Vpn soft

Specification - SoftEther VPN Project

Specification - SoftEther VPN Project

This application requires Javascript to be enabled.

Basic Capabilities of SoftEther VPN Server

Maximum Objects in a Virtual Hub
High Availability and Clustering

VPN Protocols Supported by SoftEther VPN Server

SoftEther VPN Protocol Specification
  • Supported Payload Protocols: Any Protocols in Ethernet
  • Upper Underlying Protocol: SSL (Secure Socket Layer) 3.0 / TLS (Transport Layer Security) 1.0
  • Lower Underlying Protocol: TCP/IP and UDP/IP Hybrid (on IPv4 and IPv6)
  • Ciphers:RC4-MD5, RC4-SHA, AES128-SHA, AES256-SHA, DES-CBC-SHA and DES-CBC3-SHA
  • Data Compression: zlib
  • Session-key: 128bit
  • Based Standards: Extended HTTPS over SSL Protocol (RFC2818, RFC 5246)
  • WAN Optimization: 1-32 Parallel TCP Connection to Construct a Logical VPN Session
  • Persistent Link: Infinite Auto-reconnect Function
  • Proxy Support: HTTP Proxy Server and SOCKS Proxy Server
  • TCP Ports: 443, 992 and 5555 is Listening by Default.You can add/delete listening TCP ports.
  • Behind NAT Solution:NAT-Traversal Function is enabled by default. No need to open any TCP/UDP ports on the NAT for accepting VPN connections which are initiated from Internet-side.
  • Anti-restricted Firewall Solution:VPN over ICMP (Encapsulate all Ethernet packets over ICMP packets)VPN over DNS (Encapsulate all Ethernet packets over DNS packets)
  • User-authentication:- Anonymous- Standard Password Authentication- Password Authentication for RADIUS- Password Authentication for NT Domain and Active Directory- X.509 RSA PKI Certification Authentication (Key file on Disk)- X.509 RSA PKI Certification Authentication (PKCS#11 Smart-cards or USB Tokens)
  • VPN Encapsulation Payload:Ethernet (IEEE802.3) Frames (Up to 1,514bytes or 1,518bytes for IEEE802.1Q VLAN Tags)
  • Supported VPN Clients: SoftEther VPN Client
  • Supported Client OS: Windows and Linux
  • Supported VPN Topologies: Remote-access VPN, Site-to-Site VPN (L2-Bridging) and Site-to-Site VPN (L3-Routing)
L2TP/IPsec Sever Function Specifications on SoftEther VPN Server
  • User-authentication Methods: PAP and MS-CHAPv2
  • NAT-Traversal: RFC3947 IPsec over UDP Encapsulation
  • Transport UDP Ports:UDP 500 and 4500(Allow both ports on the firewall. Add UDP port forwarding for both 500 & 4500 on the NAT.)
  • Supported Ciphers:DES-CBC, 3DES-CBC, AES-CBC, Blowfish-CBC and CAST-128-CBC
  • Supported Hashes:MD5 and SHA-1
  • Supported Diffie-Hellman Groups:MODP 768 (Group 1), MODP 1024 (Group 2) and MODP 1536 (Group 5)
  • Compatible VPN Clients: Built-in VPN Clients on Windows, Mac, iOS and Android
  • Compatible Client OS: Windows, Mac, iOS, Android and other L2TP-supported VPN Client OS
  • Supported VPN Topologies: Remote-access VPN
OpenVPN Server Function Specifications on SoftEther VPN Server
  • OpenVPN Clone Function for Compatibility with OpenVPN Technologies, Inc.'s implementation.
  • Default Ports:TCP 443, 992 and 5555UDP: 1194
  • Supported Ciphers:AES-128-CBC, AES-192-CBC, AES-256-CBC, BF-CBC, CAST-CBC, CAST5-CBC, DES-CBC, DES-EDE-CBC, DES-EDE3-CBC, DESX-CBC, RC2-40-CBC, RC2-64-CBC and RC2-CBC
  • Supported Hashes:SHA, SHA1, MD5, MD4 and RMD160
  • Operational Mode: L2 (Bridging) and L3 (Routing)
  • Compatible VPN Clients: OpenVPN for PC (Windows, Mac, Linux) and OpenVPN Connect by OpenVPN Technologies, Inc.
  • Compatible Client OS: Windows, Linux, Mac, iOS and Android
  • Supported VPN Topologies: Remote-access VPN, Site-to-Site VPN (L2-Bridging) and Site-to-Site VPN (L3-Routing)
SSTP Server Function Specifications on SoftEther VPN Server
  • Clone Function for SSTP-VPN Server of Microsoft's Windows Server 2008 R2 / 2012.
  • User-authentication Methods: PAP and MS-CHAPv2
  • Supported Ciphers and Hashes on TLS:RC4-MD5, RC4-SHA, AES128-SHA, AES256-SHA, DES-CBC-SHA and DES-CBC3-SHA
  • Compatible VPN Clients: Built-in VPN Clients on Windows Vista, 7, 8, RT
  • Compatible Client OS: Windows Vista, 7, 8, RT, Server 2008, Server 2008 R2, Server 2012
  • Supported VPN Topologies: Remote-access VPN
L2TPv3 Server Function Specifications on SoftEther VPN Server
  • Clone Function for Cisco's L2TPv3 Site-to-Site VPN Server
  • NAT-Traversal: RFC3947 IPsec over UDP Encapsulation
  • Transport UDP Ports:UDP 500 and 4500(Allow both ports on the firewall. Add UDP port forwarding for both 500 & 4500 on the NAT.)
  • Supported Ciphers:DES-CBC, 3DES-CBC, AES-CBC, Blowfish-CBC and CAST-128-CBC
  • Supported Hashes:MD5 and SHA-1
  • Supported Diffie-Hellman Groups:MODP 768 (Group 1), MODP 1024 (Group 2) and MODP 1536 (Group 5)
  • Supported VPN Topologies: Site-to-Site VPN (L2-Bridging)
  • Compatible VPN Clients: Cisco IOS's L2TPv3 VPN Client
  • Compatible Client OS: Cisco IOS or other compatible O
EtherIP Server Function Specifications on SoftEther VPN Server
  • NAT-Traversal: RFC3947 IPsec over UDP Encapsulation
  • Supported Ciphers:DES-CBC, 3DES-CBC, AES-CBC, Blowfish-CBC and CAST-128-CBC
  • Transport UDP Ports:UDP 500 and 4500(Allow both ports on the firewall. Add UDP port forwarding for both 500 & 4500 on the NAT.)
  • Supported Hashes:MD5 and SHA-1
  • Supported Diffie-Hellman Groups:MODP 768 (Group 1), MODP 1024 (Group 2) and MODP 1536 (Group 5)
  • Supported VPN Topologies: Site-to-Site VPN (L2-Bridging)
  • Compatible VPN Clients: EtherIP VPN Client
  • Compatible Client OS: EtherIP compatible OS


