Consider installing and VPN setup SoftEther VPN server on Windows. SoftEther VPN allows you to network various devices, as it supports almost all popular network protocols.

Setting up SoftEther VPN client-server topology.

The VPN server here will be the central node to which clients will connect to gain access during internal network. Download the latest RTM version and run the installation. Select the line SoftEther VPN Server and click next.


Here we tick the Remote Access VPN Server.

Then enter the name of the virtual hub.

The next step is to configure the dynamic DNS feature, you can turn it off later.

Then, if necessary, we set up an L2TP connection, specify the IPsec shared key.

Next comes setting up Azure VPN - it's free cloud service, which allows you to establish a VPN connection to the server in the absence of an external ip address and open ports. To connect through it, you must specify the Azure VPN domain ID and port 443.

The last step is to specify the physical network interface that is connected to the local network.

Now you can configure accounts and TCP listening ports in the virtual hub. Port 5555 cannot be deleted, because a local server management client is connected through it. You can read about how to open the necessary ports in the router in the article.







In order to set up accounts, click Manage Virtual Hub, then Manage Users, create a new user. Enter a name, and also set the type of authentication. The following authentication types are supported: anonymous, password, individual certificate, signed certificate, RADIUS server authentication, and Windows NT domain controller. For example, let's create a user Test with password protection.



Setting up VPN clients.

On the client computer Let's set up a connection using the L2TP/IPsec protocol with a shared key.

By default, clients are assigned IP addresses in the same range. DHCP servers, to which the VPN server is connected.

It should be noted that SoftEther VPN has its own VPN client, which, according to the developer, is faster and encrypts traffic using SSL. Thus, it is difficult to distinguish it from HTTPS, hence the VPN will work even on networks where other protocols are blocked.
Installing and configuring your own client is quite simple. After standard installation client, click the Add VPN Connection item and agree to create a virtual network adapter.




Next, write the name of the adapter.




Then a window for creating a new VPN connection will appear, specify here the server address, port, virtual hub name on the server and user credentials.



If suddenly, when connecting VPN connections the local network becomes unrecognized, then you need to click Advanced Settings (see the picture above) and check the box No Adjustments of Route Table. You can also change priorities network connections, more details in the article.




That's all, thanks for your attention.

Those who are willing to sacrifice essential freedom for a modicum of temporal security deserve neither freedom nor security.

Connecting to the SE VPN server using a graphical manager

We launch the utility for graphical management and connect to the server part. If the connection is made for the first time, then the password can be omitted. The system will ask you to install it in the next step.

Setting a new password for the server

Creating a new user in SE VPN

As a small bonus: SE VPN allows you to allow not only one single administrator to manage the server, but also a number of auxiliary persons. Each Virtual Hub can be connected to individual administrators, who will be limited in the settings to only the selected Hub. Which is very useful when creating and maintaining large networks based on SE VPN.

Peculiarities

But SoftEther VPN, for all its beauty, has some features that you need to understand, otherwise serious configuration problems may arise. The first thing I want to note stems from the fact that SE VPN works in User Space. For Windows environments the remark is not important, but for Unix/Linux/MacOS, the operation of the software in user space imposes a certain limitation. No matter how hard you try, you will not be able to reach the Host machine from the tunnel. No, the tunnel, and everything connected with it, will work. But you won’t be able to go through the tunnel to a computer with a VPN server. Nothing can be done here, this is the behavior of By Design. In this case, the developers recommend installing a second physical adapter on the Host and organizing a tunnel to it, and only then, using internal routing, forward the traffic where it should be.

Promiscuous Mode Warning

Another limitation is the need to use the so-called. promiscuous mode for the network adapter. In this mode, the network adapter, or rather it software, will not drop network packets that are not intended directly for this computer, but will pass them on for further processing. In general, the use of promiscuous mode is neither a problem nor a threat. In a “switched” network, and these are the majority now, you don’t receive other people’s packets. However, in cases where the highest performance is required from the network adapter, then promiscuous mode is not used. But in this case, only a single application “spins” on the computer itself, for example, a highly loaded application server or a database server.

Setting up promiscuous mode in Virtual Box

The remark about promiscuous mode is also valid for virtualization environments. For SE VPN to work, you must enable promiscuous mode in the settings virtual machine or its virtual network card. For example, in latest versions VirtualBox promiscuous mode is enabled in network settings. In older versions, this procedure is performed via the command line.

