Seems not to work for some reason

[lonnietc]

Hello,

I have a VPS running Ubuntu 23.04 (x84) and want to set up your docker SoftEther Server so that I can connect to it from another location.

I installed Docker and Docker-Compose as well as pulled your latest docker image from docker hub.

I then found this docker-compose.yml in some closed issues (https://github.com/cenk1cenk2/docker-softether-vpnsrv/issues/29) that you have previously done since I did not know what is needed to set up the ".env" file and added "SERVER_MODE: 'bridge'" in the "environment" section as a guess for what I need.

version: '3.7'
services:
  softether-vpnsrv:
    image: cenk1cenk2/softether-vpnsrv:latest
    environment:
      LINUX_BRIDGE_INTERFACE_NAME: 'bridge'
      SERVER_MODE: 'bridge'
    devices:
      - /dev/net/tun
    ports:
      - 1443:1443/tcp
      - 992:992/tcp
      - 5555:5555/tcp
      - 1194:1194/udp
      - 500:500/udp
      - 4500:4500/udp
      - 1701:1701/tcp
    network_mode: bridge
    volumes:
      # Configuration Files
      - ./volumes/softether-vpnsrv:/conf
      # Log files
      - ./logs/server_log:/etc/softether/server_log
      - ./logs/security_log:/etc/softether/security_log
      - ./logs/packet_log:/etc/softether/packet_log
    cap_add:
      - SETGID
      - SETUID
      - NET_ADMIN
      - NET_RAW
      - NET_BIND_SERVICE

The problem that I have now is that when I try to bring up things with "docker-compose up", things seem to error out on me.

~$ docker-compose up
[+] Running 1/0
 ✔ Container lonnie-softether-vpnsrv-1  Created                                                                                                                                                    0.0s
Attaching to softether-vpnsrv-1
softether-vpnsrv-1  | docker-softether-vpnsrv - BUILD.20240126Z2218
softether-vpnsrv-1  | ---------------------------------------------
softether-vpnsrv-1  | [I] [conf:softether] Persistent configuration file found: /conf/vpn_server.config
softether-vpnsrv-1  | [I] [postrouting] Created postrouting rules for: 10.0.0.0/24
softether-vpnsrv-1  | [I] [interface:tap] Created tap adapter: tap_soft
softether-vpnsrv-1  | [I] [interface:bridge] Created bridge adapter: bridge -> tap_soft eth0
softether-vpnsrv-1  | [I] [interface:bridge:dhcp] Bridge adapter upstream IP: bridge ->
softether-vpnsrv-1  | [I] [softether] Started SoftEtherVPN server.
softether-vpnsrv-1  | [E] [health:ping] Can not ping the upstream DHCP server: 10.0.0.1
softether-vpnsrv-1  | [F] [health:ping] Can not ping the upstream DHCP server: 10.0.0.1
softether-vpnsrv-1  | [W] [docker-softether-vpnsrv] [terminate] Forcefully terminated since hooks did not finish in time: 2 of 3
softether-vpnsrv-1 exited with code 1

Not sure what is happening here as everything is a fresh install.

Any thoughts on how to get things working would be greatly appreciated. Thanks in advance

[cenk1cenk2]

Dear @lonnietc,

For making the bridge mode work it requires an upstream DHCP server to distribute the IP addresses to connected VPN clients.

Think of it in the easiest example like, you want to connect to your home network from outside and your router already distributes the IP addresses. For this to work you also need to make the container aware, lets imagine your router is distributing IP addresses in 192.168.1.0/24 range and its ip is 192.168.1.1. So you also have to set the SERVER_CIDR_ADDRESS=192.168.1.0/24 and if the router does not have the 192.168.1.1 i think there was a environment variable for that. You also need to bridge it with a ethernet adapter, let us say you have eth0 that connects to this network,, so you also need to make it aware of LINUX_BRIDGE_UPSTREAM_INTERFACe=eth0.

I just wanted to make what that mode does clear, however I think that this mode will not work in your case since your VPS provider will never allow you to obtain an IP address, from its IPv4 pool, since they are valuable these days. They are usually just locked to your VPS and you can not obtain any further addresses.

In your case you can just use the other SERVER_MODE which will create an internal network and distribute its own IP addresses you can check the environment variable section and readme part for the DHCP server instead.