Supported Operating Systems
  • Windows (32bit, 64bit)Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Server 2003 SP2 / Vista SP1, SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / 7 SP1 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / 8 / Server 2012 / Hyper-V Server 2012 / 8.1 / Server 2012 R2 / 10 / Server 2016 
  • Linux (32bit, 64bit)Linux 2.4, 2.6, 3.x, 4.x 
  • Mac OS X (32bit, 64bit)Mac OS X 10.4 Tiger / 10.5 Leopard / 10.6 Snow Leopard / 10.7 Lion / 10.8 Mountain Lion 
  • FreeBSD (32bit, 64bit) (Server and Bridge only)FreeBSD 5, 6, 7, 8, 9 
  • Solaris (32bit, 64bit) (Server and Bridge only)Solaris 8, 9, 10, 11
Supported CPUs
  • WindowsIntel x86 (32bit), Intel x64 (64bit) 
  • LinuxIntel x86 (32bit), Intel x64 (64bit), PowerPC (32bit), ARM EABI (32bit), ARM legacy ABI (32bit), MIPS Little-Endian (32bit), SH-4 (32bit) 
  • Mac OS XIntel x86 (32bit), Intel x64 (64bit), PowerPC (32bit), PowerPC G5 (64bit) 
  • FreeBSDIntel x86 (32bit), Intel x64 (64bit) 
  • SolarisIntel x86 (32bit), Intel x64 (64bit), SPARC (32bit), SPARC (64bit) 
Hardware Requirements for SoftEther VPN Server
  • Free RAMMinimum: 32Mbytes + 0.5Mbytes * (Number of Concurrent VPN Sessions)Recommended: 128Mbytes + 0.5 Mbytes * (Number of Concurrent VPN Sessions) 
  • Free Disk SpaceMinimum: 100MbytesRecommended: 2Gbytes (for daily VPN connection logs)
Hardware Requirements for SoftEther VPN Client
  • Free RAMMinimum: 16MbytesRecommended: 32Mbytes 


1. Ultimate Powerful VPN Connectivity

1.1. Firewall, Proxy and NAT Transparency

One of the key features of SoftEther VPN is the transparency for firewalls, proxy servers and NATs (Network Address Translators). NATs are sometimes implemented on broadband router products.


Only HTTP/HTTPS traffics can pass through the restricted firewall. SoftEther VPN is based on HTTPS.


Generally, in company networks of nowadays, there are firewalls to isolate between the inside network and outside for ensuring security. Not only for purpose of security, but also companies use firewalls, proxies and NATs in order to share the precious IP addresses with many computer users in the office. So such devices are indispensable today.

Tunnels of legacy VPN protocols, such as IPsec, L2TP and PPTP, cannot often be established through firewalls, proxy servers and NATs. There protocols were developed in the era before NATs were widely spread. For example, IPsec and L2TP use ESP (Encapsulating Security Payload) packets, and PPTP uses GRE (Generic Routing Encapsulation) packets. These packets are special forms of IP packets. Therefore generally firewalls, proxies and NATs are unable to pass these legacy VPN packets. Recently some venders of VPN products with IPsec, L2TP and PPTP tried to invent the extend method to pass through these wall devices, and some of VPN products are implemented with that extensions. But such extensions of legacy VPN protocols still have a problem of compatibles. In many cases, a user tries to establish a VPN connection by either L2TP or PPTP on the network which is with firewalls, proxy servers and NATs, but he will fail. You might have an experience that you stayed in the hotel room and tried to connect to your company's network by remote access VPN with either L2TP or PPTP but failed. The reason why it failed is that firewalls, proxy servers and NATs on the network were incompatible with either L2TP or PPTP.

