SoftEther VPN server → client ping stops working after 30 seconds

Arduinefier · March 11, 2025, 2:22pm

I’m setting up a VPN server for a project where clients need to be able to contact each other and the services on the server.

Most works fine and dandy, and all clients can ping each other. The strange part is that after connecting, the server is able to ping the client for about 30 seconds, and then stops. See example below (ran server-side).

$ ping 10.0.0.10
PING 10.0.0.10 (10.0.0.10) 56(84) bytes of data.
64 bytes from 10.0.0.10: icmp_seq=1 ttl=64 time=48.2 ms
64 bytes from 10.0.0.10: icmp_seq=2 ttl=64 time=24.6 ms
64 bytes from 10.0.0.10: icmp_seq=3 ttl=64 time=22.9 ms
64 bytes from 10.0.0.10: icmp_seq=4 ttl=64 time=23.7 ms
^C
--- 10.0.0.10 ping statistics ---
48 packets transmitted, 4 received, 91.6667% packet loss, time 48044ms
rtt min/avg/max/mdev = 22.948/29.857/48.190/10.599 ms

So pinging works fine until it suddenly stops. Pinging client to server remains functional. Same behaviour for both Linux and Windows clients and other traffic such as HTTP. Works for a short time and then stops. The routes present in both clients and server seem okay to me (see below).

The SoftEther VPN server is running in docker as a privileged container and host networking mode. It has a TAP adapter called tap_soft with a systemd-networkd configuration. The SoftEther virtual DHCP server is enabled and serves IP’s between 10.0.0.10 and 10.0.0.200, subnet 255.255.255.0 where the virtual host itself has 10.0.0.1.

networkd tap conf (/etc/systemd/network/tap_soft.netdev):

[NetDev]
Name=tap_soft
Kind=tap

networkd network conf (/etc/systemd/network/tap_soft.network):

[Match] 
Name=tap_soft
[Address] 
Address=10.0.0.1/24

docker-compose:

version: '3'
services:
  softether:
    container_name: softether
    image: siomiz/softethervpn:4.38-alpine
    volumes:
      - ./vpn_server.config:/usr/vpnserver/vpn_server.config
    restart: always
    ports:
      # L2TP/IPSec
      - "500:500/udp"
      - "4500:4500/udp"
      - "1701:1701/tcp"
      # OpenVPN
      - "1194:1194/udp"
      - "443:443/tcp" # Over https
      # SoftEther VPN
      - "5555:5555/tcp"
      - "992:992/tcp"
    network_mode: host
    environment:
      - PSK=${IPSec_PSK}
      - SPW=${server_management_password}
    cap_add:
      - NET_ADMIN
    privileged: true
  ...

Routes:
Sever: 10.0.0.0/24 dev tap_soft proto kernel scope link src 10.0.0.1
Client: 10.0.0.0/24 dev vpn_vpn proto kernel scope link src 10.0.0.10
(These are automatically created upon connecting it seems)

Does anyone have any idea where the problem lies? Any help is welcome!

ctheune · March 11, 2025, 2:22pm

If running over TCP double check your MTU and whether packets get lost. Just had that as a horrible incident last week that took hours because a colleague didn’t mention that this one connection came in through DSL.