Table of contents
Combined revision comparison
This section contains a description of operation principle and communication method of VPN that can be constructed by SoftEther VPN. An, an overview of the modules and functions that was used by VPN communications. Andand the types of VPN that can be constructed by using SoftEther VPN.
...
SoftEther VPN implements the mechanism of Ethernet communications as it is by software and realizes VPN by creating a virtual network. The following is a brief description of the mechanism what Ethernet will operateby which Ethernet operates.
...
With Ethernet multiple computers you can communicate with each other. Here however the computers use a network adapter (also referred to as "LAN Card") which is a special device for connecting to Ethernet, and connectsconnect physically to Ethernet.
...
Computers participating in Ethernet must communicate with IDs to prevent them from duplicating each other. Each network adapter has been assigned a unique 48-bit ID. This 48-bit ID is referred as "MAC address". As a rule, the MAC address of the physical network adapter has been assigned, computers would not be duplicated anywhere in the world (in the case of software network adapter such as SoftEther VPN Virtual Network Adapter, a suitable algorithm whereby possibility of MAC address actually being duplicated is extremely low is generated to prevent duplication)..
...
The destination MAC address (48 bits) is a field which containscontaining the MAC address that recovers indicating to which computer the Ethernet frames of the computer sending the frames will be sent. Relaying devices such as a switching Hub within Ethernet readsread the destination MAC address and relay the Ethernet frames.
...
There are two ways that Ethernet frames can be sent, "unicast" and "broadcast". ". "Unicast" is when an Ethernet frame is sent by specifying the MAC address of a certain network adapter. And as forand "broadcast" is the frame thatwhen the frame is sent to all network adapters participating in Ethernet other than your own.
WhenIf sending frames by unicast, the MAC address of the destination network adapter is specified for destination MAC address. And whenand if sending frames by broadcast, the special MAC address FF:FF:FF:FF:FF:FF is specified as the destination MAC address. The frames of which the MAC address destinationis destination called FF:FF:FF:FF:FF:FF are called "broadcast packets" or "broadcast frames". And as a rule thisand as a rule can be received by all computers (network adapters) participating in the Ethernet network.
...
The switching Hub used by Ethernet (layer 2 switch) constructs a network by Ethernet and it is an important peripheral device for communication. Switching Hubs have multiple ports (usually 8 ports, but can have from tens to hundreds).. By connecting a compute to the Ethernet by network cable, etc., a physical network is connected between the switching Hub and computer's network adapter, thus enabling Ethernet communications by layer 2.
The ports of a switching Hub can also be connected to the ports of another switching Hub. Even though the connected switching Hubs were originally separate by Ethernet networks, by connecting them by network cable, they work like a single Ethernet network. This is called "cascade connection".
The computers connected to the switching Hubs on the left and right in the following figure (Segment junction by cascade connection of switching hubs.) can communicate freely with each other.
...
When a switching Hub receives an Ethernet frame, it reads the destination MAC address of the Ethernet frame, and whenif the destination MAC address is registered in the MAC address table, it is sent to the concerned port. If the destination MAC address is not registered in the MAC address table or the Ethernet frame is a broadcast frame, it will beis sent to all ports.
The processing whereby a switching Hub learns new MAC addresses and registers them in the internal MAC address table is carried out automatically by reading the source MAC address, each time a new Ethernet frame will beis received.
This realizes function whereby unicast packets are only sentsentonly to required ports, and are not sent to unnecessary ports. This is called the "Frame exchange and MAC address learning by switching Hub function".
...
As it has been mentioned earlierwas previously mentioned, the method of connecting two segments configured of two switching Hubs and using as a single segment is called "cascade connection". Cascade connection can consist of an unlimited number of cascades provided the physical limit established for Ethernet is not exceeded. The fact is that cascade connection can be accomplished easily and it is one of the greatest features of using Ethernet. By cascade connecting another switching Hub to one for which the number of ports has become insufficient, you can increase the number of available ports and increase the number of computers that can be connected to the network.
...