Hence, it can be said that today's network administrators have a headache for a problem of incompatibles between VPN connections and security devices.

SoftEther VPN's Solution: Using HTTPS Protocol to Establish VPN Tunnels

SoftEther VPN uses HTTPS protocol in order to establish a VPN tunnel. HTTPS (HTTP over SSL) protocol uses the 443 of TCP/IP port as destination. This port is well-know and almost all firewalls, proxy servers and NATs can pass the packet which are consisted in HTTPS protocol.


Unlike legacy VPNs, SoftEther VPN adopts "Ethernet over HTTPS" encapsulation.


HTTPS protocol is widely used on the Internet. When you open a web browser and access to the web site with security communications, HTTPS is used automatically. Thanks to HTTPS, you can transmit secret information such as credit card numbers via the Internet. Today's society activities are depending on HTTPS. Without HTTPS, you can no longer to use the Internet as a tool for electrical commercial transactions.

Due to the fact that HTTPS is de-facto standard, almost all firewalls, proxy servers and NATs opens a path for HTTPS. Anyone who is in the LAN (Local Area Network) can establish any HTTPS connection between their hosts and any hosts on the Internet remotely. Exploiting this condition is the best way to realize a good transparency for VPN protocol.

Thus, SoftEther VPN adopted HTTPS as the protocol for stabilizing and tunneling mechanism for VPN. SoftEther VPN can be used within almost all network environments, such as enterprise LAN, hotel room and airport free Wi-Fi access, differ to any other legacy VPNs such as IPsec, PPTP and L2TP.

Due to this feature of SoftEther VPN, you can easily design your own VPN topology which is suitable for your demands with a minimal effort of modifying the existing current your network security devices. If you want to use SoftEther VPN on your network, you need few efforts of modifying the current configuration and policy on your network thanks to SoftEther VPN's feature of good connectivity.

On the other hand, if you want to use legacy VPNs on your network, you have to modify the current network policies on the security devices such as firewall to allow passing the special IP protocol such as ESP and GRE. You also have to modify the configuration file on the firewall. Such works needs your extra effort and might cause some troublesome side effects on your stable and precious network. Not only bothering you by requirements of your efforts, you will have a risk to make the network dangerous because you have to change the setting of the firewall to punch a hold on it in order to allow passing the packet of legacy VPNs. If you use SoftEther VPN, you don't need either of these efforts and risks.

Some networks such as airport Wi-Fi and hotel-room Internets are restricting of using any other VPN else HTTP and HTTPS, due to security reason. In such a highly restricted network, the only single way to use VPN is to use HTTPS-packet-tunneling VPN such as SoftEther VPN.

Conclusions: SoftEther VPN is not just a VPN, but also very good VPN for an aspect of compatibility for Firewalls, Proxies and NATs.

1.2. Supports Multiple Standard VPN Protocols

SoftEther VPN Server supports not only VPN over HTTPS protocol described in the section 1.1. SoftEther VPN Server supports also L2TP/IPsec, OpenVPN, MS-SSTP, L2TPv3 and EtherIP protocols. They are Internet VPN standard protocols.

Your iPhone, iPad, Android, Windows Mobile and other mobile devices are now able to connect to your SoftEther VPN Server from anywhere, anytime. You can also use Cisco Systems or other VPN router vendor's edge VPN products which are supporting L2TPv3/IPsec or EtherIP/IPsec in order to connect to your SoftEther VPN Server.

SoftEther VPN Server supports traditional VPN protocols as above.

Support L2TP/IPsec Protocol

The following devices have built-in L2TP/IPsec VPN clients. They can connect to your SoftEther VPN Server, without any installation of client software on such devices.

Your Mac, iPhone, iPad or Android can connect to SoftEther VPN Server.

  • iPhone
  • iPad
  • Android
  • Windows Mobile
  • Windows XP / Vista / 7 / 8 / RT
  • Mac OS X

iPhone and Android can connect to SoftEther VPN Server.


L2TP/IPsec Configuration is very easy with GUI.

Support OpenVPN Protocol

SoftEther VPN Server has a "clone function" of OpenVPN. If you have already installed OpenVPN for remote-access VPN or site-to-site VPN, you can replace the current OpenVPN Server program to SoftEther VPN Server program, and you can enjoy the strong functions and high-performance abilities of SoftEther VPN.

The "close function" of OpenVPN on SoftEther VPN Server works same to OpenVPN Technologies, Inc.'s implementation, not only enough but also better performance and functionality. Your OpenVPN Client devices or edge-sites of VPN can connect to new SoftEther VPN Server very easily. You can adopt SoftEther VPN on both remote-access L3 VPN and site-to-site L2 VPN.

