Table of contents

2.1 VPN Communication Protocol

    Table of contents
    You are currently comparing two old versions - only when you are comparing against the latest version can you revert. Return to version archive.

    Combined revision comparison

    Comparing version 17:23, 13 Mar 2014 by yamame with version 20:37, 17 Mar 2014 by yamame.

    ...

    However, as for SoftEther VPN protocol, by dexterously controlling and optimizing TCP/IP connection establish carrying out to VPN communication while developing, communication will be optimized and be more efficient then ever. In the case where SoftEther VPN is used for a network with sufficient bandwidth, SoftEther VPN Project has succeeded in realizing higher speed and lower delay for so the user of VPN communication that you would never sense a bit of difference in whether communication is carried out via VPN or directly flowing on a physical network.

    ...

    Communication efficiency (throughput and response) and stability can be enhanced for the following networks whenif the user properly sets advanced communications parameters of SoftEther VPN protocol.

    • Networks with large delay time despite wide bandwidth.
    • Networks whereby there are proxy servers, NAT or firewalls in the VPN communications route that produce the delay.
    • Networks whereby there is band control equipment (QoS equipment) on the VPN communications route which intentionally band control maximum communication speed for each separate TCP/IP connection.
    • Networks whereby there are proxy servers, NAT or firewalls in the VPN communications route, special processing for TCP/IP protocol through network gateway devices and servers that areis executed, an expiration date is set for each TCP/IP connection and the connection is disconnected when the expiration date is exceeded, count and transmission interval for packets of HTTPS protocol, etc., will beare strictly recorded, and if there is a violation of the default standards of HTTP protocol, the TCP/IP connection will beis disconnected and special processing beis executed.

    VPN communication source computers will simultaneously establish multiple TCP/IP connections for a single VPN session with SoftEther VPN Server, and by distributing load for communications data by using the respective connections in parallel, VPN communication data can be sent and received at high speed with low delay by SoftEther VPN protocol.

    ...

    If the VPN connection to SoftEther VPN Server washas temporarily cut off due to network problems or the connection destination VPN Server stops (temporarily), the system will attempts to reconnect to the VPN Server until it will succeed. You can specify the maximum number of reconnection that attempts to and the interval at which reconnection is attempted (cannot be set less than 5 seconds).

    As for the default setting, it is 15 seconds for reconnection attempt by interval and number of reconnection attempting is unlimited. The connection will be maintained constantly as long as the network is functioning and connection destination VPN Server is runnig.

    As for the cascade connection, while attemptions are made to connect the SoftEther VPN Server and connection is completed, the function to maintain connection keeps the reconnection interval will be fixed to 10 seconds and the number of reconnection will attempt to be fixed to unlimited. The user does not have a permission for this change norcannot change this settings.

    ...

    If the number of TCP/IP connections is simply increased, rather than enhancing throughput of VPN communications, orif the bandwidth of the communication route with the VPN Server on the IP network is large, it appears that increasing the number of connections often enhances throughput or stabilizes communication. Oppositely, in the case of low speed lines like ISDN or PHS where bandwidth is just server tens or hundreds of kbps, because of the band is consumed by Keep-Alive messages and control data of various TCP/IP connections, fewer connections often improved stability and enhances the communications speed.

    The number of optimal TCP/IP connections furthermore varies according to the amount of data and type of communications protocol which is used within the VPN session. After actually constructing VPN, we will recommend you torecommendyou select the proper setting while using the communication throughput measurement tool. For details on the communication throughput measurement tool, see 4.8 Measuring Effective Throughput.

    ...

    If you are about to conducting VPN communications by establishing 2 or more TCP/IP connections, you can specify how many seconds must pass after the immediately preceding TCP/IP connection has beenis established before another can be established beginning with the second one. The default setting is 1 second. This can be set to longer then 1 secondCan be set to 1 second or longer.

    Normaly you do not have to change this number (1 sec). However when you are trying to connectUnder ordinary circumstances, 1 second will suffice, but if establishing a large number of TCP/IP connections (such as 32 connection) continuously, this may occur some physical or IP network  problem as it is default setting number (1 sec). The firewall or IDS may confuse this connection as a “Dos attack” or “physical attack”. So if you are about to connect large number of TCP/IP continuously, try use this manual setting to loger second then 1.)and TCP/IP connections are established consecutively, the firewall on the IP network or equipment such as IDS may mistakenly interpret it as a DoS attack, etc., and disconnect the TCP/IP connection, and if VPN connection is not correctly established, misdetection can be avoided by increasing the connection interval. 

