SoftEther VPN is an open-source VPN solution that offers a wide range of authentication and connectivity options for multiple operating systems. It can also be used with mobile devices running iPadOS, IOS, Android, and Windows Mobile operating systems.

SoftEther provides a suitable alternative VPN technology to OpenVPN and Microsoft Windows VPN Server installed using the Routing and Remote Access Role in Windows Server. It has many strengths, including fast throughput, low latency, and firewall resistance.

Features of SoftEther ^

Note some of the features of the SoftEther VPN platform:

  • Free and open source
  • Allows creating site-to-site and remote-access VPN connections
  • Access highly network-restricted public Wi-Fi networks through VPN over ICMP and VPN over DNS
  • Perform Ethernet bridging and Layer 3 over VPN
  • Dynamic DNS and NAT traversal are embedded
  • Strong AES 256-bit and RSA 4096-bit encryption capability
  • Logging and firewall features in the VPN tunnel
  • Supports multiple operating systems: Windows, Linux, Mac, Android, iPhone, iPad, and Windows Mobile
  • Supports multiple underlay protocols: OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3, and EtherIP
  • Clone OpenVPN connections
  • Dual IPv4 and IPv6 stack capable
  • GUI configuration
  • RADIUS/NT Domain user authentication

SoftEther architecture ^

SoftEther relies on a unique architecture that resembles the physical network card, Ethernet cable, and Ethernet switch. The name SoftEther comes from how the VPN solution virtualizes Ethernet devices to create a software-based virtual private network tunnel.

SoftEther VPN architecture

SoftEther VPN architecture

The SoftEther VPN provisions a virtual network adapter as a software-emulated Ethernet network adapter. The Virtual Ethernet Switch emulates a traditional Ethernet switch, called a Virtual Hub in SoftEther terminology, and the VPN session is instantiated as a virtual Ethernet cable between the virtual network adapter and the emulated virtual switch.

SoftEther VPN traffic is encrypted using SSL. In addition, it uses what they call VPN over HTTPS technology, making it highly resilient to overly intrusive firewalls between the VPN client and the VPN server.

Installing the SoftEther VPN Server ^

In the following walkthrough, I will set up the SoftEther VPN Server on a Windows Server virtual machine. But first, you need to download the SoftEther VPN installation. You can find the download here.

Downloading the SoftEther server installation

Downloading the SoftEther server installation

The installation of the SoftEther VPN server is straightforward. A more detailed configuration takes place after installation.

Beginning the installation of the SoftEther VPN Server

Beginning the installation of the SoftEther VPN Server

Choose the VPN Server option. The Server Manager is automatically installed with either the VPN Server or VPN Bridge options.

Choosing the SoftEther VPN Server installation

Choosing the SoftEther VPN Server installation

Choose the installation directory, and click Next to begin the installation of SoftEther VPN Server.

After the installation finishes, you will see a screen stating, "The setup process of SoftEther VPN Server has completed successfully." You can leave the checkbox checked to start the VPN Server Manager. Click Finish.

Installation successfully completed ready to launch SoftEther VPN Server Manager

Installation successfully completed ready to launch SoftEther VPN Server Manager

Configuring SoftEther Server ^

After installation, there are a few configuration items that you need to take care of to allow remote connections. To avoid the point of confusion I had when configuring, instead of clicking the Edit Setting button, you need to double-click the localhost entry in the VPN Server list to set up the VPN connection.

Configuring the SoftEther VPN Server settings

Configuring the SoftEther VPN Server settings

This launches the SoftEther VPN Server / Bridge Easy Setup wizard. I am testing the Remote Access VPN Server. Place a check in the role you want to configure for the VPN server.

Configuring the remote access VPN server

Configuring the remote access VPN server

After you click Next, you will see a message to initialize the server. Click Yes.

Initializing the SoftEther VPN Server settings

Initializing the SoftEther VPN Server settings

You will be asked to name the SoftEther Virtual Hub.

Name the Virtual Hub in SoftEther VPN Server

Name the Virtual Hub in SoftEther VPN Server

As part of the SoftEther VPN solution, you will be provided a Dynamic DNS name you can use to connect to your remote host if needed.

Viewing the SoftEther VPN Server Dynamic DNS settings

Viewing the SoftEther VPN Server Dynamic DNS settings

The VPN Easy Setup Tasks screen launches after you view the above dialog boxes. You will see the three-step process defined on the Easy Tasks Setup screen. First, you need to create VPN users to connect to the solution.

Configure SoftEther VPN Server users

Configure SoftEther VPN Server users

Below is an example of the Create New User screen. SoftEther provides myriad authentication options that can be used for the VPN connection.

Configuring the settings of a new user account in SoftEther

Configuring the settings of a new user account in SoftEther

If you are not creating a site-to-site VPN, Step 2 is grayed out. You then need only set the local bridge connection. Choose the network adapter in the drop-down menu.

Setting the local bridge network connection

Setting the local bridge network connection

SoftEther indicates that if you are using a virtual machine for your SoftEther VPN server, you may need to enable promiscuous mode for the vSwitch connected to the SoftEther VM.

Installing and connecting the SoftEther VPN client ^

First, download the SoftEther VPN Client. Again, you can find the download here.

In the first step of the setup, choose to install the SoftEther VPN Client.

Choose to install the SoftEther VPN client

Choose to install the SoftEther VPN client

Click Next through the EULA and informational screens until the solution is installed.

After installation, I simply double-clicked Add VPN Connection.

Add VPN connection to the SoftEther VPN Client

Add VPN connection to the SoftEther VPN Client

However, SoftEther will let you know that you need to create a virtual network adapter. Click Yes.

Create a virtual network adapter

Create a virtual network adapter

Name the VPN connection. From the message SoftEther displays, you need to name the connection VPN, along with a number of multiple VPN connections.

Name the new virtual network adapter

Name the new virtual network adapter

After creating the virtual network adapter in SoftEther, you can view your network connections and see the new virtual network adapter listed. Note that it shows "unplugged" since we are not connected to a VPN.

Virtual network adapter created in Windows

Virtual network adapter created in Windows

Now that we have the virtual network adapter created, we can double-click the Add VPN Connection once again.

Virtual network adapter is created successfully

Virtual network adapter is created successfully

This launches the New VPN Connection Setting Properties dialog box. You will need to enter the details for the SoftEther VPN server, including the hostname, port number, and Virtual Hub name. Also, make sure you choose the type of authentication configured for the new user created during the SoftEther VPN Server configuration.

Enter the details for the new SoftEther VPN connection

Enter the details for the new SoftEther VPN connection

Now, the VPN connection is successfully created, but it is offline. It is expected to be offline since we are not yet connected to the VPN Server.

Simply double-click the VPN connection, and it will automatically establish a connection to your SoftEther VPN server.

Successfully connected to the SoftEther VPN Server from a Windows client

Successfully connected to the SoftEther VPN Server from a Windows client

Wrapping up and final thoughts ^

The SoftEther VPN solution is an obscure but fully featured VPN solution that offers a unique take on VPN connections, site-to-site VPN, and VPN bridges.

We only scratched the surface of the configuration options in the walkthrough. There are plenty of settings for connectivity and authentication embedded in the solution, making traversing edge firewalls and other connectivity challenges much easier.

Subscribe to 4sysops newsletter!

You can learn more about SoftEther and download the solution here.

avatar
1 Comment
  1. Surender Kumar 4 months ago

    SoftEther VPN is indeed a great open source project for small businesses who can’t really afford the expensive VPN products. I used it for years but eventually stopped using since it lacked the user account lockout and a few other security settings.

    avatar

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account