The advantages to adopt SoftEther VPN Server instead of old OpenVPN Server program are as follows:

  • SoftEther VPN Server has easier configuration than OpenVPN Server by OpenVPN Technologies, Inc.
  • You can use Automated OpenVPN Configuration File Generator tool to make a configuration file (.ovpn) for VPN client.
  • SoftEther VPN Server supports not only OpenVPN. It supports all standard VPN functions, including SSL-VPN, L2TP/IPsec, MS-SSTP, L2TPv3/IPsec and EtherIP/IPsec. So you can integrate OpenVPN and other protocol's VPN servers into just one VPN Server by using SoftEther VPN Server.
  • User administration and security settings can be configured by GUI tools. The management functions are integrated. You can use single-path operation to manage the server.
  • All operating system which supports OpenVPN (e.g. Linux, Mac OS X, Linux, UNIX, iPhone and Android) can connect to SoftEther VPN Server.

You can activate OpenVPN easily with GUI.


Not only PC-version OpenVPN. You can also use OpenVPN Client on iPhone / Android.

Support Microsoft SSTP VPN Protocol

SoftEther VPN Server has a "clone function" of Microsoft SSTP VPN Server. You can connect to SoftEther VPN Server from Windows 7 / 8 / RT with built-in SSTP VPN Clients. SSTP (Secure Socket Tunneling Protocol) is a PPP over HTTPS protocol which Microsoft Corporation suggested.

Originally, SSTP VPN Server functions are implemented on only Microsoft Windows Server 2008 / 2012. However, licensing fees of such Microsoft's server operating systems are very expensive. They are also difficult to configure for normal-skilled users. You can use SoftEther VPN Server to realize almost same functions and performances by using the close server of Microsoft SSTP VPN Server.

The advantages to adopt SoftEther VPN Server instead of Microsoft SSTP VPN Server are as follows:

  • Very easy configuration than Microsoft's SSTP VPN Server.
  • No need to install a VPN Client on Windows clients. Built-in SSTP VPN client on Windows can be used to connect to SoftEther VPN Server.
  • Windows RT (ARM version of Windows) also has a built-in SSTP VPN client.
  • User administration and security settings can be configured by GUI tools. The management functions are integrated. You can use single-path operation to manage the server.
  • You are no longer to need purchase expensive Windows Serer 2008 / 2012. It can save your cost.
  • The SSTP VPN Server Clone Function of SoftEther VPN Server runs on non-Windows operating systems. It works on Linux, Mac OS X, FreeBSD and Solaris perfectly.
Support L2TPv3/IPsec and EtherIP/IPsec Protocols

Most of Cisco System's router products and other vendor's products supports L2TPv3/IPsec or EtherIP/IPsec VPN protocols. These protocols are to make site-to-site L2 bridging VPNs. SoftEther VPN Server supports L2TPv3 and EtherIP over IPsec. You can build a site-to-site L2 bridge connection by using your Cisco's router as an edge, and SoftEther VPN Server as a center. This has an advantage to reduce the cost. Cisco's center routers are very expensive. You can simply replace Cisco's high-end router in the center of VPN, to SoftEther VPN Server.

1.3. Faster than Microsoft's and OpenVPN's implementation

We have conducted the performance test at a laboratory at Graduated School of Computer Science at University of Tsukuba in the end of 2012.

We had 5 protocols to test: SoftEther VPN, L2TP/IPsec, SSTP, OpenVPN (Layer-3 mode) and OpenVPN (Layer-2 mode). We tested both our SoftEther VPN Server implementation and existing implementation by Microsoft Corporation or OpenVPN Technologies, Inc. to evaluate SoftEther VPN's performance. The testing environment was: Windows Server 2008 R2 x64 on Intel Xeon E3-1230 3.2GHz and Intel 10 Gigabit CX4 Dual Port Server Adapter.

  • SoftEther VPN Protocol achieved 980Mbps by using SoftEther VPN Server.
  • L2TP/IPsec Protocol resulted 614Mbps by SoftEther VPN Server, while resulted 593Mbps by Microsoft's Windows Server 2008 R2's Routing and Remote Access service (RRAS).
  • SSTP resulted 737Mbps by SoftEther VPN Server, while resulted 715Mbps by Microsoft' s Windows Server 2008 R2.
  • OpenVPN (L3) resulted 89Mbps by SoftEther VPN Server, while resulted 76Mbps by OpenVPN's original implementation.
  • OpenVPN (L2) resulted 90Mbps by SoftEther VPN Server, while resulted 83Mbps by OpenVPN's original implementation.

As the results, SoftEther VPN Server was faster 103.5% than Microsoft's Windows implementation in L2TP/IPsec, faster 103.0% than Microsoft's Windows implementation in SSTP, and faster 108-117% than OpenVPN's original implementation. Moreover, our SoftEther VPN Protocol (Ethernet over HTTPS, described at the section 1.1) resulted 980Mbps, which is faster 159.6% faster than L2TP/IPsec Protocol, 175.2% faster than SSTP Protocol and x9.8 times faster than OpenVPN Protocol.


This result proves SoftEther VPN Server as the fastest VPN server program in the world.

