Table of contents
Combined revision comparison
...
In the vpncmd utility, use the [HubCreate] command. When using the clustering function (refer to #3.9 Clustering#), ), use either the [HubCreateDynamic] or [HubCreateStatic] commands instead.
...
Where the max_sessions, max_sessions_client and max_sessions_bridge options have been set in the Virtual Hub Administration Options, these option values are always applied regardless of whether or not the number of maximum simultaneous connection sessions has been set. See #3.5.12#3.5 Virtual Hub Security Features for details.
...
As explained in #1.6.8#1.6 VPN Communication Detailsand #1.6.9#, , the two types of sessions connected to the Virtual Hub from the VPN source computer are the client mode session and the bridge / router mode session.
...
| Entry | Description |
| Session | The ID to specifically identify the session within the Virtual Hub. The session name starts with "SID-" followed by words indicating the user name and a sequential number. |
| Location | [Local sessions] is displayed when clustering is not in use. When clustering is used, the Cluster Controller session to which that session pertains is displayed. |
| User | The name of the user associated with the session, i.e the name of the user successfully verified when carrying out VPN connection for that session, is displayed. As explained in When the user name is one of the following, that session refers to the special session generated within the VPN Server and not to a regular VPN connection session.
|
| Source Host | In the case of a session generated by a VPN session receiving a regular VPN connection, the host name of the VPN source computer is displayed. The IP address is displayed when reverse DNS resolution fails. |
| TCP Connections | In the case of a session generated by a VPN session receiving a regular VPN connection, the number of TCP/IP connections used in that VPN session's communication is displayed. Please refer to |
| Transfer Bytes | Displays the total data size of virtual Ethernet frames transferred in the current VPN session. |
| Transfer Packets | Displays the total number of virtual Ethernet frames transferred in the current VPN session. |
...
| Entry | Description |
| Source IP Address | Displays VPN session's source IP address. |
| Source Host Name | Displays the name of the host obtained by reverse resolution of the source IP address. When reverse resolution fails, the same characters as the [Source IP address] are displayed. |
| User Name (Authentication) | Indicates the name of the user connected to the VPN session. As explained in |
| User Name (Database) | Indicates the name of the user connected to the VPN session. When using asterisk user ("*" user) and when the name on the user database differs from that used in user authentication, the name on the user database is displayed. Where the name on the user database differs from that used in user authentication, the latter is displayed. |
| Server Product Name | Displays the product name of the SoftEther VPN Server accepting the session. |
| Server Version | Displays the version name of the SoftEther VPN Server accepting the session. |
| Server Build | Displays the server build number of the SoftEther VPN Server accepting the session. |
| Connection Start Time | Displays the time that the VPN session connection processing commenced. Note that this is identical to the VPN Server's [Initial session confirm time] and [Current session confirm time]. |
| Half-duplex TCP Connection Mode | Indicates whether or not the SoftEther VPN protocol's communication mode in the VPN session is half-duplex connection mode. |
| VoIP / QoS Function | Indicates whether or not the VoIP / QoS support function (see |
| Number of TCP Connections | Displays the current number of TCP/IP connections constituting the VPN session. |
| Maximum Number of TCP Connections | Displays the maximum number of TCP/IP connections which can be used to constitute the VPN session. |
| Encryption | Indicates whether the VPN session is protected by encryption and electronic signature. |
| Use of Compression | Indicates whether or not communication compressed by data compression algorithms is being used. |
| Session Name | Indicates the ID to identify the session. |
| Session Key (160bit) | Indicates the internal administration ID to specifically identify the session created by the VPN Server. |
| Bridge / Router Mode | Indicates whether the session type is a bridge / router mode session. |
| Monitoring Mode | Indicates whether the session type is a monitoring mode session. |
| Outgoing Data Size | The bytes of data transmitted from the VPN source to the VPN Server on the SoftEther VPN protocol (indicates the approximate actual physical packet volume flowing over the IP network). |
