Table of contents

11.1 Troubleshooting

    Table of contents
    to the older version or return to version archive.

    Combined revision comparison

    Comparing version 01:18, 26 Jan 2024 by puripuri2100 with version 19:25, 27 Jan 2024 by puripuri2100.

    ...

    ...

    • Check to make sure that the host name or IP address of the VPN Server you are trying to connect to is correct. Also, make sure the TCP/IP port number is the same as the VPN Server's listener port. Furthermore, confirm that that listener port is not being used by some other server software (such as a webserver like IIS or Apache). Please refer to section 33.3.6 Listener Ports3.3 VPN Server Administration for more information.
    • The global address of the connecting computer to be recognized by VPN Server may not have reverse DNS lookup configured.
    • If there is a proxy server, transparent firewall, or some other special networking devices between the connecting computer and the VPN Server, these devices may misinterpret the SoftEther VPN protocol and write over it or block it completely. In this case, check with the administrator of these networking devices.
    • If your network uses a HTTP proxy or SOCKS proxy, check with the proxy server's administrator to confirm if the proxy can be used to forward the SoftEther VPN protocol.

    ...

    SecureNAT may not be configured properly. Check to make sure the following things are not occurring on your network. Also check the items listed in section 3.7.4 Points to Note when using Virtual NAT Function3.7 Virtual NAT & Virtual DHCP Servers.

    ...

    • Check to make sure that you have not enabled a security policy that has a broadcast limit in the security policies for VPN Client or for any cascade connections you need for your VPN. Note that the default policy does have a broadcast limit enabled. Please refer to section 3.5.9 Security Policies3.5 Virtual Hub Security Features for more details.
    • If you are using local bridge connections, the physical network adapter connected to via the local bridge or that segment's layer 2 switching Hub may not be able to handle the large number of broadcast frames and will fail to forward them properly.

    ...

    • Multicast packets will be treated the same as a broadcast packet by a VPN Server's Virtual Hub. Check to make sure that you have not enabled a security policy that has a broadcast limit in the security policies for VPN Client or for any cascade connections you need for your VPN. Note that the default policy does have a broadcast limit enabled. Please refer to section 3.5.9 Security Policies3.5 Virtual Hub Security Features for more details.
    • If you are using local bridge connections, the physical network adapter connected to via the local bridge or that segment's layer 2 switching Hub may not be able to handle the large number of broadcast frames and will fail to forward them properly. Your layer 2 switching Hub/router, or layer 3 switch may not recognize multicast packets and may be filtering them out.

    ...

    If you have forgotten the administrator password for your VPN Server, refer to 3.3.7 Configuration File3.3 VPN Server Administration and delete the following lines from the VPN Server configuration file with a text editor:

    ...

    11.1.12 A Missing Number This item is missing number.11.1.13 RADIUS authentication is not functioning properly. What should I check?

    If you are unable to use RADIUS authentication, refer to section 3.5.3 External Authentication Server Settings3.5 Virtual Hub Security Features and confirm the following:

    ...

    11.1.13 A Missing Number

    This item is missing number.

    ...

    If you have defined a local bridge connection but it is always offline or showing an error, check sections 3.6.11 Points to Note when Local Bridging in Linux, FreeBSD, Solaris or Mac OS X3.6 Local Bridges and the following:

    ...

    If you have defined a local bridge connection between a Virtual Hub and a wireless network adapter but the local bridge is not functioning properly, refer to section 3.6.6 Use of network adapters not supporting Promiscuous Mode3.6 Local Bridges.

    ...

    If you have created a Virtual Layer 3 Switch, defined a Virtual Interface to a Virtual Hub, and started it up but it remains offline or shows an error, refer to section 3.8.6 Starting and Stopping3.8 Virtual Layer 3 Switches.

    ...

    If you have set up a cluster but can not communicate between Virtual Hubs you have made on the cluster, refer to section 3.9.7 Static Virtual Hubs3.9 Clustering. Also verify that you have correctly set up and configured the cluster as described in section 10.8 Build a Large Scale Remote Access VPN Service.

    ...

    Even if you have not established a VPN connection the VPN Client sometimes sends some packets through the physical network interface. These packets are described in section 4.9.2 Internet Connection Maintenance Function4.9 Other Functions. (You can modify some settings to stop VPN Client from sending these packets.)

    ...

    • Packets for ARP polling by the Virtual Hub as explained in section 3.4.8 Confirming the Existence of IP Addresses with Poll Packets3.4 Virtual Hub Functions.
      (By setting the [NoArpPolling] option in the configuration file to 'true' you can stop ARP polling from occurring.)
    • Packets sent by the SoftEther VPN protocol to confirm the existence of each TCP/IP connection, or KeepAlive packets sent to prevent the TCP/IP connection from timing out. The interval that KeepAlive packets are sent by the TCP/IP connections that make up the SoftEther VPN protocol is approximately half of the timeout interval defined in that VPN session's security policy.

    ...

    Any user modified files, Virtual Network Adapters, and configuration data created after VPN Client is installed are not automatically deleted and thus remain on the system even after VPN Client is uninstalled. If you want to delete the configuration files (vpn_client.config) or Virtual Network Adapters registered to your system, delete them manually when you are sure that you do not need them anymore. Please refer to section 8.3.2 Virtual Network Adapter8.3 Uninstall SoftEther VPN Client for information on how to delete a Virtual Network Adapter.

    ...

    Normally you can just ignore this message with no problems, but if there are many FreeBSD machines on the same segment this could cause problems for the administrator of those machines. In this situation you can stop these polling packets from being sent. For instructions on how to stop a Virtual Hub from sending polling packets to confirm the existence of an IP address, please refer to section 3.4.8 Confirming the Existence of IP Addresses with Poll Packets3.4 Virtual Hub Functions.  

    ...

    Other changes:

    1. /body/ul[2]/li/a/@href: "mks://localhost/4-docs/1-manual/3/3.6""mks://localhost/4-docs/1-manual/3/3.6#3.6.10_Points_to_Note_when_Local_Bridging_in_Windows"
    2. /body/ul[2]/li/a/@title: "4-docs/1-manual/3/3.6""3.6.10 Points to Note when Local Bridging in Windows"
    3. /body/ul[2]/li[2]/a/@href: "mks://localhost/4-docs/1-manual/3/3.6""mks://localhost/4-docs/1-manual/3/3.6#3.6.11_Points_to_Note_when_Local_Bridging_in_Linux.2C_FreeBSD.2C_Solaris_or_Mac_OS_X"
    4. /body/ul[2]/li[2]/a/@title: "4-docs/1-manual/3/3.6""3.6.11 Points to Note when Local Bridging in Linux, FreeBSD, Solaris or Mac OS X"
    5. /body/ul[2]/li[3]/a/@href: "mks://localhost/4-docs/1-manual/3/3.6""mks://localhost/4-docs/1-manual/3/3.6#3.6.3_Preparing_the_Local_Bridge_network_adapter"
    6. /body/ul[2]/li[3]/a/@title: "4-docs/1-manual/3/3.6""3.6.3 Preparing the Local Bridge network adapter"
    7. /body/ul[3]/li/a/@href: "mks://localhost/4-docs/1-manual/3/3.3""mks://localhost/4-docs/1-manual/3/3.3#3.3.6_Listener_Ports"
    8. /body/ul[3]/li/a/@title: "4-docs/1-manual/3/3.3""3.3.6 Listener Ports"
    9. /body/p[16]/a/@href: "mks://localhost/4-docs/1-manual/3/3.7""mks://localhost/4-docs/1-manual/3/3.7#3.7.4_Points_to_Note_when_using_Virtual_NAT_Function"
    10. /body/p[16]/a/@title: "4-docs/1-manual/3/3.7""3.7.4 Points to Note when using Virtual NAT Function"
    11. /body/ul[7]/li/a/@href: "mks://localhost/4-docs/1-manual/3/3.5""mks://localhost/4-docs/1-manual/3/3.5#3.5.9_Security_Policies"
    12. /body/ul[7]/li/a/@title: "4-docs/1-manual/3/3.5""3.5.9 Security Policies"
    13. /body/ul[8]/li/a/@href: "mks://localhost/4-docs/1-manual/3/3.5""mks://localhost/4-docs/1-manual/3/3.5#3.5.9_Security_Policies"
    14. /body/ul[8]/li/a/@title: "4-docs/1-manual/3/3.5""3.5.9 Security Policies"
    15. /body/p[22]/a/@href: "mks://localhost/4-docs/1-manual/3/3.3""mks://localhost/4-docs/1-manual/3/3.3#3.3.7_Configuration_File"
    16. /body/p[22]/a/@title: "4-docs/1-manual/3/3.3""3.3.7 Configuration File"
    17. /body/p[24]/a/@href: "mks://localhost/4-docs/1-manual/3/3.5""mks://localhost/4-docs/1-manual/3/3.5#3.5.3_External_Authentication_Server_Settings"
    18. /body/p[24]/a/@title: "4-docs/1-manual/3/3.5""3.5.3 External Authentication Server Settings"
    19. /body/p[31]/a/@href: "mks://localhost/4-docs/1-manual/3/3.6""mks://localhost/4-docs/1-manual/3/3.6#3.6.11_Points_to_Note_when_Local_Bridging_in_Linux.2C_FreeBSD.2C_Solaris_or_Mac_OS_X"
    20. /body/p[31]/a/@title: "4-docs/1-manual/3/3.6""3.6.11 Points to Note when Local Bridging in Linux, FreeBSD, Solaris or Mac OS X"
    21. /body/p[32]/a/@href: "mks://localhost/4-docs/1-manual/3/3.6""mks://localhost/4-docs/1-manual/3/3.6#3.6.6_Use_of_network_adapters_not_supporting_Promiscuous_Mode"
    22. /body/p[32]/a/@title: "4-docs/1-manual/3/3.6""3.6.6 Use of network adapters not supporting Promiscuous Mode"
    23. /body/p[33]/a/@href: "mks://localhost/4-docs/1-manual/3/3.8""mks://localhost/4-docs/1-manual/3/3.8#3.8.6_Starting_and_Stopping_Virtual_Layer_3_Switches"
    24. /body/p[33]/a/@title: "4-docs/1-manual/3/3.8""3.8.6 Starting and Stopping Virtual Layer 3 Switches"
    25. /body/p[34]/a/@href: "mks://localhost/4-docs/1-manual/3/3.9""mks://localhost/4-docs/1-manual/3/3.9#3.9.7_Static_Virtual_Hubs"
    26. /body/p[34]/a/@title: "4-docs/1-manual/3/3.9""3.9.7 Static Virtual Hubs"
    27. /body/p[36]/a/@href: "mks://localhost/4-docs/1-manual/4/4.9""mks://localhost/4-docs/1-manual/4/4.9#4.9.2_Internet_Connection_Maintenance_Function"
    28. /body/p[36]/a/@title: "4-docs/1-manual/4/4.9""4.9.2 Internet Connection Maintenance Function"
    29. /body/ul[14]/li/a/@href: "mks://localhost/4-docs/1-manual/3/3.4""mks://localhost/4-docs/1-manual/3/3.4#3.4.8_Confirming_the_Existence_of_IP_Addresses_with_Poll_Packets"
    30. /body/ul[14]/li/a/@title: "4-docs/1-manual/3/3.4""3.4.8 Confirming the Existence of IP Addresses with Poll Packets"
    31. /body/p[45]/a/@href: "mks://localhost/4-docs/1-manual/8/8.3""mks://localhost/4-docs/1-manual/8/8.3#8.3.2_Virtual_Network_Adapter"
    32. /body/p[45]/a/@title: "4-docs/1-manual/8/8.3""8.3.2 Virtual Network Adapter"
    33. /body/p[55]/a/@href: "mks://localhost/4-docs/1-manual/3/3.4""mks://localhost/4-docs/1-manual/3/3.4#3.4.8_Confirming_the_Existence_of_IP_Addresses_with_Poll_Packets"
    34. /body/p[55]/a/@title: "4-docs/1-manual/3/3.4""3.4.8 Confirming the Existence of IP Addresses with Poll Packets"

    Version from 01:18, 26 Jan 2024

    This revision modified by puripuri2100 (Ban)

    ...

    • From Windows 2000 on, this type of problem may occur right after defining a local bridge that connects to a network adapter with hardware offloading capabilities. If this is the case, try restarting your computer. Please refer to section 3.6 Local Bridges for more details.
    • If you are using Linux or Solaris, you can communicate within the Virtual Hub (VPN) from the network adapter connected to by the local bridge to the LAN, but you can not communicate to the network adapter itself. This is a restriction imposed by the Linux kernel. For more information please refer to 3.6 Local Bridges.
    • If you are using local bridging to make a bridged connection between a Virtual Hub and a physical LAN as described in section 3.6 Local Bridges, we recommend you set aside a network adapter specifically for this purpose. This will result in the best performance when using local bridging.

    ...

    • Check to make sure that the host name or IP address of the VPN Server you are trying to connect to is correct. Also, make sure the TCP/IP port number is the same as the VPN Server's listener port. Furthermore, confirm that that listener port is not being used by some other server software (such as a webserver like IIS or Apache). Please refer to section 3.3 VPN Server Administration for more information.
    • The global address of the connecting computer to be recognized by VPN Server may not have reverse DNS lookup configured.
    • If there is a proxy server, transparent firewall, or some other special networking devices between the connecting computer and the VPN Server, these devices may misinterpret the SoftEther VPN protocol and write over it or block it completely. In this case, check with the administrator of these networking devices.
    • If your network uses a HTTP proxy or SOCKS proxy, check with the proxy server's administrator to confirm if the proxy can be used to forward the SoftEther VPN protocol.

    ...

    SecureNAT may not be configured properly. Check to make sure the following things are not occurring on your network. Also check the items listed in section 3.7 Virtual NAT & Virtual DHCP Servers.

    ...

    • Check to make sure that you have not enabled a security policy that has a broadcast limit in the security policies for VPN Client or for any cascade connections you need for your VPN. Note that the default policy does have a broadcast limit enabled. Please refer to section 3.5 Virtual Hub Security Features for more details.
    • If you are using local bridge connections, the physical network adapter connected to via the local bridge or that segment's layer 2 switching Hub may not be able to handle the large number of broadcast frames and will fail to forward them properly.

    ...

    • Multicast packets will be treated the same as a broadcast packet by a VPN Server's Virtual Hub. Check to make sure that you have not enabled a security policy that has a broadcast limit in the security policies for VPN Client or for any cascade connections you need for your VPN. Note that the default policy does have a broadcast limit enabled. Please refer to section 3.5 Virtual Hub Security Features for more details.
    • If you are using local bridge connections, the physical network adapter connected to via the local bridge or that segment's layer 2 switching Hub may not be able to handle the large number of broadcast frames and will fail to forward them properly. Your layer 2 switching Hub/router, or layer 3 switch may not recognize multicast packets and may be filtering them out.

    ...

    If you have forgotten the administrator password for your VPN Server, refer to 3.3 VPN Server Administration and delete the following lines from the VPN Server configuration file with a text editor:

    ...

    11.1.12 A Missing Number

    This item is missing number.

    11.1.13 RADIUS authentication is not functioning properly. What should I check?

    If you are unable to use RADIUS authentication, refer to section 3.5 Virtual Hub Security Features and confirm the following:

    ...

    If you have defined a local bridge connection but it is always offline or showing an error, check sections 3.6 Local Bridges and the following:

    ...

    If you have defined a local bridge connection between a Virtual Hub and a wireless network adapter but the local bridge is not functioning properly, refer to section 3.6 Local Bridges.

    ...

    If you have created a Virtual Layer 3 Switch, defined a Virtual Interface to a Virtual Hub, and started it up but it remains offline or shows an error, refer to section 3.8 Virtual Layer 3 Switches.

    ...

    If you have set up a cluster but can not communicate between Virtual Hubs you have made on the cluster, refer to section 3.9 Clustering. Also verify that you have correctly set up and configured the cluster as described in section 10.8 Build a Large Scale Remote Access VPN Service.

    ...

    Even if you have not established a VPN connection the VPN Client sometimes sends some packets through the physical network interface. These packets are described in section 4.9 Other Functions. (You can modify some settings to stop VPN Client from sending these packets.)

    ...

    • Packets for ARP polling by the Virtual Hub as explained in section 3.4 Virtual Hub Functions.
      (By setting the [NoArpPolling] option in the configuration file to 'true' you can stop ARP polling from occurring.)
    • Packets sent by the SoftEther VPN protocol to confirm the existence of each TCP/IP connection, or KeepAlive packets sent to prevent the TCP/IP connection from timing out. The interval that KeepAlive packets are sent by the TCP/IP connections that make up the SoftEther VPN protocol is approximately half of the timeout interval defined in that VPN session's security policy.

    ...

    Any user modified files, Virtual Network Adapters, and configuration data created after VPN Client is installed are not automatically deleted and thus remain on the system even after VPN Client is uninstalled. If you want to delete the configuration files (vpn_client.config) or Virtual Network Adapters registered to your system, delete them manually when you are sure that you do not need them anymore. Please refer to section 8.3 Uninstall SoftEther VPN Client for information on how to delete a Virtual Network Adapter.

    ...

    Normally you can just ignore this message with no problems, but if there are many FreeBSD machines on the same segment this could cause problems for the administrator of those machines. In this situation you can stop these polling packets from being sent. For instructions on how to stop a Virtual Hub from sending polling packets to confirm the existence of an IP address, please refer to section 3.4 Virtual Hub Functions.

    ...

    Current version

    This revision modified by puripuri2100 (Ban)

    ...

    • From Windows 2000 on, this type of problem may occur right after defining a local bridge that connects to a network adapter with hardware offloading capabilities. If this is the case, try restarting your computer. Please refer to section 3.6.10 Points to Note when Local Bridging in Windows for more details.
    • If you are using Linux or Solaris, you can communicate within the Virtual Hub (VPN) from the network adapter connected to by the local bridge to the LAN, but you can not communicate to the network adapter itself. This is a restriction imposed by the Linux kernel. For more information please refer to 3.6.11 Points to Note when Local Bridging in Linux, FreeBSD, Solaris or Mac OS X.
    • If you are using local bridging to make a bridged connection between a Virtual Hub and a physical LAN as described in section 3.6.3 Preparing the Local Bridge network adapter , we recommend you set aside a network adapter specifically for this purpose. This will result in the best performance when using local bridging.

    ...

    • Check to make sure that the host name or IP address of the VPN Server you are trying to connect to is correct. Also, make sure the TCP/IP port number is the same as the VPN Server's listener port. Furthermore, confirm that that listener port is not being used by some other server software (such as a webserver like IIS or Apache). Please refer to section 33.3.6 Listener Ports for more information.
    • The global address of the connecting computer to be recognized by VPN Server may not have reverse DNS lookup configured.
    • If there is a proxy server, transparent firewall, or some other special networking devices between the connecting computer and the VPN Server, these devices may misinterpret the SoftEther VPN protocol and write over it or block it completely. In this case, check with the administrator of these networking devices.
    • If your network uses a HTTP proxy or SOCKS proxy, check with the proxy server's administrator to confirm if the proxy can be used to forward the SoftEther VPN protocol.

    ...

    SecureNAT may not be configured properly. Check to make sure the following things are not occurring on your network. Also check the items listed in section 3.7.4 Points to Note when using Virtual NAT Function.

    ...

    • Check to make sure that you have not enabled a security policy that has a broadcast limit in the security policies for VPN Client or for any cascade connections you need for your VPN. Note that the default policy does have a broadcast limit enabled. Please refer to section 3.5.9 Security Policies for more details.
    • If you are using local bridge connections, the physical network adapter connected to via the local bridge or that segment's layer 2 switching Hub may not be able to handle the large number of broadcast frames and will fail to forward them properly.

    ...

    • Multicast packets will be treated the same as a broadcast packet by a VPN Server's Virtual Hub. Check to make sure that you have not enabled a security policy that has a broadcast limit in the security policies for VPN Client or for any cascade connections you need for your VPN. Note that the default policy does have a broadcast limit enabled. Please refer to section 3.5.9 Security Policies for more details.
    • If you are using local bridge connections, the physical network adapter connected to via the local bridge or that segment's layer 2 switching Hub may not be able to handle the large number of broadcast frames and will fail to forward them properly. Your layer 2 switching Hub/router, or layer 3 switch may not recognize multicast packets and may be filtering them out.

    ...

    If you have forgotten the administrator password for your VPN Server, refer to 3.3.7 Configuration File and delete the following lines from the VPN Server configuration file with a text editor:

    ...

    If you are unable to use RADIUS authentication, refer to section 3.5.3 External Authentication Server Settings and confirm the following:

    ...

    11.1.13 A Missing Number

    This item is missing number.

    ...

    If you have defined a local bridge connection but it is always offline or showing an error, check sections 3.6.11 Points to Note when Local Bridging in Linux, FreeBSD, Solaris or Mac OS X and the following:

    ...

    If you have defined a local bridge connection between a Virtual Hub and a wireless network adapter but the local bridge is not functioning properly, refer to section 3.6.6 Use of network adapters not supporting Promiscuous Mode.

    ...

    If you have created a Virtual Layer 3 Switch, defined a Virtual Interface to a Virtual Hub, and started it up but it remains offline or shows an error, refer to section 3.8.6 Starting and Stopping Virtual Layer 3 Switches.

    ...

    If you have set up a cluster but can not communicate between Virtual Hubs you have made on the cluster, refer to section 3.9.7 Static Virtual Hubs. Also verify that you have correctly set up and configured the cluster as described in section 10.8 Build a Large Scale Remote Access VPN Service.

    ...

    Even if you have not established a VPN connection the VPN Client sometimes sends some packets through the physical network interface. These packets are described in section 4.9.2 Internet Connection Maintenance Function. (You can modify some settings to stop VPN Client from sending these packets.)

    ...

    • Packets for ARP polling by the Virtual Hub as explained in section 3.4.8 Confirming the Existence of IP Addresses with Poll Packets.
      (By setting the [NoArpPolling] option in the configuration file to 'true' you can stop ARP polling from occurring.)
    • Packets sent by the SoftEther VPN protocol to confirm the existence of each TCP/IP connection, or KeepAlive packets sent to prevent the TCP/IP connection from timing out. The interval that KeepAlive packets are sent by the TCP/IP connections that make up the SoftEther VPN protocol is approximately half of the timeout interval defined in that VPN session's security policy.

    ...

    Any user modified files, Virtual Network Adapters, and configuration data created after VPN Client is installed are not automatically deleted and thus remain on the system even after VPN Client is uninstalled. If you want to delete the configuration files (vpn_client.config) or Virtual Network Adapters registered to your system, delete them manually when you are sure that you do not need them anymore. Please refer to section 8.3.2 Virtual Network Adapter for information on how to delete a Virtual Network Adapter.

    ...

    Normally you can just ignore this message with no problems, but if there are many FreeBSD machines on the same segment this could cause problems for the administrator of those machines. In this situation you can stop these polling packets from being sent. For instructions on how to stop a Virtual Hub from sending polling packets to confirm the existence of an IP address, please refer to section 3.4.8 Confirming the Existence of IP Addresses with Poll Packets.

    ...