SoftEther VPN - an advanced multi-protocol VPN server and client
How soon can I be interested in you if I say that this article will deal with a VPN server that can raise L2TP / IPsec, OpenVPN, MS-SSTP, L2TPv3, EtherIP servers, and also has its own SSL-VPN protocol ”, Which is indistinguishable from normal HTTPS traffic (which is not the case with OpenVPN handshake, for example), can work not only via TCP / UDP, but also via ICMP (like pingtunnel, hanstunnel) and DNS (like iodine), works faster (by the developers' assurances of the current implementations, builds L2 and L3 tunnels, has a built-in DHCP server, supports both kernel-mode and user-mode NAT, IPv6, shaping, QoS, cluster polarization, load balancing and fault tolerance, can be run under Windows, Linux, Mac OS, FreeBSD, and Solaris, and is Open-Source project under GPLv2?
That's it. This is not to be missed.
Most likely, you have not heard about this project before. The fact is that Daiyu Nobori (登 大 遊) began to develop it as soon as he went to Tsukubi University, and PPTP did not work from the campus network. In 2003, when he was 18 years old, he released the first version of SoftEther, and the government of Japan ran into him, who believed that this project can be regarded as almost no malware, because it allows you to bypass the firewalls (OpenVPN was still just appearing at that time), and could also “harm the image of other VPN products” and prohibited distribution of the program. He tried to explain himself, but because Because of this, he could have been expelled from the university, he did not strongly insist and removed the program from free access. It takes some time, and Mitsubishi Materials Corporation offers to buy SoftEther 1.0 from it and sign a contract for 10 years (April 2004-April 2014), which gives the corporation the right to sell SoftEther and forbids Daiyu Nobori to sell the program and / or based on it, but March 2013, he begins to distribute SoftEther for free, and only recently (January 4, 2014) was it able to open under GPLv2. Unfortunately, there are still some problems with copyright, so in SoftEther until April 2014 you probably won't see some important functions: Radius / Active Directory authentication, RSA key authentication, DoS protection, Source IP ACL, Syslog Transfer and Deep-inspect packet logging.
')
A little more detail about the capabilities of the server:
According to the author, SoftEther runs faster than reference implementations.
The software consists of a server, a bridge server, a client, a GUI (Windows only), and a CUI of administration utilities. The client is needed to connect one computer to a LAN (Remote Access VPN), and a bridge server to connect two or more networks (Site-to-Site VPN). Unfortunately, CUI is not yet well documented and I could not start the server only from CUI, I had to use the Windows version of the server and the GUI utility. It should be noted that the GUI utility can work not only with the local server, i.e. you can run the server itself on Linux, and administer it through a GUI utility under Windows. In the GUI, there are only basic settings; to change advanced settings, you will have to go into the config or use CUI.
Here are some GUI screenshots, so that there is an idea of what the server can do and how everything is easily configured.
Server management window
Hub control window
Editing user
ACL with the ability to simulate packet loss and jitter
User Security Policy
Configuring SecureNAT
L2TP / IPSec configuration
Configuring OpenVPN and SSTP
The VPNGate project was created to bypass blocking by an administrator, provider or government. You can run the SoftEther server, tick off “use vpngate”, and users who need a free VPN will be able to find your server in the VPNGate directory and connect to it, while they will not be able to access a range of private addresses like 192.168.0.0 / 16, but only up to the Internet. Also, SoftEther writes logs of users who use your server through VPNGate.
That's probably all. I look forward to April, which I hope will bring support, at a minimum, with Radius and certificates.
On the site, although there is little documentation on how to tweak SoftEther, it is very clear, detailed and interesting about the networks and VPN in general. If you are good with English and you want to learn more about VPN, do not be lazy, read the documentation on the project website. Well, or at least look at the pictures.
SoftEther VPN
Github repository
That's it. This is not to be missed.
Uh-oh, what is this thing?
Most likely, you have not heard about this project before. The fact is that Daiyu Nobori (登 大 遊) began to develop it as soon as he went to Tsukubi University, and PPTP did not work from the campus network. In 2003, when he was 18 years old, he released the first version of SoftEther, and the government of Japan ran into him, who believed that this project can be regarded as almost no malware, because it allows you to bypass the firewalls (OpenVPN was still just appearing at that time), and could also “harm the image of other VPN products” and prohibited distribution of the program. He tried to explain himself, but because Because of this, he could have been expelled from the university, he did not strongly insist and removed the program from free access. It takes some time, and Mitsubishi Materials Corporation offers to buy SoftEther 1.0 from it and sign a contract for 10 years (April 2004-April 2014), which gives the corporation the right to sell SoftEther and forbids Daiyu Nobori to sell the program and / or based on it, but March 2013, he begins to distribute SoftEther for free, and only recently (January 4, 2014) was it able to open under GPLv2. Unfortunately, there are still some problems with copyright, so in SoftEther until April 2014 you probably won't see some important functions: Radius / Active Directory authentication, RSA key authentication, DoS protection, Source IP ACL, Syslog Transfer and Deep-inspect packet logging.
')
Description
A little more detail about the capabilities of the server:
- Many virtual hubs. Those. Not every server instance serves only its clients, but everything is in the limit of one server.
- Remote-Access (client-to-LAN) and Site-to-Site (combining two or more LANs into one) tunnels.
- Support L2TP / IPsec, OpenVPN, MS-SSTP, L2TPv3, EtherIP and its protocol
- VPN via ICMP and via DNS (only through its own protocol)
- Dynamic DNS and NAT Traversal via free relay ( yes, you can raise a VPN server with a gray IP! )
- Logging
- Built-in firewall
- IPv6 support in L3 mode (and of course in L2 too)
- Shaping traffic by user groups or by specific users
- SecureNAT (NAT user space and DHCP server). Conveniently on non-server Windows
- VLAN support
- QoS support with automatic prioritization
According to the author, SoftEther runs faster than reference implementations.
The software consists of a server, a bridge server, a client, a GUI (Windows only), and a CUI of administration utilities. The client is needed to connect one computer to a LAN (Remote Access VPN), and a bridge server to connect two or more networks (Site-to-Site VPN). Unfortunately, CUI is not yet well documented and I could not start the server only from CUI, I had to use the Windows version of the server and the GUI utility. It should be noted that the GUI utility can work not only with the local server, i.e. you can run the server itself on Linux, and administer it through a GUI utility under Windows. In the GUI, there are only basic settings; to change advanced settings, you will have to go into the config or use CUI.
Here are some GUI screenshots, so that there is an idea of what the server can do and how everything is easily configured.
Server management window
Hub control window
Editing user
ACL with the ability to simulate packet loss and jitter
User Security Policy
Configuring SecureNAT
L2TP / IPSec configuration
Configuring OpenVPN and SSTP
VPNGate
The VPNGate project was created to bypass blocking by an administrator, provider or government. You can run the SoftEther server, tick off “use vpngate”, and users who need a free VPN will be able to find your server in the VPNGate directory and connect to it, while they will not be able to access a range of private addresses like 192.168.0.0 / 16, but only up to the Internet. Also, SoftEther writes logs of users who use your server through VPNGate.
Conclusion
That's probably all. I look forward to April, which I hope will bring support, at a minimum, with Radius and certificates.
On the site, although there is little documentation on how to tweak SoftEther, it is very clear, detailed and interesting about the networks and VPN in general. If you are good with English and you want to learn more about VPN, do not be lazy, read the documentation on the project website. Well, or at least look at the pictures.
SoftEther VPN
Github repository
Source: https://habr.com/ru/post/208782/
All Articles