Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


SoftEther - Very powerful, easy-to-use, multi-protocol VPN software - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

SoftEther - Very powerful, easy-to-use, multi-protocol VPN software

24567

Comments

  • @colm I'm sorry I don't know well about OpenVZ. If OpenVZ allows each instance to use SOL_PACKET (low-level Ethernet device packet tx/rx syscall), SoftEther VPN's "Local Bridge" function can be used. Local Bridge links between Ethernet interface and Virtual Hub. In the normal Linux or Windows PC (not a virtual one), it is easy to make a remote-access or a site-to-site VPN by using Local Bridge. You set up Local Bridge between the Virtual Hub and the Physical NIC. Then VPN Client or VPN Bridge (or VPN Server) on remote-side can now establish VPN connections to the Virtual Hub. Virtual Hub is a software-emulated L2 virtual switch, exactly same to physical Ethernet Switch. Your remote VPN Client / Bridge software are connected to the L2 segment of Virtual Hub. Since Virtual Hub is linked to Physical Ethernet Segment via Local Bridge. So your remote client or site can communicate with the destination L2 segment.
    However Local Bridge requires root privilege since the SOL_PACKET socket opening needs root. You cannot use Local Bridge if vpnserver process is under a normal user context. Moreover Local Bridge requires Promiscuous Mode on the target Ethernet device. Otherwise Local Bridge doesn't work well.
    If Local Bridge doesn't work well, as an alternative, you can use SecureNAT. SecureNAT is Virtual NAT and Virtual DHCP Server. It can work in a normal-user context because it never call system-calls which require root privileges. Please activate SecureNAT function on the Virtual Hub if you can't local-bridging. Note that SecureNAT is implemented in the Virtual Hub as "upside-down TCP/UDP stack" to avoid using privileged system calls, thus SecureNAT works slower a little than Local Bridge. When Local Bridge archives 980Mbps, SecureNAT archives only 200-300Mbps.
    Local Bridge: http://www.softether.org/4-docs/1-manual/3.SoftEther_VPN_Server_Manual/3.6_Local_Bridges
    SecureNAT: http://www.softether.org/index.php?title=4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.7_Virtual_NAT
    %26_Virtual_DHCP_Servers
    General Tutorial: http://www.softether.org/4-docs/2-howto

  • sorry the above links are broken. copy and paste a URL on the browser's URL bar.

  • @fan Today I wrote "What is different between SoftEther VPN and VPN Gate?" on http://www.softether.org/. Tutorials are http://www.softether.org/4-docs/2-howto however this is not enriched. We are going to attempt making better tutorials and FAQs on the web.

  • @Janevski SoftEther VPN is not based on OpenVPN, but it supports OpenVPN protocol. At first I considered to make extension on OpenVPN to support other protocols: Ethernet over HTTPS, L2TP/IPsec, L2TPv3/IPsec, EtherIP/IPsec and MS-SSTP. However I could not understand the OpenVPN's source code well. So I decided to implement all from scratch. Our Ph. D member read the OpenVPN source code, and made a document of OpenVPN protocol. I implemented SoftEther VPN by reading that document. By the way, I was very impressed by OpenVPN and Microsoft-PPTP 10 years ago when I was high-school student. I had used MS-PPTP to log in to the high-school's network from home PC.

  • @joodle Please make sure that L2TP/IPsec is enabled, and there are no conflicting software on the same host. L2TP/IPsec needs UDP 500 and 4500. Both ports must be permitted by firewalls. You have to specify the correct Pre-Shared Key on both VPN Server and your vpn client device when you use IPsec. On UNIX, UDP 500 needs root privileges.
    If you want to use OpenVPN protocol, it is an easy way to use "Config File Generator for OpenVPN" tool: http://www.softether.org/@api/deki/files/479/=0-06-ss1.2.jpg
    You can import the generated .ovpn file on OpenVPN client devices.
    Needless to say, you have to define a user object in advance.
    SoftEther VPN 1.0 doesn't support PPTP. It supports MS-SSTP. MS-SSTP is similar to PPTP, but SSTP is "PPP over HTTPS" while PPTP is "PPP over GRE" . It is a little difficult to use MS-SSTP on SoftEther VPN 1.0, because MS-SSTP VPN Client on Windows Vista, 7 or 8 requires the server certificate's CN is exactly matched to the destination VPN server's hostname, on the client side. The server certificate must be trusted on the client side PC. The server certificate (or its CA cert) must be registered on the Machine's Certificate Store on the client PC. I don't know why Microsoft made MS-SSTP such a difficult to use.