WhenIf multiple Virtual Hubs are created within a single VPN server, those Virtual Hubs cannot communicate with each other. Consequently if multiple Virtual Hubs are created, it means multiple Ethernet segments are formed within the VPN Server.
Unlike the physical switching Hub in conventional Ethernet, the Virtual Hub of SoftEther VPN is connected by TCP/IP-based tunneling protocol (SoftEther VPN protocol) via an existing IP network (such as the Internet) rather than direct connection by network cable. In other words, there is a function whereby a virtual port equal to port connected to a physical switching Hub by network cable stands by for connection to the Virtual Hub, enabling VPN connection by SoftEther VPN protocol, just like as if it is connected by network cable to virtual port from another computer.
...
As was previously mentioned, you can connect to Virtual Hub from a remote location by SoftEther VPN protocol, but when theif connection is permitted by anybody, a third party whom is not permitted can connect to the Virtual Hub. To prevent this the administrator defines users who can connect to the Virtual Hub, and can set so that only users successfully authenticated are accepted (either password authentication or certificate authentication may be used). Concerning communication within the Virtual Hub as well, permitting all communication contents by default but applying packet filtering and security policy, some types of communication can be blocked.
These setting contents are completely independent for each Virtual Hub, and administration is divided into units so each individual administrator can administrate it separately. Administrators of VPN Servers at large can manage all Virtual Hubs, but administrators granted authority concerning some Virtual Hubs from the VPN Server administrator can manage only those Virtual Hubs and those are unable to manage other Virtual Hubs.
...
Virtual Network Adapter software is currently offered as a SoftEther VPN Client for Windows and Linux. Computers installed with SoftEther VPN Client can connect the VPN Server as a VPN client. Multiple Virtual Network Adapters can be created on a client computer as a SoftEther VPN Client setting. Because the created Virtual Network Adapter is recognized as a network adapter just as physical network adapter by almost any communications application is running on the operating system, as a rule almost all network protocols that support Ethernet communications and TCP/IP protocol can communicate on VPN via Virtual Hub.
...
With SoftEther VPN Server, you can create multiple Virtual Hubs and operate them at the same timetogether. In the initial state however Virtual Hubs have only independent layer 2 segments, and although computers connected to the same Virtual Hub can communicate freely, computers connected to separate Virtual Hubs cannot communicate with each other.
...
Using the virtual layer 3 switch function of SoftEther VPN Server enables IP routing among multiple Virtual Hubs. WhenIf conducting IP routing among multiple Virtual Hubs with the previous version of SoftEther 1.0, etc., you had to conduct IP routing with a physical layer 3 switch or special router by bridge connecting each respective Virtual Hub segment to a physical Ethernet segment. However SoftEther VPN Server's support of virtual layer 3 switch function enables network administrators to easily realize communication among Virtual Hubs by IP routing among multiple Virtual Hubs.
...
Networks that can realize SoftEther VPN can roughly be divided into the following three forms:
...
Computer-to-computer VPN is the simplest form of VPN built using SoftEther VPN. The range of communication via VPN thatthe can be constructed extremely easily, is not very wide .
With computer-to-computer VPN, for Virtual Hub of SoftEther VPN Server established at one location, multiple computers connecting network adapter of SoftEther VPN Client to Virtual Hub by VPN is enable any Ethernet frame to be sent or received among computers participating in VPN. So that theso communication can be carried out freely and safely without depending on physical network form. All VPN communication is encrypted to prevent eavesdropping and tampering.
...
Version from 15:29, 16 Jan 2014
This section contains a description of operation principle and communication method of VPN that can be constructed by SoftEther VPN, an overview of the modules and functions that was used by VPN communications and the types of VPN that can be constructed using SoftEther VPN.
...
SoftEther VPN implements the mechanism of Ethernet communications as it is by software and realizes VPN by creating a virtual network. The following is a brief description of the mechanism by which Ethernet operates.
...
With Ethernet multiple computers you can communicate with each other. Here however the computers use a network adapter (also referred to as "LAN Card") which is a special device for connecting to Ethernet, and connect physically to Ethernet.
