Anyone familiar with SoftEther VPN software. Under Linux.
-
TLDR: I have SoftEther working under Windows - how to I get it working under Linux?
So, in their infinite wisdom,
- in a company whose product is only linux based,
- produced in a R&D department that is linux only
- to produce said product and
- which said department requires VPN to access remote system,
- including build servers and
- clients' networks,
the sysadmins decide, without consultation with anyone else, to replace the working-for-us-and-everyone-else VPN solution with SoftEther.
**From:** a_sysadmin **To:** Me
Hi PJH,
Usename: pjh
Password: hunter32I have attached a document to help you get up and running.
The client is on the Vandeley ftp server but can also be downloaded from the softether website www.softether.org
If you have any issues let me know.
Regards
A.SysadminDocument:
Windows-based bollocks with GUI client.
8-page idiot's guide with a screenshot per page, of which only one is actually useful. For Windows users.So, off I go to download the Linux client. CLI only, naturally - which of itself is not a problem.
**From:** Me **To:** a_sysadmin
Can't seem to connect:
[My misinterpretation, the
vpncmd
command requires localhost, not the VPN server elided]**From:** a_sysadmin **To:** Me
Try the windows client?
**From:** Me **To:** a_sysadmin
[in which I explain my previous misinterpretation above and show step-by-step what I'm trying to do to connect, but failing. under Linux]
**From:** a_sysadmin **To:** Me
The windows client sets the tunnel as the default route. I have not done anything with the Linux client as there will not be any internal support for it.
I rummage:
SoftEther VPN Project provides a Linux version of VPN Client, but it does not provide support for proper operations of this version of the software product.
- list of stuff that you may need to do manually. Which I've tried.
So, a big "Fuck Your Department, Sucks To Be You," from the sysadmins.
I do, however, have the Windows client connecting under a VM, but that's fuck all use to me, since
- the routes don't propagate out of the VM to the host
- not every box I use has a Windows VM on it.
Has anyone any experience with this client?
Stuff I've tried:
./vpncmd localhost /CLIENT VPN Client>AccountCreate AccountCreate command - Create New VPN Connection Setting Name of VPN Connection Setting: NCL Destination VPN Server Host Name and Port Number: node1.vandelay.example.com:443 Destination Virtual Hub Name: Connecting User Name: pjh Used Virtual Network Adapter Name: adapter The command completed successfully. VPN Client>AccountPasswordSet AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication Name of VPN Connection Setting: NCL Please enter the password. To cancel press the Ctrl+D key. Password: *************** Confirm input: *************** Specify standard or radius: standard The command completed successfully. VPN Client>AccountConnect AccountConnect command - Start Connection to VPN Server using VPN Connection Setting Name of VPN Connection Setting: NCL The command completed successfully. VPN Client>AccountList AccountList command - Get List of VPN Connection Settings Item |Value ----------------------------+-------------------------------------------------- VPN Connection Setting Name |NCL Status |Connecting VPN Server Hostname |node1.vandelay.example.com:443 (Direct TCP/IP Connection) Virtual Hub | Virtual Network Adapter Name|VPN The command completed successfully. pjh@pjh-thinkpad:/media/pjh$ ip route default via 172.20.3.1 dev eth0 proto static 10.0.0.0/8 dev lxcbr0 proto kernel scope link src 10.0.4.1 10.0.3.0/24 dev lxcbr0 proto kernel scope link src 10.0.3.1 172.20.3.0/24 dev eth0 proto kernel scope link src 172.20.3.11 metric 1 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.1 pjh@pjh-thinkpad:/media/pjh$ cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed eth0: 10923002787 9277252 0 0 0 0 0 33491 579912908 4984665 0 0 0 0 0 0 wlan0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 wwan0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 lo: 358430 2308 0 0 0 0 0 0 358430 2308 0 0 0 0 0 0 lxcbr0: 0 0 0 0 0 0 0 0 6405855 31319 0 0 0 0 0 0 vpn_vpn: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
From another email, that got ignored:
1) Having corrected one item that was different in the config between the working Windows and non-working linux connections, 2) ./vpnclient start 3) ./vpncmd localhost /client /cmd AccountConnect NCL 2) dhclient -v vpn_vpn to get a 192.168.30.0/24 address 3a) ip route del default; ip route add default dev vpn_vpn or 3b) ip route del default; ip route add default via 192.168.30.1 dev vpn_vpn
results is a particularly dead internet connection.
Restricting (3a/b) to only 10/8 rather than 0/0 results in no traffic to/from (say) 10.125.434.43
-
@PJH I don't have a solution to your problem, but I feel your pain. At my company, 50% of the employees use Linux, but neither the VPN client, nor the official programs for anything else (like Cisco Jabber for video conferencing) work on Linux.
-
@PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:
So, a big "Fuck Your Department, Sucks To Be You," from the sysadmins.
