Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

SoftEther - Very powerful, easy-to-use, multi-protocol VPN software

SoftEther - Very powerful, easy-to-use, multi-protocol VPN software

NyrNyr Member
edited March 2013 in General

University of Tsukuba published this project a few days ago.

In only a few minutes, you can have a very powerful VPN server installed and configured to connect from virtually any machine. PPTP, L2TP, and OpenVPN are all supported and the server it's very flexible for any configuration you may need.

Aditionally, you can do IPv6 over IPv4 and IPv4 over IPv6 with near-zero configuration. I think it's really awesome and more people should know about this.

http://www.softether.org/

Thanked by 1Mark_R
«134

Comments

  • @Nyr so it's based on OpenVPN?

  • NyrNyr Member

    @Janevski no, but it can emulate an OpenVPN server so you can connect from OpenVPN clients (among others).

  • Seems cool, thanks for sharing

    Offering The Best In VPS, Dedicated and Shared Hosting: Fliphost.net
  • Just tried this on an idle vps

    Doesn't want to install lol

    Preparing SoftEther VPN Server...
    ranlib lib/libcharset.a
    ranlib lib/libcrypto.a
    ranlib lib/libedit.a
    ranlib lib/libiconv.a
    ranlib lib/libintelaes.a
    ranlib lib/libncurses.a
    ranlib lib/libssl.a
    ranlib lib/libz.a
    ranlib code/vpnserver.a
    gcc code/vpnserver.a -O2 -fsigned-char -pthread -m64 -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -o vpnserver
    /usr/bin/ld: skipping incompatible /usr/lib/gcc/i486-linux-gnu/4.4.5/../../../libm.so when searching for -lm
    /usr/bin/ld: skipping incompatible /usr/lib/gcc/i486-linux-gnu/4.4.5/../../../libm.a when searching for -lm
    /usr/bin/ld: skipping incompatible /usr/lib/libm.so when searching for -lm
    /usr/bin/ld: skipping incompatible /usr/lib/libm.a when searching for -lm
    /usr/bin/ld: cannot find -lm
    collect2: ld returned 1 exit status
    make: *** [i_read_and_agree_the_license_agreement] Error 1
    
  • YKMYKM Member

    @Fliphost said: Seems cool, thanks for sharing

    +1

  • HC_RoHC_Ro Member

    I have the windows controller and a Ubuntu install working with SoftEther at the moment on two VMs. So far I like it.

  • how do u get the vpn server gui working? From the installation tutorial it seems to be text based for linux

    vpsdash.com - Tips and tricks in life, information and technology news to get things done

  • @joodle said: Doesn't want to install lol

    Did you read the license agreement? Kicked me when I declined lol.

    This is very easy to install and seems well made.

  • @cosmicgate said: how do u get the vpn server gui working? From the installation tutorial it seems to be text based for linux

    I installed the server in debian and then downloaded the Windows administration tool.

  • debugdebug Member

    When I try to connect, I keep getting stuck on Authenticating...., has anyone had this problem? I enabled l2tp & created a user.

    Hello, World.

  • kalamkalam Member

    This looks very nice, thanks for sharing it! Going to install it on a test VM and give it a whirl.

  • how is the memory usage?

  • Anyone know how to select the external authentication using radius? That field seems to be greyed out from the admin GUI

    vpsdash.com - Tips and tricks in life, information and technology news to get things done

  • HC_RoHC_Ro Member

    @cosmicgate said: Anyone know how to select the external authentication using radius? That field seems to be greyed out from the admin GUI

    I was trying to figure that out too, took a break from it

  • @HC_Ro: Looks like still a beta as it claims to be. I'm not sure if anyone got it working but tried the pptp and l2tp, and didn't work for me.

    vpsdash.com - Tips and tricks in life, information and technology news to get things done

  • ZenZen Member

    bm'd

    I work for Nodisto.

  • kalamkalam Member

    Default install is using about 30MB on a minimal Debian 6. The VPN Server Manager GUI for windows is very nice, but I've run into a few issues. Individual Certificate Authentication is not currently implemented, using virtual NAT & DHCP causes the CPU to spike to 100%, and L2TP over IPsec is not working.

  • NyrNyr Member

    @debug I had that problem too, I suppose they need to fix that.

    @cosmicgate @HC_Ro maybe radius isn't available yet, the project was released to the public only one week ago.

  • Installed it, but now i can't connect with PPTP nor IPSec and OpenVPN -.- (at OpenVPN i get auth failed bla bla) and at ipsec and pptp i just get an 800 error lol

  • NyrNyr Member

    @joodle I couldn't connect with IPSec yesterday, authentication failed.

    Seems like we will need to wait to use this software :P

  • @Nyr said: Seems like we will need to wait to use this software :P

    sigh :P wanted to set up some accounts with a bandwidth limit for some friends (got a darn cheap VPS from IPXCore for this)

  • @joodle

    IPSec doesn't work with OpenVZ as far as I am aware.

  • Hi, I am a developer of SoftEther VPN. I found the referer log from our softether.org web site and visit here. Thank you very much for your concern. If you have a question of SoftEther VPN, I can answer. Sorry for patchy English.

    Thanked by 1KeyJey
  • krokro Member

    Welcome, scroll up to begin

  • @dnobori: Is softether working at the moment as nobody has gotten it to work here at the moment. Also, wish it would support remote radius authentication in the final release.

    vpsdash.com - Tips and tricks in life, information and technology news to get things done

  • colmcolm Member

    @dnobori: Thanks for releasing this, it looks terrific.

    One question: Do you know what features work or don't work on an OpenVZ VPS?

  • I installed softether on my vps yesterday. SSL-VPN and L2TP/IPSec works fine! Nice piece of software. Good job @dnobori!

  • @lincoln may i ask which OS you used and did you install this on an OpenVZ, XEN or KVM VPS?

  • fanfan Member
    edited March 2013

    @dnobori Welcome! It will be nice to have a tutorial about how to configure the server to work as what a VPNGate relay do with password authentication (a private relay). -- Never mind, finally I got it to work for me, SSL-VPN works fine after a few tries, haven't tried IPsec though.

    @lincoln Could you please share how did you configure it? I managed to install and run it but network traffic didn't come through the VPN. -- Ignore my question please.

    @joodle I tried a few times with a digitalocean machine and it worked on a ubuntu 12.10 x86, install the server following the manual, connect with the gui manager and ignore the setup guide, enable the SecureNAT and Virtual DHCP, it should work then.

  • @joodle I use debian 6.0 minimal from buyvm. it is an OpenVZ vps.

    @fan I use their windows server configuration tools to configure it. Besides Turning on the L2TP/IPsec option also need to enable secureNAT and virtual DHCP.

  • @cosmicgate In fact Radius, NT Domain Authentication and Certificate Authentication codes are already implemented. However, they are disabled intentionally on the current version. The reason is simple: legal problem. We operate a small company in Japan since 2004. I made SoftEther 1.0 in 2003 (the older version, Japanese only). After that, Mitsubishi Corporation (a Japanese giant) offered me to make an exclusive sales contract of SoftEther 1.0 for 10 years. I was 19. I accepted the agreement without consideration, as a person (not company). The agreement says that I must not release any freeware which might compete to Mitsubishi Material's version of SoftEther CA (commercial version for enterprise market) until April 2014. So I hesitate to release the function for enterprise-use, to avoid legal problem. However, I am trying to convince parties concerned so that we will be able to release the extended user authentication function on the free version before April 2014.

  • @colm I'm sorry I don't know well about OpenVZ. If OpenVZ allows each instance to use SOL_PACKET (low-level Ethernet device packet tx/rx syscall), SoftEther VPN's "Local Bridge" function can be used. Local Bridge links between Ethernet interface and Virtual Hub. In the normal Linux or Windows PC (not a virtual one), it is easy to make a remote-access or a site-to-site VPN by using Local Bridge. You set up Local Bridge between the Virtual Hub and the Physical NIC. Then VPN Client or VPN Bridge (or VPN Server) on remote-side can now establish VPN connections to the Virtual Hub. Virtual Hub is a software-emulated L2 virtual switch, exactly same to physical Ethernet Switch. Your remote VPN Client / Bridge software are connected to the L2 segment of Virtual Hub. Since Virtual Hub is linked to Physical Ethernet Segment via Local Bridge. So your remote client or site can communicate with the destination L2 segment. However Local Bridge requires root privilege since the SOL_PACKET socket opening needs root. You cannot use Local Bridge if vpnserver process is under a normal user context. Moreover Local Bridge requires Promiscuous Mode on the target Ethernet device. Otherwise Local Bridge doesn't work well. If Local Bridge doesn't work well, as an alternative, you can use SecureNAT. SecureNAT is Virtual NAT and Virtual DHCP Server. It can work in a normal-user context because it never call system-calls which require root privileges. Please activate SecureNAT function on the Virtual Hub if you can't local-bridging. Note that SecureNAT is implemented in the Virtual Hub as "upside-down TCP/UDP stack" to avoid using privileged system calls, thus SecureNAT works slower a little than Local Bridge. When Local Bridge archives 980Mbps, SecureNAT archives only 200-300Mbps. Local Bridge: http://www.softether.org/4-docs/1-manual/3.SoftEther_VPN_Server_Manual/3.6_Local_Bridges SecureNAT: http://www.softether.org/index.php?title=4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.7_Virtual_NAT%26_Virtual_DHCP_Servers General Tutorial: http://www.softether.org/4-docs/2-howto

  • sorry the above links are broken. copy and paste a URL on the browser's URL bar.

  • @fan Today I wrote "What is different between SoftEther VPN and VPN Gate?" on http://www.softether.org/. Tutorials are http://www.softether.org/4-docs/2-howto however this is not enriched. We are going to attempt making better tutorials and FAQs on the web.

  • @Janevski SoftEther VPN is not based on OpenVPN, but it supports OpenVPN protocol. At first I considered to make extension on OpenVPN to support other protocols: Ethernet over HTTPS, L2TP/IPsec, L2TPv3/IPsec, EtherIP/IPsec and MS-SSTP. However I could not understand the OpenVPN's source code well. So I decided to implement all from scratch. Our Ph. D member read the OpenVPN source code, and made a document of OpenVPN protocol. I implemented SoftEther VPN by reading that document. By the way, I was very impressed by OpenVPN and Microsoft-PPTP 10 years ago when I was high-school student. I had used MS-PPTP to log in to the high-school's network from home PC.

  • @joodle Please make sure that L2TP/IPsec is enabled, and there are no conflicting software on the same host. L2TP/IPsec needs UDP 500 and 4500. Both ports must be permitted by firewalls. You have to specify the correct Pre-Shared Key on both VPN Server and your vpn client device when you use IPsec. On UNIX, UDP 500 needs root privileges. If you want to use OpenVPN protocol, it is an easy way to use "Config File Generator for OpenVPN" tool: http://www.softether.org/@api/deki/files/479/=0-06-ss1.2.jpg You can import the generated .ovpn file on OpenVPN client devices. Needless to say, you have to define a user object in advance. SoftEther VPN 1.0 doesn't support PPTP. It supports MS-SSTP. MS-SSTP is similar to PPTP, but SSTP is "PPP over HTTPS" while PPTP is "PPP over GRE" . It is a little difficult to use MS-SSTP on SoftEther VPN 1.0, because MS-SSTP VPN Client on Windows Vista, 7 or 8 requires the server certificate's CN is exactly matched to the destination VPN server's hostname, on the client side. The server certificate must be trusted on the client side PC. The server certificate (or its CA cert) must be registered on the Machine's Certificate Store on the client PC. I don't know why Microsoft made MS-SSTP such a difficult to use.

  • @debug Make sure that IPsec&L2TP is enabled, UDP 500 & 4500 is listening, not conflicting, and PSK (pre-shared key) is exactly correct. tcpdump or Wireshark is a good tool to analyze on the both server and client side.

  • @kalam Enabling both Local Bridge and SecureNAT causes CPU 100% because the TCP/IP packet infinity loops between Local Bridge and SecureNAT on the memory. Please also read "11.1.7 The CPU load increases after enabling Virtual NAT for SecureNAT". http://www.softether.org/4-docs/1-manual/B._Troubleshooting_and_Supplemental/11.1_Troubleshooting#11.1.7_The_CPU_load_increases_after_enabling_Virtual_NAT_for_SecureNAT.

  • kalamkalam Member
    edited March 2013

    @dnobori Thank you for taking the time to post everything you have. I've already taken a look at that page, and there is no Local Bridge or VPN Client installed on the server. I tried to keep everything basic and default, but set the DNS Server Addresses to Google's Public DNS. I'll keep testing different things and see if I can address this issue though as there's a good chance it is my fault.

    Hmm, I got L2TP over IPsec to work on a test Virtual Hub, but deleted that one to keep testing and it keeps failing again, error code 720. Sigh...

  • @kalam Hmmm, I tested to create a Virtual Hub which has a peroid "test.hub" just now. And the connection of L2TP/IPsec succeed with no problem. Could you check the latest "server_log" directory (located where the vpnserver file is on) and see the last log file? There must be some hints to resolve the problem in the server log.

  • kalamkalam Member
    edited March 2013

    @dnobori Thank you, I should have looked at the log file initially. Apparently you need to have the DHCP Server running. I must have enabled it on the test one that worked without realizing that was the reason it worked. Started that up and it connects just fine.

    ありがとうございました

  • @kalam That's great. Thank you for using L2TP/IPsec protocol module. I am so glad that it is being used by a person oversea. I wrote the module as my master's degree thesis. http://bit.ly/ZVSkz8

  • fanfan Member

    @dnobori I guess the local bridge doesn't work well with virtual machines while SecureNAT works fine, and 200-300Mbps if more than enough for a virtual machine IMO. Anyways very nice project.

    Here'e one suggestion, it could be better and safer to have obfuscating built in the software. The big brother's tool just got the ability to learn the behaviors of VPN protocols (with some advanced deep packet inspection).

  • @dnobori どうもありがとう!

    I'm now using this on my primary VPN server, and absolutely loving it. Very simple set up, no more headaches, and great performance. :)

    Cheers!

  • @fan Thank you for using SecureNAT function. About "obfuscating" We have some big-brother-resist function to tolerance against traffic-analyzing. But I want to reinforcement the obfuscating function more. That is future work.

    See also: 1.6. VPN over ICMP, and VPN over DNS (Awesome!) http://bit.ly/159sVS1

    4.3. Away from the Firewall's Eye, Camouflage as an Usual HTTPS Session http://bit.ly/159t3RA

  • @ElliotJ Thank you for your comment. We have a forum at http://www.vpnusers.com/viewforum.php?f=7 and many beginner of VPN come there every day. If you can afford, please join the forum to support eager but novice users on the forum. Unfortunately our softether.org members cannot use English well so they hesitate to reply in English.

  • nikcnikc Member

    With VPN:

    !(http://www.speedtest.net/result/2581171212.png)

    Spotted:

    root 16192 68.6 70.4 106912 88024 ? S<l 23:11 17:19 /root/vpnserver/vpnserver execsvc

    Without VPN:

    !(http://www.speedtest.net/result/2581180746.png)

  • @nikc If you enable both Local Bridge and SecureNAT, packet loops infinity.

  • nikcnikc Member

    @dnobori said: @nikc If you enable both Local Bridge and SecureNAT, packet loops infinity.

    Aha ! Much better ...

    Would you expect there to be a noticeable difference in performance between openvpn clients vs sstp ?

    Nik

  • Looks great, thanks for sharing.

Sign In or Register to comment.