Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

SoftEther - Very powerful, easy-to-use, multi-protocol VPN software - Page 4
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

SoftEther - Very powerful, easy-to-use, multi-protocol VPN software

124»

Comments

  • @quddus said: Do we have to have tun/tap/PPP enabled even for secure NAT setup ?

    UI don't know :(

  • yes you have to

  • KeyJeyKeyJey Member
    edited March 2014

    belinik said: yes you have to

    No, that is incorrect. You don't need TAP enabled, maybe if you enable bridge mode (witch is unnecesary) you should need it, but it's not necessary to do that to make it work.

  • @lincoln said: I made a simple tutorial on how to deploy SoftEther on buyvm.

    Thanks, @lincoln I finally got it working. Yours was the only tutorial that worked for me. I had to add a whole bunch of firewall rules lol. I don't know how many of these are strictly necessary:

    sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -A INPUT -i lo -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 22 -s my.isp.0.0/16 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 22 -s myfriend.isp.0.0/16 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 67 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 68 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 992 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 1194 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 5555 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 500 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 4500 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 1701 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 1701 -j ACCEPT
    sudo iptables -A INPUT -p 50 -j ACCEPT
    sudo iptables -A INPUT -p 51 -j ACCEPT
    sudo iptables -P INPUT DROP
    sudo iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j MASQUERADE
    
  • KeyJey said: enable bridge mode (witch is unnecesary)

    huge difference. this mode should be prefered. i can easily get over 100Mbps on this mode yet on securenat only about 10Mb

    I AM BACK :) Working Windows Server 2012 R2 on 6GB! Beat that!

  • Last time I tried to use this on a Ubuntu 14.04 KVM guest running on a proxmox host I had trouble browsing the web when the VPN tunnel was connected, It seemed like MTU issues although they claim their client doesn't suffer from that.

    Tried bridged and secure NAT, werid thing Is I had a previous version working ages ago, just which I could remember which OS it was running on.

  • edited February 2015

    I know this is an old thread but I tried Softether today and I'm getting 5 times the throughput I was getting on openvpn. I mean, openvpn is great and legendary, but alternatives never hurt anyone.

  • Yep, it's way faster than OpenVPN protocol. Hell, I'm using it for VPN as in a private network and I can even watch movies at home from my kimsufi server which is linked to my Vpn in Netherlands. And due to compression, my speedtest results are always higher than my real connection speed but I know it is fast!

    I never turn down help on improving my Nginx Configuration Template ;)
    NameSilo.com coupons: CheapDoms or Discounted

  • @Nomad said: Yep, it's way faster than OpenVPN protocol. Hell, I'm using it for VPN as in a private network and I can even watch movies at home from my kimsufi server which is linked to my Vpn in Netherlands. And due to compression, my speedtest results are always higher than my real connection speed but I know it is fast!

    Openvpn udp?

  • sounds very cool.... gonna pop one up to try it out over OpenVPN AS that im using right now... thanks dude!

  • SplitIceSplitIce Member, Provider
    edited February 2015

    Pretty awesome, primarily since they don't use TUN/TAP. The API for TUN/TAP is actually pretty detrimental to high performance applications.

    Technical: TUN/TAP fetches each packet from the kernel individually, involving many user <-> kernel space transitions.

    X4B - DDoS Protection: EU & US affordable DDoS protection including Layer 7 mitigation.
    Latest Offer: $7 Anycast DDoS Protection
  • I use softether L2TP/IPSEC on mobile phone. Cpu load is pretty high. Cpu spike is likely triggered 1.0 load on single cpu. Not very suitable if gonna use multiuser on small vps.

  • nadz said: I use softether L2TP/IPSEC on mobile phone. Cpu load is pretty high. Cpu spike is likely triggered 1.0 load on single cpu. Not very suitable if gonna use multiuser on small vps.

    That's my experience on a default setup too. CPU load is about 10 times higher than on a simple OpenVPN install.

  • @Nyr said: That's my experience on a default setup too. CPU load is about 10 times higher than on a simple OpenVPN install.

    Any tips for alternate setup?

  • NomadNomad Member
    edited February 2015

    There are spikes on cpu indeed. My Softether setup has about 5 active users all the time and from time to time I get high cpu emails from my monit and/or nodequery.

    The speed is really good, but I'ld reccomend to disable UDP compression before doing the speedtest.net tests since you download compressible data the results may be above than your real net speed. Check the examplary results I got when I was testing the speed.

    1- Normal SpeedTest on 24Mb Fiber Connection

    http://www.speedtest.net/my-result/4097518075

    2- Speedtest with Softether VPN Connection (with Local Bridge)

    http://www.speedtest.net/my-result/4097521587

    3- Speedtest with Softether VPN Connection while Data Compression is disabled

    http://www.speedtest.net/my-result/4097524927

    4- Speedtest with Softether VPN Connection while Data Compression and SSL Connections are disabled.

    http://www.speedtest.net/my-result/4097527898

    5- Speedtest with Softether VPN Connection while SSL Connection is disabled but Data Compression is enabled

    http://www.speedtest.net/my-result/4097530857

    and This is the most bizarre result I got:

    http://www.speedtest.net/my-result/4103241887

    I never turn down help on improving my Nginx Configuration Template ;)
    NameSilo.com coupons: CheapDoms or Discounted

  • MakenaiMakenai Member
    edited February 2015

    After a bit of fiddling got Softether to run on my Openwrt router... holy shit, this thing is holy. If anyone is interested PM me, I will make a guide. Getting 18mbps goodput using TP-Link 842nd (20Eur)

    Thanked by 1netomx
  • @foetti said: Anybody using this with NCP Android Client?

    Don't know it... But "OpenVPN for Android" works just fine.

    I never turn down help on improving my Nginx Configuration Template ;)
    NameSilo.com coupons: CheapDoms or Discounted

  • @Makenai said: After a bit of fiddling got Softether to run on my Openwrt router... holy shit, this thing is holy. If anyone is interested PM me, I will make a guide. Getting 18mbps goodput using TP-Link 842nd (20Eur)

    meh, why not. Just send it :)

  • MakenaiMakenai Member
    edited February 2015

    @netomx said: meh, why not. Just send it :)

    Looks like someone has made it a lot easier.

    https://github.com/el1n/OpenWRT-package-softether

    Make sure you have extroot or at least 8Mb of flash. Swap should also be required if your router has <32Mb RAM.

    Just get the packages from http://b.mikomoe.jp/ and install them.

    After that create a local bridge with name soft (From Server manager)

    ifconfig tap_soft 192.168.10.1
    iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source [WAN IP]
    

    edit dnsmasq and add this

    interface=tap_soft
    dhcp-range=tap_soft,192.168.10.50,192.168.10.100,12h
    dhcp-option=tap_soft,3,192.168.10.1
    

    Or you can skip dnsmasq and interface config steps and just bridge it using brctl with your local lan.

    I turned off SSL for performance, you can do that from client.

    If you want to start it from shell you have to add

    /usr/bin/env LANG=en_US.UTF-8 
    

    Before the Softether utility you're executing, for example

    /usr/bin/env LANG=en_US.UTF-8 /usr/bin/vpncmd
    
    Thanked by 1outime
  • @Makenai said: After a bit of fiddling got Softether to run on my Openwrt router... holy shit, this thing is holy. If anyone is interested PM me, I will make a guide. Getting 18mbps goodput using TP-Link 842nd (20Eur) I just registered and try to do it for my WR1043nd Router with openwrt aa Not! ididfailedwith allthis prepared IPK.Can we come somehowinTouch becausei liketo write a littletutorialin German how to do it. I could not write a PM because i just registered here. Fact is i run a Server at DO and like with a extroot USBstick to connect my server directly from my router and not my windows pc. In case i can offer you xmpp chat or teamviewer if necessary. softether is not so often used in germany because there are not much tutorials in german language. Softeather or vpngate do not anonmyse as far as i know.for his i like to use also the router to connet maybee to my vpn provider. thanks in advance.

  • make one. i find it hard to setup. too much capabilitles which is cool but too overwhelming. i need to slowly go over it on a weekend


    Nexus 6 - Great Phone!

    Thanked by 1netomx
  • Why not OpenVPN?

  • ChuckChuck Member
    edited March 2015

    @Nyr said: http://blog.lincoln.hk/blog/2013/05/17/softether-on-vps-using-local-bridge/

    Can someone write a Debian guide how to setup Softether on VPS Local Bridge + IPv6?

    Thanked by 1muratai
  • @Chuck said: Can someone write a Debian guide how to setup Softether on VPS Local Bridge + IPv6?

    IPv6 NAT or using assignment?

  • I tested this on 512mb $5 usd digitalocean vps sometime ago. It was consuming 99% cpu at all times. Not vps friendly!

  • @muratai said: I tested this on 512mb $5 usd digitalocean vps sometime ago. It was consuming 99% cpu at all times. Not vps friendly!

    Disable securenat

    Thanked by 1muratai
  • I'll disable it next time I install soft ether.

  • NyrNyr Member

    Anyone has checked the performance without secure NAT? Yeah, is faster, but how fast? Better than OpenVPN, I assume? Can you do at least 100 mbps on a single E3/E5 core?

  • I have no issues with Secure NAT. However, running without Secure NAT does provide better throughput and latency. It also decreases CPU load.

  • did any one tell me how to install softether vpn in my server is there any gui for this softether to install

  • MakenaiMakenai Member
    edited March 2015

    Hey guys, I've written the guide I promised (Softether setup on OpenWRT) In the guide I've completely described the process of manually compiling the packages needed in case you do not have architecture which has precompiled packages. I've also described two different networking solutions for VPN clients and how to accomplish them, that is:

    1) VPN clients are in the same subnet as your local clients

    I.E your local PC has 192.168.1.2 and the VPN client 192.168.1.3

    2) VPN clients are in different subnet than your local clients

    I.E your local PC has IP 192.168.1.2 and the VPN client 192.168.50.2

    If you are interested you can check out the guide here http://wordpress.tirlins.com/?p=63

    People who have shown interest before: @netomx, @arztde

    I would also be thankful if you could PM me orthographic and grammatical mistakes you find in the guide.

    Thanked by 2Nyr netomx
  • @Makenai said: Hey guys, I've written the guide I promised (Softether setup on OpenWRT) In the guide I've completely described the process of manually compiling the packages needed in case you do not have architecture which has precompiled packages. I've also described two different networking solutions for VPN clients and how to accomplish them, that is:

    1) VPN clients are in the same subnet as your local clients

    I.E your local PC has 192.168.1.2 and the VPN client 192.168.1.3

    2) VPN clients are in different subnet than your local clients

    I.E your local PC has IP 192.168.1.2 and the VPN client 192.168.50.2

    If you are interested you can check out the guide here http://wordpress.tirlins.com/?p=63

    People who have shown interest before: netomx, arztde

    I would also be thankful if you could PM me orthographic and grammatical mistakes you find in the guide.

    @Makenai said: Hey guys, I've written the guide I promised (Softether setup on OpenWRT) In the guide I've completely described the process of manually compiling the packages needed in case you do not have architecture which has precompiled packages. I've also described two different networking solutions for VPN clients and how to accomplish them, that is:

    1) VPN clients are in the same subnet as your local clients

    I.E your local PC has 192.168.1.2 and the VPN client 192.168.1.3

    2) VPN clients are in different subnet than your local clients

    I.E your local PC has IP 192.168.1.2 and the VPN client 192.168.50.2

    If you are interested you can check out the guide here http://wordpress.tirlins.com/?p=63

    People who have shown interest before: netomx, arztde

    I would also be thankful if you could PM me orthographic and grammatical mistakes you find in the guide.

    I will on the weekend, I'm going to my vacations

  • MakenaiMakenai Member
    edited April 2015

    Forked the el1n OpenWRT softether repo and updated a few things, compiled packages for the newest Softether version.

    http://vpslv.tirlins.com/openwrt/packs/4.15-9538/

  • how to setting local bridge on windows vps, i try but doesnt work

  • netomxnetomx Member

    Makenai said: Forked the el1n OpenWRT softether repo and updated a few things, compiled packages for the newest Softether version.

    I can't use it on my routers, how much ram do you need?

  • I'm a new user and I want to know how I can create login for SoftEther VPN Client Manager. do I need a normal VPN login or I need VPS ? please I need help.

Sign In or Register to comment.