beschreibung. . . . . . . . . . . : ICCS Physische Adresse . . . . . . . . : DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja IPv4-Adresse . . . . . . . . . . : 192.168.30.10(Bevorzugt) Subnetzmaske . . . . . . . . . . : 255.255.255.255 Standardgateway . . . . . . . . . : 0.0.0.0 DNS-Server . . . . . . . . . . . : 192.168.30.1 NetBIOS über TCP/IP . . . . . . . : AktiviertMobiler Breitbandadapter Mobilfunk: Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : Generic Mobile Broadband Adapter Physische Adresse . . . . . . . . : 8C-85-94-43-5F-55 DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja IPv6-Adresse. . . . . . . . . . . : 2a01:598:9090:bea1:8ee4:6420:b62e:8a41(Bevorzugt) Temporäre IPv6-Adresse. . . . . . : 2a01:598:9090:bea1:4dcb:bc69:f4df:1111(Bevorzugt) Verbindungslokale IPv6-Adresse . : fe80::1:2:b746:bd9c%35(Bevorzugt) Verbindungslokale IPv6-Adresse . : fe80::9165:d83a:7988:6531%35(Bevorzugt) IPv4-Adresse . . . . . . . . . . : 10.42.0.250(Bevorzugt) Subnetzmaske . . . . . . . . . . : 255.255.255.0 Standardgateway . . . . . . . . . : fe80::1:2:b746:bd01%35 fe80::5%35 10.42.0.1 DNS-Server . . . . . . . . . . . : 2a01:598:7ff:0:10:74:210:210 2a01:598:7ff:0:10:74:210:211 10.74.210.211 10.74.210.210 NetBIOS über TCP/IP . . . . . . . : Aktiviertnetstat -r
Code: Select all
C:\Users\MAF>netstat -r===========================================================================Schnittstellenliste 13...28 6b 35 34 e6 0d ......Intel(R) Wi-Fi 6E AX211 160MHz 36...28 6b 35 34 e6 0e ......Microsoft Wi-Fi Direct Virtual Adapter 22...2a 6b 35 34 e6 0d ......Microsoft Wi-Fi Direct Virtual Adapter #2 27...00 09 0f fe 00 01 ......Fortinet Virtual Ethernet Adapter (NDIS 6.30) 73...........................ICCS 35...8c 85 94 43 5f 55 ......Generic Mobile Broadband Adapter 19...28 6b 35 34 e6 11 ......Bluetooth Device (Personal Area Network) 1...........................Software Loopback Interface 1===========================================================================IPv4-Routentabelle===========================================================================Aktive Routen: Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik 0.0.0.0 0.0.0.0 10.42.0.1 10.42.0.250 4531 0.0.0.0 0.0.0.0 Auf Verbindung 192.168.30.10 36 10.42.0.0 255.255.255.0 Auf Verbindung 10.42.0.250 4531 10.42.0.250 255.255.255.255 Auf Verbindung 10.42.0.250 4531 10.42.0.255 255.255.255.255 Auf Verbindung 10.42.0.250 4531 93.195.210.48 255.255.255.255 10.42.0.1 10.42.0.250 4276 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 4556 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 4556 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 4556 192.168.0.239 255.255.255.255 Auf Verbindung 192.168.30.10 36 192.168.30.0 255.255.255.0 Auf Verbindung 192.168.30.10 36 192.168.30.10 255.255.255.255 Auf Verbindung 192.168.30.10 291 192.168.30.255 255.255.255.255 Auf Verbindung 192.168.30.10 291 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 4556 224.0.0.0 240.0.0.0 Auf Verbindung 10.42.0.250 4531 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.30.10 36 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 4556 255.255.255.255 255.255.255.255 Auf Verbindung 10.42.0.250 4531 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.30.10 291===========================================================================Ständige Routen: Netzwerkadresse Netzmaske Gatewayadresse Metrik 0.0.0.0 0.0.0.0 192.168.0.1 Standard===========================================================================IPv6-Routentabelle===========================================================================Aktive Routen: If Metrik Netzwerkziel Gateway 35 306 ::/0 fe80::1:2:b746:bd01 35 306 ::/0 fe80::5 1 331 ::1/128 Auf Verbindung 35 306 2a01:598:9090:bea1:4dcb:bc69:f4df:1111/128 Auf Verbindung 35 306 2a01:598:9090:bea1:8ee4:6420:b62e:8a41/128 Auf Verbindung 35 306 fe80::/64 Auf Verbindung 35 306 fe80::1:2:b746:bd9c/128 Auf Verbindung 35 306 fe80::9165:d83a:7988:6531/128 Auf Verbindung 1 331 ff00::/8 Auf Verbindung 35 306 ff00::/8 Auf Verbindung===========================================================================Ständige Routen: Keinetracert 192.168.0.239
Code: Select all
C:\Users\MAF>tracert 192.168.0.239Routenverfolgung zu opsiserver.contoso-corp.int [192.168.0.239]über maximal 30 Hops: 1 210 ms 188 ms 187 ms 192.168.30.1 2 190 ms 200 ms 186 ms opsiserver.contoso-corp.int [192.168.0.239]Ablaufverfolgung beendet.Top
- solo
- Posts: 1448
- Joined: Sun Feb 14, 2021 10:31 am
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby solo » Tue Feb 07, 2023 2:36 pm
You've forgotten "..., tracert 192.168.30.10"
While at it, install SE client and re-test both ping ways.
