Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


SoftEther - Very powerful, easy-to-use, multi-protocol VPN software - Page 3
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

SoftEther - Very powerful, easy-to-use, multi-protocol VPN software

13567

Comments

  • @zsero I am still trying out the TUN setting... next tutorial will be TUN + OpenVPN setup

  • jarjar Patron Provider, Top Host, Veteran

    @lincoln said: I made a simple tutorial on how to deploy SoftEther on buyvm.

    Thank you! I was waiting for someone to do that, save me some time ;)

  • ryanarpryanarp Member, Patron Provider

    @lincoln Thank You! It works great :)

  • OllieOllie Member

    This software looks really nice. Thanks for sharing :)

  • calimansicalimansi Member
    edited March 2013

    Hey Gang,

    I figured out how to run Softether using TAP on OpenVZ. I'll write a quick tutorial when I get home today.

    I've found the speeds to be much faster using TAP compared to securenat (no offense to dnoburi, because this really is excellent software).

    Thanks.

  • lumaluma Member

    Is there a way when using the Linux SoftEther client connecting to a linux softether server to have ALL network traffic route via the server? including internet?

    Thank you.

  • Ok...

    So follow lincoln's script to get everything compiled and running.

    I would then disable all the NAT stuff; natdisable, dhcpdisable, securenatdisable.

    Install dhcpd. In ubuntu it's isc-dhcp-server (apt-get install). Configure the dhcp server by editting /etc/dhcp/dhcpd.conf and adding your settings. I changed the DNS servers and added just enough to pass out ip addresses on the local subnet. Here is my config for reference:

    ddns-update-style none;
    option domain-name "XXX";
    option domain-name-servers 8.8.8.8, 8.8.4.4;
    default-lease-time 600;
    max-lease-time 7200;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.1.255;
    option routers 192.168.1.254;
    subnet 192.168.1.0 netmask 255.255.255.0 {
    range 192.168.1.10 192.168.1.100;
    range 192.168.1.150 192.168.1.200;
    }

    Take note of the option routers line. This address will become the address of the TAP interface.

    Back to Softether. Create a local bridge. I use this command, "bridgecreate /DEVICE:tap0 /TAP:yes"

    Now if you run ifconfig, you'll see a device called tap_tap0. Run the following, "ifconfig tap_tap0 192.168.1.254"... or the address you selected as your option routers address.

    Finally, run this command: iptables -t nat -A POSTROUTING -s YOUR.SUBNET -j SNAT --to-source VPSIP

    Test it out and you should be good to go.

    If you have any questions, please let me know.

  • ClownJugglarClownJugglar Member
    edited March 2013

    ok I got it figured out. You need to create the TAP device and assign it an IP address BEFORE starting dhcpd. You need to edit /etc/default/isc-dhcp-server and add the name of your TAP device to the interfaces= section.

    So now I connect, and dhcp gives me an IP. I have the iptables rules enabled. Do I need to do something else? I am not getting internet access after connecting to the VPN. Will this be like OpenVPN where you have to use sysctl to enabled packet forwarding?

    Enabled ipv4 forwarding, still no internet access.

    Fixed: "YOUR.SUBNET" needs to be (using example) 192.168.1.0/24 not 255.255.255.0 which is what I figured "YOUR.SUBNET" meant.

    sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source xxx.xxx.xxx.xxx

    Wow it is much faster IMHO vs SecureNAT setup. Nice.

  • Thanks for fixing my missing steps ClownJugglar.

    Now I just need to figure out how to connect to it using the Linux client. Anyone with a tutorial for that?

  • zserozsero Member

    What can I do if I don't have iptables? Is iptables needed for NAT?

    @dnobori is it possible to have an implementation in the future what uses SecureNAT, but with TUN/TAP? I mean that way we wouldn't need dhcpd and iptables, but could be as fast as them.

  • @dnobori
    how do I connect trough ICMP/DNS? I can't see the way to do so on client side. There is only enable/disable settings on server manager.
    anyone?

  • Hi. Sorry for late response. I am very tired now. I will answer as soon as possible.

  • lumaluma Member

    @calimansi said: Now I just need to figure out how to connect to it using the Linux client. Anyone with a tutorial for that?

    The linux client seems very poorly designed. You need to use a windows machine to manage the client (like the server) unless you want to do everything by hand but without any help documentation.

  • FreekFreek Member

    Looks like a very good alternative to OpenVPN AS.

  • PandoGulfPandoGulf Veteran
    edited March 2013

    I'm using port 443 ( apache does ! )

    ./vpncmd
    1
    ret
    ret
    I got this

    Error occurred. (Error code: 2) Protocol error occurred. Error was returned from the destination server.
    so how can I change the port !!
    I have tried to do this ( changed it to e.g, 6666 )
    If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer). **Hostname of IP Address of Destination: localhost:6666
    ret

    Specify Virtual Hub Name: Error occurred. (Error code: 1) Connection to the server failed. Check network connection and make sure that address and port number of destination sever are correct.

    help :)

    FIXED: http://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.3_VPN_Server_Administration#3.3.6_Listener_Ports

    just used port 5555 :) and now all goooood

  • nikcnikc Member

    Would love to know if there is an easy way to get some usage reports out of this.

  • Just set this up and so far I'm very impressed. The setup was extremely easy just by following the official documentation and it works as expected.

  • can't seem to change the parameter for the cloned openvpn server

  • bigcatbigcat Member
    edited April 2013

    @dnobori

    that is some nasty server room you have there

    image

  • user123user123 Member
    edited April 2013

    I just installed the basic VPN with SoftEther (thanks @lincoln !), but can't quite figure out how to connect with an OpenVPN client. The website says "It has the interoperability with OpenVPN, L2TP, IPsec, EtherIP, L2TPv3, Cisco VPN Routers and MS-SSTP VPN Clients." Has anyone had luck with this? Specifically, how do I generate a client .ovpn file +/- certificates in SoftEther VPN for use with the OpenVPN client?

    ETA: Never mind. I "discovered" the "OpenVPN/MS-SSTP Settings" button at the bottom of the Server Manager window :$.

    ETA2: Hmm, I can't connect to the VPN, even though the server manager says that it is online. The furthest the connection goes is "UDPv4 link remote: :", but it doesn't connect :/.

  • lincolnlincoln Member
    edited April 2013

    @user123 Softether is nice... once I setup I can try openvpn without setup server again.
    I tried a little. I guess you are using the generated config file.

    try update this line

    proto udp

    to proto tcp

    and the

    remote vpnXXXXX.v4.softether.net 1194

    to remote your server ip 1194

  • FreekFreek Member

    I am amazed by this. It was easy to setup, thanks to @lincoln 's tutorial and it works so easy :) Thanks, golden tip!

  • anyone tried the icmp/dns feature?

  • anyone tried the icmp/dns feature?

    +1, I am trying to configure this too. TCP (HTTPS) works just fine but I am not sure how to get DNS based VPN working. I have downloaded the custom SoftEther client but it does not seem to have a way of specifying that I want to use ICMP or DNS.

  • FreekFreek Member
    edited April 2013

    Hmm, I am using it for OpenVPN and I can't get speeds above 2Mbps. Is by default speed throtteled?
    Local bridge is disabled

  • @Freek SecureNAT is slow. Need to use local bridge instead of SecureNAT for faster speed. But I still don't figure out how.

  • FreekFreek Member

    @lincoln said: @Freek SecureNAT is slow. Need to use local bridge instead of SecureNAT for faster speed. But I still don't figure out how.

    Thanks for the reply.
    Hmm, that's a shame, I really liked softether but if I can't get faster speeds, I cannot use it. Local bridge only seems to work with real ethernet NICs, not wifi cards.

  • zserozsero Member
    edited April 2013

    @Freek said: Local bridge only seems to work with real ethernet NICs, not wifi cards.

    Local bridge needs to be on the server, not on the client. It doesn't matter what network card the client uses. In case of you server being on a VPS, you have to make local bridge on the VPS.

    Creating a local bridge is actually easy. The problem is installing dhcp server and iptables for NAT. It would be nice if Softether could take advantage of the TUN device without iptables and dhcp server.

  • @Freek I think you can follow @calimansi instruction. The bridge part is you bridge your tap VPN network with your vps vnet|eth network. All are on server side . No matter what client setup you use.

  • FreekFreek Member

    @zsero @lincoln Thanks for the support guys, will do.

    But I am stuck creating the bridge. I keep getting an error about not having enough priveleges, altough I am logged in as root;

    VPN Server/Inceptionhosting (NL)>bridgecreate /DEVICE:tap0 /TAP:yes
    BridgeCreate command - Create Local Bridge Connection
    Virtual Hub Name to Create Bridge: vpn

    Error occurred. (Error code: 52)
    Not enough privileges.

    Any idea what's wrong?
    Thanks!

Sign In or Register to comment.