This sort of thing sucks, and it is the attitude that sucks the most because it means that they'll do this sort of batshit insane thing again. Elevate the problem to your boss under the headline “the sysadmins are preventing us from doing our jobs”.
-
@PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:
the sysadmins decide, without consultation with anyone else, to replace the working-for-us-and-everyone-else VPN solution with SoftEther.
Is it part of your job requirements that you develop for/on Linux?
-
@dkf said in Anyone familiar with SoftEther VPN software. Under Linux.:
Elevate the problem to your boss under the headline “the sysadmins are preventing us from doing our jobs”.
I did. Yesterday.
Go talk to them verbally. I just did.
Why? They've already told me to FOAD in writing.
Verbally!
I want the solution, and the obtaining of said solution, in writing. Not some plausible deniability situation.
I have a supportive boss.
@Polygeekery said in Anyone familiar with SoftEther VPN software. Under Linux.:
Is it part of your job requirements that you develop for/on Linux?
Yes. Our product runs Linux only. Compiled from scratch.
The only Windows my own job entailed - until recently anyway - was filling out the Excel spreadsheet that was pretending to be a TimeSheet, since LibreOfice barfed on whatever the accountant that wrote it was doing behind the scenes.
-
@PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:
Yes. Our product runs Linux only. Compiled from scratch.
The only Windows my own job entailed - until recently anyway - was filling out the Excel spreadsheet that was pretending to be a TimeSheet, since LibreOfice barfed on whatever the accountant that wrote it was doing behind the scenes.? Then supporting Linux should have been their primary concern. Fuck all, there are a lot of shitty sysadmins out there in the world.
-
According to their website,
SoftEther VPN has a clone-function of OpenVPN Server. You can integrate from OpenVPN to SoftEther VPN smoothly. SoftEther VPN is faster than OpenVPN. SoftEther VPN also supports Microsoft SSTP VPN for Windows Vista / 7 / 8. No more need to pay expensive charges for Windows Server license for Remote-Access VPN function.
So perhaps using OpenVPN or the built-in SSTP client in Linux could work?
-
@PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:
Go talk to them verbally. I just did.
Why? They've already told me to FOAD in writing.
Verbally!
I want the solution, and the obtaining of said solution, in writing. Not some plausible deniability situation.Two words: Cell. Phone. Video.
(Third word is free.)
-
SoftEther said in Anyone familiar with SoftEther VPN software. Under Linux.:
You can integrate from OpenVPN to SoftEther VPN smoothly
What about the other way round though?
Highlighted in the right column is the protocl we're expected to use.
The middle column is what OpenVPN supports.So, no. While it might be a superficially nice idea, no dice.
-
@PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:
Highlighted in the right column is the protocl we're expected to use.
is it that you are expected to use it or is it that that's the only one enabled?
-
@PJH Damn. Figured it wouldn't be that simple...
-
@accalia said in Anyone familiar with SoftEther VPN software. Under Linux.:
is it that you are expected to use it or is it that that's the only one enabled?
The latter.
-
@PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:
@accalia said in Anyone familiar with SoftEther VPN software. Under Linux.:
is it that you are expected to use it or is it that that's the only one enabled?
The latter.
bugger.
well there goes that potentially cheeky solution
-
@PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:
The latter.
Conference call time. Shout at the idiots. Get the boss to do the shouting.
-
@dkf said in Anyone familiar with SoftEther VPN software. Under Linux.:
Conference call time.
The building isn't quite that big.
@dkf said in Anyone familiar with SoftEther VPN software. Under Linux.:
Get the boss to do the shouting.
He's done all he's prepared to do. See:
@PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:
:
-
@PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:
He's done all he's prepared to do.
do you need to borrow a Piko Piko hammer to induce proper motivation in bossman?
-
This post is deleted!
-
@PJH Just use the following on your sysadmin AND your boss :
-
@PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:
SoftEther said in Anyone familiar with SoftEther VPN software. Under Linux.:
You can integrate from OpenVPN to SoftEther VPN smoothly
What about the other way round though?
Highlighted in the right column is the protocl we're expected to use.
The middle column is what OpenVPN supports.So, no. While it might be a superficially nice idea, no dice.
VPN over HTTPS sounds like trouble brewing to me; as soon as you open a TCP connection over the VPN, you've effectively got TCP inside TCP which can lead to TCP meltdown (all it takes is more than about 1% packet loss on the outer TCP connection to bring the inner one stumbling to a halt).
The VPN vendors will all tell you that this is a solved problem in 2016, but I've never seen one offer anything beyond marketroid handwaving to explain exactly how.
-
@PJH Best instructions I found seem to be this : http://lukeluo.blogspot.ca/2013/11/how-to-set-up-softehter-vpn-client.html
HTH
-
@PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:
Verbally!