SoftEther between VPS and UBNT EdgeRouter

This is a placeholder. And, this article won’t be public.

You are not authorised to read all content in this post.

Please login…

SoftEther between VPS and UBNT EdgeRouter by @sskaje: https://sskaje.me/2017/01/softether-vps-ubnt-edgerouter/

SoftEther Error 13 with HAProxy or SNIProxy

I set up an HAProxy (also tried SNIProxy) on my EdgeRouter, sharing port 443 for internal port forwarding and SoftEther Server on Router.

When I connect to port 443 from another SoftEther Server, I got a Timeout error, my error message was in Simplified Chinese on my Windows box, I googled and found other ppl meet same error, English message like:

Error (Error Code 13):
Time-out occurred during VPN session communication. It is possible the connection from the client to the VPN Server has been disconnected.

In my case, external SE connect to RouterIP:443, HAProxy(SNIProxy) listens on 443 and split SE connections to localhost:24443 which is listened by SoftEther on Router.

Since HAProxy/SNIProxy does not handles UDP packets, I tried to set up an port forwarding for UDP 443, not working.

The only solution is TICK the ‘Disable UDP Acceleration / 禁用 UDP 加速功能功能 / UDP 高速化機能を無効にする’ from:
Manage Virtual Hub -> Manage Cascade Connections -> Edit -> Advanced Settings -> Disable UDP Acceleration

SoftEther Error 13 with HAProxy or SNIProxy by @sskaje: https://sskaje.me/2017/01/softether-error-13-haproxy-sniproxy/

L2TP Remote Access Server on UBNT EdgeRouter

EdgeRouter Lite with Firmware 1.9.0

L2TP PSK Mode.

WAN interface: eth1
LAN IP: 192.168.3.1
VPN Subnets: 192.168.47.1-192.168.47.99

Run commands below in ‘configure mode’.

1 Configure IPSec

2 Configure L2TP

3 Configure DNS
Make sure you have following lines, otherwise you can get DNS resolved.

L2TP Remote Access Server on UBNT EdgeRouter by @sskaje: https://sskaje.me/2016/10/l2tp-remote-access-server-ubnt-edgerouter/

EdgeRouter Lite: Source Based Routing

I have 192.168.1.1/24 on my eth0 as LAN, VPN set up.
For some cases, I want to visit some web site via VPN, I set up a socks 5 proxy.
But socks 5 is not an option for iPhone & Android by default.

So I added 192.168.10.1/24 to eth0 at the same time, traffic from 192.168.10.0/24 are all forwarded to VPN interface.

If I want my iPhone traffic fully routed to VPN, I just need to change my iPhone WiFi addresses.

EdgeRouter Lite: Source Based Routing by @sskaje: https://sskaje.me/2016/03/edgerouter-lite-source-based-routing/

EdgeRouter PPtP Server访问本地DNS服务

UBNT EdgeRouter 自带了PPTP Server,典型的配置方法是

官方参考guide: https://help.ubnt.com/hc/en-us/articles/205220840-EdgeMAX-PPTP-VPN-with-local-users-RADIUS

这个案例里,我的路由eth0是LAN口,eth0的IP是 192.168.100.1,这个配置下我的pptp客户端能正常访问到我的内网的机器。
但是如果我需要把DNS设成 192.168.100.1,DNS请求就会一直没响应。
路由端抓 UDP 53 的包,可以看到pptp客户端发出的dns请求,但是没有回包。
看了眼/etc/dnsmasq.conf:

man dnsmasq

-i, –interface=
Listen only on the specified interface(s). Dnsmasq automatically adds the loopback (local) interface to the list of interfaces to use when the –interface option is used. If no –interface or –listen-address options
are given dnsmasq listens on all available interfaces except any given in –except-interface options. IP alias interfaces (eg “eth1:0”) cannot be used with –interface or –except-interface options, use –listen-
address instead. A simple wildcard, consisting of a trailing ‘*’, can be used in –interface and –except-interface options.

尝试了加一个 interface=pptp*,无效。
顺手先把dnsmasq的请求隔离到一个新的网段 192.168.101.0/24,服务端的local-ip设成 192.168.101.1,推送dns 192.168.101.1,再设置options ‘listen-address=192.168.101.1’,解决。
全部命令如下

EdgeRouter PPtP Server访问本地DNS服务 by @sskaje: https://sskaje.me/2016/02/edgerouter-pptp-server-dns-service/

Incoming search terms: