Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

SoftEther - Very powerful, easy-to-use, multi-protocol VPN software - Page 2

SoftEther - Very powerful, easy-to-use, multi-protocol VPN software

24

Comments

  • I just set this up with my VPS and I must say, it rocks. Once you get the server setup to use TAP, creating certificates and the speed seem faster than the normal openvpn route. Currently, I'm using the openvpn protocol, which is just awesome. Hopefully they make a mac version of the client soon!

    Thanks!

  • nikcnikc Member

    @calimansi said: I just set this up with my VPS and I must say, it rocks. Once you get the server setup to use TAP, creating certificates and the speed seem faster than the normal openvpn route. Currently, I'm using the openvpn protocol, which is just awesome. Hopefully they make a mac version of the client soon!

    Was it faster than secureNAT ?

  • SecureNAT is slow, but good.

    With SecureNAT, I would see download: 4 Mbps and upload: 4 Mbps. With the local bridge (TAP) and dhcpd, I see download: 20 Mbps and upload: 6 Mbps.

  • @calimansi Thank you for comment. The Mac version is what we are attempting to develop, but it is hard work. I am Windows expert, but not a Darwin expert. Other members around me neither.

  • MaouniqueMaounique Provider
    edited March 2013

    This is great news !

    I was waiting for something like this for a very long time ! If it has obfuscation and masks the traffic as icmp/dns, this will be a great tool to fight censorship ! Thank you very much, I will test it and try a tutorial later on :)

    Truthfully i bid thee, thee shouldst not lendeth thy ear to these lacking valor w'rds, those shouldst beest unspoken and p'rish from the tongue of true believ'rs, for they art unclean!

  • @madmonkey57 Note that VPN over ICMP/DNS needs to be activated manually on the VPN Server Manager.

  • zserozsero Member
    edited March 2013

    @dnobori, this looks like one of the greatest project I've seen recently! Seriously cool! Do you by any chance know if it would be possible to compile it to a vyatta based Ubiquty EdgeMax Lite? http://www.ubnt.com/edgemax

    That would be a crazy Cisco killer thing for $99 + your software.

    Update: I have problem making it work over TUN/TAP + OpenVZ without using the SecureNAT / Virtual NAT. With SecureNAT + Virtual NAT everything works fine. I've enabled the TUN function on my OVZ VPS and I was able to create the TUN adapter. It's visible and operating. But I don't have routing if I disable Virtual NAT in SecureNAT and only leave Virtual DHCP on.

    BTW, the Server Manager GUI is an absolute fantastic thing!

    Update2: How is it possible that the client can still connect, even thought I did not allow ICMP and DNS? I only specified a single port, and removed the standard ones. But somehow the client can still connect if I don't limit by /tcp.

  • So in order to replace OpenVPN, what would I choose as my server type? I just want a VPN tunnel to route all my traffic through the VPN. With OpenVPN it was a pretty simple config setup, with very few lines in the config needed to make it just work. I love this GUI, but for someone who just wants a VPN tunnel, which option would it be?

  • Can't seem to get VPN over ICMP to works Probably my problem, not sure how to do it I enabled it on server side but can't get client to connect through ICMP Because at the client site, it require to connect to host/port of the VPN server but if only ICMP network is allowed, host/ip connected won't be possible, therefore initial connection won't be working any how Any idea?

  • I made a simple tutorial on how to deploy SoftEther on buyvm. http://linc01n.github.com/blog/2013/03/19/softether-on-vps/

    Thanked by 2netomx bertan
  • zserozsero Member

    @lincoln, Thanks for this, nice tutorial!

    If you could extend it for a part for setting up without SecureNAT using TUN/TAP and bridge , I'd be a great help.

  • @zsero I am still trying out the TUN setting... next tutorial will be TUN + OpenVPN setup

  • jarlandjarland Administrator

    @lincoln said: I made a simple tutorial on how to deploy SoftEther on buyvm.

