Specification

  • Sorry, but only administrators may ban users.
  • Sorry, but only administrators may ban users.
  • Sorry, but only administrators may ban users.
  • Sorry, but only administrators may ban users.
  • Sorry, but only administrators may ban users.
  • Sorry, but only administrators may ban users.
  • Sorry, but only administrators may ban users.
  • Sorry, but only administrators may ban users.
  • Sorry, but only administrators may ban users.
  • Sorry, but only administrators may ban users.

Version as of 06:35, 20 May 2024

to this version.

Return to Version archive.

View current version

Basic Capabilities of SoftEther VPN Server

Maximum Concurrent VPN Sessions

  • 4,096 Sessions

Maximum Virtual Hubs

  • 4,096 Virtual Hubs

Maximum Objects in a Virtual Hub

SecureNAT Function

High Availability and Clustering

Security Features

VPN Protocols Supported by SoftEther VPN Server

SoftEther VPN Protocol Specification

  • Supported Payload Protocols: Any Protocols in Ethernet
  • Upper Underlying Protocol: SSL (Secure Socket Layer) 3.0 / TLS (Transport Layer Security) 1.0
  • Lower Underlying Protocol: TCP/IP and UDP/IP Hybrid (on IPv4 and IPv6)
  • Ciphers:
    RC4-MD5, RC4-SHA, AES128-SHA, AES256-SHA, DES-CBC-SHA and DES-CBC3-SHA
  • Data Compression: zlib
  • Session-key: 128bit
  • Based Standards: Extended HTTPS over SSL Protocol (RFC2818, RFC 5246)
  • WAN Optimization: 1-32 Parallel TCP Connection to Construct a Logical VPN Session
  • Persistent Link: Infinite Auto-reconnect Function
  • Proxy Support: HTTP Proxy Server and SOCKS Proxy Server
  • TCP Ports: 443, 992 and 5555 is Listening by Default.
    You can add/delete listening TCP ports.
  • Behind NAT Solution:
    NAT-Traversal Function is enabled by default. No need to open any TCP/UDP ports on the NAT for accepting VPN connections which are initiated from Internet-side.
  • Anti-restricted Firewall Solution:
    VPN over ICMP (Encapsulate all Ethernet packets over ICMP packets)
    VPN over DNS (Encapsulate all Ethernet packets over DNS packets)
  • User-authentication:
    - Anonymous
    - Standard Password Authentication
    - Password Authentication for RADIUS
    - Password Authentication for NT Domain and Active Directory
    - X.509 RSA PKI Certification Authentication (Key file on Disk)
    - X.509 RSA PKI Certification Authentication (PKCS#11 Smart-cards or USB Tokens)
  • VPN Encapsulation Payload:
    Ethernet (IEEE802.3) Frames (Up to 1,514bytes or 1,518bytes for IEEE802.1Q VLAN Tags)
  • Supported VPN Clients: SoftEther VPN Client
  • Supported Client OS: Windows and Linux
  • Supported VPN Topologies: Remote-access VPN, Site-to-Site VPN (L2-Bridging) and Site-to-Site VPN (L3-Routing)

L2TP/IPsec Sever Function Specifications on SoftEther VPN Server

  • User-authentication Methods: PAP and MS-CHAPv2
  • NAT-Traversal: RFC3947 IPsec over UDP Encapsulation
  • Transport UDP Ports:
    UDP 500 and 4500
    (Allow both ports on the firewall. Add UDP port forwarding for both 500 & 4500 on the NAT.)
  • Supported Ciphers:
    DES-CBC, 3DES-CBC, AES-CBC, Blowfish-CBC and CAST-128-CBC
  • Supported Hashes:
    MD5 and SHA-1
  • Supported Diffie-Hellman Groups:
    MODP 768 (Group 1), MODP 1024 (Group 2) and MODP 1536 (Group 5)
  • Compatible VPN Clients: Built-in VPN Clients on Windows, Mac, iOS and Android
  • Compatible Client OS: Windows, Mac, iOS, Android and other L2TP-supported VPN Client OS
  • Supported VPN Topologies: Remote-access VPN

OpenVPN Server Function Specifications on SoftEther VPN Server

  • OpenVPN Clone Function for Compatibility with OpenVPN Technologies, Inc.'s implementations.
  • Default Ports:
    TCP 443, 992 and 5555
    UDP: 1194
  • Supported Ciphers:
    AES-128-CBC, AES-192-CBC, AES-256-CBC, BF-CBC, CAST-CBC, CAST5-CBC, DES-CBC, DES-EDE-CBC, DES-EDE3-CBC, DESX-CBC, RC2-40-CBC, RC2-64-CBC and RC2-CBC
  • Supported Hashes:
    SHA, SHA1, MD5, MD4 and RMD160
  • Operational Mode: L2 (Bridging) and L3 (Routing)
  • Compatible VPN Clients: OpenVPN for PC (Windows, Mac, Linux) and OpenVPN Connect by OpenVPN Technologies, Inc.
  • Compatible Client OS: Windows, Linux, Mac, iOS and Android
  • Supported VPN Topologies: Remote-access VPN, Site-to-Site VPN (L2-Bridging) and Site-to-Site VPN (L3-Routing)

