I am having problem connecting with GL-MT300N-V2 to softethervpn client, the only available package due to the available storage limitation is softethervpn-client 4.29-9680-3
I have this installed and I can connected to the remote vpn however, cant see local network or have internet on it
First I’m surprised it fit on a MT300N-V2 with 16MB NOR FLASH, as I had to use a AR300M with 128MB of NAND FLASH to get the Softether client packages loaded on my router. Compared to using the Windows Softether client, the OpenWRT Softether client package is a pain to get going. I started with these same directions as you pointed too, then spent a lot of time to make a custom package that will fit in a small FLASH space for my purposes. I have it running on a USB150 and an AR750s
Here are some of the issues I ran into.
I had to manually add in a route for the tunnel. Something like:
ip route add IP_ADDR_SOFTETHER_SRV_External/32 via via wlan-sta_IP_ADDR
Check ip route to see if it exists.
I had to override the default route on the router. I used the same trick that OpenVPN uses, which is to setup two routes, each with half the address space. As these are each smaller than the address space of the default route, it overrides the default route. Something like:
ip route add 128.0.0.0/1 via IP_ADDR_SoftEther_Internal
ip route add 0.0.0.0/1 via IP_ADDR_SoftEther_Internal
Another major issue is Softether writes logs and backup files where it is started. If you start the client in FLASH storage, it will write backup files and logs in that directory, filling up FLASH storage and burning it out over time. Logs on FLASH based OpenWRT should be written to RAM based storage. I made a RAM based file system, and I run the Softether client out of it, so my logging is to RAM. For me to get the Softether client to work as I needed it took a lot of custom scripting and packaging. If you really don’t need Softether, I would use OpenVPN or Wireguard on any OpenWRT router.
This is my initial route table before my script sets up Softether
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 10 0 0 eth0.2
192.168.1.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0.2
192.168.254.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
A new device named vpn_vpn gets create for Softether. The IP address is assigned by DHCP from my Softether server, after the Softether client connects. In my case, this server is a VPS running Softether and it assigned the address 192.168.30.10 to the vpn_vpn device.
17: vpn_vpn: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
inet 192.168.30.10/24 brd 192.168.30.255 scope global vpn_vpn
valid_lft forever preferred_lft forever
This is what the routing table looks like after I get Softether setup and working:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.30.1 128.0.0.0 UG 0 0 0 vpn_vpn
0.0.0.0 192.168.30.1 0.0.0.0 UG 0 0 0 vpn_vpn
0.0.0.0 192.168.1.254 0.0.0.0 UG 10 0 0 eth0.2
128.0.0.0 192.168.30.1 128.0.0.0 UG 0 0 0 vpn_vpn
111.111.111.111 192.168.1.254 255.255.255.255 UGH 0 0 0 eth0.2
192.168.1.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0.2
192.168.30.0 0.0.0.0 255.255.255.0 U 0 0 0 vpn_vpn
192.168.254.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
Note: 111.111.111.111 represents the public IP address of my SoftEther server
The internal address for the Softether server is: 192.168.30.1
The routes needed to have all traffic go to the Softether server are:
0.0.0.0 192.168.30.1 128.0.0.0 UG 0 0 0 vpn_vpn
128.0.0.0 192.168.30.1 128.0.0.0 UG 0 0 0 vpn_vpn
The route commands used:
ip route add 111.111.111.111/32 via 192.168.1.254
ip route add 0.0.0.0/1 via 192.168.30.1
ip route add 128.0.0.0/1 via 192.168.30.1
I tried out and confirm my route match yours however it didnt work still I have internet but still going out with my public ip instead of the vpn public ip and i see only my lan, cant see any machine under the vpn lan
I confirm also its connected
Connected to VPN Client "localhost".
VPN Client>accountlist
AccountList command - Get List of VPN Connection Settings
Item |Value
----------------------------+-------------------------------------------
VPN Connection Setting Name |XXXome
Status |Connecting
VPN Server Hostname |XXXXX.ddns.net:443 (Direct TCP/IP Connection)
Virtual Hub |XXXome
Virtual Network Adapter Name|vpn
The command completed successfully.
Also confirm my route here match yours as well
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.30.1 128.0.0.0 UG 0 0 0 vpn_vpn
0.0.0.0 192.168.30.1 0.0.0.0 UG 0 0 0 vpn_vpn
0.0.0.0 192.168.1.1 0.0.0.0 UG 10 0 0 eth0.2
XXX.XXX.226.226 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0.2
128.0.0.0 192.168.30.1 128.0.0.0 UG 0 0 0 vpn_vpn
192.168.1.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0.2
192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.30.0 0.0.0.0 255.255.255.0 U 0 0 0 vpn_vpn
It looks like you are not fully connected to your server. Mine shows connected:
Item |Value
----------------------------+-----------------------------------
VPN Connection Setting Name |XXXXX
Status |Connected
VPN Server Hostname |XXX.XXX.com/tcp:443 (Direct TCP/IP Connection)
Virtual Hub |XXXXX
Virtual Network Adapter Name|XXXXX
VPN Client>niclist
NicList command - Get List of Virtual Network Adapters
Item |Value
----------------------------+-----------------------------------
Virtual Network Adapter Name|XXXXX
Status |Enabled
MAC Address |XXXXXXXXXXXX
Version |Version 4.29 Build 9680 (English)
The command completed successfully.
What does ip addr | grep vpn output? I get:
1238: vpn_vpn: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
inet 192.168.30.10/24 brd 192.168.30.255 scope global vpn_vpn
In your config directory, do you have these entries:
You can manage the Softether client using the vpncmd command, but I prefer to allow remote management, and use the Windows based Softether client GUI, which is a whole lot easier to see what is going on then by using vpncmd. You need to look at the client and server Softether logs to see if they tell you anything.