| Incoming Data Size | The bytes of data transmitted from the VPN Server to the VPN source on the SoftEther VPN protocol (indicates the approximate actual physical packet volume flowing over the IP network). |
| Statistical Information | Indicates the sent/received virtual Ethernet frame type packets and total data size (updated in real time). |
| Client Product Name | Indicates the name of the VPN source software. |
| Client Version | Indicates the version number of the VPN source software. |
| Client OS Name & Version | Indicates the name and version of the operating system on which the VPN source software is running. |
| Client Host Name | Indicates the client computer's host name as notified by the VPN source software. |
| Client Port | Indicates the client's TCP/IP port number as notified by the VPN source software. |
| Server Host Name | Indicates the name of the designated server that the VPN source software is attempting to connect to. |
| Server IP Address | Indicates the IP address as a result of forward resolution of the designated server name that the VPN source software is attempting to connect to. |
| Server Port | Indicates the port number of the designated server that the VPN source software is attempting to connect to. |
| Proxy Host Name | Indicates the host name of the proxy server when the VPN source software is using a proxy server to connect to the VPN. |
| Proxy IP Address | Indicates the IP address of the proxy server when the VPN source software is using a proxy server to connect to the VPN. |
| Proxy Port | Indicates the TCP/IP port number of the proxy server when the VPN source software is using a proxy server to connect to the VPN. |
...
As explained in #1.6.5#,1.6 VPN Communication Details, the Virtual Hub supports the exchange of virtual Ethernet frames between sessions by automatically learning the MAC address table and associating the addresses with their corresponding connected session. The Virtual Hub Administrators can display the contents of the latest Virtual Hub MAC address table.
...
As explained in 3.4.7,#3.4.7#, the Virtual Hubs have IP address table databases to constantly administer which sessions are communicating using which IP addresses. Additionally, in order to check whether an IP address registered on the IP address table database actually exists on the layer 2 local segment to which the Virtual Hub belongs, poll packets to confirm the existence of the IP address (survey packets) are sent out at regular intervals using the ARP protocol, and those IP address table entries which respond have their expiration date updated, while those entries which do not respond are deleted from the IP address table database after a certain period (60 seconds), thereby maximizing the accuracy of IP address existence confirmation.
...
Please refer to 3.5 Virtual Hub Security Features#3.5.9# for details on security policy items.
...
As explained in #1.6.7#,1.6 VPN Communication Details, bridging and routing is denied for VPN Client-connected sessions in client mode sessions. Accordingly, it is possible to protect against actions such as unauthorized bridge connections and routing between the virtual Network Adapter and the physical network adapter connected to a VPN session on the computer on which the VPN Client is installed.
...
Please refer to 4.4 Making Connection to VPN Server#4.4.17# , for specific methods to connect the VPN Client to a Virtual Hub in Bridge / Router Mode.
...
As described in #1.6.9#,1.6 VPN Communication Details, when a monitoring mode session is connected to a Virtual Hub, all virtual Ethernet frames flowing within the Virtual Hub are automatically copied and distributed to the monitoring mode session. As such, it is possible to intercept all virtual Ethernet frames flowing within a Virtual Hub when connected to the Virtual Hub via a monitoring mode session. This comes in handy for Network Administrators when troubleshooting and setting up an IDS.
...
Please refer to 4.4 Making Connection to VPN Server#4.4.17# for specific methods to connect the VPN Client to a Virtual Hub in monitoring mode.
...
When two Virtual Hubs are running on separate computers or even when they are running on the same computer, those hubs are originally not connected in any way so they are two completely isolated segments from the perspective of a layer 2 network. However, in many cases there may be a desire to run two Virtual Hubs as a single segment over a public IP network such as the Internet. For instance, a cascade connection is essential to build a site-to-site VPN (see #1.4.8#).1.4 VPN Processing Principle and Communication Method). Using a cascade connection enables the connection of two or more Virtual Hubs as if connecting them with a very long network cable.
...
