- ManageEngine OpManager: Comprehensive monitoring for on-prem, cloud, and containers - Thu, Mar 23 2023
- Install K3s, a lightweight, production-grade Kubernetes distro - Mon, Mar 20 2023
- VMware NSX Advanced Load Balancer: Installation and configuration - Fri, Mar 10 2023
SoftEther provides a suitable alternative VPN technology to OpenVPN and Microsoft Windows VPN Server installed using the Routing and Remote Access Role in Windows Server. It has many strengths, including fast throughput, low latency, and firewall resistance.
Features of SoftEther
Note some of the features of the SoftEther VPN platform:
- Free and open source
- Allows creating site-to-site and remote-access VPN connections
- Access highly network-restricted public Wi-Fi networks through VPN over ICMP and VPN over DNS
- Perform Ethernet bridging and Layer 3 over VPN
- Dynamic DNS and NAT traversal are embedded
- Strong AES 256-bit and RSA 4096-bit encryption capability
- Logging and firewall features in the VPN tunnel
- Supports multiple operating systems: Windows, Linux, Mac, Android, iPhone, iPad, and Windows Mobile
- Supports multiple underlay protocols: OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3, and EtherIP
- Clone OpenVPN connections
- Dual IPv4 and IPv6 stack capable
- GUI configuration
- RADIUS/NT Domain user authentication
SoftEther architecture
SoftEther relies on a unique architecture that resembles the physical network card, Ethernet cable, and Ethernet switch. The name SoftEther comes from how the VPN solution virtualizes Ethernet devices to create a software-based virtual private network tunnel.
SoftEther VPN architecture
The SoftEther VPN provisions a virtual network adapter as a software-emulated Ethernet network adapter. The Virtual Ethernet Switch emulates a traditional Ethernet switch, called a Virtual Hub in SoftEther terminology, and the VPN session is instantiated as a virtual Ethernet cable between the virtual network adapter and the emulated virtual switch.
SoftEther VPN traffic is encrypted using SSL. In addition, it uses what they call VPN over HTTPS technology, making it highly resilient to overly intrusive firewalls between the VPN client and the VPN server.
Installing the SoftEther VPN Server
In the following walkthrough, I will set up the SoftEther VPN Server on a Windows Server virtual machine. But first, you need to download the SoftEther VPN installation. You can find the download here.
Downloading the SoftEther server installation
The installation of the SoftEther VPN server is straightforward. A more detailed configuration takes place after installation.
Beginning the installation of the SoftEther VPN Server
Choose the VPN Server option. The Server Manager is automatically installed with either the VPN Server or VPN Bridge options.
Choosing the SoftEther VPN Server installation
Choose the installation directory, and click Next to begin the installation of SoftEther VPN Server.
After the installation finishes, you will see a screen stating, "The setup process of SoftEther VPN Server has completed successfully." You can leave the checkbox checked to start the VPN Server Manager. Click Finish.
Installation successfully completed ready to launch SoftEther VPN Server Manager
Configuring SoftEther Server
After installation, there are a few configuration items that you need to take care of to allow remote connections. To avoid the point of confusion I had when configuring, instead of clicking the Edit Setting button, you need to double-click the localhost entry in the VPN Server list to set up the VPN connection.
Configuring the SoftEther VPN Server settings
This launches the SoftEther VPN Server / Bridge Easy Setup wizard. I am testing the Remote Access VPN Server. Place a check in the role you want to configure for the VPN server.
Configuring the remote access VPN server
After you click Next, you will see a message to initialize the server. Click Yes.
Initializing the SoftEther VPN Server settings
You will be asked to name the SoftEther Virtual Hub.
Name the Virtual Hub in SoftEther VPN Server
As part of the SoftEther VPN solution, you will be provided a Dynamic DNS name you can use to connect to your remote host if needed.
Viewing the SoftEther VPN Server Dynamic DNS settings
The VPN Easy Setup Tasks screen launches after you view the above dialog boxes. You will see the three-step process defined on the Easy Tasks Setup screen. First, you need to create VPN users to connect to the solution.
Configure SoftEther VPN Server users
Below is an example of the Create New User screen. SoftEther provides myriad authentication options that can be used for the VPN connection.
Configuring the settings of a new user account in SoftEther
If you are not creating a site-to-site VPN, Step 2 is grayed out. You then need only set the local bridge connection. Choose the network adapter in the drop-down menu.
Setting the local bridge network connection
SoftEther indicates that if you are using a virtual machine for your SoftEther VPN server, you may need to enable promiscuous mode for the vSwitch connected to the SoftEther VM.
Installing and connecting the SoftEther VPN client
First, download the SoftEther VPN Client. Again, you can find the download here.
In the first step of the setup, choose to install the SoftEther VPN Client.
Choose to install the SoftEther VPN client
Click Next through the EULA and informational screens until the solution is installed.
After installation, I simply double-clicked Add VPN Connection.
Add VPN connection to the SoftEther VPN Client
However, SoftEther will let you know that you need to create a virtual network adapter. Click Yes.
Create a virtual network adapter
Name the VPN connection. From the message SoftEther displays, you need to name the connection VPN, along with a number of multiple VPN connections.
Name the new virtual network adapter
After creating the virtual network adapter in SoftEther, you can view your network connections and see the new virtual network adapter listed. Note that it shows "unplugged" since we are not connected to a VPN.
Virtual network adapter created in Windows
Now that we have the virtual network adapter created, we can double-click the Add VPN Connection once again.
Virtual network adapter is created successfully
This launches the New VPN Connection Setting Properties dialog box. You will need to enter the details for the SoftEther VPN server, including the hostname, port number, and Virtual Hub name. Also, make sure you choose the type of authentication configured for the new user created during the SoftEther VPN Server configuration.
Enter the details for the new SoftEther VPN connection
Now, the VPN connection is successfully created, but it is offline. It is expected to be offline since we are not yet connected to the VPN Server.
Simply double-click the VPN connection, and it will automatically establish a connection to your SoftEther VPN server.
Successfully connected to the SoftEther VPN Server from a Windows client
Wrapping up and final thoughts
The SoftEther VPN solution is an obscure but fully featured VPN solution that offers a unique take on VPN connections, site-to-site VPN, and VPN bridges.
We only scratched the surface of the configuration options in the walkthrough. There are plenty of settings for connectivity and authentication embedded in the solution, making traversing edge firewalls and other connectivity challenges much easier.
Subscribe to 4sysops newsletter!
You can learn more about SoftEther and download the solution here.
SoftEther VPN is indeed a great open source project for small businesses who can’t really afford the expensive VPN products. I used it for years but eventually stopped using since it lacked the user account lockout and a few other security settings.