Proxmox/softether

Were working on migrating all our system from VMware to PVE. But one that we’re having issues with is our VPN server. We’re running softether and on the VMware box it runs flawlessly.

On PVE regardless of the os (Linux or Windows), the nic type (e1000,VMware,realtek,virtio), VM or lxc, pve firewall on or off.

Our clients just stop being able to send traffic to the past the vpn server. Meaning that if we setup software to nat. We can ping the server but not past it once the dropping starts. When it’s bridged meaning that’s it’s in the same range (layer2) as another device in the network that device can still ping the client connected to thru the vpn.

Again this is only happening on our pve version. The VMware version doesn’t experience this issue.

Pve version: 7.2
Softether: any of the last 3 versions.
VM OS: windows 2022, Debian (10 & 11)
Lxc os: Debian (10 & 11)
Two Network adaptors: 1x for the wan & 1x for the local bridge.

There are two network adaptors one for the inbound connects (wan) and one for the bridge.

New Mac addresses.

• How much nics are attached to the VPN server?

• Did you keep the MAC addresses or did you generate new ones?

• You’ve uninstalled vmware tools?

• Did you try it without installed virtio tools at all? (E1000 only). You obviously wrote that you tested it with the E1000 one, but were the virtio tools/drivers installed at this time?

• which version and source are you using for the virtio tools?

If you changed the network adapter somehow it might be possible that you need to recreate the “Local Bridge Adapter” of Softether.

Sounds like promiscious mode is blocking genereting macs from the interface

Please try to change the bridge to be used as hub maybe it will help

In /etc/networks

auto vmbrXX
iface vmbrXX
inet manual
bridge_ports nic0
bridge_stp off
bridge_fd 0
bridge_ageing 0

Same issue, can’t find where the problem is, even NIC has been passthrough.

I’ve just edited my questions and added more

Do I understand correctly that the vpn devices and LAN nic devices have no problem reaching each other (Layer 2)? But past the LAN NIC (Layer 3 routing) there is a problem? Can you draw your network including subnets + cidrs + gateways? (draw.io)

Also, instead of Routing past the LAN adapter, you are trying to do Source-NAT?

No VMware tools where installed, these are all new installs.

I have not tired with the virtio tools. This as always lead us to having other VM issues (performance, snapshot filesystem consistency, etc etc).

The virtro versions where 0.1.215 & 0.1.225. both tested on clean installs.

• This issue also comes up when using lxc containers with softether.

Tired that, even a full rebuild of the VMs and a fresh install and configuration of softether didn’t help.

Thanks we thought the same thing. But it didn’t help any. I’m tempted to do a nic pass thru and see if it’s still an issue.

The “working and then stops working” I’m wondering what things tcpdump is showing during the don’t work phases…

Also, I have had (last week as in 21st Oct) a PVE (5.15 kernel up to date on 16 Oct 2022) having lock up in networking when high traffic was pushed through the FortiGate that might be related (I booted into a 5.13 kernel after the 2nd lock up after the PVE was hard reset).

So, perhaps fail back to a 5.13 PVE kernel… just in case to try.

The “fun” with SoftEther, is that it’s basically also creating/using soft bridges, unless you bind them to physicals, and there you might want to consider that there could be a link that is dropped, so you’ll need to do the tcpdump capturing inside the SoftEther VM (ignore LXCs at this stage as those will be… they have challenges for this stuff) then the link in the hypervisor before the bridge, the bridge, and the link to the physical nic to compare what is happening.

Also make sure you don’t have firewall selected on the VM’s network configurations