[lonnietc]

Hello,

Thanks for the quick reply. I changed it to "DHCP" mode and then I tried again.

It seemed to come up, but did did not go into the background and just stayed as:

~$ docker-compose up
[+] Running 1/1
 ✔ Container lonnie-softether-vpnsrv-1  Recreated                                                                                                                                 0.1s
Attaching to softether-vpnsrv-1
softether-vpnsrv-1  | docker-softether-vpnsrv - BUILD.20240127Z0232
softether-vpnsrv-1  | ---------------------------------------------
softether-vpnsrv-1  | [I] [conf:softether] Persistent configuration file found: /conf/vpn_server.config
softether-vpnsrv-1  | [I] [conf:dnsmasq] DHCP server configuration file generated: /conf/dnsmasq.conf
softether-vpnsrv-1  | [I] [postrouting] Created postrouting rules for: 10.0.0.0/24
softether-vpnsrv-1  | [I] [interface:tap] Created tap adapter: tap_soft
softether-vpnsrv-1  | [I] [dnsmasq] Started DNSMASQ DHCP server.
softether-vpnsrv-1  | [I] [softether] Started SoftEtherVPN server.

The "environment" section now looks like:

    environment:
      LINUX_BRIDGE_UPSTREAM_INTERFACe: 'eth0'
      LINUX_BRIDGE_INTERFACE_NAME: 'bridge'
      SERVER_MODE: 'dhcp'

Had to shut it down with Ctrl-C but think that maybe there is a setting that I can put into the docker-compose.yml that sends it into the background and returns the command prompt unless there is still something missing.

Also, still cannot connect from a Windows SoftEther Client to the SoftEther Server.

Thanks again

[lonnietc]

Good Morning,

I was just re-reading your last reply and for my case, I will be connecting from my home (Windows) with the SoftEther Client to a VPS (Ubuntu 22.04) that has your docker SoftEther server running.

I have success in now seeing the server from my home machine, but need to access the server with the SoftEther Server Manager so that I can change the Administrator password and set up users as well.

What is the default Administrator password for this setup?

[cenk1cenk2]

A working environment should not require much.

The following environment variables should do the trick.

# if you want to see what is going on the background
LOG_LEVEL=DEBUG

# your case is involving tunneling your clients connection from your outside vps
SERVER_MODE=dhcp
# just if you want to change the ip range that it distrubutes
SERVER_CIDR_ADDRESS=10.10.10.0/24

# for creating a tap adapter, i guess this is default
SOFTETHER_TAP_INTERFACE=soft
# if you want to change the generated hub name from softether
SOFTETHER_DEFAULT_HUB=VPN

You might want to delete the generated configuration files for softether since it requires a different configuration for dhcp setup compared to bridge setup.

You can then connect to your softether instance through management gui with your server ip and port 1443. This uses 1443 instead of the default 443 because 443 is for https connections. The default setup should not have any admin password.

By default if you did not do any firewall configuration on your VPS, docker punches through the firewall for forwarded ports.

[lonnietc]

Thanks for all of your help and I have it all working now.

I just had to reset the password for the user and it fired right up.

If I might make a suggestion, maybe it would be good for you to have a simple "default" docker-compose.yml with and "environamnt" section and set with common variables like "SERVER_MODE: dhcp", etc. along with some information on starting it up with docker-compose so that new folks can just download it and fire it right up as an initial thought.

I worked with you release a long time ago and then stopped using it for a while and forgot many of the additional steps that I needed now to get it back up and running quickly and in the simplest case (i.e. Home --> VPS machine) which is often something like a Windows (Home) machine client connecting to a Linux Ubuntu (VPS) server machine.

It's just a thought, but it might be helpful to others if you decide to do it.

Thanks again and I am doing some testing since this server will be a IPsec connection point for another project that uses it called Bitvisor that I am using for a P2P project that is being developed now.

On a side note, I did hear somethings recently, but not sure exactly where, but I think that SoftEther is working on supporting Wireguard as well which has significantly throughput and lower latency than the current connections although I understand that IPsec is also pretty fast as well.

Thanks again and have a great weekend, my friend.

[cenk1cenk2]

No worries at all, glad that it is working now.

That is good input to make things easier. It is not a very straightforward setup process.

The wireguard support is been in for a while albeit it is only available through CLI, i suppose it will take a while to hit the gui.

Thank you and I wish you a good weekend too.