SoftEtherVPN: [Bug] SecureNAT DHCP does not give any IP address, if client is re-connecting, and if set to Fixed IPv4:

The only way currently to set a Fixed IP address for a client, is to write it to the user’s “note” field: kép

But there is a serious bug I’d like to report, which makes the whole VPN useless at enterprise level:

  • if client gets disconnected for any reason (restarting his PC or simply clicking disconnect) ,
  • and trying to reconnect,
  • it will not get any IP address! (In best case a non-standard automatic one, something like 169.154.x.x )

So basically if any fixed IP client is disconnecting from the VPN, it will be unreachable until DHCP lease time is over, no matter how many times it tries to get it’s IP address again. (And the DHCP lease time is normally set to maximum, otherwise the client is always disconnecting for renewal! Which is also a very very bad behaviour.)

I guess the reason is because:

  • the server still thinks there is an active session with that IP,
  • and because of that, it can not give the Fixed IP again to the new connection,
  • so it does not give any IP address at all.

I’ve just tested it with latest DE server upgraded with make. (5.02.5180) DE, with latest client. [Night build of the Dev. Client] 2023-12-03 (v5.02.5369) downloaded from Azure srv.

About this issue

  • Original URL
  • State: open
  • Created 5 months ago
  • Comments: 15 (11 by maintainers)

Most upvoted comments

@PizzaProgram

The solution would be if somebody would FIX these errors! (Both DHCP lease time + this one.)

①As to reassigning static IP address. This pull request will fix. https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1989

②If necessary, do the following. Set the “DisableSessionReconnect” to true in “vpn_server.config”. Change the “Time-out Period” value to 5 seconds on “Security Policy of User” screen.

+1
hiura2023 on May 4, 2024

@PizzaProgram Default time-out period may have caused the failure of VPN connection. Change the time-out period value to 5 seconds on “security policy of user” screen. And try.

When VPN connection is broken due to some reason, VPN server can not detect it immediately. After confirming that there is no communication for the given 5 seconds, the VPN connection is processed for cleanup. So, DHCP client can not receive DHCP OFFER, even if it sends DHCP DISCOVER. A new VPN connection will then be available with 5 seconds delay.

Attached A: DHCP sequence when the time-out period is 5 seconds on “security policy of user” screen. DHCP_GITACTUAL_5SEC2024-04-29

My test environment: VPN server:WIN11 PRO 23H2 VPN client:WIN11 HOME 23H2

+1
hiura2023 on May 1, 2024
Read more comments on GitHub
← imei: Illegal instruction in Docker
SoftEtherVPN: Cant compile SoftEther on Debian 9 →