1.4. Built-in Dynamic DNS (*.softether.net)

Most of all existing VPN solutions need a fixed global IP address for stability. Fixed global IP addresses need monthly costs to pay to ISPs. And global IP address shortage is now serious problem of our world.

SoftEther VPN has a built-in Dynamic DNS (DDNS) function to mitigate the above problems. Dynamic DNS function is enabled by default. DDNS function registers your VPN Server's IP address on the DNS record of ".softether.net" , which is the domain-suffix operated by SoftEther Corporation and University of Tsukuba, for free of charge.

A DDNS FQDN "abc.softether.net" (the "abc" part is the identifier that a user can specify) will be assigned to your SoftEther VPN Server. You can tell the DDNS hostname to your VPN Server's users. A user of your VPN Server can now specify the DDNS hostname as a destination. If the corresponding IP address will be changed in future suddenly, the registered IP address of the DDNS hostname will follow the new IP. This mechanism makes fixed global IP addresses no longer necessary, and you can reduce the cost to pay ISPs monthly.

Dynamic DNS is natively supported by SoftEther VPN.


The Dynamic DNS function easy-setup screen.

1.5. NAT Traversal

By using existing VPN systems, you need to ask the firewall's administrator of your company to open an endpoint (TCP or UDP port) on the firewall / NAT on the border between the company and the Internet.

In order to reduce the necessity to open an endpoint on the firewall, SoftEther VPN Server has the "NAT Traversal" function.

NAT Traversal is enabled by default. During it is enabled, SoftEther VPN Client computers can connect to your VPN Server behind the firewall / NAT. No special settings on the firewall / NAT are necessary.

You can disable the NAT Traversal function on your VPN Server by switching the value of "DisableNatTraversal" to "true" in the VPN Server's configuration file. You can also disable it by appending the "/tcp" suffix on the destination hostname.


NAT Traversal function penetrates your office's firewall.

1.6. VPN over ICMP, and VPN over DNS (Awesome!)

A few very-restricted networks only permit to pass ICMP or DNS packets. We don't know the reason. On such a network, TCP or UDP are filtered. Only ICMP and DNS are transferred.

In order to make it possible to establish SoftEther VPN client-server session via such a very-restricted network, SoftEther VPN has the "VPN over ICMP" and the "VPN over DNS" function.

This function is very powerful to penetrate such a restricted firewall. All VPN packets are capsuled into ICMP or DNS packets to transmit over the firewall. The receiver-side endpoint extracts the inner packet from the capsuled packet.

This is very useful for exploiting public Wi-Fi. Some public Wi-Fi can pass only ICMP or DNS packets. They filter TCP or UDP packets. If you have a VPN Server installed on your home or office in advance to go outdoor, you can enjoy protocol-free network communication by using such a restricted network.

VPN over ICMP, and VPN over DNS are implemented based on ICMP and DNS protocol specifications. However, they sometimes behaves irregularly. It might causes memory-overflow or something problems on the "buggy routers" on the network. Some routers might reboot because of these problems. It might affect other users of Wi-fi around you. In such an event, disable VPN over ICMP and VPN over DNS functions by appending "/tcp" suffix after the destination hostname.


Your payload traffics will be divided and encapsulated into ICMP packets. Awesome!


You can activate both VPN over ICMP and VPN over DNS with a simple step.

1.7. VPN Azure Cloud Service (Academic Experiment)

If your SoftEther VPN Server is behind the firewall or NAT, and if all of NAT Traversal, Dynamic DNS and VPN over ICMP/DNS functions failed to work well, do not give up. You can use "VPN Azure Cloud Service" as the final trump.

All existing VPN systems need to ask the firewall's administrator to open some TCP or UDP ports. And at least one fixed global IP address is required on the network. They are very inconvenient.

To solve the existing problems, we introduce the "VPN Azure Cloud Service" . This service is provided by SoftEther Corporation and University of Tsukuba as an academic experiment. You can connect to your VPN Server behind the firewall from other VPN clients on the remote side, without opening any TCP/UDP ports on the firewall, if you have activated the VPN Azure function on the VPN Server in advance. The VPN Server will connect a TCP connection "from inside to outside over the firewall" . The connection will be kept towards a relaying server on the VPN Azure Cloud Servers. You can connect to a relaying point on a cloud server from a VPN Client. The cloud server will relay your all traffics to the destination VPN Server behind the firewall. Once the connection has been made, you can now access to any computers on your company or home network which are protected by the firewall.

Once a VPN Server connects to the VPN Azure Cloud, the server will have a unique hostname "abc.vpnazure.com" ( "abc" is unique idenfitier). The hostname is assigned on the appropriate VPN relaying server on the VPN Azure Cloud Service.

VPN Azure Cloud Service function is disabled by default. You can easily activate it on the manager GUI of VPN Server. For details to use, please refer http://www.vpnazure.net/.


VPN Azure Cloud Service is a free-of-charge powerful VPN-traffic relaying service to penetrate firewalls.

1.8. Works on Many OS and CPUs

SoftEther VPN can work with following operating systems. Other VPN products are strictly bound to some specific systems. For example, Cisco IOS software can work only on Cisco Router hardware which is exclusively sold from Cisco Systems. SoftEther VPN is different. It can be work on not only several operating systems, but also several CPU architectures as follows.