The items to be entered when creating a new cascade connection are practically the same as those required for a creating a new VPN Client connection setting. Please therefore refer to #4.4Making Connection to VPN Server# for the meanings of each item.
...
As explained in #2.1.3#2.1 VPN Communication Protocol on reconnect settings where the VPN connection fails or is disconnected during communication, an attempt to reconnect is made every 10 seconds when the VPN session connection fails or is disconnected while cascading. In this way, the Virtual Hub attempts to maintain a constant connection with the cascade destination Virtual Hub as far as the latter's network allows.
Any change in the cascade connection status is recorded on the VPN Server's server log and Virtual Hub security log. Regularly checking these logs provides knowledge on cascade connection success and failure records and enables an understanding of the line status. Please refer to #3.10 Logging Service# for details on how to view the VPN Server's server log and Virtual Hub security log.
...
The cascade connection status of the hub initiating the cascade can be obtained at any time. Selecting the desired cascade connection in the [Cascade Connection on "Virtual Hub name"] window of the VPN Server Manager and clicking the [Status] button displays the communication status for that cascade connection session in real time. The communication status displayed here is virtually the same as the connections settings' communication status shown in the VPN Client Manager. For details, please refer to #4.5.2#.4.5 Connect to VPN Server.
The hub receiving the cascade connection recognizes it as being a Bridge / Router Mode session, which means that it is shown in the Virtual Hub session list. Note that the cascade is not automatically displayed in the [Cascade connection] list of the receiving hub. For details, please refer to 3.4.5.#3.4.5#.
...
To control the cascade connection with the vpncmd utility, use commands beginning with "Cascade". These commands enable the same tasks performed by VPN Server Manager's GUI settings to be carried out with the vpncmd utility. Please refer to #6.4VPN Server / VPN Bridge Management Command Reference (For Virtual Hub)# for details on how to control a cascade connection using the vpncmd utility.
...
Server authentication processing by the inspection of server certificates as explained in # 2.3 Server Authentication# is also supported for cascade connections in a manner similar to that of a VPN Client connection, whereby it is possible to check whether the cascade destination VPN Server has the proper certification when connecting.
...
The setting of the local bridge function as explained in #1.4.5#1.4 VPN Processing Principle and Communication Method can only be performed by the entire SoftEther VPN Server Administrator. It is therefore not possible to bridge a Virtual Hub and a physical network adapter of the computer running the VPN Server with Virtual Hub Administrator authority alone. For details on how to create and delete local bridges, please refer to #3.6#.
3.6 Local Bridges.
...
Multiple users and groups can be added to a Virtual Hub (please refer to 3.4.3#3.4.3# for specific administration methods). Remotely connecting to a Virtual Hub over a VPN typically requires the designation of a user name registered in advance by the Virtual Hub Administrator.
...
All other security policies therein are regarded as default security policies (please see #3.5.9#).3.5 Virtual Hub Security Features).
...
Version from 18:55, 3 Mar 2013
...
In the vpncmd utility, use the [HubCreate] command. When using the clustering function (refer to #3.9#), use either the [HubCreateDynamic] or [HubCreateStatic] commands instead.
...
Where the max_sessions, max_sessions_client and max_sessions_bridge options have been set in the Virtual Hub Administration Options, these option values are always applied regardless of whether or not the number of maximum simultaneous connection sessions has been set. See #3.5.12# for details.
...
As explained in #1.6.8# and #1.6.9#, the two types of sessions connected to the Virtual Hub from the VPN source computer are the client mode session and the bridge / router mode session.
When using the SoftEther VPN Server product version (Standard Edition / Enterprise Edition), then the total number of client mode sessions and bridge mode sessions is related to the number of required licenses.