...
Computers participating in Ethernet must communicate with IDs to prevent them from duplicating each other. Each network adapter has been assigned a unique 48-bit ID. This 48-bit ID is referred as "MAC address". As a rule, the MAC address of the physical network adapter has been assigned, computers would not be duplicated anywhere in the world (in the case of software network adapter such as SoftEther VPN Virtual Network Adapter, a suitable algorithm whereby possibility of MAC address actually being duplicated is extremely low is generated to prevent duplication.
...
The destination MAC address (48 bits) is a field which containing the MAC address that recovers indicating to which computer the Ethernet frames of the computer sending the frames will be sent. Relaying devices such as a switching Hub within Ethernet read the destination MAC address and relay the Ethernet frames.
...
There are two ways that Ethernet frames can be sent. "Unicast" is when an Ethernet frame is sent by specifying the MAC address of a certain network adapter and "broadcast" is when the frame is sent to all network adapters participating in Ethernet other than your own.
If sending frames by unicast, the MAC address of the destination network adapter is specified for destination MAC address and if sending frames by broadcast, the special MAC address FF:FF:FF:FF:FF:FF is specified as the destination MAC address. The frames of which the MAC address is destination called FF:FF:FF:FF:FF:FF are called "broadcast packets" and as a rule can be received by all computers (network adapters) participating in the Ethernet network.
...
The switching Hub used by Ethernet (layer 2 switch) constructs a network by Ethernet and is an important peripheral device for communication. Switching Hubs have multiple ports (usually 8 ports, but can have from tens to hundreds. By connecting a compute to the Ethernet by network cable, etc., a physical network is connected between the switching Hub and computer's network adapter, thus enabling Ethernet communications by layer 2.
...
When a switching Hub receives an Ethernet frame, it reads the destination MAC address of the Ethernet frame, and if the destination MAC address is registered in the MAC address table, it is sent to the concerned port. If the destination MAC address is not registered in the MAC address table or the Ethernet frame is a broadcast frame, it is sent to all ports.
The processing whereby a switching Hub learns new MAC addresses and registers them in the internal MAC address table is carried out automatically by reading the source MAC address each time a new Ethernet frame is received.
This realizes function whereby unicast packets are sentonly to required ports, and are not sent to unnecessary ports. This is called the "Frame exchange and MAC address learning by switching Hub function".
...
As was previously mentioned, the method of connecting two segments configured of two switching Hubs and using as a single segment is called "cascade connection". Cascade connection can consist of an unlimited number of cascades provided the physical limit established for Ethernet is not exceeded. The fact that cascade connection can be accomplished easily is one of the greatest features of using Ethernet. By cascade connecting another switching Hub to one for which the number of ports has become insufficient, you can increase the number of available ports and increase the number of computers that can be connected to the network.
...
If multiple Virtual Hubs are created within a single VPN server, those Virtual Hubs cannot communicate with each other. Consequently if multiple Virtual Hubs are created, it means multiple Ethernet segments are formed within the VPN Server.
...
As was previously mentioned, you can connect to Virtual Hub from a remote location by SoftEther VPN protocol, but if connection is permitted by anybody, a third party not permitted can connect to the Virtual Hub. To prevent this the administrator defines users who can connect to the Virtual Hub, and can set so that only users successfully authenticated are accepted (either password authentication or certificate authentication may be used). Concerning communication within the Virtual Hub as well, permitting all communication contents by default but applying packet filtering and security policy, some types of communication can be blocked.
...
With SoftEther VPN Server, you can create multiple Virtual Hubs and operate them together. In the initial state however Virtual Hubs have only independent layer 2 segments, and although computers connected to the same Virtual Hub can communicate freely, computers connected to separate Virtual Hubs cannot communicate with each other.
...
