SNIProxy 绑定设备后连接超时

edgerouter lite

我之前是tun模式的openvpn site-to-site,网络拓扑很简单,local tun <-> remote tun,简单配个ip就行,edgerouter上直接使用interface-route 跳转到local tun就行了。

后来换用了softether,tap模式,于是需要自己配置IP和路由表。我简单地把firewall modify的地址组切到新的设备上,但是之前的 google dns 和 sniproxy 都保留在openvpn侧。但是最近openvpn被查的厉害,ssh也是被盯上了,所以不得不切换设备到 softether 的 tap 上。





因为公司是固定IP,所以之前配的是 system gateway-address。




如果执行命令前会纠结是否生效,简单 route add 测试一下即可。无比保证vpn的metric比默认网关的大。

另,interface-route + route 的混合模式没测试。

SNIProxy 绑定设备后连接超时 by @sskaje:

EdgeRouter PPTP/L2TP Firewall Modify

AUTO_VPN 是我的规则名称
/config/scripts/post-config.d/auto_vpn_fw_modify 需要加执行权限

EdgeRouter PPTP/L2TP Firewall Modify by @sskaje:

SoftEther between VPS and UBNT EdgeRouter

This is a placeholder. And, this article won’t be public.

You are not authorised to read all content in this post.

Please login…

SoftEther between VPS and UBNT EdgeRouter by @sskaje:

SoftEther Error 13 with HAProxy or SNIProxy

I set up an HAProxy (also tried SNIProxy) on my EdgeRouter, sharing port 443 for internal port forwarding and SoftEther Server on Router.

When I connect to port 443 from another SoftEther Server, I got a Timeout error, my error message was in Simplified Chinese on my Windows box, I googled and found other ppl meet same error, English message like:

Error (Error Code 13):
Time-out occurred during VPN session communication. It is possible the connection from the client to the VPN Server has been disconnected.

In my case, external SE connect to RouterIP:443, HAProxy(SNIProxy) listens on 443 and split SE connections to localhost:24443 which is listened by SoftEther on Router.

Since HAProxy/SNIProxy does not handles UDP packets, I tried to set up an port forwarding for UDP 443, not working.

The only solution is TICK the ‘Disable UDP Acceleration / 禁用 UDP 加速功能功能 / UDP 高速化機能を無効にする’ from:
Manage Virtual Hub -> Manage Cascade Connections -> Edit -> Advanced Settings -> Disable UDP Acceleration

SoftEther Error 13 with HAProxy or SNIProxy by @sskaje:

Setup WPAD on EdgeRouter

Previously, I wrote Setup WPAD on Asus Merlin.

Similar on EdgeRouter.

1 Configure Domain name.


DHCP service

2 Prepare wpad.dat

I don’t have wpad.dat deployed on my router, but an internal Ubuntu server with nginx as httpd, IP
wpad.dat is located to default server root, if you have your custom, make sure you have in your server_name directive.


3 Configure Domain

I’ve moved all my dnsmasq configurations out of EdgeRouter’s configure mode, save under /config/etc and linked to /etc.

I added following line to any .conf under /etc/dnsmasq.d/

And restart dnsmasq

4 Configure DHCP Options

And my dhcp-server configure looks like

DO NOT try use-dnsmasq if you have a subnet with CIDR not in {8,16,24}.

Setup WPAD on EdgeRouter by @sskaje: