Sunday, April 22, 2018

Softether VPN Proxy softer alternatives & related links

More simplistic, less advanced, general usage alternatives, for linux, windows and browser / mobile.

Freelan: https://www.freelan.org/ (Windows, Linux, Mac, p2p, Open Soruce)

DynVPN: https://www.dynvpn.com/ (Desktop & Console for: Windows, Linux, Raspvian, Mac // OpenSource)

ZeroTier: https://www.zerotier.com/ (Windows, Linux, iOS, Android. QNAP NAS, Synology NAS, libzt, Western Digital MyCloud NAS, FreeBSD, Router OpenWRT, Community Ports and Packages, Every Area Networking. Open Source & Comersical: Basic 30$ Month / Pro $100 month / Enterprice. + ZeroTiar Edge Physical ports. )

Shrew Soft VPN Client: https://www.shrew.net/ (Windows, Linux, BSD / VPN Client Pro Windows 1licence 1 year $20 / 10 licenses $180 // Open + Comersical)

ibVPN: https://www.ibvpn.com/ ( Windows, Mac, Chrome, Firefox, iOS, Android, $3 to $4 SmartDNS, Proxy-VPN, OpenVPN, L2TP, PPTP, SSTP, SoftEther, IPsec, TOR list: https://www.ibvpn.com/plans-vpn-smartdns-proxy/ 24h free trial)

NeoRouter: http://www.neorouter.com/ (Windows / Mac / Linux / FreeBSD / Mobile / Router OpenWRT / html5 / Chrome .. ( NeoRouter Professional v2 - 8-licenses Starting $100 / $50 year / $5 month)

Hamachi: https://www.vpn.net/ (Windows, Mac, Linux / $50 to $300 year )
UltraVPN: https://ultravpn.jaleco.com/ (Windows, https://nordvpn.com/servers/ / / http://www.ultravpn.fr/ - $12 month / 2 years $3.30 month )

Wippien: http://www.wippien.com/ (IM, XMPP, p2p ... Windows, Linux )
Remodo: https://remobo.jaleco.com/ remobo.com ( IM only. Windows, free)

TunngleVPN p2p: https://www.tunngle.net/en/ (Windows. Global LAB Gaming Network https://www.tunngle.net/community/ )
Cisco VPN :  https://www.cisco.com/c/en/us/support/security/anyconnect-secure-mobility-client/tsd-products-support-series-home.html (AnyConnect Secure Mobility Client v4.x / Linux, Mac, Windows  https://software.cisco.com/download/home/286281283/type/282364313/release/4.5.05030 pricing: https://reviews.financesonline.com/p/cisco-anyconnect/#pricing )

From:
https://www.topbestalternatives.com/softether-vpn/

VPNGate http://www.vpngate.net/en/about_overview.aspx Windows only,
( Simply install VPN Gate Client Plugin to SoftEther VPN Client. It will enable you to connect to any of our Public VPN Relay Servers of VPN Gate in a snap. It has a better throughput than L2TP, OpenVPN or SSTP )

OpenVPN: https://openvpn.net/ (WIndows, Mac, Android, iOS _ OpenVPN Access Server in Linux / Cloud-azure-amazon, community, VPN service. // Licensekeys: 10 for $150 , Device : $15 per year )
TunnelBlick: https://www.tunnelblick.net/ (free, open source graphic user interface for OpenVPN on OS X)

WireGuard, VPN Tunnel: https://www.wireguard.com (Free, capable of roaming between IP addresses, just like Mosh http://mosh.mit.edu/ in development, Linux, Mac, OpenWRT, (Ubuntu, Debian, Fedora, Red Hat-CentOS,Mageia, Arch, OpenSUSE, SlackWare, Alpine , NixOS, Exherbo, Buildroot, Source Mage, EdgeOS, LinuxKIt, AstLinux, Milis, https://www.wireguard.com/quickstart/#demo-server )

ShimoVPN: https://www.shimovpn.com/ ( Every mayor VPN protocol, OpenVPN, IPSec, PPTP, SSL, AnyConnect, SSH // Shimo 4 $50 one time payment for multible devices / 30 days free usage (AES-256, AES-192, AES-128 / 3DES, DES, DES-IV64, DES-IV32 / Hash SHA-2 (SHA-256, SHA-384, SHA-512) MD5, SHA-1 / Diffie-Hellman (DH) Key Exchange Groups 1,2,5, 14 to 18 (768 up to 8192 bit), Authentication: Pre-shared Keys / RSA X.509 Certificates / PKI Tokens / Extended Authentication (XAUTH) / Support for Authenticator Tokens (RSA SecurID, CryptoCard, etc.) through XAUTH Hybrid Mode )  )

Bitmask https://bitmask.net ( Encrypted communication Linux, Mac, Android, Windows comingsoon ... free )

Sidestep  http://chetansurpur.com/projects/sidestep/ Mac (SSH tunnel with the proxy server, and then sets the Mac OS X system-wide SOCKS proxy to use this SSH connection.)

OpenConnect: http://www.infradead.org/openconnect/ ( Linux :
VPN client compatible with Sisco AnyConnect SSL VPN support the Juniper SSL VPN which is now known as Pulse Connect Secure. / SSL certificates from a TPM or PKCS#11 smartcard /   vpnc, / ftp://ftp.infradead.org/pub/openconnect/ )

Frutho https://fruho.com (Linux / open-source, zero-configuration VPN manager / 2048-bit RSA + 256-bit AES enryption by default )

Rockhopper VPN http://rockhoppervpn.sourceforge.net/ ( IPsec/IKEv2-based VPN software for Linux )

OAST https://sourceforge.net/projects/oast/  (GUI) for OpenVPN-client, in Java, for Windows & Linux
TOI https://sourceforge.net/projects/toi/ toi is a fork of Oast

More:
https://alternativeto.net/software/softether-vpn/

Another Projects:

anoNet anonet.org (friend-to-friend network built using VPNs and software BGP routers / http://www.ucis.ano/mediawiki/. full anoNet experience, use one of our cache DNS servers (21.3.3.64). we use a wide variety of software and technologies, including OpenVPN, tinc, QuickTun, Quagga and bird. )

