January 12, 2014 at 21:31SoftEther VPN - Advanced Multiprotocol VPN Server and Client
How soon can I interest you if I say that this article will focus on a VPN server that can raise L2TP / IPsec, OpenVPN, MS-SSTP, L2TPv3, EtherIP servers, and also has its own protocol SSL-VPN », Which is indistinguishable from normal HTTPS traffic (which cannot be said about OpenVPN handshake, for example), can work not only through TCP / UDP, but also through ICMP (like pingtunnel, hanstunnel) and DNS (like iodine), it works faster (by assurance of the developers) of current implementations, builds L2 and L3 tunnels, has a built-in DHCP server, supports both kernel-mode and user-mode NAT, IPv6, shaping, QoS, cluster polarization, load balancing and fault tolerance, can be run under Windows, Linux, Mac OS, FreeBSD, and Solaris, and is Open-Source project under GPLv2?
That's it. This can not be missed.
Most likely, you have not heard about this project before. The fact is that Daiyu Nobori (登 大 遊)He began to develop it as soon as he went to Tsukuba University, and PPTP did not work from the campus network. In 2003, when he was 18 years old, he released the first version of SoftEther, and the government of Japan attacked him, who believed that this project can be regarded almost as malware, because it allows you to bypass firewalls (OpenVPN was just appearing at that time), it can also “damage the image of other VPN products” and forbade the distribution of the program. He tried to explain himself, but because because of this, he could possibly be expelled from the university, he did not insist strongly and removed the program from free access. Some time passes, and Mitsubishi Materials Corporation offers to buy SoftEther 1.0 from him and sign a contract for 10 years (April 2004-April 2014), which gives the corporation the right to sell SoftEther and prohibits Daiyu Nobori from selling the program and / or based on it, but in March 2013 it begins to distribute SoftEther for free, and only recently (January 4, 2014) it was opened under GPLv2. Unfortunately, there are still some problems with copyright, so SoftEther, until April 2014, probably will not be able to see some important functions: Radius / Active Directory authentication, RSA key authentication, DoS protection, Source IP ACL, Syslog transfer and Deep-inspect packet logging.
A little more about server features:
According to the author, SoftEther is faster than reference implementations. The software consists of a server, bridge server, client, GUI (Windows only) and CUI administration utilities. A client is needed to connect one computer to a LAN (Remote Access VPN), and a bridge server to connect two or more networks (Site-to-Site VPN). Unfortunately, CUI is not very well documented yet and I could not start the server only from CUI, I had to use the Windows version of the server and the GUI utility. It should be noted that the GUI utility can work not only with the local server, i.e. you can start the server itself on Linux, and administer it through the GUI utility for Windows. There are only basic settings in the GUI, to change advanced settings you have to go into the config or use CUI.
Here are some GUI screenshots to give you an idea of what the server can do and how everything is easily configured.
Server management window Hub management
window
Editing the
ACL user with the ability to simulate packet loss and jitter
Security Policy for the user
Configuring SecureNAT
Configuring L2TP / IPSec
Configuring OpenVPN and SSTP
The VPNGate project was created to bypass blocking by the administrator, provider or government. You can start your SoftEther server, check the box “use vpngate”, and users who need a free VPN can find your server in the VPNGate directory and connect to it, and they will not be able to access a range of private addresses like 192.168.0.0 / 16, but only to the Internet. SoftEther also writes logs for users who use your server through VPNGate.
That's probably all. I look forward to April, which, I hope, will bring support, at least, Radius and certificates.
The site, although there is little documentation on how to fine-tune SoftEther, is very clear, detailed and interestingly painted about networks and VPNs in general. If you are good with English and want to learn more about VPN, do not be lazy, read the documentation on the project website. Well, or at least look at the pictures.
SoftEther VPN
repository on github
That's it. This can not be missed.
Uh-oh, what is this thing?
Most likely, you have not heard about this project before. The fact is that Daiyu Nobori (登 大 遊)He began to develop it as soon as he went to Tsukuba University, and PPTP did not work from the campus network. In 2003, when he was 18 years old, he released the first version of SoftEther, and the government of Japan attacked him, who believed that this project can be regarded almost as malware, because it allows you to bypass firewalls (OpenVPN was just appearing at that time), it can also “damage the image of other VPN products” and forbade the distribution of the program. He tried to explain himself, but because because of this, he could possibly be expelled from the university, he did not insist strongly and removed the program from free access. Some time passes, and Mitsubishi Materials Corporation offers to buy SoftEther 1.0 from him and sign a contract for 10 years (April 2004-April 2014), which gives the corporation the right to sell SoftEther and prohibits Daiyu Nobori from selling the program and / or based on it, but in March 2013 it begins to distribute SoftEther for free, and only recently (January 4, 2014) it was opened under GPLv2. Unfortunately, there are still some problems with copyright, so SoftEther, until April 2014, probably will not be able to see some important functions: Radius / Active Directory authentication, RSA key authentication, DoS protection, Source IP ACL, Syslog transfer and Deep-inspect packet logging.
Description
A little more about server features:
- Lots of virtual hubs. Those. not every server instance serves only its clients, but everything in the limit of one server.
- Remote-Access (client-to-LAN) and Site-to-Site (combining two or more LANs into one) tunnels.
- Support for L2TP / IPsec, OpenVPN, MS-SSTP, L2TPv3, EtherIP and its own protocol
- VPN through ICMP and through DNS (only through its protocol)
- Dynamic DNS and NAT Traversal through a free relay ( yes, you can raise a VPN server with a gray IP! )
- Logging
- Integrated firewall
- Support for IPv6 in L3 mode (well, in L2, of course, too)
- Shaping traffic by user groups or by specific users
- SecureNAT (user-space NAT and DHCP server). Convenient on non-server Windows
- VLAN Support
- QoS support with automatic prioritization
According to the author, SoftEther is faster than reference implementations. The software consists of a server, bridge server, client, GUI (Windows only) and CUI administration utilities. A client is needed to connect one computer to a LAN (Remote Access VPN), and a bridge server to connect two or more networks (Site-to-Site VPN). Unfortunately, CUI is not very well documented yet and I could not start the server only from CUI, I had to use the Windows version of the server and the GUI utility. It should be noted that the GUI utility can work not only with the local server, i.e. you can start the server itself on Linux, and administer it through the GUI utility for Windows. There are only basic settings in the GUI, to change advanced settings you have to go into the config or use CUI.
Here are some GUI screenshots to give you an idea of what the server can do and how everything is easily configured.
Server management window Hub management
window
Editing the
ACL user with the ability to simulate packet loss and jitter
Security Policy for the user
Configuring SecureNAT
Configuring L2TP / IPSec
Configuring OpenVPN and SSTP
VPNgate
The VPNGate project was created to bypass blocking by the administrator, provider or government. You can start your SoftEther server, check the box “use vpngate”, and users who need a free VPN can find your server in the VPNGate directory and connect to it, and they will not be able to access a range of private addresses like 192.168.0.0 / 16, but only to the Internet. SoftEther also writes logs for users who use your server through VPNGate.
Conclusion
That's probably all. I look forward to April, which, I hope, will bring support, at least, Radius and certificates.
The site, although there is little documentation on how to fine-tune SoftEther, is very clear, detailed and interestingly painted about networks and VPNs in general. If you are good with English and want to learn more about VPN, do not be lazy, read the documentation on the project website. Well, or at least look at the pictures.
SoftEther VPN
repository on github