    Thank you! I was waiting for someone to do that, save me some time ;)

  • ryanarpryanarp Member, Provider

    @lincoln Thank You! It works great :)

  • OllieOllie Member

    This software looks really nice. Thanks for sharing :)

  • calimansicalimansi Member
    edited March 2013

    Hey Gang,

    I figured out how to run Softether using TAP on OpenVZ. I'll write a quick tutorial when I get home today.

    I've found the speeds to be much faster using TAP compared to securenat (no offense to dnoburi, because this really is excellent software).

    Thanks.

  • lumaluma Member

    Is there a way when using the Linux SoftEther client connecting to a linux softether server to have ALL network traffic route via the server? including internet?

    Thank you.

  • Ok...

    So follow lincoln's script to get everything compiled and running.

    I would then disable all the NAT stuff; natdisable, dhcpdisable, securenatdisable.

    Install dhcpd. In ubuntu it's isc-dhcp-server (apt-get install). Configure the dhcp server by editting /etc/dhcp/dhcpd.conf and adding your settings. I changed the DNS servers and added just enough to pass out ip addresses on the local subnet. Here is my config for reference:

    ddns-update-style none; option domain-name "XXX"; option domain-name-servers 8.8.8.8, 8.8.4.4; default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.254; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.100; range 192.168.1.150 192.168.1.200; }

    Take note of the option routers line. This address will become the address of the TAP interface.

    Back to Softether. Create a local bridge. I use this command, "bridgecreate /DEVICE:tap0 /TAP:yes"

    Now if you run ifconfig, you'll see a device called tap_tap0. Run the following, "ifconfig tap_tap0 192.168.1.254"... or the address you selected as your option routers address.

    Finally, run this command: iptables -t nat -A POSTROUTING -s YOUR.SUBNET -j SNAT --to-source VPSIP

    Test it out and you should be good to go.

    If you have any questions, please let me know.

  • ClownJugglarClownJugglar Member
    edited March 2013

    ok I got it figured out. You need to create the TAP device and assign it an IP address BEFORE starting dhcpd. You need to edit /etc/default/isc-dhcp-server and add the name of your TAP device to the interfaces= section.

    So now I connect, and dhcp gives me an IP. I have the iptables rules enabled. Do I need to do something else? I am not getting internet access after connecting to the VPN. Will this be like OpenVPN where you have to use sysctl to enabled packet forwarding?

    Enabled ipv4 forwarding, still no internet access.

    Fixed: "YOUR.SUBNET" needs to be (using example) 192.168.1.0/24 not 255.255.255.0 which is what I figured "YOUR.SUBNET" meant.

    sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source xxx.xxx.xxx.xxx

    Wow it is much faster IMHO vs SecureNAT setup. Nice.

  • Thanks for fixing my missing steps ClownJugglar.

    Now I just need to figure out how to connect to it using the Linux client. Anyone with a tutorial for that?

  • zserozsero Member

    What can I do if I don't have iptables? Is iptables needed for NAT?

    @dnobori is it possible to have an implementation in the future what uses SecureNAT, but with TUN/TAP? I mean that way we wouldn't need dhcpd and iptables, but could be as fast as them.

  • @dnobori how do I connect trough ICMP/DNS? I can't see the way to do so on client side. There is only enable/disable settings on server manager. anyone?

  • Hi. Sorry for late response. I am very tired now. I will answer as soon as possible.

  • lumaluma Member

    @calimansi said: Now I just need to figure out how to connect to it using the Linux client. Anyone with a tutorial for that?

    The linux client seems very poorly designed. You need to use a windows machine to manage the client (like the server) unless you want to do everything by hand but without any help documentation.

  • FreekFreek Member

    Looks like a very good alternative to OpenVPN AS.

    Linux noob willing to learn.

  • PandoGulfPandoGulf Member
    edited March 2013

    I'm using port 443 ( apache does ! )

    ./vpncmd 1 ret ret I got this

    Error occurred. (Error code: 2) Protocol error occurred. Error was returned from the destination server. so how can I change the port !! I have tried to do this ( changed it to e.g, 6666 ) If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer). **Hostname of IP Address of Destination: localhost:6666 ret

    Specify Virtual Hub Name: Error occurred. (Error code: 1) Connection to the server failed. Check network connection and make sure that address and port number of destination sever are correct.

    help :)

    FIXED: http://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.3_VPN_Server_Administration#3.3.6_Listener_Ports

    just used port 5555 :) and now all goooood

  • nikcnikc Member

    Would love to know if there is an easy way to get some usage reports out of this.

  • Just set this up and so far I'm very impressed. The setup was extremely easy just by following the official documentation and it works as expected.

  • can't seem to change the parameter for the cloned openvpn server

  • bigcatbigcat Member
    edited April 2013

    @dnobori

    that is some nasty server room you have there

    image

  • user123user123 Member
    edited April 2013

    I just installed the basic VPN with SoftEther (thanks @lincoln !), but can't quite figure out how to connect with an OpenVPN client. The website says "It has the interoperability with OpenVPN, L2TP, IPsec, EtherIP, L2TPv3, Cisco VPN Routers and MS-SSTP VPN Clients." Has anyone had luck with this? Specifically, how do I generate a client .ovpn file +/- certificates in SoftEther VPN for use with the OpenVPN client?

    ETA: Never mind. I "discovered" the "OpenVPN/MS-SSTP Settings" button at the bottom of the Server Manager window :$.

    ETA2: Hmm, I can't connect to the VPN, even though the server manager says that it is online. The furthest the connection goes is "UDPv4 link remote: :", but it doesn't connect :/.

    Personal consultant to OP's Mom™

  • lincolnlincoln Member
    edited April 2013

    @user123 Softether is nice... once I setup I can try openvpn without setup server again. I tried a little. I guess you are using the generated config file.

    try update this line

    proto udp

    to proto tcp

    and the

    remote vpnXXXXX.v4.softether.net 1194

    to remote your server ip 1194

  • FreekFreek Member

    I am amazed by this. It was easy to setup, thanks to @lincoln 's tutorial and it works so easy :) Thanks, golden tip!

    Linux noob willing to learn.

  • anyone tried the icmp/dns feature?

  • anyone tried the icmp/dns feature?

    +1, I am trying to configure this too. TCP (HTTPS) works just fine but I am not sure how to get DNS based VPN working. I have downloaded the custom SoftEther client but it does not seem to have a way of specifying that I want to use ICMP or DNS.

  • FreekFreek Member
    edited April 2013

    Hmm, I am using it for OpenVPN and I can't get speeds above 2Mbps. Is by default speed throtteled? Local bridge is disabled

    Linux noob willing to learn.

  • @Freek SecureNAT is slow. Need to use local bridge instead of SecureNAT for faster speed. But I still don't figure out how.

  • FreekFreek Member

    @lincoln said: @Freek SecureNAT is slow. Need to use local bridge instead of SecureNAT for faster speed. But I still don't figure out how.

    Thanks for the reply. Hmm, that's a shame, I really liked softether but if I can't get faster speeds, I cannot use it. Local bridge only seems to work with real ethernet NICs, not wifi cards.

    Linux noob willing to learn.

  • zserozsero Member
    edited April 2013

    @Freek said: Local bridge only seems to work with real ethernet NICs, not wifi cards.

    Local bridge needs to be on the server, not on the client. It doesn't matter what network card the client uses. In case of you server being on a VPS, you have to make local bridge on the VPS.

    Creating a local bridge is actually easy. The problem is installing dhcp server and iptables for NAT. It would be nice if Softether could take advantage of the TUN device without iptables and dhcp server.

  • @Freek I think you can follow @calimansi instruction. The bridge part is you bridge your tap VPN network with your vps vnet|eth network. All are on server side . No matter what client setup you use.

  • FreekFreek Member

    @zsero @lincoln Thanks for the support guys, will do.

    But I am stuck creating the bridge. I keep getting an error about not having enough priveleges, altough I am logged in as root;

    VPN Server/Inceptionhosting (NL)>bridgecreate /DEVICE:tap0 /TAP:yes BridgeCreate command - Create Local Bridge Connection Virtual Hub Name to Create Bridge: vpn

    Error occurred. (Error code: 52) Not enough privileges.

