Basic Capabilities of SoftEther VPN Server
Maximum Concurrent VPN Sessions
Remote Access VPN
- Layer-2 (Ethernet Bridging)
- Layer-3 (IP Routing)
Site-to-Site VPN
- Layer-2 (Ethernet Bridging)
- Layer-3 (IP Routing)
Traffic Control
- VoIP / QoS Priority Control
- Traffic Shaping for Per Users or Groups
Maximum Objects in a Virtual Hub
- Users:
10,000 - Groups:
10,000 - Access List Entries:
32,768 - MAC Address Table Entries:
65,536 - IP Address Table Entries:
65,536 - Cascade Connections:
128
SecureNAT Function
- Virtual NAT Function:
Maximum 4,096 Dynamic Mapping - User-mode NAT
- Kernel-mode NAT
- Virtual DHCP Function
High Availability and Clustering
- Maximum Cluster Members:
64 - Load Balancing
- Load Balancing Weight Control
- Dynamic Mode Virtual Hub Mapping over Cluster Members
- Static Mode Virtual Hub Mapping over Cluster Members
- Fault Terrance
Security Features
- External User-authentication Methods:
RADIUS / NT Domain / Active Directory - Security Policy Settings for Per User / Per Group
- Security Logs Isolation for Each Virtual Hubs
- Works as System-mode Background Service
- Works as User-mode Program
- DoS Attacks Detection and Protection (SYN Flood)
Management Functions
- VPN Server Manager GUI for Windows
- Command-line Management Utility (vpncmd)
- Listener Ports Dynamic Add / Delete
VPN Protocols Supported by SoftEther VPN Server
- SoftEther VPN Protocol (Ethernet over HTTPS)
- OpenVPN (L3-mode and L2-mode)
- L2TP/IPsec
- MS-SSTP (Microsoft Secure Socket Tunneling Protocol)
- SSTP/IPsec
- EtherIP/IPsec
SoftEther VPN Protocol Specification
- Upper Underlying Protocol:
SSL (Secure Socket Layer) 3.0 / TLS (Transport Layer Security) 1.0 - Lower Underlying Protocol:
TCP/IP and UDP/IP Hybrid (on IPv4 and IPv6) - Ciphers:
RC4-MD5, RC4-SHA, AES128-SHA, AES256-SHA, DES-CBC-SHA and DES-CBC3-SHA - Data Compression:
zlib - Session-key:
128bit - Based Standards:
Extended HTTPS over SSL Protocol (RFC2818, RFC 5246) - WAN Optimization:
1-32 Parallel TCP Connection to Construct a Logical VPN Session - Persistent Link:
Infinite Auto-reconnect Function - Proxy Support:
HTTP Proxy Server, SOCKS Proxy Server - User-authentication:
- Anonymous
- Standard Password Authentication
- Password Authentication for RADIUS
- Password Authentication for NT Domain and Active Directory
- X.509 RSA PKI Certification Authentication (Key file on Disk)
- X.509 RSA PKI Certification Authentication (PKCS#11 Smart-cards or USB Tokens) - VPN Encapsulation Payload
Ethernet (IEEE802.3) Frames (Up to 1,514bytes or 1,518bytes for IEEE802.1Q VLAN Tags) - Supported VPN Clients: SoftEther VPN Client
- Supported Client OS: Windows and Linux
- Supported VPN Topologies: Remote-access VPN, Site-to-Site VPN (L2-Bridging) and Site-to-Site VPN (L3-Routing)
L2TP/IPsec Sever Function Specifications on SoftEther VPN Server
- User-authentication Methods: PAP and MS-CHAPv2
- NAT-Traversal:
RFC3947 IPsec over UDP Encapsulation - Supported Ciphers:
DES-CBC, 3DES-CBC, AES-CBC, Blowfish-CBC and CAST-128-CBC - Supported Hashes:
MD5 and SHA-1 - Supported Diffie-Hellman Groups:
MODP 768 (Group 1), MODP 1024 (Group 2) and MODP 1536 (Group 5) - Compatible VPN Clients:
Built-in VPN Clients on Windows, Mac, iOS and Android - Compatible Client OS:
Windows, Mac, iOS, Android and other L2TP-supported VPN Client OS - Supported VPN Topologies:
Remote-access VPN