Browser:

OpenVPN Finder
https://chrome.google.com/webstore/detail/openvpn-finder/cmonbbaipgkkooachioonbkjbbddclpe
( finds free OpenVPN servers for you and allow you to download the OVPN config file. The extension is written on top of VPN Gate Academic Experiment Project that is an online service as an academic research at Graduate School of University of Tsukuba, Japan. // )

Betternet Unlimited Free VPN Proxy
https://chrome.google.com/webstore/detail/betternet-unlimited-free/gjknjjomckknofjidppipffbpoekiipm

SoftEther links:
Forum: http://www.vpnusers.com/
Blog: https://softether.blogspot.com.ee/ (old)
Website: https://www.softether.org

Site to test in if VPN is detected :
http://proxyuser.blogspot.com/p/site-to-test-proxis-in.html

Before Install VPN Proxy - SoftEther VPN Server

7.1 Before Install

This section describes the precautions to take before installing SoftEther VPN Server.

7.1.1 Checking the Operating Environment

Before installing SoftEther VPN Server to a computer, check that the computer hardware and operating system support SoftEther VPN Server.

SoftEther VPN Server supports Windows, Linux, FreeBSD, Solaris, and Mac OS X; however, this product formally supports only operating systems with Windows 2000 or later and certain Linux distributions. SoftEther VPN Server can be installed on other operating systems, but SoftEther VPN Project is not responsible for its operations. For information about the operating environment of SoftEther VPN Server, please refer to Specifications.

Before installing SoftEther VPN Server, be sure to back up data stored in the installation directory of the computer (including the system registry in Windows).

7.1.2 Hard Disk Space

As described in 3.10 Logging Service, SoftEther VPN Server writes large operation log files to the hard disk during operation. In addition, when the hard disk space reaches a certain size, VPN Server deletes the oldest log files written to the hard disk during VPN Server operation.

Although the data size of logs written by VPN Server varies greatly depending on the operation status of VPN Server, the number of users connected on a daily basis, and the selection of saved packet log items configured by the Virtual Hub administrator, as a guideline, it is a good idea to have between 30 and 100 GB of available disk space when using VPN Server for a general remote-access VPN or for a VPN connection between bases.

7.1.3 CPU Processing Speed

The processing speed of VPN Server depends on the CPU speed. Therefore, check that the CPU speed of the hardware you want to use as the VPN server computer has sufficient speed. If the CPU speed is too slow, we recommend upgrading the system.

As a guideline for the CPU speed, we recommend providing a CPU with a speed of 2.0 GHz or faster when connecting to a network using a physical line with a communication speed of 100 Mbps. If the CPU speed is too slow, the communication delay time may increase and throughput may decrease.

7.1.4 Conflicting Software

It is essential that you make sure that the operation speed of VPN Server is not adversely affected and server operations are not disrupted by software conflicts that can occur when VPN Server is installed on a computer with a personal firewall or antivirus software from a different manufacturer. If there are signs that the VPN functions are not operating properly due to a conflict with this type of software, we recommend temporarily disabling that software and try operating VPN Server again.

Please note that VPN Server conflicts with VPN Bridge. Generally, VPN Bridge does not need to be installed on the same computer on which VPN Server is installed.

------------

Install on Windows and Initial Configurations

7.2 Install on Windows and Initial Configurations

This section describes how to install SoftEther VPN Server to an operating system with Windows 2000 or later. This assumes that in the Windows operating system, no extra application software is installed after performing a clean install of the system. This also assumes that the Windows function for blocking communication to TCP/IP ports from the outside (firewall function) is disabled.

7.2.1 Selecting the Installation Mode

As described in 3.2 Operating Modes, SoftEther VPN Server can be operated in either service mode or user mode. When configuring VPN Server for use as part of an everyday operation system, we recommend installing SoftEther VPN Server in service mode. The installer for the Windows version of VPN Server installs the VPN Server program to the system in service mode.

7.2.2 Installation Procedure Using the Installer

Preparing the Installer File

The installation of the Windows version of SoftEther VPN Server is very easy as it is almost completely performed automatically. To install VPN Server, you can download the latest VPN Server installer file from the SoftEther VPN Project website (http://www.softether.org/).

The VPN Server Windows version installer file is an executable file with the name vpnserver-build-number-win32-x86.exe.

VPN Server Installer

Starting the Installer

Start the installer by double-clicking the VPN Server installer file. The Windows Installer-based installer starts automatically. Using the installation wizard, you can select the name of the installation directory. (By default, the program is installed to Program Files\SoftEther VPN Server on the system drive.) The VPN Server process writes large log files to the installation directory, so we recommend selecting an area on the hard drive that has high transfer rate and a large amount of unused space.

Specifying the VPN Server Installation Directory.

During the installation, the end-user license agreement may be displayed. Please thoroughly read the agreement. If you agree to the terms and conditions, the installation continues.

VPN Server End-User License Agreement.

The installer automatically registers the SoftEther VPN Server system service and sets the program to automatically start in background mode at Windows startup.

7.2.3 Precautions After Installation

When installation of the Windows version of VPN Server is completed, the SoftEther VPN Server service is already running in the background on the Windows system. Normally, the computer does not have to be restarted after installation of the program. However, if you expect to use the local bridge function while using a network adapter that supports hardware offloading, as described in 3.6 Local Bridges, we recommend that you restart the computer.

To check whether the VPN Server installer properly installed the SoftEther VPN Server service to the Windows system, click [Control Panel] > [Administrative Tools] > [Services], and check that [SoftEther VPN Server] is displayed on the list of services.

VPN Server Install Finished.

7.2.4 Managing VPN Server with VPN Server Manager

VPN Server Manager

After VPN Server is installed, the program can be properly configured and the VPN client computers can be provided with the function that allows the program to operate as a VPN server.

SoftEther VPN Server Manager can be used on Windows to manage VPN Server. For information about the detailed management method, please refer to 3. SoftEther VPN Server Manual.

Start VPN Server Manager, which is installed at the same time as the Windows version of VPN Server, connect to [localhost] (the host itself) on the server window, and configure the default settings.

To configure or manage the Linux or other Unix version of VPN Server, you can also use the Windows version of VPN Server Manager from a remote computer. For information about manually installing VPN Server Manager on a computer without VPN Server installed, please refer to 2.4 VPN Server Manager.

Default Settings of VPN Server Manager

When VPN Server Manager is started for first time, nothing is registered to the [SoftEther VPN Server Connection Settings] list on the startup window.

VPN Server Manager.

To create a connection setting, click [Create New Setting] and specify the host name, port number, and other information of VPN Server to which to establish a management connection. Once a connection setting is registered, it is displayed the next time VPN Server Manager is started.

Window for Creating a Connection Setting.

After creating a connection setting, double-click that connection setting to try to connect to VPN Server.

7.2.5 Managing with vpncmd

You can also use the command line-based vpncmd software to configure and manage VPN Server. This is helpful in cases where VPN Server is installed to a Linux or other Unix operating system and a separate Windows computer is not available locally, therefore VPN Server Manager cannot be used. In this case, you can use vpncmd to configure the default settings. You can also use vpncmd to configure the settings on the Windows version of VPN Server. For information about detailed vpncmd operations, please refer to 6. Command Line Management Utility Manual.

SoftEther VPN Project recommends using VPN Server Manager on a Windows computer to configure and manage VPN Server and using vpncmd as a supplemental management utility for automating simple repetitive tasks.

7.2.6 Starting and Stopping Service

The installer for the Windows version of VPN Server automatically installs the SoftEther VPN Server service. This service continually operates while Windows is running, and it automatically shuts down when Windows shuts down.

If the service must be restarted for management reasons or because VPN Server operations become unstable, you can click [Control Panel] > [Administrative Tools] > [Services], and start or stop the service. An easier and more reliable method is to call the net command at the command prompt and start or stop the service.

To stop the service, type the following command.

> net stop sevpnserver

To start the service, type the following command.

> net start sevpnserver

If, in the unlikely event, the VPN Server process hangs and cannot be controlled using the net command, you can use Task Manager in Windows to forcibly terminate the vpnserver.exe process.

7.2.7 Adding and Deleting the Service

You can add or delete the service for the vpnserver.exe process using the method described in the description of the service mode of the Windows SoftEther VPN Server in 3.2 Operating Modes. You can use this method, for example, to move all setting files in the VPN Server installation directory to a different directory or hard drive, and then re-register the process as a service. (However, we cannot recommend using this method as the uninstaller may not be able to properly uninstall the program.)

7.2.8 Limitations When Starting in User-mode

We recommend operating the Windows version of VPN Server as a service mode program, but you can also start VPN Server in the user mode by using the method described in 3.2 Operating Modes. When VPN Server is started in user mode, critical security holes, such as buffer overruns, exist temporarily on the VPN Server, but because only user accounts starting VPN Server in user mode would be affected if an attack were to occur, VPN Server can be used relatively securely and safely. However, SoftEther VPN Project does not recommend actually operating VPN Server in user mode for the following reasons.

The local bridge function cannot be used. (For details, please refer to 3.6 Local Bridges.)
Some features of the disaster recovery function, such as automatic recovery when an error occurs in a self process, cannot be used. (For details, please refer to 3.3 VPN Server Administration.)
To start the VPN Server process in user mode, the user must remained logged on to the server. The user cannot operate VPN Server when the user logs off or when no users are logged on to the server after Windows starts. For these reasons, user mode is not suited for actual operation of VPN Server.

Install on Linux and Initial Configurations

7.3 Install on Linux and Initial Configurations

This section describes how to install SoftEther VPN Server to a Linux operating system. This assumes that in the Linux operating system, no extra application software is installed after performing a clean install of the system. This also assumes that, as a basic rule, the firewall and similar functions included in the Linux distribution are not being used, and that the function for blocking communication to TCP/IP ports from the outside (firewall function) is disabled.

7.3.1 Recommended System

Recommended Operating System Configuration

The Linux version of SoftEther VPN Server can operate in most cases on platforms with Linux kernel 2.4 or later; however, SoftEther VPN Project recommends only those environments using the following Linux distributions. (As of the time of writing this manual, this is the recommended environment; however, this may change to higher specifications in the future.)

Red Hat Enterprise Linux
Fedora
CentOS

For more information about the system requirements, please refer to Specifications.

The descriptions for installing SoftEther VPN Server in this chapter are based on the use of one of the above operating systems and the fact that VPN Server will be installed to the newly created directory /usr/local/vpnserver/.

Installing Linux

For Linux distribution, support is only provided for environments where a clean installation of the system was performed with one of the following methods.

Perform a clean installation of Linux. Avoid cases where inconsistencies may occur, such as in the libraries after upgrading from an earlier version of Linux.
When creating a partition on the hard disk, be sure to allocate sufficient disk space to the partition with the /usr/directory. The examples in the descriptions below are based on VPN Server being installed to /usr/local/vpnserver/. In addition, we recommend allocating sufficient disk space to the partition to allow VPN Server to write log files to the same directory.
At the stage of selecting components to be installed, at the minimum, the development tools (compiler, etc.) and development libraries are installed at the same time. When installing VPN Server, the make and gccbinutils utilities and the libc (glibc), zlib, openssl, readline, and ncurses development library versions (also called devel) are required.
After installing the operating system, update to the latest Linux kernel (2.6.9-22 or later). Because there are problems in the parallel and synchronous processing of the kernel included in the initial install of Linux, the operations of VPN Server may become unstable. Be sure to update the kernel.
Complete the installation of the program with the firewall and SELinux functions disabled. After confirming that VPN Server is properly installed, you can enable these functions only if necessary.

7.3.2 Selecting the Installation Mode

As described in 3.1 Operating System Requirements and 3.2 Operating Modes, SoftEther VPN Server can be operated in either service mode or user mode. When configuring VPN Server for use as part of an everyday operation system in a company, we recommend installing SoftEther VPN Server in service mode. To install the VPN Server program to the system in service mode on a Linux operating system, you must register the vpnserver program as a daemon program in the Linux startup script.

7.3.3 Checking the Required Software and Libraries

The following software and libraries are required to install VPN Server to a Linux operating system. Check that the following software and libraries are installed to the system and are enabled. (If the recommended environment distribution is installed using the method specified in 7.3.1, these libraries are also installed.)

gcc software
binutils software
tar, gzip or other software for extracting package files
chkconfig system utility
cat, cp or other basic file operation utility
EUC-JP, UTF-8 or other code page table for use in a Japanese language environment
libc (glibc) library
zlib library
openssl library
readline library
ncurses library
pthread library

7.3.4 Extracting the Package

Preparing the Installer File

To install VPN Server, you need to prepare the file containing the VPN Server program (package file compressed with tar.gz format). You can download the latest VPN Server installer file from the SoftEther VPN Project website (http://www.softether.org/).

Extracting the Package File for Installation

Extract the package file for installation using the tar command. Copy the tar.gz file to a directory and extract the file as follows.

[root@machine root]# tar xzvf vpnserver-5070-rtm-linux-x86.tar.gz 
vpnserver/
vpnserver/vpnserver.a
vpnserver/vpncmd.a
vpnserver/hamcore.se2
vpnserver/libcrypto.a
vpnserver/Makefile
vpnserver/libssl.a
vpnserver/License_ReadMeFirst.txt
vpnserver/License_ReadMeFirstUtf.txt
vpnserver/License_ReadMeFirstSjis.txt
vpnserver/.install.sh

When the package is extracted, the directory "vpnserver" is created in the working folder, and the required installation files are extracted.

7.3.5 Creating an Executable File

Executing a make

To install VPN Server, you must execute a make and create a vpnserver executable file.

First, go to the vpnserver directory extracted in the previous subsection and type [make].

Next, the message "Do you want to read the License Agreement for this software?" is displayed. Select [1] to continue.

[root@machine vpnserver]# make
./.install.sh

Do you want to read the License Agreement for this software ?
1. Yes
2. No
Please choose one of above number:
1

Next, the end-user license agreement is displayed. Please read and understand the license agreement. The license agreement is displayed over several pages, so use a terminal emulator or SSH client software with a scroll function to view the entire license agreement. If you are unable to read the entire license agreement, press Ctrl + C to cancel the make, and then use a text editor to directly open and view the contents of the text file with the license agreement located in the vpnserver directory.

At the end of the license agreement, the message "Did you read and understand the License Agreement?" is displayed. If you read and understood the license agreement, select [1].

EULA

Did you read and understand the License Agreement ?
(If you couldn't read above text, Please read License_ReadMe.txt
file with any text editor.)
1. Yes
2. No
Please choose one of above number:
1

Next, the message "Do you agree to the License Agreement?" is displayed. If you agree to the license agreement, select [1].

Did you agree the License Agreement ?
1. Agree
2. Do Not Agree
Please choose one of above number:
1

Once you agree to the license agreement, the vpnserver program is automatically created.

make[1]: Entering directory `/root/vpnserver'
ranlib libssl.a
ranlib libcrypto.a
ranlib vpnserver.a
gcc vpnserver.a -pthread -lrt -lm -lz libssl.a libcrypto.a -lpthread -ldl
-lreadline -lcurses -o vpnserver
strip vpnserver
ranlib vpncmd.a
gcc vpncmd.a -pthread -lrt -lm -lz libssl.a libcrypto.a -lpthread
-ldl -lreadline -lcurses -o vpncmd
strip vpncmd
make[1]: Leaving directory `/root/vpnserver'

[root@machine vpnserver]#

If an error occurs during this process, creation of the vpnserver program fails. In this case, see 7.3.1 and 7.3.3 again and check whether any required libraries are missing.

7.3.6 VPN Server Location

After the vpnserver program is created, we recommend moving the vpnserver directory, which is created when the package is extracted, to the /usr/local/ directory. Use the following method to move the vpnserver directory to /usr/local/. The operations hereafter must be performed as a root user.

[root@machine vpnserver]# cd ..
[root@machine root]# mv vpnserver /usr/local
[root@machine root]# ls -l /usr/local/vpnserver/
Total 13000
-rwxrwxrwx 1 root root 20245 12ŒŽ 8 16:14 License_ReadMeFirst.txt*
-rwxrwxrwx 1 root root 20317 12ŒŽ 8 16:14 License_ReadMeFirstSjis.txt*
-rwxrwxrwx 1 root root 30210 12ŒŽ 8 16:14 License_ReadMeFirstUtf.txt*
-rwxrwxrwx 1 root root 609 12ŒŽ 8 16:14 Makefile*
-rwxrwxrwx 1 root root 4018399 12ŒŽ 8 16:14 hamcore.se2*
-rwxrwxrwx 1 root root 1942994 12ŒŽ 9 02:23 libcrypto.a*
-rwxrwxrwx 1 root root 336070 12ŒŽ 9 02:23 libssl.a*
-rwxr-xr-x 1 root root 1814216 12ŒŽ 9 02:23 vpncmd*
-rwxrwxrwx 1 root root 1630858 12ŒŽ 9 02:23 vpncmd.a*
-rwxr-xr-x 1 root root 1814120 12ŒŽ 9 02:23 vpnserver*
-rwxrwxrwx 1 root root 1630304 12ŒŽ 9 02:23 vpnserver.a*
[root@machine root]#

Confirm that all of the files are moved to the /usr/local/vpnserver/ directory, as shown above.

If the user does not have root permissions, the files in the vpnserver directory cannot be read, so change and protect the permissions.

[root@machine root]# cd /usr/local/vpnserver/
[root@machine vpnserver]# chmod 600 *
[root@machine vpnserver]# chmod 700 vpncmd
[root@machine vpnserver]# chmod 700 vpnserver
[root@machine vpnserver]# ls -l
Total 13000
-rw------- 1 root root 20245 12ŒŽ 8 16:14 License_ReadMeFirst.txt
-rw------- 1 root root 20317 12ŒŽ 8 16:14 License_ReadMeFirstSjis.txt
-rw------- 1 root root 30210 12ŒŽ 8 16:14 License_ReadMeFirstUtf.txt
-rw------- 1 root root 609 12ŒŽ 8 16:14 Makefile
-rw------- 1 root root 4018399 12ŒŽ 8 16:14 hamcore.se2
-rw------- 1 root root 1942994 12ŒŽ 9 02:23 libcrypto.a
-rw------- 1 root root 336070 12ŒŽ 9 02:23 libssl.a
-rwx------ 1 root root 1814216 12ŒŽ 9 02:23 vpncmd*
-rw------- 1 root root 1630858 12ŒŽ 9 02:23 vpncmd.a
-rwx------ 1 root root 1814120 12ŒŽ 9 02:23 vpnserver*
-rw------- 1 root root 1630304 12ŒŽ 9 02:23 vpnserver.a
[root@machine vpnserver]#

This completes the changing of the location of the vpnserver program.

7.3.7 Using the vpncmd Check Command to Check Operations

We recommend performing a final check to see whether VPN Server can operate properly on your computer system before starting vpnserver.

You can use the check command on the vpncmd command line management utility to automatically check whether the system has sufficient functions to operate VPN Server. For details, please refer to 6.6 VPN Tools Command Reference.

First, start vpncmd by typing [./vpncmd]. Next, select [Use of VPN Tools (certificate creation or communication speed measurement)] and execute the check command.

[root@machine vpnserver]# ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)

By using vpncmd program, the following can be achieved.

1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and communication speed measurement)

Select 1, 2 or 3: 3

VPN Tools was launched. By inputting HELP, you can view a list of the commands t
hat can be used.

VPN Tools>check
Check command - Check if SoftEther VPN Operation is Possible
---------------------------------------------------
SoftEther VPN Operation Environment Check Tool

If this operation environment check tool is run on a system and that system pass
es, it is highly likely that SoftEther VPN software can operate on that system. T
his check may take a while. Please wait...

Checking 'Kernel System'...
[Pass]
Checking 'Memory Operation System'...
[Pass]
Checking 'ANSI / Unicode string processing system'...
[Pass]
Checking 'File system'...
[Pass]
Checking 'Thread processing system'...
[Pass]
Checking 'Network system'...
[Pass]

All checks passed. It is highly likely that SoftEther VPN Server / Bridge can ope
rate normally on this system.

The command terminated normally.
VPN Tools>exit
[root@machine vpnserver]#

If, after executing the check command, the message "Passed all checks. It is likely that VPN Server / Bridge will operate properly on this system." is displayed, as shown above, it is likely that your system has satisfied the VPN Server operation requirements and VPN Server can safely be used.

If, however, the system fails at any of the above check items, we recommend checking 7.3.1 and 7.3.3 again.

7.3.8 Registering a Startup Script

After installing vpnserver to the /usr/local/vpnserver/ directory using the method described above, you can configure your system to operate the vpnserver program as a service mode program by registering the /usr/local/vpnserver/vpnserverprogram as a daemon process that continues to run in the background while Linux is starting.

To register vpnserver to Linux as a daemon process, create a startup script, as shown below, with the name /etc/init.d/vpnserver. (The following startup script is a description example, and you may have to rewrite part of the script for it to work properly on your system.)

#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

You can use a text editor or the cat command to write the above script to /etc/init.d/vpnserver as a text file. To use the cat command to create the script, press Ctrl + D after the line break in the final line, as shown below.

[root@machine vpnserver]# cat > /etc/init.d/vpnserver
#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

After creating the /etc/init.d/vpnserver startup script, change the permissions for this script so that the script cannot be rewritten by a user without permissions.

[root@machine vpnserver]# chmod 755 /etc/init.d/vpnserver

Lastly, use the chkconfig command to allow the above startup script to start automatically in the background when the Linux kernel starts.

[root@machine vpnserver]# /sbin/chkconfig --add vpnserver

VPN Server is now prepared to run as a service mode program.

7.3.9 Starting and Stopping Service

VPN Server registered as a service mode program automatically starts when Linux starts and automatically stops when Linux shuts down. You can manually stop or restart the VPN Server service if you need to do so for management reasons.

To start or stop VPN Server registered as a service mode program, type the command below.

Starting the VPN Server Service

With the VPN Server service not running and with root permissions, type the following to start the VPN Server service.

[root@machine vpnserver]# /etc/init.d/vpnserver start

Stopping the VPN Server Service

With the VPN Server service running and with root permissions, type the following to stop the VPN Server service.

[root@machine vpnserver]# /etc/init.d/vpnserver stop

Cases in Which You Must Stop the VPN Server Service

The VPN Server service must be manually stopped in the following cases.

When manually editing or replacing the configuration file
When updating the vpnserver program and other files after the release of a new version of VPN Server (To replace the vpnserver, vpncmd and hamcore.se2 files, be sure to stop the service in advance.)
When you want to restart the service due to erratic behavior of the operating VPN Server

Forcibly Terminating the vpnserver Process

It is unlikely that VPN Server would malfunction due to a problem with the physical memory of the computer or a software bug. If this should occur and the VPN Server service does not respond when you try to stop the service using the method above, you can stop the service by forcibly terminating the vpnserver process. For the detailed method for forcibly terminating the vpnserver process, please refer to the method of using the kill command described in 3.2 Operating Modes.

7.3.10 Limitations when Starting with General User Rights

The Linux version of VPN Server can also be started with general user rights. When starting VPN Server as a user mode program with general user rights, the program cannot be registered as a system service, but when a general user starts the VPN Server program in the background by typing [./vpnserver start], unlike the Windows version, the Linux version of the vpnserver process can continue to run even after that user logs out. SoftEther VPN Project does not recommend actually operating VPN Server in user mode for the following reasons.

The local bridge function cannot be used. (For details, please refer to 3.6 Local Bridges.)
After starting the system, the user must log on and manually start the vpnserver process, decreasing operability.

What is SoftEther VPN

1.1 What is SoftEther VPN?

SoftEther VPN is next-generation VPN software that offers stability, flexibility and expandability, and is compatible with all advanced networks that produce wide bandwidth an high load required by large corporations and Internet providers as well as networks for individuals and homes and networks for small and medium size businesses.

This section contains an overview of SoftEther VPN, a comparison with older VPN protocol, and a description of its advanced functions.

1.1.1 History

SoftEther VPN was previously developed and distributed as "SoftEther 1.0". SoftEther (old) was developed by Daiyuu Nobori, a student of University of Tsukuba, as a personal project. "SoftEther" was software that enabled users to construct a simple layer 2 VPN by installing a Virtual Network Adapter and Virtual Ethernet Switching Hub on Windows, and was distributed as freeware. "SoftEther" later became a project of the research and development project of Japanese Government, subsidized by Ministry of Economy, Trade and Industry of Japan, administrated by Information Promotion Agency, in 2003.

SoftEther VPN (the subject of this manual) is VPN software that is the next version of "SoftEther". SoftEther VPN is now developed and released as "freeware", from the SoftEther Project at University of Tsukuba, Japan. SoftEther VPN is planned to become open-source (GPL) software in middle of 2013.

1.1.2 Structure and Operating Principle of VPN

Virtual Private Network (VPN) is a technology that started to spread around 1998. VPN technology allows users to construct a virtual network that maintains security in an existing IP network such as the Internet and communicate freely within the virtual network.

The following is a description of common VPN structure.

Tunneling and Encapsulating

VPN is a solution for constructing a virtual network. A technique called "tunneling" that enables users to construct a virtual network between two remote points on an existing public IP network and communicate freely is used in the VPN.

With tunneling technology, packets transmitted on a physical communications medium such as conventional network cable or optical fiber are encapsulated as data of another protocol such as TCP/IP packets without directly transmitting on a physical network. Encryption and electronic signature can be added simultaneously when encapsulating. Encapsulated data is transmitted through a session called a "tunnel" between the start and end point of VPN communication. The other party who receives the encapsulated data removes the original packets from the capsules. If the data is encrypted when encapsulated, it must be decrypted. If an electronic signature has been added, the user can check whether the contents of the packet have been tampered with during transmission by testing the integrity of the electronic signature.

When VPN communication is to be carried out, because the data transmitted between the computer sending the data and the computer receiving the data travels through the tunnel is sent encapsulated, unprotected data is never exposed on the network.

Structure and operating principle of common VPN.

Ensuring Security of Transmitted Data by Encryption

One of the advantages of using VPN is enhanced security by encryption.

An IP network that can be accessed by anyone such as the Internet is always exposed to danger of eavesdropping and masquerading. Even if expensive transmission services and infrastructure such as dedicated line service or satellite links are used, the lines could be physically bugged or data could be surreptitiously viewed by communications company technicians maliciously or out of curiosity, or could be tapped and analyzed by the government, etc. When sending and receiving data over such WAN, it is therefore recommended that data by encrypted by some means.

Danger of sending and receiving data over the Internet.

The fact is that not all existing communication applications and protocols support encryption is a possible problem. For example, HTTP protocol includes a protocol called HTTPS which is encrypted by SSL. And this SSH protocol is encrypted from the beginning. Numerous Internet based applications however either do not have an encryption function, or if they do, they might have a problem with packaging or encryption strength.

Encrypted packets and packets that are not encrypted.

If using these conventional communications protocols with insufficient security as they are on WAN such as dedicated lines or the Internet, the data can be intercepted or altered by hacking.

Security can be dramatically enhanced by automatically encrypting communication of almost all applications using IP or Ethernet by utilizing VPN.

Better Connectivity and Network Independence

Another significant advantage of using VPN is that it enhances connectivity and offers network independence.

Because with the public IP networks such as the Internet, as a rule, any IP packet can be transmitted from a computer of any IP address to another computer of any IP address. If data is to be transmitted over the Internet, when communication is to be conducted between a client computer and server computer, the server computer may actually receive packets from a different computer with malicious intent. Nowadays vulnerable operating systems and worms that open security holes in transmission software and server software on the Internet are going around and there is a possibility of infection. Because the computer which directly connected to the Internet is substantially unsafe, it is not recommended that computers that process important communications data for business, etc., be allotted direct Internet global IP addresses and connected to the Internet.

However when sending and receiving data between remote bases via public IP network such as the Internet, as a rule, at least one global IP address port must be open and standing by for communications. This is necessary along with using TCP/IP protocol. Thus when sending and receiving data between computers at remote bases if VPN is not used attainability, it must be secured for IP packets of both computers in which case problems may occur with that has mentioned in security earlier.

When carrying out TCP/IP connection on the Internet as a rule
at least one must have a global IP address and the port must be open to the public.

By using VPN these problems can be easily and reliably solved. In the fact that VPN carries out communication with the structure whereby encapsulated packets flowing in the tunnel established between computers at remote bases as it was mentioned earlier when establishing the tunnel, user authentication is mutually conducted between the computers and the tunnel is established only if successful. Also once the tunnel is established, as long as physical network communication is not cut off, it is constantly maintained and all the data flowing through the tunnel is encrypted. And if electronic signature is added, other computers on the Internet which is not related to the tunnel can no longer interrupt communications of that tunnel.

With this tunneling technology, multiple computers at remote bases, computers, computer network, by connecting using VPN, a safe virtual network built by VPN can theoretically be made independent of WAN lines such as the Internet with security problems.

Prevention of eavesdropping/tampering by third party with malicious intent using VPN.

Inexpensive Internet Connection can be Used Instead of Dedicated Line

By utilizing the structure of VPN such as previously described, without using dedicated line services that is used to charge high usage fees, with more robust security that dedicated line services, communications can be conducted between computers of any base via the Internet.

Especially recently, for several thousand yen per month, because Internet services using optical fiber or ADSL are available, such inexpensive services can be used for same or safer communications purpose.

By using VPN, public networks whereby any computers can communicate freely by IP Internet. It can establish a company dedicated virtual communications network within that network, and a safe and stable independent network that can be constructed without worrying about danger of Internet.

Using inexpensive and fast Internet connection instead of dedicated line.

1.1.3 Limitations of old VPN Solution

Several VPN software and hardware solutions have existed for some time, and since 1998 VPN technology and technologies employing it has been used at various sites. For example the following VPN protocols are currently incorporated into several network products and has been used.

PPTP
L2TP / IPSec
vtun
OpenVPN
Port transmission by SSH
Other minor VPN standards

However many older VPN protocols have the following limitations, and under various circumstances, uses must be restricted or cannot be used.

Difficulty of Pass of Network Gateway Devices

With many business networks as some home networks, company networks are separated from the Internet by measures such as NAT (IP masquerade) proxy servers and firewalls, number of IP addresses is limited and security is bolstered. Devices that conduct this processing are called network gateway devices. In some cases network gateway device is a dedicated device (appliance) and in some cases is a high-performance computer on which Linux, etc., is installed.

However many older VPN protocols cannot communicate via this network gateway device. One reason for this is many VPN protocols headers of special protocol that is not ordinary TCP/IP protocol may be added when encapsulating communications packets. For example a VPN protocol called PPTP uses an extremely minor protocol called Generic Routing Encapsulation (GRE). A VPN protocol called L2TP furthermore requires use of IPSec, whereby a header is added because it is an IPSec packet.

The majority of conventional VPN protocols such as in these examples, because VPN communications is realized by an approach unlike ordinary TCP/IP connection-oriented communication model, it cannot carry out VPN communications transcending in many network gateway devices, especially NAT (IP masquerade), almost all proxy servers and firewalls.

Therefore when used, the majority of conventional VPN protocols require a global IP address will be allotted to both of the VPN connection source client computer and connection destination VPN server computer. Or installation of network gateway devices can be customized so special packets can be processed.

Many older VPN protocols have difficulty passing NAT router firewalls, etc.

Limitations of Protocol that can Communicate within VPN

Many conventional VPN protocols are limited to layer 3 protocol (IP layer, etc) and furthermore upper layer protocol (TCP layer, application layer, etc.) and communication is conducted by encapsulated tunneling. With this system however VPN protocol cannot be made to individually communicate via VPN with protocols that do not comply.

For example in many cases legacy protocols such as special protocol for control, IPX/SPX and NetBEUI currently used by general purpose equipment cannot be used via VPN and it is difficult to transmit existing system communications using Internet VPN instead of a dedicated line.

VPN protocol that encapsulates older IP cannot send and receive packets other than IP packets.

IP Routing is Necessary

Of older VPN protocols, if VPN is realized using types of protocols that encapsulate layer 3 (IP layer), basically one of the following must be selected.

Install VPN client software on all computers participating in VPN and connect.
Connect existing network of base to VPN and conduct IP routing.

If constructing VPN by method 1, if installing VPN client software on all computers that might be connected to VPN and carrying out VPN communications, by conducting connection operation for the VPN server, communications can be freely carried out only between computers installed with VPN client software. With this method however the more computers there are that want to carry out VPN communications the more administration is necessary, computers for which VPN client software cannot be installed or devices for networks such as other network appliances or digital electrical appliances cannot participate in VPN.

If VPN is constructed by method 2, computers in the network of the base connected to VPN can send and receive data to/from each other, and computers for which VPN client software cannot be installed and devices for networks such as other network appliances and digital electrical appliances automatically participate in VPN. This method is however disadvantageous in that it requires IP routing between existing networks connected to VPN and virtual networks by VPN.

Therefore if remote access VPN or VPN connected between bases is realized by old VPN protocol, it requires large scale setting modification for existing networks such as routing table setting modification for existing IP network routers, etc.

Devices that do not support routing cannot communicate via VPN of old IP base.

Dependence on Certain Platform

For many old VPN protocols there is a problem if the range of platforms that support the various VPN protocols is not very wide, and even if they can be used among multiple platforms, differences in respective implementation have caused resulted the trouble in practical application in some cases.

Some VPN protocols furthermore require hardware of certain network device vendors and compatibility of protocols among vendors which declined.

Communication among VPN products of different vendors cannot be carried out.

High Cost, Low Performance

Price of network devices and security software is generally extremely high, including network security solutions other than VPN solutions. Realistically however network security products introduced at high cost often do not satisfy performance and function requirements.

Particularly concerning function and performance, the most important factor of conventional VPN is providing security; network permeability and communications performance are not considered as important. The reason for this is, when old VPN protocol began to appear, broadband was not yet very popular but was the fastest Internet connection line available for average businesses and homes whereby speed increased from several Mbps to tens of Mbps.

Currently, even for ordinary homes, with the backbone of broadband line businesses of several tens to 100Mbps, Internet connection lines of gigabit scale are available at an extremely low price compared to several years ago. There is not that much VPN hardware and VPN products that can use these fast physical lines efficiently enough, and even the ones that dose exist are mostly installed on extremely expensive network dedicated devices.

Need for new VPN System to Compensate for Shortcomings in old VPN Protocol

Old VPN protocol includes the problems described above and various other problems. So a high function, reliable, highly flexible VPN system that can solves the problems and limitations was therefore very necessary.

1.1.4 SoftEther VPN's Advantage and Characteristics

Along with solving various limitations of old VPN solutions that has been described earlier, SoftEther VPN is the VPN software that have been waited for which have many new innovative functions with.

Features of SoftEther VPN

By just using SoftEther VPN, many of the matters such as those problems in the past could not be solved (unless you combined multiple network security products or software, and programming or developed original tools) can be realized by a simple operation.

SoftEther VPN is set to, encapsulated and tunneling communications and layer 2, in other words, to Ethernet. When SoftEther VPN is used, network devices such as conventional network adapter switching HUB and layer 3 switch are realized by software, and by connecting the tunnel called SoftEther VPN protocol based on TCP/IP protocol among them, the user can construct highly flexible VPN that was never possible with products up to now.

The operation principle of SoftEther VPN and specifications are explained by 1.4 VPN Processing Principle and Communication Method. The method of actually designing/constructing and applying various networks by SoftEther VPN is also explained in 10. Examples of Building VPN Networks.

Making various types of hardware devices on Ethernet virtual for SoftEther VPN.

Advantages of Making Ethernet Virtual

Unlike the old many VPN protocols, SoftEther VPN targets the layer 2 (Ethernet) for VPN communications. In other words, with VPN which have targeted old layer 3, encapsulated IP packets flowed through the tunnel. But with SoftEther VPN, it will encapsulated Ethernet packets flow though the tunnel.

Comparison of old VPN protocol and SoftEther VPN when base-to-base connection VPN is constructed.

