SoftEther VPN software

Speed in the Tunnel

Managing SoftEther Environments

SoftEther server administrative operations are divided into two types: Server management and administration of virtual hubs in a VPN server configuration. The developers placed great emphasis on decoupling the VPN server process from configuration tweaks when designing the environments, which ensures that VPN functionality is available without interruptions.

You only need to restart SoftEther if the operating system requires you to do so, when the VPN server program is updated, when the server process is restarted because of a hardware or software error, or when you make manual changes to the VPN server configuration file. Changes to the clustering configuration are the only tasks that require stopping the VPN service.

For all administrative tasks, you can use the Server Manager or the vpncmd console tool. SoftEther supports two types of administrative permissions: management authority for the entire VPN server and for virtual hubs. The server administrator should be identical to the server computer admin. In particular, the admin is responsible for managing the certificates and ports. Furthermore, they have full access to the vpn_server.config SoftEther configuration file. In addition to server configuration, this file also contains the encrypted admin password and the private key of the connection setup certificate, so it requires special protection. In the Windows installation, only members of the Administrator and SYSTEM groups have read and write permissions; the same applies on Unix-based systems.

Administrative Tasks

VPN Server Manager is the central interface for typical administrative tasks. Pressing the About this VPN Server button tells SoftEther to show you a tabular overview with server information that specifically includes the server type (usually Standalone ), the operating system, a plethora of general server data, and supported services and functions.

For an overview of the current state of the server, press the View Server Status button; alternatively, use the ServerStatusGet command at the command line. The overview shows the number of active sockets, virtual hubs, and sessions. It also tells you how many users and groups were active and what data volumes were transferred. To view the list of current connections, click the Show List of TCP/IP Connections button in the Server Manager. Here, you can find out which clients have opened a VPN connection to the SoftEther server and when the connection was initialized.

In practice, it is always useful to be able to take a look at the current configuration file (e.g., to verify whether any configuration adjustments you have made have been implemented in the central system configuration). To view the config file, press Edit Config . The dialog box comes up with the text file but does not allow editing. That said, you can restore the factory settings, save the configuration file, or load and enable an alternative file.

The OpenVPN clone server feature is useful for organizations that are still using OpenVPN but want to migrate after evaluating SoftEther. You can use it to connect all OpenVPN clients, including iPhone and Android clients, to the SoftEther VPN server with minimal overhead. The settings are hidden behind the OpenVPN/MS-SSTP Setting button. Proceeding is very easy: Just enable the clone function and specify the UDP ports that OpenVPN uses. SoftEther takes care of everything else. You can then disconnect the OpenVPN server from the network, but make sure that cloning works reliably with random tests beforehand.

SoftEther as a LAN Tester

SoftEther can also be used to test and simulate network configurations. For example, SoftEther has a delay, jitter, and packet loss generator that lets you simulate a network or network segment in poor condition. To begin, define two local bridges from a virtual hub to two physical Ethernet network adapters. The two Ethernet network segments are bridged by the virtual hub, which introduces delay, jitter, and packet loss as it forwards Ethernet frames. The generator is particularly suitable for testing VoIP devices.

To put such an Ethernet-based network topology through its paces, use the VPN server, a client, and a bridge. On the SoftEther server, create multiple separate Ethernet segments; the VPN server relies on a virtual Layer 3 switch function that provides IP-based Layer 3 routing between L2 segments. An access control list (ACL) function for packet filtering is available for the virtual hub configuration. You can use these L2 and L3 functions to test the network design.

The SoftEther software has a variety of other features that are of interest for enterprise use. For example, you can use the environment to implement a virtual network with connectivity to well-known cloud services. It is also possible to set up your own VPN-secured cloud.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Systemd network management and container handling
    Version 219 of the controversial systemd init system introduces a number of comprehensive changes. We take a closer look at the innovations in network management and container handling.
  • networkd and nspawn in systemd
    Version 219 of the controversial init system, systemd, comes with a few major changes. We look at the new features in network management and container handling.
  • Link Encryption with MACsec
    MACsec encrypts defined links with high performance and secures Layer 2 protocols between client and switch or between two switches.
  • Wireshark

    Troubleshoot network problems with this popular protocol analyzer.

  • Spanning Tree Protocol
    Ethernet is so popular because it simply works and is inexpensive. However, the administration side looks a bit more complicated: For the network to run smoothly, the admin might need to make important decisions about the Spanning Tree protocol.
comments powered by Disqus