  • @debug Make sure that IPsec&L2TP is enabled, UDP 500 & 4500 is listening, not conflicting, and PSK (pre-shared key) is exactly correct. tcpdump or Wireshark is a good tool to analyze on the both server and client side.

  • @kalam Enabling both Local Bridge and SecureNAT causes CPU 100% because the TCP/IP packet infinity loops between Local Bridge and SecureNAT on the memory.
    Please also read "11.1.7 The CPU load increases after enabling Virtual NAT for SecureNAT".
    http://www.softether.org/4-docs/1-manual/B._Troubleshooting_and_Supplemental/11.1_Troubleshooting#11.1.7_The_CPU_load_increases_after_enabling_Virtual_NAT_for_SecureNAT.

  • kalamkalam Member
    edited March 2013

    @dnobori Thank you for taking the time to post everything you have. I've already taken a look at that page, and there is no Local Bridge or VPN Client installed on the server. I tried to keep everything basic and default, but set the DNS Server Addresses to Google's Public DNS. I'll keep testing different things and see if I can address this issue though as there's a good chance it is my fault.

    Hmm, I got L2TP over IPsec to work on a test Virtual Hub, but deleted that one to keep testing and it keeps failing again, error code 720. Sigh...

  • @kalam Hmmm, I tested to create a Virtual Hub which has a peroid "test.hub" just now. And the connection of L2TP/IPsec succeed with no problem.
    Could you check the latest "server_log" directory (located where the vpnserver file is on) and see the last log file? There must be some hints to resolve the problem in the server log.

  • kalamkalam Member
    edited March 2013

    @dnobori Thank you, I should have looked at the log file initially. Apparently you need to have the DHCP Server running. I must have enabled it on the test one that worked without realizing that was the reason it worked. Started that up and it connects just fine.

    ありがとうございました

  • @kalam That's great. Thank you for using L2TP/IPsec protocol module. I am so glad that it is being used by a person oversea. I wrote the module as my master's degree thesis. http://bit.ly/ZVSkz8

  • fanfan Veteran

    @dnobori I guess the local bridge doesn't work well with virtual machines while SecureNAT works fine, and 200-300Mbps if more than enough for a virtual machine IMO. Anyways very nice project.

    Here'e one suggestion, it could be better and safer to have obfuscating built in the software. The big brother's tool just got the ability to learn the behaviors of VPN protocols (with some advanced deep packet inspection).

  • @dnobori どうもありがとう!

    I'm now using this on my primary VPN server, and absolutely loving it.
    Very simple set up, no more headaches, and great performance. :)

    Cheers!

  • @fan Thank you for using SecureNAT function.
    About "obfuscating" We have some big-brother-resist function to tolerance against traffic-analyzing. But I want to reinforcement the obfuscating function more. That is future work.

    See also:
    1.6. VPN over ICMP, and VPN over DNS (Awesome!) http://bit.ly/159sVS1

    4.3. Away from the Firewall's Eye, Camouflage as an Usual HTTPS Session http://bit.ly/159t3RA

  • @ElliotJ Thank you for your comment. We have a forum at http://www.vpnusers.com/viewforum.php?f=7 and many beginner of VPN come there every day. If you can afford, please join the forum to support eager but novice users on the forum. Unfortunately our softether.org members cannot use English well so they hesitate to reply in English.