...
| Entry | Description |
| Session | The ID to specifically identify the session within the Virtual Hub. The session name starts with "SID-" followed by words indicating the user name and a sequential number. |
| Location | [Local sessions] is displayed when clustering is not in use. When clustering is used, the Cluster Controller session to which that session pertains is displayed. |
| User | The name of the user associated with the session, i.e the name of the user successfully verified when carrying out VPN connection for that session, is displayed. As explained in When the user name is one of the following, that session refers to the special session generated within the VPN Server and not to a regular VPN connection session.
|
| Source Host | In the case of a session generated by a VPN session receiving a regular VPN connection, the host name of the VPN source computer is displayed. The IP address is displayed when reverse DNS resolution fails. |
| TCP Connections | In the case of a session generated by a VPN session receiving a regular VPN connection, the number of TCP/IP connections used in that VPN session's communication is displayed. Please refer to |
| Transfer Bytes | Displays the total data size of virtual Ethernet frames transferred in the current VPN session. |
| Transfer Packets | Displays the total number of virtual Ethernet frames transferred in the current VPN session. |
...
| Entry | Description |
| Source IP Address | Displays VPN session's source IP address. |
| Source Host Name | Displays the name of the host obtained by reverse resolution of the source IP address. When reverse resolution fails, the same characters as the [Source IP address] are displayed. |
| User Name (Authentication) | Indicates the name of the user connected to the VPN session. As explained in |
| User Name (Database) | Indicates the name of the user connected to the VPN session. When using asterisk user ("*" user) and when the name on the user database differs from that used in user authentication, the name on the user database is displayed. Where the name on the user database differs from that used in user authentication, the latter is displayed. |
| Server Product Name | Displays the product name of the SoftEther VPN Server accepting the session. |
| Server Version | Displays the version name of the SoftEther VPN Server accepting the session. |
| Server Build | Displays the server build number of the SoftEther VPN Server accepting the session. |
| Connection Start Time | Displays the time that the VPN session connection processing commenced. Note that this is identical to the VPN Server's [Initial session confirm time] and [Current session confirm time]. |
| Half-duplex TCP Connection Mode | Indicates whether or not the SoftEther VPN protocol's communication mode in the VPN session is half-duplex connection mode. |
| VoIP / QoS Function | Indicates whether or not the VoIP / QoS support function (see |
| Number of TCP Connections | Displays the current number of TCP/IP connections constituting the VPN session. |
| Maximum Number of TCP Connections | Displays the maximum number of TCP/IP connections which can be used to constitute the VPN session. |
| Encryption | Indicates whether the VPN session is protected by encryption and electronic signature. |
| Use of Compression | Indicates whether or not communication compressed by data compression algorithms is being used. |
| Session Name | Indicates the ID to identify the session. |
| Session Key (160bit) | Indicates the internal administration ID to specifically identify the session created by the VPN Server. |
| Bridge / Router Mode | Indicates whether the session type is a bridge / router mode session. |
| Monitoring Mode | Indicates whether the session type is a monitoring mode session. |
| Outgoing Data Size | The bytes of data transmitted from the VPN source to the VPN Server on the SoftEther VPN protocol (indicates the approximate actual physical packet volume flowing over the IP network). |
| Incoming Data Size | The bytes of data transmitted from the VPN Server to the VPN source on the SoftEther VPN protocol (indicates the approximate actual physical packet volume flowing over the IP network). |
| Statistical Information | Indicates the sent/received virtual Ethernet frame type packets and total data size (updated in real time). |
| Client Product Name | Indicates the name of the VPN source software. |
| Client Version | Indicates the version number of the VPN source software. |
| Client OS Name & Version | Indicates the name and version of the operating system on which the VPN source software is running. |
| Client Host Name | Indicates the client computer's host name as notified by the VPN source software. |
| Client Port | Indicates the client's TCP/IP port number as notified by the VPN source software. |
| Server Host Name | Indicates the name of the designated server that the VPN source software is attempting to connect to. |
| Server IP Address | Indicates the IP address as a result of forward resolution of the designated server name that the VPN source software is attempting to connect to. |
| Server Port | Indicates the port number of the designated server that the VPN source software is attempting to connect to. |
| Proxy Host Name | Indicates the host name of the proxy server when the VPN source software is using a proxy server to connect to the VPN. |
| Proxy IP Address | Indicates the IP address of the proxy server when the VPN source software is using a proxy server to connect to the VPN. |
| Proxy Port | Indicates the TCP/IP port number of the proxy server when the VPN source software is using a proxy server to connect to the VPN. |
...
As explained in #1.6.5#, the Virtual Hub supports the exchange of virtual Ethernet frames between sessions by automatically learning the MAC address table and associating the addresses with their corresponding connected session. The Virtual Hub Administrators can display the contents of the latest Virtual Hub MAC address table.
...
As explained in #3.4.7#, the Virtual Hubs have IP address table databases to constantly administer which sessions are communicating using which IP addresses. Additionally, in order to check whether an IP address registered on the IP address table database actually exists on the layer 2 local segment to which the Virtual Hub belongs, poll packets to confirm the existence of the IP address (survey packets) are sent out at regular intervals using the ARP protocol, and those IP address table entries which respond have their expiration date updated, while those entries which do not respond are deleted from the IP address table database after a certain period (60 seconds), thereby maximizing the accuracy of IP address existence confirmation.
...
Please refer to #3.5.9# for details on security policy items.
...
As explained in #1.6.7#, bridging and routing is denied for VPN Client-connected sessions in client mode sessions. Accordingly, it is possible to protect against actions such as unauthorized bridge connections and routing between the virtual Network Adapter and the physical network adapter connected to a VPN session on the computer on which the VPN Client is installed.
...
Please refer to #4.4.17# for specific methods to connect the VPN Client to a Virtual Hub in Bridge / Router Mode.
...
As described in #1.6.9#, when a monitoring mode session is connected to a Virtual Hub, all virtual Ethernet frames flowing within the Virtual Hub are automatically copied and distributed to the monitoring mode session. As such, it is possible to intercept all virtual Ethernet frames flowing within a Virtual Hub when connected to the Virtual Hub via a monitoring mode session. This comes in handy for Network Administrators when troubleshooting and setting up an IDS.
...
Please refer to #4.4.17# for specific methods to connect the VPN Client to a Virtual Hub in monitoring mode.
...
When two Virtual Hubs are running on separate computers or even when they are running on the same computer, those hubs are originally not connected in any way so they are two completely isolated segments from the perspective of a layer 2 network. However, in many cases there may be a desire to run two Virtual Hubs as a single segment over a public IP network such as the Internet. For instance, a cascade connection is essential to build a site-to-site VPN (see #1.4.8#). Using a cascade connection enables the connection of two or more Virtual Hubs as if connecting them with a very long network cable.
...
The items to be entered when creating a new cascade connection are practically the same as those required for a creating a new VPN Client connection setting. Please therefore refer to #4.4# for the meanings of each item.
...
As explained in #2.1.3# on reconnect settings where the VPN connection fails or is disconnected during communication, an attempt to reconnect is made every 10 seconds when the VPN session connection fails or is disconnected while cascading. In this way, the Virtual Hub attempts to maintain a constant connection with the cascade destination Virtual Hub as far as the latter's network allows.
Any change in the cascade connection status is recorded on the VPN Server's server log and Virtual Hub security log. Regularly checking these logs provides knowledge on cascade connection success and failure records and enables an understanding of the line status. Please refer to #3.10# for details on how to view the VPN Server's server log and Virtual Hub security log.
...
The cascade connection status of the hub initiating the cascade can be obtained at any time. Selecting the desired cascade connection in the [Cascade Connection on "Virtual Hub name"] window of the VPN Server Manager and clicking the [Status] button displays the communication status for that cascade connection session in real time. The communication status displayed here is virtually the same as the connections settings' communication status shown in the VPN Client Manager. For details, please refer to #4.5.2#.
The hub receiving the cascade connection recognizes it as being a Bridge / Router Mode session, which means that it is shown in the Virtual Hub session list. Note that the cascade is not automatically displayed in the [Cascade connection] list of the receiving hub. For details, please refer to #3.4.5#.
...
