Softether on VPS Using Local Bridge Rumi, April 4, 2020 Problem on SecureNAT SecureNAT is a fairly simple way to setup Softether. You don’t need a lot of sysadmin skill and network understanding in order to get Softether up and running. The problem is SecureNAT is a bit SLOW. I will show a comparison at the end of this article. We can boost the performance using a local bridge. Softether using local bridge To start with you need Softether installed and setup. You can follow the guide on Softether on VPS Just skip the last step “Enable the Virtual NAT” Local bridge Setup Network setup VPN Server IP: 192.168.7.1 VPN Client IP Range: 192.168.7.50-192.168.7.60 Tap Device name: tap_soft From here we go to the “Local Bridge Setting” Local Bridge Setting First we choose the Virtual Hub. It should be only one for normal setup. Then we check the tap device box. After that we type in the name of the tap device(I use soft here for simplicity). Create Local Bridge After the creation of the local bridge we jump back to our server. And run # ifconfig tap_soft It should show you something similar to this Check on the server Because we are not going to use SecureNAT and SecureDHCP. We need to install a DHCP server on our VPS. We are going to use dnsmasq as our DHCP server. # apt-get install dnsmasq Now edit the /etc/dnsmasq.conf file. Add these 3 lines at the end. interface=tap_soft dhcp-range=tap_soft,192.168.7.50,192.168.7.60,12h dhcp-option=tap_soft,3,192.168.7.1 The above 3 lines are used to enable the dhcp server on interface tap_soft. Next step we need a new set of init script which will config tap interface for us when Softether start up. /etc/init.d/vpnserver #!/bin/sh ### BEGIN INIT INFO # Provides: vpnserver # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start daemon at boot time # Description: Enable Softether by daemon. ### END INIT INFO DAEMON=/usr/local/vpnserver/vpnserver LOCK=/var/lock/subsys/vpnserver TAP_ADDR=192.168.7.1 test -x $DAEMON || exit 0 case "$1" in start) $DAEMON start touch $LOCK sleep 1 /sbin/ifconfig tap_soft $TAP_ADDR ;; stop) $DAEMON stop rm $LOCK ;; restart) $DAEMON stop sleep 3 $DAEMON start sleep 1 /sbin/ifconfig tap_soft $TAP_ADDR ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 esac exit 0 Then we need to enable NAT on linux server. Add this file to /etc/sysctl.d/ to enable ipv4 forwarding. /etc/sysctl.d/ipv4_forwarding.conf net.ipv4.ip_forward = 1 Apply the sysctl run # sysctl --system Then we add a POSTROUTING rule to iptables # iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j SNAT --to-source [YOUR VPS IP ADDRESS] To make our iptables rule survive after reboot install iptables-persistent # apt-get install iptables-persistent After all the above setting, restart the vpnserver then we are good to go. # /etc/init.d/vpnserver restart # /etc/init.d/dnsmasq restart Comparison on SecureNAT and local bridge method. Speed test on local bridge Speed test on SecureNAT Conclusion Local bridge use far less CPU resources than SecureNAT. It is a bit trouble to setup but I think it is worth to use local bridge. Src: http://www.auxnet.org/index.php/the-news/194-softether-on-vps-using-local-bridge Related Administrations Configurations (Linux) CentOS 7Softether
URL Redirect PHP script for Horde October 12, 2008November 6, 2008 I nearly got mad implementing horde in virtualmin. Though this section will not tell how the Horde was setup. Anyways, HORDE needs to work under /horde framework. I know this can be fixed up in registry.php file and can be used as /groupware or something. Related Read More
Debian 7 wheezy – Certbot auto started failing with ’ No module named pip.__main__’ February 9, 2020 If you’re using Debian 7 a.k.a wheezy which is end of life at this moment and you were using Let’s Encrypt was your SSL, then you might need some backward compatibility to continue. A possible work around for me as below: wget https://raw.githubusercontent.com/certbot/certbot/75499277be6699fd5a9b884837546391950a3ec9/certbot-auto chmod +x ./certbot-auto ./certbot-auto –no-self-upgrade For renewing… Read More
Fixing Vesta CP Exim Email Incoming error with T=local_delivery defer (-1): Malformed value “0MM” December 24, 2021December 25, 2021 ******** Applicable for vesta cp 1.0.0-5 version) ******** If you lately encounter an issue with mail incoming with vesta cp after an auto update took place, your /var/log/exim/main.log shows something similar below- 2021-12-19 03:39:42 1mxheU-000374-0o == mail@domain.com R=localuser T=local_delivery defer (-1): Malformed value “0MM” (expansion of “${extract{6}{:}{${lookup{$l$…. Step-1 Finding vesta… Read More