Using the virtual layer 3 switch function of SoftEther VPN Server enables IP routing among multiple Virtual Hubs. If conducting IP routing among multiple Virtual Hubs with the previous version of SoftEther 1.0, etc., you had to conduct IP routing with a physical layer 3 switch or special router by bridge connecting each respective Virtual Hub segment to a physical Ethernet segment. SoftEther VPN Server's support of virtual layer 3 switch function enables network administrators to easily realize communication among Virtual Hubs by IP routing among multiple Virtual Hubs.
...
Networks that can realize SoftEther VPN can roughly be divided into the following three forms:
...
Computer-to-computer VPN is the simplest form of VPN built using SoftEther VPN. The range of communication via VPN the can be constructed extremely easily is not very wide.
With computer-to-computer VPN, for Virtual Hub of SoftEther VPN Server established at one location, multiple computers connecting network adapter of SoftEther VPN Client to Virtual Hub by VPN enable any Ethernet frame to be sent or received among computers participating in VPN so communication can be carried out freely and safely without depending on physical network form. All VPN communication is encrypted to prevent eavesdropping and tampering.
...
Version as of 21:07, 17 Jan 2014
This section contains a description of operation principle and communication method of VPN that can be constructed by SoftEther VPN. An overview of the modules and functions that was used by VPN communications. And the types of VPN that can be constructed by using SoftEther VPN.
...
SoftEther VPN implements the mechanism of Ethernet communications as it is by software and realizes VPN by creating a virtual network. The following is a brief description of the mechanism what Ethernet will operate.
...
With Ethernet multiple computers you can communicate with each other. Here however the computers use a network adapter (also referred to as "LAN Card") which is a special device for connecting to Ethernet, and connects physically to Ethernet.
...
Computers participating in Ethernet must communicate with IDs to prevent them from duplicating each other. Each network adapter has been assigned a unique 48-bit ID. This 48-bit ID is referred as "MAC address". As a rule, the MAC address of the physical network adapter has been assigned, computers would not be duplicated anywhere in the world (in the case of software network adapter such as SoftEther VPN Virtual Network Adapter, a suitable algorithm whereby possibility of MAC address actually being duplicated is extremely low is generated to prevent duplication).
...
The destination MAC address (48 bits) is a field which contains the MAC address that recovers indicating to which computer the Ethernet frames of the computer sending the frames will be sent. Relaying devices such as a switching Hub within Ethernet reads the destination MAC address and relay the Ethernet frames.
...
There are two ways that Ethernet frames can be sent, "unicast" and "broadcast". "Unicast" is when an Ethernet frame is sent by specifying the MAC address of a certain network adapter. And as for "broadcast" is the frame that sent to all network adapters participating in Ethernet other than your own.
When sending frames by unicast, the MAC address of the destination network adapter is specified for destination MAC address. And when sending frames by broadcast, the special MAC address FF:FF:FF:FF:FF:FF is specified as the destination MAC address. The frames of which the MAC address destination FF:FF:FF:FF:FF:FF are called "broadcast packets" or "broadcast frames". And as a rule this can be received by all computers (network adapters) participating in the Ethernet network.
...
The switching Hub used by Ethernet (layer 2 switch) constructs a network by Ethernet and it is an important peripheral device for communication. Switching Hubs have multiple ports (usually 8 ports, but can have from tens to hundreds). By connecting a compute to the Ethernet by network cable, etc., a physical network is connected between the switching Hub and computer's network adapter, thus enabling Ethernet communications by layer 2.
The ports of a switching Hub can also be connected to the ports of another switching Hub. Even though the connected switching Hubs were originally separate by Ethernet networks, by connecting them by network cable, they work like a single Ethernet network. This is called "cascade connection".
The computers connected to the switching Hubs on the left and right in the following figure (Segment junction by cascade connection of switching hubs.) can communicate freely with each other.
...
When a switching Hub receives an Ethernet frame, it reads the destination MAC address of the Ethernet frame, and when the destination MAC address is registered in the MAC address table, it is sent to the concerned port. If the destination MAC address is not registered in the MAC address table or the Ethernet frame is a broadcast frame, it will be sent to all ports.
The processing whereby a switching Hub learns new MAC addresses and registers them in the internal MAC address table is carried out automatically by reading the source MAC address, each time a new Ethernet frame will be received.
This realizes function whereby unicast packets are only sent to required ports, and are not sent to unnecessary ports. This is called the "Frame exchange and MAC address learning by switching Hub function".
...
As it has been mentioned earlier, the method of connecting two segments configured of two switching Hubs and using as a single segment is called "cascade connection". Cascade connection can consist of an unlimited number of cascades provided the physical limit established for Ethernet is not exceeded. The fact is that cascade connection can be accomplished easily and it is one of the greatest features of using Ethernet. By cascade connecting another switching Hub to one for which the number of ports has become insufficient, you can increase the number of available ports and increase the number of computers that can be connected to the network.
...
When multiple Virtual Hubs are created within a single VPN server, those Virtual Hubs cannot communicate with each other. Consequently if multiple Virtual Hubs are created, it means multiple Ethernet segments are formed within the VPN Server.
Unlike the physical switching Hub in conventional Ethernet, the Virtual Hub of SoftEther VPN is connected by TCP/IP-based tunneling protocol (SoftEther VPN protocol) via an existing IP network (such as the Internet) rather than direct connection by network cable. In other words, there is a function whereby a virtual port equal to port connected to a physical switching Hub by network cable stands by for connection to the Virtual Hub, enabling VPN connection by SoftEther VPN protocol, just like as if it is connected by network cable to virtual port from another computer.
...
As was previously mentioned, you can connect to Virtual Hub from a remote location by SoftEther VPN protocol, but when the connection is permitted by anybody, a third party whom is not permitted can connect to the Virtual Hub. To prevent this the administrator defines users who can connect to the Virtual Hub, and can set so that only users successfully authenticated are accepted (either password authentication or certificate authentication may be used). Concerning communication within the Virtual Hub as well, permitting all communication contents by default but applying packet filtering and security policy, some types of communication can be blocked.
These setting contents are completely independent for each Virtual Hub, and administration is divided into units so each individual administrator can administrate it separately. Administrators of VPN Servers at large can manage all Virtual Hubs, but administrators granted authority concerning some Virtual Hubs from the VPN Server administrator can manage only those Virtual Hubs and those are unable to manage other Virtual Hubs.
...
Virtual Network Adapter software is currently offered as a SoftEther VPN Client for Windows and Linux. Computers installed with SoftEther VPN Client can connect the VPN Server as a VPN client. Multiple Virtual Network Adapters can be created on a client computer as a SoftEther VPN Client setting. Because the created Virtual Network Adapter is recognized as a network adapter just as physical network adapter by almost any communications application is running on the operating system, as a rule almost all network protocols that support Ethernet communications and TCP/IP protocol can communicate on VPN via Virtual Hub.
...
With SoftEther VPN Server, you can create multiple Virtual Hubs and operate them at the same time. In the initial state however Virtual Hubs have only independent layer 2 segments, and although computers connected to the same Virtual Hub can communicate freely, computers connected to separate Virtual Hubs cannot communicate with each other.
...
Using the virtual layer 3 switch function of SoftEther VPN Server enables IP routing among multiple Virtual Hubs. When conducting IP routing among multiple Virtual Hubs with the previous version of SoftEther 1.0, etc., you had to conduct IP routing with a physical layer 3 switch or special router by bridge connecting each respective Virtual Hub segment to a physical Ethernet segment. However SoftEther VPN Server's support of virtual layer 3 switch function enables network administrators to easily realize communication among Virtual Hubs by IP routing among multiple Virtual Hubs.
...
Computer-to-computer VPN is the simplest form of VPN built using SoftEther VPN. The range of communication via VPN that can be constructed extremely easily, is not very wide .
With computer-to-computer VPN, for Virtual Hub of SoftEther VPN Server established at one location, multiple computers connecting network adapter of SoftEther VPN Client to Virtual Hub by VPN is enable any Ethernet frame to be sent or received among computers participating in VPN. So that the communication can be carried out freely and safely without depending on physical network form. All VPN communication is encrypted to prevent eavesdropping and tampering.
...
