SoftEtherVPN: Duplicate packets on RAW IP Mode

Introduced in build 9582 RAW IP Mode causing duplicate packets on ping an external IP where SoftEther installed on.

# ping vps.*
PING vps.* (86.*.*.*) 56(84) bytes of data.
64 bytes from vps (86.*.*.*): icmp_seq=1 ttl=64 time=0.112 ms
64 bytes from vps (86.*.*.*): icmp_seq=1 ttl=128 time=0.353 ms (DUP!)
64 bytes from vps (86.*.*.*): icmp_seq=2 ttl=64 time=0.096 ms
64 bytes from vps (86.*.*.*): icmp_seq=2 ttl=128 time=0.328 ms (DUP!)
64 bytes from vps (86.*.*.*): icmp_seq=3 ttl=64 time=0.064 ms
64 bytes from vps (86.*.*.*): icmp_seq=3 ttl=128 time=0.228 ms (DUP!)

About this issue

  • Original URL
  • State: open
  • Created 7 years ago
  • Reactions: 3
  • Comments: 23 (6 by maintainers)

Most upvoted comments

can confirm this still persist with version 4.29-6980-rtm setting bool DisableIpRawModeSecureNAT true stop the DUP! responses

+8
szabolcsf on Mar 18, 2019

Friends, The relevance of this problem is not a matter of (in)convenience. It also makes no sense to discuss solutions that eliminate this problem for a specific source test system that is pinging. Workarounds on the same systems are - with all due respect - not relevant in practice for the topic of VPN. The fact is that a third party who suspects a VPN process and pings a server NOT in the same network obtains an indication that the server is using softether. This is relevant to security.

+1
krupps1 on Nov 10, 2023

I can confirm this still persist with version 4.34_9745-rtm too 😦 setting bool DisableIpRawModeSecureNAT true stop the DUP! responses

+1
1o1o1 on Jul 14, 2021

is duplicate ping response a bug or expected behaviour - with SecureNAT enabled mode?

+1
oscx on Mar 19, 2019

You can drop the second ping response by: iptables -A OUTPUT -p icmp -m ttl --ttl-gt 100 -j DROP

+1
ruijzhan on Feb 12, 2018
Read more comments on GitHub
← SoftEtherVPN: DNS resolution failure after #1329 in IPv4 single stack
SoftEtherVPN: New version (5.1) breaks older installations →