Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


SoftEther - Very powerful, easy-to-use, multi-protocol VPN software - Page 6
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

SoftEther - Very powerful, easy-to-use, multi-protocol VPN software

12346

Comments

  • yes you have to

  • KeyJeyKeyJey Member
    edited March 2014

    belinik said: yes you have to

    No, that is incorrect. You don't need TAP enabled, maybe if you enable bridge mode (witch is unnecesary) you should need it, but it's not necessary to do that to make it work.

  • @lincoln said:
    I made a simple tutorial on how to deploy SoftEther on buyvm.

    Thanks, @lincoln I finally got it working. Yours was the only tutorial that worked for me. I had to add a whole bunch of firewall rules lol. I don't know how many of these are strictly necessary:

    sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -A INPUT -i lo -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 22 -s my.isp.0.0/16 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 22 -s myfriend.isp.0.0/16 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 67 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 68 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 992 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 1194 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 5555 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 500 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 4500 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 1701 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 1701 -j ACCEPT
    sudo iptables -A INPUT -p 50 -j ACCEPT
    sudo iptables -A INPUT -p 51 -j ACCEPT
    sudo iptables -P INPUT DROP
    sudo iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j MASQUERADE
    
  • KeyJey said: enable bridge mode (witch is unnecesary)

    huge difference. this mode should be prefered. i can easily get over 100Mbps on this mode yet on securenat only about 10Mb

  • Last time I tried to use this on a Ubuntu 14.04 KVM guest running on a proxmox host I had trouble browsing the web when the VPN tunnel was connected, It seemed like MTU issues although they claim their client doesn't suffer from that.

    Tried bridged and secure NAT, werid thing Is I had a previous version working ages ago, just which I could remember which OS it was running on.

  • edited February 2015

    I know this is an old thread but I tried Softether today and I'm getting 5 times the throughput I was getting on openvpn. I mean, openvpn is great and legendary, but alternatives never hurt anyone.

  • Yep, it's way faster than OpenVPN protocol.
    Hell, I'm using it for VPN as in a private network and I can even watch movies at home from my kimsufi server which is linked to my Vpn in Netherlands. And due to compression, my speedtest results are always higher than my real connection speed but I know it is fast!

  • netomxnetomx Moderator, Veteran

    @Nomad said:
    Yep, it's way faster than OpenVPN protocol.
    Hell, I'm using it for VPN as in a private network and I can even watch movies at home from my kimsufi server which is linked to my Vpn in Netherlands. And due to compression, my speedtest results are always higher than my real connection speed but I know it is fast!

    Openvpn udp?

  • sounds very cool.... gonna pop one up to try it out over OpenVPN AS that im using right now... thanks dude!

  • SplitIceSplitIce Member, Host Rep
    edited February 2015

    Pretty awesome, primarily since they don't use TUN/TAP. The API for TUN/TAP is actually pretty detrimental to high performance applications.

    Technical: TUN/TAP fetches each packet from the kernel individually, involving many user <-> kernel space transitions.

  • I use softether L2TP/IPSEC on mobile phone. Cpu load is pretty high. Cpu spike is likely triggered 1.0 load on single cpu. Not very suitable if gonna use multiuser on small vps.

  • NyrNyr Community Contributor, Veteran

    nadz said: I use softether L2TP/IPSEC on mobile phone. Cpu load is pretty high. Cpu spike is likely triggered 1.0 load on single cpu. Not very suitable if gonna use multiuser on small vps.

    That's my experience on a default setup too. CPU load is about 10 times higher than on a simple OpenVPN install.

  • @Nyr said:
    That's my experience on a default setup too. CPU load is about 10 times higher than on a simple OpenVPN install.

    Any tips for alternate setup?

  • NyrNyr Community Contributor, Veteran
  • NomadNomad Member
    edited February 2015

    There are spikes on cpu indeed.
    My Softether setup has about 5 active users all the time and from time to time I get high cpu emails from my monit and/or nodequery.

    The speed is really good, but I'ld reccomend to disable UDP compression before doing the speedtest.net tests since you download compressible data the results may be above than your real net speed.
    Check the examplary results I got when I was testing the speed.

    1- Normal SpeedTest on 24Mb Fiber Connection

    >
    http://www.speedtest.net/my-result/4097518075

    2- Speedtest with Softether VPN Connection (with Local Bridge)

    >
    http://www.speedtest.net/my-result/4097521587

    3- Speedtest with Softether VPN Connection while Data Compression is disabled

    >
    http://www.speedtest.net/my-result/4097524927

    4- Speedtest with Softether VPN Connection while Data Compression and SSL Connections are disabled.

    >
    http://www.speedtest.net/my-result/4097527898

    5- Speedtest with Softether VPN Connection while SSL Connection is disabled but Data Compression is enabled

    >
    http://www.speedtest.net/my-result/4097530857

    and This is the most bizarre result I got:

    >
    http://www.speedtest.net/my-result/4103241887

  • MakenaiMakenai Member
    edited February 2015

    After a bit of fiddling got Softether to run on my Openwrt router... holy shit, this thing is holy.
    If anyone is interested PM me, I will make a guide.
    Getting 18mbps goodput using TP-Link 842nd (20Eur)

    Thanked by 1netomx
  • Anybody using this with NCP Android Client?

  • @foetti said:
    Anybody using this with NCP Android Client?

    Don't know it... But "OpenVPN for Android" works just fine.

  • netomxnetomx Moderator, Veteran

    @Makenai said:
    After a bit of fiddling got Softether to run on my Openwrt router... holy shit, this thing is holy.
    If anyone is interested PM me, I will make a guide.
    Getting 18mbps goodput using TP-Link 842nd (20Eur)

    meh, why not. Just send it :)

  • MakenaiMakenai Member
    edited February 2015

    @netomx said:
    meh, why not. Just send it :)

    Looks like someone has made it a lot easier.

    https://github.com/el1n/OpenWRT-package-softether

    Make sure you have extroot or at least 8Mb of flash. Swap should also be required if your router has <32Mb RAM.

    Just get the packages from http://b.mikomoe.jp/ and install them.

    After that create a local bridge with name soft (From Server manager)

    ifconfig tap_soft 192.168.10.1
    iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source [WAN IP]
    

    edit dnsmasq and add this

    interface=tap_soft
    dhcp-range=tap_soft,192.168.10.50,192.168.10.100,12h
    dhcp-option=tap_soft,3,192.168.10.1
    

    Or you can skip dnsmasq and interface config steps and just bridge it using brctl with your local lan.

    I turned off SSL for performance, you can do that from client.

    If you want to start it from shell you have to add

    /usr/bin/env LANG=en_US.UTF-8 
    

    Before the Softether utility you're executing, for example

    /usr/bin/env LANG=en_US.UTF-8 /usr/bin/vpncmd
    
    Thanked by 1outime
  • @Makenai said:
    After a bit of fiddling got Softether to run on my Openwrt router... holy shit, this thing is holy.
    If anyone is interested PM me, I will make a guide.
    Getting 18mbps goodput using TP-Link 842nd (20Eur)

    I just registered and try to do it for my WR1043nd Router with openwrt aa Not! ididfailedwith allthis prepared IPK.Can we come somehowinTouch becausei liketo write a littletutorialin German how to do it. I could not write a PM because i just registered here.
    Fact is i run a Server at DO and like with a extroot USBstick to connect my server directly from my router and not my windows pc. In case i can offer you xmpp chat or teamviewer if necessary. softether is not so often used in germany because there are not much tutorials in german language. Softeather or vpngate do not anonmyse as far as i know.for his i like to use also the router to connet maybee to my vpn provider. thanks in advance.

  • make one. i find it hard to setup. too much capabilitles which is cool but too overwhelming. i need to slowly go over it on a weekend

    Thanked by 1netomx
  • netomxnetomx Moderator, Veteran

    Why not OpenVPN?

  • ChuckChuck Member
    edited March 2015

    Can someone write a Debian guide how to setup Softether on VPS Local Bridge + IPv6?

    Thanked by 1muratai
  • @Chuck said:
    Can someone write a Debian guide how to setup Softether on VPS Local Bridge + IPv6?

    IPv6 NAT or using assignment?

  • I tested this on 512mb $5 usd digitalocean vps sometime ago. It was consuming 99% cpu at all times. Not vps friendly!

  • netomxnetomx Moderator, Veteran

    @muratai said:
    I tested this on 512mb $5 usd digitalocean vps sometime ago. It was consuming 99% cpu at all times. Not vps friendly!

    Disable securenat

    Thanked by 1muratai
  • I'll disable it next time I install soft ether.

  • NyrNyr Community Contributor, Veteran

    Anyone has checked the performance without secure NAT? Yeah, is faster, but how fast? Better than OpenVPN, I assume? Can you do at least 100 mbps on a single E3/E5 core?

  • I have no issues with Secure NAT. However, running without Secure NAT does provide better throughput and latency. It also decreases CPU load.

Sign In or Register to comment.