    Any idea what's wrong? Thanks!

    Linux noob willing to learn.

  • @Freek First thing, Does your vps provider enable tun for you by default?

  • FreekFreek Member

    @lincoln said: @Freek First thing, Does your vps provider enable tun for you by default?

    Thanks for the quick reply! Yes, this is on Xen PV which should have tun/tap enabled by default. I've used it in the past :)

    Linux noob willing to learn.

  • FreekFreek Member

    So I followed @calimansi 's and @ClownJugglar 's steps and am now able to connect, but I'm not getting an IP.

    I was unsure about some things, so here are the assumptions I made:

    • I changed 'tun' to 'tap' in the OVPN file, as we've created a tap interface on the VPS. Without this, I kept getting authentication failure.
    • I was unable to create a TAP interface through SSH, so I used the Softether Management Utility instead. It shows up correctly on my VPS if typing ifconfig.

    @ClownJugglar said: You need to create the TAP device and assign it an IP address BEFORE starting dhcpd.

    I read this step too late and created a TAP device after starting dhcpd. Also, I was unsure which IP to assign to the TAP interface so I just went with 10.0.0.1, is that OK? To makeup for creating the device after starting dhcpd, I rebooted the server, this should be sufficient right?

    @ClownJugglar said: sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source xxx.xxx.xxx.xxx

    I used this IPtable rule instead of calamansi 's IPtable tule.

    Thanks in advance.

    Linux noob willing to learn.

  • @lincoln said: try update this line proto udp to proto tcp

    Thank you! Changing UDP->TCP fixed it.

    Personal consultant to OP's Mom™

  • lumaluma Member

    Anyone figure out how to get the linux client out of easy mode so that it can be administered via the client manager gui?

    This project has potential but they need to concentrate on linux a bit!

  • FreekFreek Member
    edited April 2013

    Small bump, still haven't been able to fix my issue above. I can connect via OpenVPN but I can't get an IP. Would love to use this. This is how I set it up:

    `./vpscmd natdisable, dhcpdisable, securenatdisable //Disable all the NAT stuff; bridgecreate /DEVICE:tap0 /TAP:yes //If this doesn't work, try setting it up through Softether's Windows Management interface; EXIT

    run: ifconfig tap_tap0 192.168.1.254

    edit: /etc/default/isc-dhcp-server INTERFACES="tap_tap0"

    apt-get install isc-dhcp-server apt-get install

    edit: /etc/dhcp/dhcpd.conf ddns-update-style none; option domain-name "XXX"; option domain-name-servers 8.8.8.8, 8.8.4.4; default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.254; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.100; range 192.168.1.150 192.168.1.200; }

    run: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source VPS.IP.ADDRESS.HERE

    Open the generated .OVPN file: Change 'tun' to 'tap', as we've setup a TAP bridge. Also, without doing this, I kept getting an authentication failure`

    Thanks guys!

    Linux noob willing to learn.

  • FreekFreek Member

    I managed to get things up and running. The key was in the iptables command. The Iptables command given by calamansi/clownjuggelar is for OpenVZ. Was trying to set it up on XenPV. Here are the steps I did: http://pastebin.com/EYXphBsj

    I noticed that DNS requests aren't being tunneled. Can anyone else confirm this?

    @NanoG6 said: how do I connect trough ICMP/DNS? I can't see the way to do so on client side. There is only enable/disable settings on server manager.

    I contacted the developer of Softether and he said this: The SoftEther VPN client attempts to connect by all method automatically. User can't specify connecting method expressly

    Linux noob willing to learn.

  • nikcnikc Member

    @freek anychance of a guide ? would love to get this going without using the slower secureNAT.

  • FreekFreek Member

    @nikc said: @freek anychance of a guide ? would love to get this going without using the slower secureNAT.

    Sure, I'll write one up in the next few days. I am just waiting for the dev of Softether to answer my question on how to tunnel DNS requests as well.

    Linux noob willing to learn.

Sign In or Register to comment.