  • nikcnikc Member

    With VPN:

    !(http://www.speedtest.net/result/2581171212.png)

    Spotted:

    root 16192 68.6 70.4 106912 88024 ? S<l 23:11 17:19 /root/vpnserver/vpnserver execsvc

    Without VPN:

    !(http://www.speedtest.net/result/2581180746.png)

  • @nikc If you enable both Local Bridge and SecureNAT, packet loops infinity.

  • nikcnikc Member

    @dnobori said: @nikc If you enable both Local Bridge and SecureNAT, packet loops infinity.

    Aha ! Much better ...

    Would you expect there to be a noticeable difference in performance between openvpn clients vs sstp ?

    Nik

  • Looks great, thanks for sharing.

  • I just set this up with my VPS and I must say, it rocks. Once you get the server setup to use TAP, creating certificates and the speed seem faster than the normal openvpn route. Currently, I'm using the openvpn protocol, which is just awesome. Hopefully they make a mac version of the client soon!

    Thanks!

  • nikcnikc Member

    @calimansi said: I just set this up with my VPS and I must say, it rocks. Once you get the server setup to use TAP, creating certificates and the speed seem faster than the normal openvpn route. Currently, I'm using the openvpn protocol, which is just awesome. Hopefully they make a mac version of the client soon!

    Was it faster than secureNAT ?

  • SecureNAT is slow, but good.

    With SecureNAT, I would see download: 4 Mbps and upload: 4 Mbps.
    With the local bridge (TAP) and dhcpd, I see download: 20 Mbps and upload: 6 Mbps.

  • @calimansi
    Thank you for comment. The Mac version is what we are attempting to develop, but it is hard work. I am Windows expert, but not a Darwin expert. Other members around me neither.

  • MaouniqueMaounique Host Rep, Veteran
    edited March 2013

    This is great news !

    I was waiting for something like this for a very long time !
    If it has obfuscation and masks the traffic as icmp/dns, this will be a great tool to fight censorship !
    Thank you very much, I will test it and try a tutorial later on :)

  • @madmonkey57 Note that VPN over ICMP/DNS needs to be activated manually on the VPN Server Manager.

  • zserozsero Member
    edited March 2013

    @dnobori, this looks like one of the greatest project I've seen recently! Seriously cool! Do you by any chance know if it would be possible to compile it to a vyatta based Ubiquty EdgeMax Lite?
    http://www.ubnt.com/edgemax

    That would be a crazy Cisco killer thing for $99 + your software.

    Update: I have problem making it work over TUN/TAP + OpenVZ without using the SecureNAT / Virtual NAT. With SecureNAT + Virtual NAT everything works fine. I've enabled the TUN function on my OVZ VPS and I was able to create the TUN adapter. It's visible and operating. But I don't have routing if I disable Virtual NAT in SecureNAT and only leave Virtual DHCP on.

    BTW, the Server Manager GUI is an absolute fantastic thing!

    Update2: How is it possible that the client can still connect, even thought I did not allow ICMP and DNS? I only specified a single port, and removed the standard ones. But somehow the client can still connect if I don't limit by /tcp.

  • So in order to replace OpenVPN, what would I choose as my server type? I just want a VPN tunnel to route all my traffic through the VPN. With OpenVPN it was a pretty simple config setup, with very few lines in the config needed to make it just work. I love this GUI, but for someone who just wants a VPN tunnel, which option would it be?

  • Can't seem to get VPN over ICMP to works
    Probably my problem, not sure how to do it
    I enabled it on server side but can't get client to connect through ICMP
    Because at the client site, it require to connect to host/port of the VPN server but if only ICMP network is allowed, host/ip connected won't be possible, therefore initial connection won't be working any how
    Any idea?

  • I made a simple tutorial on how to deploy SoftEther on buyvm.
    http://linc01n.github.com/blog/2013/03/19/softether-on-vps/

    Thanked by 2netomx bertan
  • zserozsero Member

    @lincoln, Thanks for this, nice tutorial!

    If you could extend it for a part for setting up without SecureNAT using TUN/TAP and bridge , I'd be a great help.

Sign In or Register to comment.