I'm setting up a VPN server for a project where clients need to be able to contact each other and the services on the server.
Most works fine and dandy, and all clients can ping each other. The strange part is that after connecting, the server is able to ping the client for about 30 seconds, and then stops. See example below (ran server-side).
$ ping 10.0.0.10 PING 10.0.0.10 (10.0.0.10) 56(84) bytes of data. 64 bytes from 10.0.0.10: icmp_seq=1 ttl=64 time=48.2 ms 64 bytes from 10.0.0.10: icmp_seq=2 ttl=64 time=24.6 ms 64 bytes from 10.0.0.10: icmp_seq=3 ttl=64 time=22.9 ms 64 bytes from 10.0.0.10: icmp_seq=4 ttl=64 time=23.7 ms ^C --- 10.0.0.10 ping statistics --- 48 packets transmitted, 4 received, 91.6667% packet loss, time 48044ms rtt min/avg/max/mdev = 22.948/29.857/48.190/10.599 ms
So pinging works fine until it suddenly stops. Pinging client to server remains functional. Same behaviour for both Linux and Windows clients and other traffic such as HTTP. Works for a short time and then stops. The routes present in both clients and server seem okay to me (see below).
The SoftEther VPN server is running in docker as a privileged container and host networking mode. It has a TAP adapter called tap_soft
with a systemd-networkd configuration. The SoftEther virtual DHCP server is enabled and serves IP's between 10.0.0.10
and 10.0.0.200
, subnet 255.255.255.0
where the virtual host itself has 10.0.0.1
.
networkd tap conf (/etc/systemd/network/tap_soft.netdev
):
[NetDev] Name=tap_soft Kind=tap
networkd network conf (/etc/systemd/network/tap_soft.network
):
[Match] Name=tap_soft [Address] Address=10.0.0.1/24
docker-compose:
version: '3' services: softether: container_name: softether image: siomiz/softethervpn:4.38-alpine volumes: - ./vpn_server.config:/usr/vpnserver/vpn_server.config restart: always ports: # L2TP/IPSec - "500:500/udp" - "4500:4500/udp" - "1701:1701/tcp" # OpenVPN - "1194:1194/udp" - "443:443/tcp" # Over https # SoftEther VPN - "5555:5555/tcp" - "992:992/tcp" network_mode: host environment: - PSK=${IPSec_PSK} - SPW=${server_management_password} cap_add: - NET_ADMIN privileged: true ...
Routes:
Sever: 10.0.0.0/24
dev tap_soft proto kernel scope link src
10.0.0.1
Client: 10.0.0.0/24
dev vpn_vpn proto kernel scope link src
10.0.0.10
(These are automatically created upon connecting it seems)
Does anyone have any idea where the problem lies? Any help is welcome!
No comments:
Post a Comment