To control the cascade connection with the vpncmd utility, use commands beginning with "Cascade". These commands enable the same tasks performed by VPN Server Manager's GUI settings to be carried out with the vpncmd utility. Please refer to #6.4# for details on how to control a cascade connection using the vpncmd utility.
...
Server authentication processing by the inspection of server certificates as explained in #2.3# is also supported for cascade connections in a manner similar to that of a VPN Client connection, whereby it is possible to check whether the cascade destination VPN Server has the proper certification when connecting.
...
The setting of the local bridge function as explained in #1.4.5# can only be performed by the entire SoftEther VPN Server Administrator. It is therefore not possible to bridge a Virtual Hub and a physical network adapter of the computer running the VPN Server with Virtual Hub Administrator authority alone. For details on how to create and delete local bridges, please refer to #3.6#.
...
Multiple users and groups can be added to a Virtual Hub (please refer to #3.4.3# for specific administration methods). Remotely connecting to a Virtual Hub over a VPN typically requires the designation of a user name registered in advance by the Virtual Hub Administrator.
...
All other security policies therein are regarded as default security policies (please see #3.5.9#).
...
Version as of 16:44, 4 Mar 2013
...
In the vpncmd utility, use the [HubCreate] command. When using the clustering function (refer to 3.9 Clustering), use either the [HubCreateDynamic] or [HubCreateStatic] commands instead.
...
Where the max_sessions, max_sessions_client and max_sessions_bridge options have been set in the Virtual Hub Administration Options, these option values are always applied regardless of whether or not the number of maximum simultaneous connection sessions has been set. See 3.5 Virtual Hub Security Features for details.
...
As explained in 1.6 VPN Communication Details, the two types of sessions connected to the Virtual Hub from the VPN source computer are the client mode session and the bridge / router mode session.
...
| Entry | Description |
| Session | The ID to specifically identify the session within the Virtual Hub. The session name starts with "SID-" followed by words indicating the user name and a sequential number. |
| Location | [Local sessions] is displayed when clustering is not in use. When clustering is used, the Cluster Controller session to which that session pertains is displayed. |
| User | The name of the user associated with the session, i.e the name of the user successfully verified when carrying out VPN connection for that session, is displayed. As explained in 2.2 User Authentication, when using asterisk user ("*" user), user authentication is carried out and the name of the user successfully authenticated by the RADIUS server or NT domain controller is displayed here. Where the name on the user database differs from that used in user authentication, the latter is displayed. When the user name is one of the following, that session refers to the special session generated within the VPN Server and not to a regular VPN connection session.
|
| Source Host | In the case of a session generated by a VPN session receiving a regular VPN connection, the host name of the VPN source computer is displayed. The IP address is displayed when reverse DNS resolution fails. |
| TCP Connections | In the case of a session generated by a VPN session receiving a regular VPN connection, the number of TCP/IP connections used in that VPN session's communication is displayed. Please refer to 2.1VPN Communication Protocol for details on the number of TCP/IP connections. |
| Transfer Bytes | Displays the total data size of virtual Ethernet frames transferred in the current VPN session. |
| Transfer Packets | Displays the total number of virtual Ethernet frames transferred in the current VPN session. |
...
