Anyone familiar with SoftEther VPN software. Under Linux.


  • Discourse touched me in a no-no place

    TLDR: I have SoftEther working under Windows - how to I get it working under Linux?


    So, in their infinite wisdom,

    • in a company whose product is only linux based,
    • produced in a R&D department that is linux only
    • to produce said product and
    • which said department requires VPN to access remote system,
      • including build servers and
      • clients' networks,

    the sysadmins decide, without consultation with anyone else, to replace the working-for-us-and-everyone-else VPN solution with SoftEther.

    **From:** a_sysadmin **To:** Me

    Hi PJH,

    Usename: pjh
    Password: hunter32

    I have attached a document to help you get up and running.

    The client is on the Vandeley ftp server but can also be downloaded from the softether website www.softether.org

    If you have any issues let me know.

    Regards
    A.Sysadmin

    Document:

    Windows-based bollocks with GUI client.
    8-page idiot's guide with a screenshot per page, of which only one is actually useful. For Windows users.

    So, off I go to download the Linux client. CLI only, naturally - which of itself is not a problem.

    **From:** Me **To:** a_sysadmin

    Can't seem to connect:

    [My misinterpretation, the vpncmd command requires localhost, not the VPN server elided]

    **From:** a_sysadmin **To:** Me

    Try the windows client?

    **From:** Me **To:** a_sysadmin

    [in which I explain my previous misinterpretation above and show step-by-step what I'm trying to do to connect, but failing. under Linux]

    **From:** a_sysadmin **To:** Me

    The windows client sets the tunnel as the default route. I have not done anything with the Linux client as there will not be any internal support for it.

    I rummage:

    SoftEther VPN Project provides a Linux version of VPN Client, but it does not provide support for proper operations of this version of the software product.

    • list of stuff that you may need to do manually. Which I've tried.

    So, a big "Fuck Your Department, Sucks To Be You," from the sysadmins.

    I do, however, have the Windows client connecting under a VM, but that's fuck all use to me, since

    • the routes don't propagate out of the VM to the host
    • not every box I use has a Windows VM on it.

    Has anyone any experience with this client?


    Stuff I've tried:

    ./vpncmd localhost /CLIENT
    
    
    VPN Client>AccountCreate
    AccountCreate command - Create New VPN Connection Setting
    Name of VPN Connection Setting: NCL
    
    Destination VPN Server Host Name and Port Number: node1.vandelay.example.com:443
    
    Destination Virtual Hub Name:
    
    Connecting User Name: pjh
    
    Used Virtual Network Adapter Name: adapter
    
    The command completed successfully.
    
    VPN Client>AccountPasswordSet
    AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication
    Name of VPN Connection Setting: NCL
    
    Please enter the password. To cancel press the Ctrl+D key.
    
    Password: ***************
    Confirm input: ***************
    
    
    Specify standard or radius: standard
    
    The command completed successfully.
    
    VPN Client>AccountConnect
    AccountConnect command - Start Connection to VPN Server using VPN Connection Setting
    Name of VPN Connection Setting: NCL
    
    The command completed successfully.
    
    VPN Client>AccountList
    AccountList command - Get List of VPN Connection Settings
    Item                        |Value
    ----------------------------+--------------------------------------------------
    VPN Connection Setting Name |NCL
    Status                      |Connecting
    VPN Server Hostname         |node1.vandelay.example.com:443 (Direct TCP/IP Connection)
    Virtual Hub                 |
    Virtual Network Adapter Name|VPN
    The command completed successfully.
    
    
    pjh@pjh-thinkpad:/media/pjh$ ip route
    default via 172.20.3.1 dev eth0  proto static
    10.0.0.0/8 dev lxcbr0  proto kernel  scope link  src 10.0.4.1
    10.0.3.0/24 dev lxcbr0  proto kernel  scope link  src 10.0.3.1
    172.20.3.0/24 dev eth0  proto kernel  scope link  src 172.20.3.11  metric 1
    192.168.0.0/24 dev wlan0  proto kernel  scope link  src 192.168.0.1
    pjh@pjh-thinkpad:/media/pjh$ cat /proc/net/dev
    Inter-|   Receive                                                |  Transmit
     face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
      eth0: 10923002787 9277252    0    0    0     0          0     33491 579912908 4984665    0    0    0     0       0          0
     wlan0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
     wwan0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
        lo:  358430    2308    0    0    0     0          0         0   358430    2308    0    0    0     0       0          0
    lxcbr0:       0       0    0    0    0     0          0         0  6405855   31319    0    0    0     0       0          0
    vpn_vpn:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
    

    From another email, that got ignored:

    1) Having corrected one item that was different in the config between the working Windows and non-working linux connections, 2) ./vpnclient start 3) ./vpncmd localhost /client /cmd AccountConnect NCL 2) dhclient -v vpn_vpn to get a 192.168.30.0/24 address 3a) ip route del default; ip route add default dev vpn_vpn or 3b) ip route del default; ip route add default via 192.168.30.1 dev vpn_vpn

    results is a particularly dead internet connection.

    Restricting (3a/b) to only 10/8 rather than 0/0 results in no traffic to/from (say) 10.125.434.43


  • Winner of the 2016 Presidential Election

    @PJH I don't have a solution to your problem, but I feel your pain. At my company, 50% of the employees use Linux, but neither the VPN client, nor the official programs for anything else (like Cisco Jabber for video conferencing) work on Linux.


  • Discourse touched me in a no-no place

    @PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:

    So, a big "Fuck Your Department, Sucks To Be You," from the sysadmins.