    ...

    If you want to communicate VPN by establishing more then 2 TCP/IP connection, when TCP/IP connections are completed, between computer and VPN server TCP/IP connection can be disconnected after the particular set seconds while can newly establish the shortage of TCP/IP connection. By default setting this function is disuseconducting VPN communications by establishing 2 or more TCP/IP connections, if the number of seconds specified after establishing connection between the connection source computer and VPN Server elapses for the various TCP/IP connections, along with disconnecting the TCP/IP connections, the number of TCP/IP connections that is lacked can be newly established. By default, this function is not used.

    ...

    Other changes:

    1. /body/p[22]/@class: nothing ⇒ "p1"
    2. /body/p[25]/@class: nothing ⇒ "p1"

    Version from 17:23, 13 Mar 2014

    This revision modified by yamame (Ban)

    ...

    Communication efficiency (throughput and response) and stability can be enhanced for the following networks if the user properly sets advanced communications parameters of SoftEther VPN protocol.

    • Networks with large delay time despite wide bandwidth.
    • Networks whereby there are proxy servers, NAT or firewalls in the VPN communications route that produce delay.
    • Networks whereby there is band control equipment (QoS equipment) on the VPN communications route which intentionally band control maximum communication speed for each separate TCP/IP connection.
    • Networks whereby there are proxy servers, NAT or firewalls in the VPN communications route, special processing for TCP/IP protocol through network gateway devices and servers is executed, an expiration date is set for each TCP/IP connection and the connection is disconnected when the expiration date is exceeded, count and transmission interval for packets of HTTPS protocol, etc., are strictly recorded, and if there is a violation of the default standards of HTTP protocol, the TCP/IP connection is disconnected and special processing is executed.

    ...

    If the VPN connection to SoftEther VPN Server has temporarily cut off due to network problems or the connection destination VPN Server stops (temporarily), the system attempts to reconnect to the VPN Server until it will succeed. You can specify the maximum number of reconnection that attempts to and the interval at which reconnection is attempted (cannot be set less than 5 seconds).

    ...

    As for the cascade connection, while attemptions are made to connect the SoftEther VPN Server and connection is completed, the function to maintain connection keeps the reconnection interval will be fixed to 10 seconds and the number of reconnection will attempt to be fixed to unlimited. The user cannot change this settings.

    ...

    If the number of TCP/IP connections is simply increased, rather than enhancing throughput of VPN communications, if the bandwidth of the communication route with the VPN Server on the IP network is large, it appears that increasing the number of connections often enhances throughput or stabilizes communication. Oppositely, in the case of low speed lines like ISDN or PHS where bandwidth is just server tens or hundreds of kbps, because the band is consumed by Keep-Alive messages and control data of various TCP/IP connections, fewer connections often improved stability and enhances communications speed.

    The number of optimal TCP/IP connections furthermore varies according to the amount of data and type of communications protocol used within the VPN session. After actually constructing VPN, we recommend you select the proper setting while using the communication throughput measurement tool. For details on the communication throughput measurement tool, see 4.8 Measuring Effective Throughput.

    ...

    If conducting VPN communications by establishing 2 or more TCP/IP connections, you can specify how many seconds must pass after the immediately preceding TCP/IP connection is established before another can be established beginning with the second one. The default setting is 1 second. Can be set to 1 second or longer.

    Under ordinary circumstances, 1 second will suffice, but if establishing a large number of TCP/IP connections (such as 32) and TCP/IP connections are established consecutively, the firewall on the IP network or equipment such as IDS may mistakenly interpret it as a DoS attack, etc., and disconnect the TCP/IP connection, and if VPN connection is not correctly established, misdetection can be avoided by increasing the connection interval.

    ...

    If conducting VPN communications by establishing 2 or more TCP/IP connections, if the number of seconds specified after establishing connection between the connection source computer and VPN Server elapses for the various TCP/IP connections, along with disconnecting the TCP/IP connections, the number of TCP/IP connections that is lacked can be newly established. By default, this function is not used.

    ...

    Version as of 20:37, 17 Mar 2014

    This revision modified by yamame (Ban)

    ...

    However, as for SoftEther VPN protocol, by dexterously controlling and optimizing TCP/IP connection establish carrying out to VPN communication while developing, communication will be optimized and be more efficient then ever. In the case where SoftEther VPN is used for a network with sufficient bandwidth, SoftEther VPN Project has succeeded in realizing higher speed and lower delay for so the user of VPN communication that you would never sense a bit of difference in whether communication is carried out via VPN or directly flowing on a physical network.

    ...

    Communication efficiency (throughput and response) and stability can be enhanced for the following networks when the user properly sets advanced communications parameters of SoftEther VPN protocol.

    • Networks with large delay time despite wide bandwidth.
    • Networks whereby there are proxy servers, NAT or firewalls in the VPN communications route that produce the delay.
    • Networks whereby there is band control equipment (QoS equipment) on the VPN communications route which intentionally band control maximum communication speed for each separate TCP/IP connection.
    • Networks whereby there are proxy servers, NAT or firewalls in the VPN communications route, special processing for TCP/IP protocol through network gateway devices and servers that are executed, an expiration date is set for each TCP/IP connection and the connection is disconnected when the expiration date is exceeded, count and transmission interval for packets of HTTPS protocol, etc., will be strictly recorded, and if there is a violation of the default standards of HTTP protocol, the TCP/IP connection will be disconnected and special processing be executed.

    VPN communication source computers will simultaneously establish multiple TCP/IP connections for a single VPN session with SoftEther VPN Server, and by distributing load for communications data by using the respective connections in parallel, VPN communication data can be sent and received at high speed with low delay by SoftEther VPN protocol.

    ...

    If the VPN connection to SoftEther VPN Server was temporarily cut off due to network problems or the connection destination VPN Server stops (temporarily), the system will attempts to reconnect to the VPN Server until it will succeed. You can specify the maximum number of reconnection that attempts to and the interval at which reconnection is attempted (cannot be set less than 5 seconds).

    As for the default setting, it is 15 seconds for reconnection attempt by interval and number of reconnection attempting is unlimited. The connection will be maintained constantly as long as the network is functioning and connection destination VPN Server is runnig.

    As for the cascade connection, while attemptions are made to connect the SoftEther VPN Server and connection is completed, the function to maintain connection keeps the reconnection interval will be fixed to 10 seconds and the number of reconnection will attempt to be fixed to unlimited. The user does not have a permission for this change nor settings.

    ...

    If the number of TCP/IP connections is simply increased, rather than enhancing throughput of VPN communications, or the bandwidth of the communication route with the VPN Server on the IP network is large, it appears that increasing the number of connections often enhances throughput or stabilizes communication. Oppositely, in the case of low speed lines like ISDN or PHS where bandwidth is just server tens or hundreds of kbps, because of the band is consumed by Keep-Alive messages and control data of various TCP/IP connections, fewer connections often improved stability and enhances the communications speed.

    The number of optimal TCP/IP connections furthermore varies according to the amount of data and type of communications protocol which is used within the VPN session. After actually constructing VPN, we will recommend you to select the proper setting while using the communication throughput measurement tool. For details on the communication throughput measurement tool, see 4.8 Measuring Effective Throughput.

    ...

    If you are about to conducting VPN communications by establishing 2 or more TCP/IP connections, you can specify how many seconds must pass after the immediately preceding TCP/IP connection has been established before another can be established beginning with the second one. The default setting is 1 second. This can be set to longer then 1 second.

    Normaly you do not have to change this number (1 sec). However when you are trying to connect large number of TCP/IP (such as 32 connection) continuously, this may occur some physical or IP network  problem as it is default setting number (1 sec). The firewall or IDS may confuse this connection as a “Dos attack” or “physical attack”. So if you are about to connect large number of TCP/IP continuously, try use this manual setting to loger second then 1. 

    ...

    If you want to communicate VPN by establishing more then 2 TCP/IP connection, when TCP/IP connections are completed, between computer and VPN server TCP/IP connection can be disconnected after the particular set seconds while can newly establish the shortage of TCP/IP connection. By default setting this function is disuse.

    ...