SSTP Server Function Specifications on SoftEther VPN Server

  • Clone Function for SSTP-VPN Server of Microsoft's Windows Server 2008 R2.
  • User-authentication Methods: PAP and MS-CHAPv2
  • Supported Ciphers and Hashes on TLS:
    RC4-MD5, RC4-SHA, AES128-SHA, AES256-SHA, DES-CBC-SHA and DES-CBC3-SHA
  • Compatible VPN Clients: Built-in VPN Clients on Windows Vista, 7, 8, RT
  • Compatible Client OS: Windows Vista, 7, 8, RT, Server 2008, Server 2008 R2, Server 2012
  • Supported VPN Topologies: Remote-access VPN

L2TPv3 Server Function Specifications on SoftEther VPN Server

  • Clone Function for Cisco's L2TPv3 Site-to-Site VPN Server
  • NAT-Traversal: RFC3947 IPsec over UDP Encapsulation
  • Transport UDP Ports:
    UDP 500 and 4500
    (Allow both ports on the firewall. Add UDP port forwarding for both 500 & 4500 on the NAT.)
  • Supported Ciphers:
    DES-CBC, 3DES-CBC, AES-CBC, Blowfish-CBC and CAST-128-CBC
  • Supported Hashes:
    MD5 and SHA-1
  • Supported Diffie-Hellman Groups:
    MODP 768 (Group 1), MODP 1024 (Group 2) and MODP 1536 (Group 5)
  • Supported VPN Topologies: Site-to-Site VPN (L2-Bridging)
  • Compatible VPN Clients: Cisco IOS's L2TPv3 VPN Client
  • Compatible Client OS: Cisco IOS or other compatible O

EtherIP Server Function Specifications on SoftEther VPN Server

  • NAT-Traversal: RFC3947 IPsec over UDP Encapsulation
  • Supported Ciphers:
    DES-CBC, 3DES-CBC, AES-CBC, Blowfish-CBC and CAST-128-CBC
  • Transport UDP Ports:
    UDP 500 and 4500
    (Allow both ports on the firewall. Add UDP port forwarding for both 500 & 4500 on the NAT.)
  • Supported Hashes:
    MD5 and SHA-1
  • Supported Diffie-Hellman Groups:
    MODP 768 (Group 1), MODP 1024 (Group 2) and MODP 1536 (Group 5)
  • Supported VPN Topologies: Site-to-Site VPN (L2-Bridging)
  • Compatible VPN Clients: EtherIP VPN Client
  • Compatible Client OS: EtherIP compatible OS

Requirements

Supported Operating Systems

  • Windows (32bit, 64bit)
    Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Server 2003 SP2 / Vista SP1, SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / 7 SP1 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / 8 / Server 2012 / Hyper-V Server 2012
     
  • Linux (32bit, 64bit)
    Linux 2.4, 2.6, 3.x
     
  • Mac OS X (32bit, 64bit)
    Mac OS X 10.4 Tiger / 10.5 Leopard / 10.6 Snow Leopard / 10.7 Lion / 10.8 Mountain Lion
     
  • FreeBSD (32bit, 64bit)
    FreeBSD 5, 6, 7, 8, 9
     
  • Solaris (32bit, 64bit)
    Solaris 8, 9, 10, 11

Supported CPUs

  • Windows
    Intel x86 (32bit), Intel x64 (64bit)
     
  • Linux
    Intel x86 (32bit), Intel x64 (64bit), PowerPC (32bit), ARM EABI (32bit), ARM legacy ABI (32bit), MIPS Little-Endian (32bit), SH-4 (32bit)
     
  • Mac OS X
    Intel x86 (32bit), Intel x64 (64bit), PowerPC (32bit), PowerPC G5 (64bit)
     
  • FreeBSD
    Intel x86 (32bit), Intel x64 (64bit)
     
  • Solaris
    Intel x86 (32bit), Intel x64 (64bit), SPARC (32bit), SPARC (64bit)
     

Hardware Requirements for SoftEther VPN Server

  • Free RAM
    Minimum: 32Mbytes + 0.5Mbytes * (Number of Concurrent VPN Sessions)
    Recommended: 128Mbytes + 0.5 Mbytes * (Number of Concurrent VPN Sessions)
     
  • Free Disk Space
    Minimum: 100Mbytes
    Recommended: 2Gbytes (for daily VPN connection logs)

Hardware Requirements for SoftEther VPN Server

  • Free RAM
    Minimum: 16Mbytes
    Recommended: 32Mbytes