    This sort of thing sucks, and it is the attitude that sucks the most because it means that they'll do this sort of batshit insane thing again. Elevate the problem to your boss under the headline “the sysadmins are preventing us from doing our jobs”.


  • Grade A Premium Asshole

    @PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:

    the sysadmins decide, without consultation with anyone else, to replace the working-for-us-and-everyone-else VPN solution with SoftEther.

    Is it part of your job requirements that you develop for/on Linux?


  • Discourse touched me in a no-no place

    @dkf said in Anyone familiar with SoftEther VPN software. Under Linux.:

    Elevate the problem to your boss under the headline “the sysadmins are preventing us from doing our jobs”.

    I did. Yesterday.

    :man: Go talk to them verbally. I just did.
    pjh Why? They've already told me to FOAD in writing.
    :man: Verbally!
    pjh I want the solution, and the obtaining of said solution, in writing. Not some plausible deniability situation.
    :man: :rolleyes:

    I have a supportive boss.


    @Polygeekery said in Anyone familiar with SoftEther VPN software. Under Linux.:

    Is it part of your job requirements that you develop for/on Linux?

    Yes. Our product runs Linux only. Compiled from scratch.

    The only Windows my own job entailed - until recently anyway - was filling out the Excel spreadsheet that was pretending to be a TimeSheet, since LibreOfice barfed on whatever the accountant that wrote it was doing behind the scenes.


  • Grade A Premium Asshole

    @PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:

    Yes. Our product runs Linux only. Compiled from scratch.
    The only Windows my own job entailed - until recently anyway - was filling out the Excel spreadsheet that was pretending to be a TimeSheet, since LibreOfice barfed on whatever the accountant that wrote it was doing behind the scenes.

    :wtf:? Then supporting Linux should have been their primary concern. Fuck all, there are a lot of shitty sysadmins out there in the world.


  • Winner of the 2016 Presidential Election

    According to their website,

    SoftEther VPN has a clone-function of OpenVPN Server. You can integrate from OpenVPN to SoftEther VPN smoothly. SoftEther VPN is faster than OpenVPN. SoftEther VPN also supports Microsoft SSTP VPN for Windows Vista / 7 / 8. No more need to pay expensive charges for Windows Server license for Remote-Access VPN function.

    So perhaps using OpenVPN or the built-in SSTP client in Linux could work?



  • @PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:

    Go talk to them verbally. I just did.
    Why? They've already told me to FOAD in writing.
    Verbally!
    I want the solution, and the obtaining of said solution, in writing. Not some plausible deniability situation.

    Two words: Cell. Phone. Video.

    (Third word is free.)


  • Discourse touched me in a no-no place

    SoftEther said in Anyone familiar with SoftEther VPN software. Under Linux.:

    You can integrate from OpenVPN to SoftEther VPN smoothly

    What about the other way round though?

    0_1461766298683_Screenshot from 2016-04-27 15:10:45.png

    Highlighted in the right column is the protocl we're expected to use.
    The middle column is what OpenVPN supports.

    So, no. While it might be a superficially nice idea, no dice.


  • sockdevs

    @PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:

    Highlighted in the right column is the protocl we're expected to use.

    is it that you are expected to use it or is it that that's the only one enabled?


  • Winner of the 2016 Presidential Election

    @PJH Damn. Figured it wouldn't be that simple...


  • Discourse touched me in a no-no place

    @accalia said in Anyone familiar with SoftEther VPN software. Under Linux.:

    is it that you are expected to use it or is it that that's the only one enabled?

    The latter.


  • sockdevs

    @PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:

    @accalia said in Anyone familiar with SoftEther VPN software. Under Linux.:

    is it that you are expected to use it or is it that that's the only one enabled?

    The latter.

    bugger.

    well there goes that potentially cheeky solution


  • Discourse touched me in a no-no place

    @PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:

    The latter.

    Conference call time. Shout at the idiots. Get the boss to do the shouting.


  • Discourse touched me in a no-no place

    @dkf said in Anyone familiar with SoftEther VPN software. Under Linux.:

    Conference call time.

    The building isn't quite that big.

    @dkf said in Anyone familiar with SoftEther VPN software. Under Linux.:

    Get the boss to do the shouting.

    He's done all he's prepared to do. See:

    @PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:

    :man:: :rolleyes:


  • sockdevs

    @PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:

    He's done all he's prepared to do.

    do you need to borrow a Piko Piko hammer to induce proper motivation in bossman?



  • This post is deleted!


  • @PJH Just use the following on your sysadmin AND your boss :
    0_1461770720368_ClueBat.jpg

    :rolleyes:



  • @PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:

    SoftEther said in Anyone familiar with SoftEther VPN software. Under Linux.:

    You can integrate from OpenVPN to SoftEther VPN smoothly

    What about the other way round though?

    0_1461766298683_Screenshot from 2016-04-27 15:10:45.png

    Highlighted in the right column is the protocl we're expected to use.
    The middle column is what OpenVPN supports.

    So, no. While it might be a superficially nice idea, no dice.

    VPN over HTTPS sounds like trouble brewing to me; as soon as you open a TCP connection over the VPN, you've effectively got TCP inside TCP which can lead to TCP meltdown (all it takes is more than about 1% packet loss on the outer TCP connection to bring the inner one stumbling to a halt).

    The VPN vendors will all tell you that this is a solved problem in 2016, but I've never seen one offer anything beyond marketroid handwaving to explain exactly how.





  • @PJH said in Anyone familiar with SoftEther VPN software. Under Linux.:

    :man: Verbally!

    PJH With words? That's what I just did in the email!


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.