When setting up SE VPN, very often you perform a tunnel health check simply by running the command ping with the address of the machine on the other side of the tunnel. But there is a peculiarity here. If there is a Windows machine on the other side, then when creating an L3 tunnel using different networks, it will not work just to check its availability. The fact is that Windows, by default, using the built-in Firewall, prohibits receiving and sending ICMP packets from networks other than the one in which the machine itself works. Therefore, you have to shaman with firewall or with security policies.

Well, the main thing you have to deal with is when connecting with mobile device you need to remember that in this case connections are available either via IPsec or via OpenVPN. AT this moment there is no implementation of SoftEther VPN to run on Android or iOS, at least the official versions.

When installing SE VPN on a Windows operating system, virtual network adapters, through which SE VPN interacts with the outside world. With the help of standard Windows tools you can manage these adapters, for example, remove or add the necessary protocols, change their settings. It is important not to overdo it, otherwise inexplicable problems may arise during the operation of SE VPN.

VPN Gate

I especially want to dwell on the VPN-Gate service and technology. VPN-Gate is an affiliate product with SoftEther VPN. It runs entirely on SE technologies and is integral part project. But this is de facto, de jure, they are not connected in any way, except that the VPN-Gate project exists under the wing of the same University of Tsukuba in Japan. VPN-Gate brings together volunteers from around the world to provide SE VPN connections for all sufferers from countries with overly controlled VPN traffic. If you cannot get to any of the sites, it is simply blocked in your country, then using VPN-Gate you can get to its content.

The speeds provided by volunteers are certainly not so hot, but such access is better than none. And all those who need high-speed access via VPN can buy a paid one for themselves. VPN service in the jurisdiction they are interested in, since such offers are full of all the nooks and crannies of the network. To join the “free VPN cloud”, as it is called on the site, you just need to install SoftEther VPN on your computer and enable just one checkbox. And your server will stand on a par with other daredevils distributing access to the network from their servers. Indeed, according to the laws of many countries, if a cybercrime is committed through such a good "Samaritan", then he may well go as an accomplice. On the other hand, I can hardly imagine how some bearded ISIS man uses a free VPN cloud from his iPhone somewhere in the middle of the Syrian desert and commits a terrible crime.

However, the VPN-Gate project takes on a very specific role in protecting the privacy of citizens. And everyone who is not indifferent to cracking down on the Internet can join the list of volunteers. At the time of this writing, February 2017, almost 9,000 volunteers offer their services for unregulated access to the network through a VPN cloud for free. During the existence of the project through the "cloud" users were able to pump over 67 thousand TB of data over 3 billion connections, and there are 232 countries from .

The presence at the top of the list of China is quite justified. The party leadership protects citizens from the harmful effects of YouTube, Facebook and Google. But I can’t explain the first place in South Korea. And the US is in the top three. Apparently the rule of Obama and the atrocities of the NSA brought a rustle to the network. Russia is in the rightful 12th place in the list, Ukraine is 21st, ahead of Germany by a point, and Kazakhstan is 34th.

You can connect to the VPN-Gate VPN cloud either through the SoftEther VPN product itself, or you can use OpenVPN services, or use the standard L2TP/IPsec, MS-SSTP protocols. By the way, android users or iPhone / iPad can use standard tools built into operating systems, or use specialized software that facilitates the process of connecting to distribution points in VPN-Gate, for example, this one.

Softether VPN Client Manager is a program for changing the IP address and selecting a server to connect manually or automatically. You can download Softefer VPN client manager for free for Windows OS. To get started, you need an Internet connection, otherwise, when you start the program, a corresponding entry will appear. Next, the current address, country and provider will be displayed on the screen. Next, the user can select a server through which the traffic will be redirected. You can do this manually or use the authentic mode. What is the difference? The Russian version will help you quickly learn the hardware of the application, which is already as simplified as possible. Manual mode is designed for independent selection of the country and region of connection. To do this, just double-click on the desired line in the list, and the connection will begin.

Auto mode does everything on its own. It determines the most suitable bridge for the connection and connects. All traffic ─ outgoing and incoming ─ is redirected through the “mirror”, another server. With a stable and high-quality connection, the delay between commands is imperceptible. You can download Softether VPN Client in Russian in free access via a direct link. The installer is suitable for x32 and x64 inclusive. How does the program work? The client redirects the connection through "mirrors". The user connects to a server in another country, then to the site he needs.

The sequence is as follows: a request from the computer to the server mask, from it to the site and back through the server to the computer. Therefore, the site displays a different address, and not the actual one. It is enough just to download Softether VPN Client Manager to your computer once and forget about blocking forever. The program can work both permanently and when accessed. Does not load RAM and processor, works quickly and efficiently. The product is fully compatible with all OS versions and does not require additional software.