This advantage means that for example if you currently run SoftEther VPN Server on the particular platform, but you want to change the underlying platform, you can change it at any time. All configuration commands and state files are exactly same between several platforms, because SoftEther VPN software codes were written by C language with very careful effort to keep compatibility and portability between on different systems.

  • WindowsWindows 98, 98 SE, ME, NT 4.0, 2000, XP, Server 2003, Vista, Server 2008, 7, Server 2008 R2, 8 and Server 2012 are supported on both Intel x86 (32 bit) and x64 (64 bit, as known as AMD64) platforms by SoftEther VPN Server, Client and Bridge. 
  • LinuxLinux Kernel 2.4, 2.6 and 3.x are supported on Intel x86 (32 bit), x64 (64 bit), ARM, MIPS and PowerPC platforms by SoftEther VPN Server, Client and Bridge. 
  • FreeBSDFreeBSD 5.x, 6.x, 7.x, 8.x and 9.x are supported on Intel x86 (32 bit) and x64 (64 bit) platforms by SoftEther VPN Server and Bridge. 
  • SolarisSolaris 8, 9, 10 and 11 are supported on Intel x86 (32 bit), Intel x64 (64 bit), SPARC (both 32 bit and 64 bit) platforms by SoftEther VPN Server and Bridge. 
  • Mac OS XMac OS X 10.4, 10.5, 10.6, 10.7 and 10.8 are supported on Intel x86 (32 bit), Intel x64 (64 bit), PowerPC (32 bit) and PowerPC G5 (64 bit) platforms by SoftEther VPN Server and Bridge.


In SoftEther VPN programs, the OS independent modules helps to build a platform-independent VPN server.


SoftEther VPN Server - SoftEther VPN Project


SoftEther VPN Server Manager: Server Top Page


Easy Setup Wizard


OpenVPN & MS-SSTP Clone Server Function


IPsec / L2TP / EtherIP / L2TPv3 Settings Screen


Dynamic DNS Function Screen


VPN over ICMP / VPN over DNS Function Screen


vpncmd Command-line Admin Utility


Packet Log & Server Log Setting


VPN Server Log Browser


VPN Server Information Screen


Available Encryption Algorithms


Active TCP Listners


Status of a Virtual Hub


Status of the VPN Server


New Virtual Hub Creation Screen


New Cascade Connection Setting Screen


List of Cascade Connection Screen


Security Policy for a Cascade Connection


List of Current VPN Sessions


Status of a VPN Session


Mac Address Table (aka: FDB) of Virtual Hub


IP Address Table of Virtual Hub


Certificates Revocation List


Security Police for a User or a Group


List of "Access List Entries" for Packet Filtering


Access List Entry Editor


List of Users


"Create New User" Screen


Statistics of a User


Group Manager


New Group Screen


Trusted "Certificate Authority" (CA) List


Local Bridge Management Screen


Status of Active Local Bridge Session


SecureNAT (Virtual NAT and Virtual DHCP Server) Configuration Screen


Virtual Layer-3 Switch (IP Router) Screen


Create a Virtual Layer-3 Switch Object


Add Virtual Interface on the Virtual L3 Switch


Add Routing Table Entry on the Virtual L3 Switch


Clustering Settings Screen


List of Current Cluster Members


Delay, Jitter and Packet Loss Generator


Japanese Version of VPN Server Manager


Simplified Version of VPN Server Manager


User List (contains several Unicode languages at the same time)





About SoftEther VPN Project - SoftEther VPN Project

The Inception of SoftEther VPN

Daiyuu Nobori was a user of PPTP (Point-to-Point Tunneling Protocol) with Windows Server Routing and Remote Access. After he enrolled in University of Tsukuba he found that the public Wi-Fi access-points on the campus can only pass TCP Port 80 and 443. He wanted to use Microsoft Remote Desktop (TCP Port 3389) on the campus Wi-Fi in order to connect his home PC via the Internet, however, it was impossible without any tools.

He programmed "SoftEther 1.0" as his personal project, in 2003, when he was 18, the first year in the University. He applied the subsidiary aid program of research and development for new computer software. He took 1-year subsidiary project from Ministry of Economy, Trade and Industry of Japan. In the project he completed the development of "SoftEther 1.0" , and released SoftEther 1.0 on the web site on winter 2003.

After "SoftEther 1.0" was released, the Government of Japan enforced him to stop the distributing of SoftEther 1.0 for free of charge. The reason was: SoftEther 1.0 is a dangerous tool for both computer-security and the existing commercial VPN vendors' industry. He argued that of course SoftEther 1.0 might be dangerous tool because it can penetrate firewalls which are placed by system administrators, but it also might be a good tool for valid usage. He also insisted that the characteristic of SoftEther 1.0, freeware, is not a dangerous for existing commercial VPN vendors' industry in Japan. Rather it can occur the valid competition between commercial VPN products and free VPN products, and it should be for public interests. The role of Government should be to promote the competition in the market, not to restraint it.

Despite his insistence, the bureaucracy of the Japanese Government enforced him to stop the distribution of SoftEther 1.0 as freeware. He accepted the demand from them unwillingly, otherwise he might be under the risk to lose his place in the university. (University of Tsukuba is a national university.)



The letter from Government Authority, concerned with SoftEther 1.0.


After that, Mitsubishi Materials Corporation (a giant precious metal trading company, one of the Japanese industrial conglomerates) offered him to sell the commercial version of SoftEther 1.0 with the corporation. He accepted the offer without deliberation, and "SoftEther 1.0" became the commercial VPN software of Mitsubishi Materials Corporation. The brand-name became "SoftEther CA" . (By the way, nobody knows what does 'CA' exactly means.) He and the corporation concluded the exclusive sales-agent contract for 10 years, and in the contract he took just only 10 thousand USD as the initial fee. However, after several years, SoftEther CA's sales result has been terrible until now.

He founded SoftEther Corporation in Japan to deal with Mitsubishi Materials Corporation. Because the income from SoftEther CA has been terrible, SoftEther Corporation has attempted to develop and sell some software and online services in Japan. The revenues have been quite well for several years, however SoftEther Corporation has prohibited to sell "SoftEther 1.0" by itself due to the exclusive contact with Mitsubishi Materials Corporation for just 10 years. (From April 2004 to April 2014)


SoftEther Corporation, Founded in 2004


Daiyuu Nobori, or SoftEther Corporation, is prohibited to just "sell" SoftEther 1.0 or its derivation until April 2014. However, Daiyuu Nobori has a right to continue development of SoftEther, and also has a right to distribute it as "freeware" or "open-source" by nature. So he has tried to make a better VPN software than SoftEther 1.0 for almost seven years in the University. "SoftEther VPN" is the result of such a development and is the first subject to be distributed in English, Japanese and Chinese languages via the Internet.

Because the above exclusive sales contact of SoftEther 1.0 has continued until April 2014, Daiyuu Nobori cannot sell the "SoftEther VPN" worldwide until the exclusive contact will expires. So he decided to distribute it on the web site as freeware. Moreover, he has a plan to disclose the source-code of "SoftEther VPN" under GPL license until the middle of 2013 so that anyone of the Japanese Government Bureaucrat cannot enforce him to stop the distribution of SoftEther VPN in future. Currently, he is just making adjustment around the copyright issues of SoftEther VPN source code.




What is different between SoftEther VPN and VPN Gate?

We have great appreciation that SoftEther Project is mentioned by many news articles around the world recently. Unfortunately, some news articles seem to misunderstandd as if SoftEther Project is exactly equal to VPN Gate Project. That is not correct. So we would like to explain the difference between two projects here.


What is SoftEther Project?

SoftEther Project is to develop and distribute secure, cross-platform, easy-to-use and multi-protocol SoftEther VPN software.


What is VPN Gate Project?

VPN Gate Project is to develop and distribute VPN Gate software which is a plug-in module for SoftEther VPN.


So what is SoftEther VPN?
SoftEther VPN is a VPN suite. You can make your own private VPN by using SoftEther VPN.

Or, you install SoftEther VPN Server in your headquarters. You install SoftEther VPN Bridge (or SoftEther VPN Server) in your branch office. Then your branch office is linking to your headquarter. Any computers on each site can communicate with other computers on the opposite site. It is same if you have three or more sites. This is Site-to-Site VPN.

When you configure SoftEther VPN Server, you define your own Virtual Hub Object and User Objects on VPN Server. A user or a remote-site VPN Client or VPN Bridge must have a valid credential to connect to the VPN Server. Nobody can log-in to your VPN Server without credential.

Unlike VPN Gate Server, your own SoftEther VPN Server denies any anonymous access from the world.


Then what is VPN Gate?
VPN Gate is an extension module for SoftEther VPN. VPN Gate extension is disabled by default for security. You can activate VPN Gate extension on SoftEther VPN Server (and also SoftEther VPN Client).

If you activate VPN Gate extension on VPN Server, then a Virtual Hub "VPNGATE" will be created on your VPN Server. The "VPNGATE" hub contains the "vpn" user with anonymous-attributes. This means that anyone who knows your VPN Server's IP address can connect to the "VPNGATE" hub on your VPN Server.

Additionally, VPN Gate extension registers your "VPNGATE" hub on the www.vpngate.net web site's directory. So anyone on the world are able to connect your VPN Server's "VPNGATE" virtual hub, and communicate with any destination hosts through your VPNGATE virtual hub. (Because your "VPNGATE" virtual hub has activated Virtual NAT and DHCP function.)


Is VPN Gate extension optional?


VPN Gate extension is disabled by default. It never do nothing unless you activate it by your hand. If you wish to provide your SoftEther VPN Server as a volunteer server toward the world (for example, people behind the Government's Firewall), activate VPN Gate extension. Otherwise you do not activate VPN Gate extension. No VPN Gate enabled, no connection from guest users are accepted on VPN Server.


Can I share VPN Gate's role and private role on single SoftEther VPN Server?


You can mix your private VPN's Virtual Hub, and your public Virtual Hub for VPN Gate on single instance of SoftEther VPN Server.