| Entry | Description |
| Source IP Address | Displays VPN session's source IP address. |
| Source Host Name | Displays the name of the host obtained by reverse resolution of the source IP address. When reverse resolution fails, the same characters as the [Source IP address] are displayed. |
| User Name (Authentication) | Indicates the name of the user connected to the VPN session. As explained in 2.2 User Authentication, when using asterisk user ("*" user), user authentication is carried out and the name of the user successfully authenticated by the RADIUS server or NT domain controller is displayed here. Where the name on the user database differs from that used in user authentication, the latter is displayed. |
| User Name (Database) | Indicates the name of the user connected to the VPN session. When using asterisk user ("*" user) and when the name on the user database differs from that used in user authentication, the name on the user database is displayed. Where the name on the user database differs from that used in user authentication, the latter is displayed. |
| Server Product Name | Displays the product name of the SoftEther VPN Server accepting the session. |
| Server Version | Displays the version name of the SoftEther VPN Server accepting the session. |
| Server Build | Displays the server build number of the SoftEther VPN Server accepting the session. |
| Connection Start Time | Displays the time that the VPN session connection processing commenced. Note that this is identical to the VPN Server's [Initial session confirm time] and [Current session confirm time]. |
| Half-duplex TCP Connection Mode | Indicates whether or not the SoftEther VPN protocol's communication mode in the VPN session is half-duplex connection mode. |
| VoIP / QoS Function | Indicates whether or not the VoIP / QoS support function (see 1.9 VoIP / QoS Support Function for details) is valid in this session. |
| Number of TCP Connections | Displays the current number of TCP/IP connections constituting the VPN session. |
| Maximum Number of TCP Connections | Displays the maximum number of TCP/IP connections which can be used to constitute the VPN session. |
| Encryption | Indicates whether the VPN session is protected by encryption and electronic signature. |
| Use of Compression | Indicates whether or not communication compressed by data compression algorithms is being used. |
| Session Name | Indicates the ID to identify the session. |
| Session Key (160bit) | Indicates the internal administration ID to specifically identify the session created by the VPN Server. |
| Bridge / Router Mode | Indicates whether the session type is a bridge / router mode session. |
| Monitoring Mode | Indicates whether the session type is a monitoring mode session. |
| Outgoing Data Size | The bytes of data transmitted from the VPN source to the VPN Server on the SoftEther VPN protocol (indicates the approximate actual physical packet volume flowing over the IP network). |
| Incoming Data Size | The bytes of data transmitted from the VPN Server to the VPN source on the SoftEther VPN protocol (indicates the approximate actual physical packet volume flowing over the IP network). |
| Statistical Information | Indicates the sent/received virtual Ethernet frame type packets and total data size (updated in real time). |
| Client Product Name | Indicates the name of the VPN source software. |
| Client Version | Indicates the version number of the VPN source software. |
| Client OS Name & Version | Indicates the name and version of the operating system on which the VPN source software is running. |
| Client Host Name | Indicates the client computer's host name as notified by the VPN source software. |
| Client Port | Indicates the client's TCP/IP port number as notified by the VPN source software. |
| Server Host Name | Indicates the name of the designated server that the VPN source software is attempting to connect to. |
| Server IP Address | Indicates the IP address as a result of forward resolution of the designated server name that the VPN source software is attempting to connect to. |
| Server Port | Indicates the port number of the designated server that the VPN source software is attempting to connect to. |
| Proxy Host Name | Indicates the host name of the proxy server when the VPN source software is using a proxy server to connect to the VPN. |
| Proxy IP Address | Indicates the IP address of the proxy server when the VPN source software is using a proxy server to connect to the VPN. |
| Proxy Port | Indicates the TCP/IP port number of the proxy server when the VPN source software is using a proxy server to connect to the VPN. |
...
As explained in 1.6 VPN Communication Details, the Virtual Hub supports the exchange of virtual Ethernet frames between sessions by automatically learning the MAC address table and associating the addresses with their corresponding connected session. The Virtual Hub Administrators can display the contents of the latest Virtual Hub MAC address table.
...
As explained in 3.4.7, the Virtual Hubs have IP address table databases to constantly administer which sessions are communicating using which IP addresses. Additionally, in order to check whether an IP address registered on the IP address table database actually exists on the layer 2 local segment to which the Virtual Hub belongs, poll packets to confirm the existence of the IP address (survey packets) are sent out at regular intervals using the ARP protocol, and those IP address table entries which respond have their expiration date updated, while those entries which do not respond are deleted from the IP address table database after a certain period (60 seconds), thereby maximizing the accuracy of IP address existence confirmation.
...
Please refer to 3.5 Virtual Hub Security Features for details on security policy items.
...