1.1.5 NAT, Proxy Server and Firewall Traversal

SoftEther VPN conducts VPN communications by establishing a VPN session called a tunnel between VPN Server and VPN Client or VPN Bridge.

Packets that virtually flow in VPN session which is an Ethernet network are actually encapsulated and flow through a physical IP network. At this point, however, SoftEther VPN encapsulates random Ethernet frames to TCP/IP protocol. This point is a feature that was not present in the majority of old VPN protocols.

Also with SoftEther VPN, any TCP/IP port number can be designated and used for VPN communications. The default port numbers are 5555, 443 (for HTTPS) and 992. For details concerning TCP/IP port number designation, see 3.3 VPN Server Administration.

By conducting all VPN communication by TCP/IP, SoftEther VPN can conduct VPN communication via the majority of network gateway devices. VPN can be easily established through almost all types of NAT proxy servers and firewalls.

When SoftEther VPN is used, VPN communications can be easily and safely conducted proxy server and firewall settings even in environments that used to be hard to use VPN because of NAT.

Because it is no longer necessary to open a hole in existing firewall settings to introduce VPN, the burden on the network administrator is reduced and it helps prevent deterioration of network security due to firewall setting modifications.

Users can also safely access company LAN via free Internet connection spots, such as destination stations and airport hotels when they take along a laptop computer installed with VPN Client. Because many free Internet connection spots have introduced NAT or firewall transparent proxy servers, VPN protocol could not be used in many cases before. however they can be used without worry by equipping the SoftEther VPN.

Passage through NAT proxy server or firewall by SoftEther VPN.

1.1.6 Stability and Security

As it was previously mentioned, SoftEther VPN uses TCP/IP protocol only for VPN communications and any Ethernet frames can be tunneled. When VPN communication is carried out, SoftEther VPN encrypts all data by Internet standard encryption protocol which is called Secure Socket Layer (SSL). At this time the system administrator can use any encryption algorithm of electronic signature algorithm administrator chooses. For details see 3.3 VPN Server Administration.

With SoftEther VPN, its not only communications encrypted, but security concerning user authentication and server authentication are bolstered. SoftEther VPN supports user authentication by using the RADIUS servers used by companies, NT domain / Active Directory and certificate authentication using X509 and RSA. Also supports some smart cards used for purposes which is deemed necessary for high security. For details see 1.5 Strong Security Features.

Protocol that has been used for transmitting VPN communications packets and security checks such as user authentication actually flowing through a physical IP network during VPN communications is called SoftEther VPN protocol. SoftEther VPN protocol is not only encrypts all communication contents by SSL, but it establishes several simultaneous SSL connections established between VPN Server and VPN Client or with VPN Bridge. Also by altering the timing by a certain interval and reconnecting, it is able to stably communicate through some special network devices whereby TCP/IP connection which is lost for a certain time interval. Stable VPN communication can also be carried out with telephone lines with high packet loss rate, some ADSL, PHS, wireless LAN, etc. For details see 4.4 Making Connection to VPN Server.

User authentication by SoftEther VPN protocol.

1.1.7 High-speed Communications Throughput

Many older VPN protocols focused only on providing security, but it appears that communications throughput does not tend to be high when VPN communications are carried out.

SoftEther VPN is optimized to exhibit high performance for any line from low speed lines, ISDN and PHS to high speed lines such as 100Mbps and 1.0Gbps. For example, it can be exhibit throughput of several hundred Mbps for a computer with a Pentium 4 2.8GHz processor currently available for a low price even by using a VPN Server.

Problems like decline or marked delay in throughput due to re-transmission of TCP/IP protocol previously is used for tunnel communications for VPN which has been discussed in several theses, has been improved by technology to establish multiple parallel TCP/IP connections between VPN Server and VPN Client or with VPN Bridge. For details see 4.4 Making Connection to VPN Server.

1.1.8 Advanced Function and Expandability

Many older VPN products only realized VPN communications. For example, advanced function such logging all packets flowing inside VPN, conducting packet filtering inside VPN communications, or applying a highly flexible security policy are extremely rare.

With SoftEther VPN, software of VPN Server, VPN Client, etc., are equipped with extremely advanced functions. For example, the following functions can be easily set and used, and can be used for limiting VPN communications, network administration or other purposes.

Flexible adjustment of communication parameters of SoftEther VPN protocol
Logging VPN operation log or the contents of some packets
Advanced security functions
VPN communications monitoring
Handling large environments by clustering
Flexible user authentication
Layer 3 switching function, virtual NAT and virtual DHCP server function
Administration automation
Others

Details concerning these functions are provided in other sections of this chapter and 2. SoftEther VPN Essential Architecture, 3. SoftEther VPN Server Manual and 4. SoftEther VPN Client Manual, etc.

With SoftEther VPN, the majority of these functions are provided in software rather than certain hardware. The internal program structure is meticulously formed into modules thus facilitating addition of new functions in the future, and this will be much more expandable than hardware-based VPN solutions.

1.1.9 Platform Independence and Interchangeability

SoftEther VPN currently supports various types of operating systems and CPU combinations so it can run on various platforms. With the exception of a few limitations, SoftEther VPN works the same without dependency on CPU type or platform such as Windows, Linux, FreeBSD, Solaris and Mac OS X.

The SoftEther VPN program code is written in highly interchangeable C and is programmed so as not to be dependent on a certain operating system. SoftEther VPN currently supports the operating environment indicated in Specifications, but will be supporting even more operating systems and CPU hardware in the future. Also facilitates integration of network appliances such as routers and firewalls.

SoftEther VPNs that operate in various environments can also be reliably connected with each other via the Internet. Thus if you construct a VPN that using SoftEther VPN, when the number of systems or devices that supports SoftEther VPN increased, mutual connect ability will be technically maintained with the systems

1. SoftEther VPN Overview

1.1 What is SoftEther VPN?

1.2 SoftEther VPN Components

1.3 SoftEther VPN is Open Source

1.4 VPN Processing Principle and Communication Method

1.5 Strong Security Features

1.6 VPN Communication Details

1.7 Large Load VPN by Clustering

1.8 Multilanguage Support

1.9 VoIP / QoS Support Function