VPN Gate extension makes just a Virtual Hub named "VPNGATE" on your SoftEther VPN Server.

"VPNGATE" Virtual Hub can be connected from everyone on the globe through obtaining a registered IP address on http://www.vpngate.net/ directory.

If you have another Virtual Hub on the SoftEther VPN Server, that Virtual Hub is isolated from "VPNGATE" Virtual Hub. No one can access to your private Virtual Hub unless he has a valid credential to log-in your private Virtual Hub.

So you can easily share VPN Gate's role and private role on the single SoftEther VPN Server. However, unless you have a strong intention to provide your VPN Server as a volunteer, you should not activate VPN Gate extension on your VPN Server. For more details please visit How to Provide Your Computer as a VPN Server for VPN Gate.


Is SoftEther Project and VPN Gate Project same?


SoftEther Project is developing SoftEther VPN Server. VPN Gate Project is developing VPN Gate extension modules and plug-ins. VPN Gate Project also hosts the global directory server of Public VPN Relay Servers on http://www.vpngate.net/.

Some people confuse SoftEther Project and VPN Gate Project, because both two projects are hosted by University of Tsukuba, and consists of the common developers. However, each direction and purpose of two projects are different. SoftEther Project's mission is to make a secure, reliable, cross-platform and multi-protocol VPN Server. VPN Gate's mission is to promote the usage of VPN as relays to bypass government's firewall.




5 Best VPN Software: Open Any Blocked Site

If you are someone who has a virtual private network over the net, or wants to have one, it is very important that you know about these five best VPN software which is absolutely free to use. First of all, you need to know what exactly a virtual private network is. A virtual private network, or in short a VPN is a network that allows the user to extend a private network of systems over a public network such as the internet. A VPN software is a software that will allow the user to connect to a foreign server via an IP address that does not belong to the user himself. Using a VPN software, the user is able to connect to any remote location in the world without risking his or her identity in any way.

There are many VPN software which you can use. There are those that will enable you to only choose a server, while others may give you additional features, such as checking the current speed of the network, facility of tracing route, changing the IP address without disconnecting and so on and so forth. Which one should you choose? Which VPN software is safe for you? Check out the list of 5 most recommended VPN software.

The five best virtual private network software available are as follows:



UltraSurf is a one of the best VPN software available which helps you to surf anonymously. Ultrasurf is a free and powerful application  which is simple to use too. When the user launches the application from his or her computer, the application shows three lights that indicate the status, with the respective speeds displayed alongside them. You are free to choose from any of these. You can also manipulate the IE and specify a manual port, so that you can forward this port with a router. The reason why I recommend Ultrasurf mostly is unlike other VPN providers, Ultrasurf connect to the sever in seconds and you can start surfing easily.

Cyberghost vpn

CyberGhost VPN is another very useful free VPN provider and certainly the second best VPN software that you can use to mask your online identity. Suppose your identity is a license plate of a car. This is easily traceable back to you. CyberGhost VPN changes this to just another regular piece, which is untraceable and unidentifiable to other internet users and website operators. Recommended by many users, CyberGhost VPN is safe and secure.


SecurityKiss is one more alternative to SecurityKiss and Ultrasurf. SecurityKiss allows you to access the internet in spite of local restrictions and censorship.  It secures the connection of the user and at the same time, also prevents others to view the web browsing history, downloads, instant messages, credit or debit card information and other such information of the user. Using this tunnel, you will be able to keep your credit card details, passwords, online shopping information and other important details 100% secured.


Spotflux is yet another top rated free encryption VPN software that helps the user route internet traffic via a succession of secure servers. It is almost like a guardian angel. This helps to mask the IP address of the user and makes it impossible to trace the connection back. This VPN software provides you with a unique installation wizard with a wide variety of features and downloadable applications. It is easy, simple and effective.


OpenVPN ranks fifth in the list of best VPN softwares. OpenVPN features full version of SSL VPN encryption. It executes OSI 2 or 3 layer network of secure extension. It makes use of the standard TLS/SSL protocol and supports variable methods of client authentication. This is a software that will provide you with a very wide variety of options for controlling the layers of security that you want. This is across platform application and installs easily on any computer.

Other VPN Software Providers

Apart from these five best VPN software, however, there are other VPN software providers who allow you to use their VPN software for anonymous browsing like Tor Browser. HotShield VPN is another VPN software you can give a try. You can use these software not only to be an anonymous ghost in the world of internet, but also use it to protect all your data and crucial information safe from malicious hackers. The only problem with using a VPN Software is that it slows down the entire browsing process. However you can speed up the internet using reading the following articles:

Speed up Google Chrome

Software for better PC performance

Recommend the best VPN Software that you have used

I have recommended the best VPN software that I have used. I would also like to recommend NordVPN for expats. Share with us which VPN software do you prefer to use and why do you recommend it to other users? 

Ads: Access your favorite Windows applications from anywhere with solutions from a desktop-as-a-service provider such as CloudDesktopOnline.com. Add Office 365 to the desktop with complete support from O365CloudExperts

About The Author
Sanjib Saha

Connect with me on Facebook, Twitter and Google plus.


Смотрите также