Top
- mf_2
- Posts: 16
- Joined: Wed Oct 05, 2022 9:38 pm
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby mf_2 » Tue Feb 07, 2023 4:30 pm
tracert 192.168.30.10 will not work as 192.168.0.239 is a linux client.
But I did a traceroute 192.168.30.10 instead and this was the result:
Code: Select all
adminuser@opsiserver:~$ traceroute 192.168.30.10traceroute to 192.168.30.10 (192.168.30.10), 30 hops max, 60 byte packets 1 _gateway (192.168.0.1) 0.780 ms 0.999 ms 1.020 ms 2 iccs-dc01.contoso-corp.int (192.168.0.230) 1.200 ms * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * *10 * * *11 * * *12 * * *13 * * *14 * * *15 * * *16 * * *17 * * *18 * * *19 * * *20 * * *21 * * *22 * * *23 * * *24 * * *25 * * *26 * * *27 * * *28 * * *29 * * *30 * * *Also netstat -r from 192.168.0.239:
Code: Select all
adminuser@opsiserver:~$ netstat -rKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Ifacedefault _gateway 0.0.0.0 UG 0 0 0 ens36192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens36Installing SE client on the client machine will take some time, I will reply once this is done.
However even if it worked with the SE client this will not be viable for my VPN as a specifically chose SE VPN because it works with the native Windows VPN. But I will install it for testing purposes.
Top
- mf_2
- Posts: 16
- Joined: Wed Oct 05, 2022 9:38 pm
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby mf_2 » Tue Feb 07, 2023 5:21 pm
Looks like my second reply disappeared so here let my try again.
netstat -r from 192.168.0.239
Code: Select all
adminuser@opsiserver:~$ netstat -rKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Ifacedefault _gateway 0.0.0.0 UG 0 0 0 ens36192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens36traceroute (tracert does not exist on this box as it is a linux box) 192.168.30.10
Code: Select all
adminuser@opsiserver:~$ traceroute 192.168.30.10traceroute to 192.168.30.10 (192.168.30.10), 30 hops max, 60 byte packets 1 _gateway (192.168.0.1) 0.780 ms 0.999 ms 1.020 ms 2 contoso-dc01.contoso-corp.int (192.168.0.230) 1.200 ms * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * *10 * * *11 * * *12 * * *13 * * *14 * * *15 * * *16 * * *17 * * *18 * * *19 * * *20 * * *21 * * *22 * * *23 * * *24 * * *25 * * *26 * * *27 * * *28 * * *29 * * *30 * * *I will install the SE client later and then report back.
Edit: I tried the SE client but that won't even connect to the VPN server.
Top
- solo
- Posts: 1448
- Joined: Sun Feb 14, 2021 10:31 am
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby solo » Tue Feb 07, 2023 9:21 pm
mf_2 wrote: ↑
Tue Feb 07, 2023 5:21 pm
traceroute to 192.168.30.10 (192.168.30.10), 30 hops max, 60 byte packets
1 _gateway (192.168.0.1) 0.780 ms 0.999 ms 1.020 ms
2 contoso-dc01.contoso-corp.int (192.168.0.230) 1.200 ms * *
3 * * *
* * *
I will install the SE client later and then report back.
Edit: I tried the SE client but that won't even connect to the VPN server.
The "Routing and Remote Access" service appears not running after .230 reboot, change it to auto, start it and retest the ping.
SE client is always better than OS builtins - it has to work :-)
Top
- solo
- Posts: 1448
- Joined: Sun Feb 14, 2021 10:31 am
Re: I cannot access a VPN client computer from other LAN clients
- Quote
Postby solo » Thu Feb 09, 2023 12:19 am
mf_2 wrote: ↑
Tue Feb 07, 2023 2:15 pm
The output (in German, but the information should still be extractable)
Also, ist alles in Ordnung?
;-)
Top
Post Reply
- Print view
16 posts• Page 1 of 1
Return to “SoftEther VPN General Discussion”
Jump to
- SoftEther VPN Software Forums
- ↳ SoftEther VPN General Discussion
- ↳ SoftEther VPN 質問フォーラム (日本語)
- VPN Gate Academic Experiment Service Forums
- ↳ VPN Gate General Discussion
- Idle Talk Board
- Board index
- All times are UTC
- Delete all board cookies
- The team
- Contact us
Powered by phpBB® Forum Software © phpBB Limited