The advantages of the application are as follows:

  • Russian language;
  • simple and convenient interface;
  • support for popular protocols;
  • stable connection;
  • auto resume on break.

SoftEther VPN Server version 4.20.9608 (stable release, i.e. not beta) - softether-vpnserver_vpnbridge-v4.20-9608-rtm-2016.04.17-windows-x86_x64-intel.exe.

OS version - Windows 7 Professional x64 SP1.

SoftEther VPN Server - VPN server on Windows installation and configuration

SoftEther VPN Server software product allows you to easily and quickly get a VPN server on Windows. This allows you to combine various devices, servers and computers into one network (virtual). Moreover, all these devices can be physically located anywhere in the world. The article covers the installation and configuration of SoftEther VPN Server on Windows. SoftEther VPN Server is a freeware product.

Usually a VPN server is used for an organization remote access to the enterprise network from home or other remote networks(offices) of the organization. Any other devices that are allowed access, such as a mobile phone, can also connect to this network. Those. may with mobile phone Log in to the desktop of your work computer. Therefore, often, the VPN server is the central node to which clients connect in order to gain access to the internal network of the enterprise.

Installing SoftEther VPN Server on Windows

The distribution kit can be taken from here - SoftEther Download Center. Please note that the download page displays beta versions of the product first.

Download and run - softether-vpnserver_vpnbridge-v4.20-9608-rtm-2016.04.17-windows-x86_x64-intel.exe

Select here - SoftEther VPN Server.

SoftEther VPN Server Manager (Admin Tools Only) - you can install not the server itself, but only its administration tools, for example, on workstation administrator.

SoftEther VPN Bridge - SoftEther VPN Server can work as a bridge between networks (not covered in this article).

Agree to the license

All the most key technical details are described here - you can read it.

Here you can select the folder where SoftEther VPN Server will be installed and choose whether it will be installed for a specific user or for all users on the computer.

Configuring SoftEther VPN Server

SoftEther VPN Server Manager can always be launched startAll programsSoftEther VPN ServerSoftEther VPN Server Manager.

At startup, you will see a list of connections to SoftEther VPN Server servers. Here you can create new connections or change the parameters of existing connections. To do this, you need to select a specific connection (in this example it is one) and press Edit Setting.

Here you can set the settings for a specific connection.

1. Connection name

2. Server name where SoftEther VPN Server is installed or its ip-address + port.

3. Direct connection to the server or through a proxy.

4. This is a connection to a server or hub. This article focuses on a single server, hence Server Admin Mode.

Connect to server. To do this, on the main screen of SoftEther VPN Server Manager, click Connect. The first time you connect, a wizard will start to help you set up the VPN server.

Choose Remote Access VPN Server.

Here you enter the name of the virtual hub (it's like a piece of iron to which everyone joins). Let it be as it is.

You can set up a connection to Azure Cloud. This article does not cover this, so select Disable VPN Azure.

Select in point 3 network card on a server that looks at the Internet.

You also need to create a user under which everyone will connect to the VPN server. You can have one for all or for each of your own.

Click to create a user. Create User. The figure highlights the fields for creating a user with password authentication.

1. Enter username

2. You can set a group for the user and an expiration date for this account(i.e. access to someone can be granted for a while).

3. Select the type of authentication - Password Authentication.

4. You can adjust specific permissions for the user.

5. Set a password for the user.

6. You can manage an individual certificate for authentication for a specific user.

7. Settings for the signed certificate.

Exit form VPN Easy Setup Tasks- click Close.

If you install SoftEther VPN Server on virtual server, the following window may appear. In which it is warned that you need to make sure that Promiscuous Mode is enabled for this virtual machine and is not prohibited. If this is not the case, it must be enabled and allowed.

The server is ready to work, and now when connecting to the server through SoftEther VPN Server Manager, you will see the following window.

If you change the ports through which users connect - open these ports in any firewall that you have between the client and the server. In the firewall operating system Windows installation of SoftEther VPN Server Manager automatically creates a rule for C:\Program Files\SoftEther VPN Server\vpnserver_x64.exe.

Connecting Clients to SoftEther VPN Server

To connect clients to SoftEther VPN Server, you can use both the built-in OS tools using the L2TP/IPsec connection with a shared key, and the native SoftEther VPN Client. Which, according to the developers, is faster and encrypts traffic using SSL. Those. VPN can work even in networks where protocols other than HTTPS are prohibited.