As explained in 1.6 VPN Communication Details, bridging and routing is denied for VPN Client-connected sessions in client mode sessions. Accordingly, it is possible to protect against actions such as unauthorized bridge connections and routing between the virtual Network Adapter and the physical network adapter connected to a VPN session on the computer on which the VPN Client is installed.
...
Please refer to 4.4 Making Connection to VPN Server, for specific methods to connect the VPN Client to a Virtual Hub in Bridge / Router Mode.
...
As described in 1.6 VPN Communication Details, when a monitoring mode session is connected to a Virtual Hub, all virtual Ethernet frames flowing within the Virtual Hub are automatically copied and distributed to the monitoring mode session. As such, it is possible to intercept all virtual Ethernet frames flowing within a Virtual Hub when connected to the Virtual Hub via a monitoring mode session. This comes in handy for Network Administrators when troubleshooting and setting up an IDS.
...
Please refer to 4.4 Making Connection to VPN Server for specific methods to connect the VPN Client to a Virtual Hub in monitoring mode.
...
When two Virtual Hubs are running on separate computers or even when they are running on the same computer, those hubs are originally not connected in any way so they are two completely isolated segments from the perspective of a layer 2 network. However, in many cases there may be a desire to run two Virtual Hubs as a single segment over a public IP network such as the Internet. For instance, a cascade connection is essential to build a site-to-site VPN (see 1.4 VPN Processing Principle and Communication Method). Using a cascade connection enables the connection of two or more Virtual Hubs as if connecting them with a very long network cable.
...
The items to be entered when creating a new cascade connection are practically the same as those required for a creating a new VPN Client connection setting. Please therefore refer to 4.4Making Connection to VPN Server for the meanings of each item.
...
As explained in 2.1 VPN Communication Protocol on reconnect settings where the VPN connection fails or is disconnected during communication, an attempt to reconnect is made every 10 seconds when the VPN session connection fails or is disconnected while cascading. In this way, the Virtual Hub attempts to maintain a constant connection with the cascade destination Virtual Hub as far as the latter's network allows.
Any change in the cascade connection status is recorded on the VPN Server's server log and Virtual Hub security log. Regularly checking these logs provides knowledge on cascade connection success and failure records and enables an understanding of the line status. Please refer to 3.10 Logging Service for details on how to view the VPN Server's server log and Virtual Hub security log.
...
The cascade connection status of the hub initiating the cascade can be obtained at any time. Selecting the desired cascade connection in the [Cascade Connection on "Virtual Hub name"] window of the VPN Server Manager and clicking the [Status] button displays the communication status for that cascade connection session in real time. The communication status displayed here is virtually the same as the connections settings' communication status shown in the VPN Client Manager. For details, please refer to 4.5 Connect to VPN Server.
The hub receiving the cascade connection recognizes it as being a Bridge / Router Mode session, which means that it is shown in the Virtual Hub session list. Note that the cascade is not automatically displayed in the [Cascade connection] list of the receiving hub. For details, please refer to3.4.5.
...
To control the cascade connection with the vpncmd utility, use commands beginning with "Cascade". These commands enable the same tasks performed by VPN Server Manager's GUI settings to be carried out with the vpncmd utility. Please refer to 6.4VPN Server / VPN Bridge Management Command Reference (For Virtual Hub) for details on how to control a cascade connection using the vpncmd utility.
...
Server authentication processing by the inspection of server certificates as explained in 2.3 Server Authentication is also supported for cascade connections in a manner similar to that of a VPN Client connection, whereby it is possible to check whether the cascade destination VPN Server has the proper certification when connecting.
...
The setting of the local bridge function as explained in 1.4 VPN Processing Principle and Communication Method can only be performed by the entire SoftEther VPN Server Administrator. It is therefore not possible to bridge a Virtual Hub and a physical network adapter of the computer running the VPN Server with Virtual Hub Administrator authority alone. For details on how to create and delete local bridges, please refer to 3.6 Local Bridges.
...
All other security policies therein are regarded as default security policies (please see 3.5 Virtual Hub Security Features).
...
