os-softether-devel (misconfigured)

Started by Hafedh TRIMECHE, June 24, 2023, 01:40:00 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 24, 2023, 01:40:00 AM
Hello,

Please note that Softether plugin reported:
Code Select
os-softether-devel (misconfigured)

I would reach the local network from Windows Softether VPN Client. No chance.
Code Select
https://sites.google.com/view/softether-dhcp-bridge
Best regards.
June 24, 2023, 08:14:30 AM #1
Softether in FreeBSD quite limited when it codes to bridging.

Misconfigured is not a problem, you can resolve conflicts in System : Firmware
August 03, 2025, 10:51:06 AM #2
The current RTM 4.44. build 9807 works quite well, as mimugmail mentioned, bridging works in a special way, packets go beside any FW rules.

What makes the plugin unusable for me, is the fact that after a while, even without bridging, the vpnserver process goes to almost 100% CPU load, even disconnecting all connections does not solve this. One has to restart the daemon.

Does anybody encounter this problem too ?
August 21, 2025, 09:15:01 AM #3
The FreeBSD Implementation is really unstable, to me this plugin is only a PoC
August 29, 2025, 12:30:19 PM #4
In discussion with Michael we're going to remove it in 25.7.3 -- it was never released officially and feedback was very low and inconclusive over the years. Better VPN alternatives exist these days.


Cheers,
Franco
September 08, 2025, 07:19:10 PM #5 Last Edit: September 08, 2025, 07:20:45 PM by mcedars
Quote from: franco on August 29, 2025, 12:30:19 PM...we're going to remove it in 25.7.3

Hi,

If there is any way to change your mind or to merely plead for this decision to be reversed, please reconsider. We have had great success with Softether on OPNsense for years, in production, for both road-warrior and site-to-site scenarios. It's in production on over a dozen instances serving quite a few sites and users.

It does require a touch of configuration (specifically not using its kernel IP NAT engine) but has been rock-solid and its removal from 25.7.3 would force us into a difficult bind regarding either delayed upgrades or a significant network overhaul.

Many thanks,

Matt
September 09, 2025, 08:02:04 AM #6
Hm, so we have 2 options:

1. You contribute a nice and detailed documentation to the OPNsense docs

2. I add the pkg and plugin to my community repo


Tbh I never read about a successful implementation, so I agreed with Franco to remove it as it never left dev status.
September 09, 2025, 05:49:46 PM #7
First and foremost, a heartfelt "thank you" for the response, flexibility and community spirit.

Both options are great. I'd be happy to contribute back to the community, relaying our experience within the scope of our specific use case. Softether is pretty broad in its configuration options. I'll put together an outline and DM you (mimugmail) the draft. The main thing to understand is that it essentially operates its own independent IP stack, and hence would best be separated from both the kernel and IP address of the OPNsense instance. Once you wrap your head around that, everything becomes pretty straightforward as you configure routing between two separate virtual devices with separate IP addresses that peacefully coexist.

Thinking about it, the final disposition for the softether package may probably best be within the mimugmail community repo. We already use it for the cloudflared package as undoubtedly many others do for the vast array of other useful packages it brings that are "just outside" what would otherwise be within the core scope of the OPNsense project itself, and IMHO that would aptly be true for softether as well in this case.

Thanks again,

Matt
Print
Go Up Pages1
User actions