0

I'm using SoftEther VPN server (multiprotocol) for my VPN needs. Among others, it does include the SSTP endpoint.

I've managed to set up IPv4 just fine - DHCP assigns IP and everything seems to be normal. But when it comes to IPv6, seems like nothing is working. Seems like no requests are coming through at all. On the Microsoft box, it just remains silent, even manually setting up IPv6 in the PPP miniport doesn't help - nothing comes through. On Android though (using VPN Client Pro) I'm just receiving a message "IPv6 configuration rejected", and no requests are coming through too.

What am I doing wrong?

PS: when trying to connect through the native SoftEther VPN client from the Windows box, IPv6 works too, I get assigned an address, and the traffic flows through it.

Evengard
  • 1,764
  • 15
  • 26
  • Check what you did against [this tutorial](https://az.cokh.net/softether-vpn-server-on-a-nat-server/). – harrymc Jul 24 '17 at 21:31
  • As I said, IPv6 works fine when using the SoftEther VPN Client. But I want to be able to use the integrated in Windows SSTP client to connect to a SoftEther VPN Server and get an IPv6. – Evengard Jul 25 '17 at 08:45
  • Are you getting any error messages or codes? Do you see anything in the Event Viewer? Do you have a log file? – harrymc Jul 25 '17 at 08:55

1 Answers1

1

There is not enough information - do you have logs on the client and/or the server? Just few things that come into my mind:

1) Did you try to enable windows firewall on both outgoing AND incoming connections? Maybe the SoftEther VPN opens it automagically? :)

2) Did you try to use an IPv6 over IPv4 Tunnel? If yes, does it work for you? If not, please try it out and tell us the result

3) It would greatly help if you would post more information from the SoftEther VPN server

tukan
  • 1,752
  • 12
  • 19
  • 1. I tried both with Firewall on and off, that doesn't seem to change anything. I also tried to disable IPv6 related rules. 2. Nope never tried that, not sure how I would set it up under Windows though, or isn't it exactly the problem. Any more details on that step? 3. The SoftEther VPN Server itself doesn't distribute IPs, it's DNSMasq who does at the server side. Anyway, which kind of information would be relevant? – Evengard Jul 25 '17 at 10:48
  • As a matter of fact, I get this from the Event Viewer on Windows: ```TunnelIpAddress = 192.168.110.152 TunnelIpv6Address = fe80::``` I wonder why it sets the TunnelIpv6Address this way – Evengard Jul 25 '17 at 10:50
  • Yes that could be it. I presume that is on client, something assigns your local ipv4 (`192.168.110.152`) to the FE80::/10 which is link local address (in ipv4 defined as `169.254.0.0/16`). That means you don't get the IPv6 from the server = no connection. Don't you have something on the VPN server at the log or client? (e.g. like the message on android? `IPv6 configuration rejected`) – tukan Jul 25 '17 at 11:19
  • Using which protocol do you want to connect from windows? – tukan Jul 25 '17 at 11:24
  • I want to use the SSTP protocol. And that's actually the weird thing, I couldn't find anything related to IPv6 in server logs! Here are the logs: server log - https://pastebin.com/hJVvt50d ; security log - https://pastebin.com/tezQrkBH ; packet log - https://pastebin.com/U3JeE237 It feels like the client doesn't even attempt getting an IPv6 address from the server! – Evengard Jul 25 '17 at 11:39
  • 1
    The Android the issue is incomplete ipv6 (https://github.com/SoftEtherVPN/SoftEtherVPN/issues/244). As for the logs this is really weird, I don't see any IPv6 to DHCP server. Is your DNSMasq compatible with ipv6? If yes, is it configured correctly for that? (did you try it on local network without VPN?) – tukan Jul 25 '17 at 12:44
  • Yes indeed, as I mentioned before, when using SoftEther client itself (NOT SSTP, but the SoftEther one) IPv6 is fully operational. Anyway, the android issue might be related, if the IPv6 implementation is limited from the SoftEther part in terms of "emulating" different protocols (SSTP, OpenVPN, L2TP, etc). I think I'll test OpenVPN on Windows, to see if it will get an IPv6 lease from the server. Still, my main goal is to use the integrated SSTP client. – Evengard Jul 25 '17 at 14:04
  • 1
    After testing TUN and TAP devices in OpenVPN (and remembering that TAP routes ethernet frames with all packets (layer 2), and TUN is only IP routing (layer 3)), TAP obviously works with IPv6, while TUN doesn't. It seems that SSTP is also a layer 3 protocol after all, so there isn't just any IPv6 implementation in the alternative protocol bridges. Seems like I either need to implement it in SoftEther itself, or just give up... Anyway thanks for the tip that it might not be supported at all. – Evengard Jul 25 '17 at 22:51
  • @Evengard: Glad to help :0) at least partially. – tukan Jul 26 '17 at 06:34
  • @Evengard: thank you for accepting the answer as I did not help much! – tukan Jul 27 '17 at 09:09
  • After digging in SoftEther VPN source code it seems like the PPP protocol implementation in SoftEther VPN is limited at best, with a hard coded implementation of IPv4. This is why I am not receiving any IPv6 leases - because basically the server itself tells the client that it doesn't support it. So yes, @tukan you were completely right - the implementation is indeed incomplete, which is kind of shameful. – Evengard Feb 27 '18 at 14:56
  • @Evengard hmm that is a pitty :(. Maybe some alternative solution? – tukan Feb 27 '18 at 15:48
  • I'm thinking of maybe trying to implement it by itself, but don't know if I will be up to the task and/or will have time for that. Anyway seems to be an interesting problem to try to solve. I think that watching implementation from PPPD may be helpful... – Evengard Feb 27 '18 at 16:21
  • @Evengard if you have time go for it. I think you will learn plenty and maybe get better job ;). – tukan Feb 27 '18 at 16:34
  • It isn't that easy xD tbh I haven't seen such weird and "ugly" code for a while now, it is mostly hardcoded and using some really weird assumptions, I really think about a complete rewrite of at least the PPP stack... I still wonder if I'll be up to the job though xD The rework needed that I can succeed with it seems to be really insane. @tukan – Evengard Mar 05 '18 at 12:25
  • @Evengard: I got to check some sources quite recently and I must say that the quality is rather disappointing. Anyone can rewrite software, it only depends on the time spent and dedication. – tukan Mar 05 '18 at 14:14