Table of contents

6.3 VPN Server / VPN Bridge Management Command Reference (For Entire Server)

    Table of contents
    to the older version or return to version archive.

    Combined revision comparison

    Comparing version 17:21, 4 Mar 2013 by yagi with version 21:59, 4 Jun 2013 by yagi.

    ...

    Command Name MakeCert
    Purpose Create New X.509 Certificate and Private Key
    Description Use this to create a new X.509 certificate and private key and save it as a file.
    The algorithm used to create the public key and private key of the certificate is RSA 1024 bit.
    You can choose to create a root certificate (self-signed certificate) or a certificate signed by another certificate. To create a certificate that is signed by another certificate, you require a private key file (base 64 encoded) that is compatible with the certificate that uses the signature (X.509 format file).

    When creating a certificate, you can specify the following: Name (CN), Organization (O), Organization Unit (OU), Country (C), State (ST), Locale (L), Serial Number, and Expiration Date.
    The created certificate will be saved as an X.509 format file and the private key file will be saved in a Base 64 encoded RSA 1024 bit format file.

    The MakeCert command is a tool that provides the most rudimentary function for creating certificates. If you want to create a more substantial certificate, we recommend that you use either free software such as OpenSSL, or commercial CA (certificate authority) software.

    Note: This command can be called from the SoftEtherPacketiX VPN Command Line Management Utility. You can also execute this command while connected to the current VPN Server or VPN Client in Administration Mode but, what actually performs the RSA computation, generates the certificate data and saves it to file is the computer on which the command is running, and all this is executed in a context that has absolutely no relationship to the computer that is the destination of the Administration Mode connection.
    Command-line MakeCert [/CN:cn] [/O:o] [/OU:ou] [/C:c] [/ST:st] [/L:l] [/SERIAL:serial] [/EXPIRES:expires] [/SIGNCERT:signcert] [/SIGNKEY:signkey] [/SAVECERT:savecert] [/SAVEKEY:savekey]
    Arguments for "MakeCert":
    /CN Specify the Name (CN) item of the certificate to create. You can specify "none".
    /O Specify the Organization (O) item of the certificate to create. You can specify "none".
    /OU Specify the Organization Unit (OU) item of the certificate to create. You can specify "none".
    /C Specify the Country (C) item of the certificate to create. You can specify "none".
    /ST Specify the State (ST) item of the certificate to create. You can specify "none".
    /L Specify the Locale (L) item of the certificate to create. You can specify "none".
    /SERIAL Specify the Serial Number item of the certificate to create. Specify using hexadecimal values. You can specify "none".
    /EXPIRES Specify the Expiration Date item of the certificate to create. If you specify "none" or "0", 3650 days (approx. 10 years) will be used. You can specify a maximum of 10950 days (about 30 years).
    /SIGNCERT For cases when the certificate to be created is signed by an existing certificate, specify the X.509 format certificate file name to be used to sign the signature. When this parameter is omitted, such signature signing is not performed and the new certificate is created as a root certificate.
    /SIGNKEY Specify a private key (RSA, base-64 encoded) that is compatible with the certificate specified by /SIGNCERT.
    /SAVECERT Specify the file name to save the certificate you created. The certificate is saved as an X.509 file that includes a public key that is RSA format 1024 bit.
    /SAVEKEY Specify the file name to save private key that is compatible with the certificate you created. The private key will be saved as an RSA-format 1024-bit private key file.

    ...

    Command Name TrafficClient
    Purpose Run Network Traffic Speed Test Tool in Client Mode
    Description Use this to execute the communication throughput measurement tool's client program.
    Two commands, TrafficClient and TrafficServer, are used for the communication throughput measurement tool to enable the measurement of communication throughput that can be transferred between two computers connected by IP network. The TrafficServer command is used first on another computer which puts the communication throughput measurement tool server in a listening condition. Then the TrafficClient command is used to connect to that server by specifying its host name or IP address and port number, which makes it possible to measure the communication speed.
    Measurement of the communication speed is carried out by concurrently establishing multiple TCP connections and calculating the actual number of bits of data that can be transferred within a specified time based on the respective results of transferring the maximum stream data on each connection and then using that to calculate the average value (bps) of communication throughput. Normally when there is one TCP connection, it is common to only be able to achieve communication speeds slower than the actual net throughput because of limitations related to the TCP algorithm. We therefore recommend the establishment of multiple concurrent TCP connections when measuring communication results. Because the throughput that is measured using this measurement method is calculated from the bit length of the data that arrives on the receiver side as a stream by TCP, the packet loss that occurs during transfer and the packets with corrupted data are not included in the packets that actually arrive, which means it is possible to calculate a genuine value that is close to the maximum possible communication bandwidth of the network.
    Using the measurement results, i.e. the stream size transferred by TCP, the approximate value of data volume that actually passed through the network is calculated and this is divided by time to calculate the bits per sec (bps). The calculation assumes the type of the physical network is Ethernet (IEEE802.3) and the MAC frame payload size is 1,500 bytes (TCP MSS is 1,460 bytes). By specifying the /RAW option, the calculation will not make corrections for the TCP/IP header and MAC header data volume.

    Note: This command can be called from the SoftEtherPacketiX VPN Command Line Management Utility. You can also execute this command while connected to the current VPN Server or VPN Client in Administration Mode but, what actually conducts communication and measures the throughput is the computer on which the command is running, and all this is executed in a context that has absolutely no relationship to the computer that is the destination of the Administration Mode connection.
    Command-line TrafficClient [host:port] [/NUMTCP:numtcp] [/TYPE:download|upload|full] [/SPAN:span] [/DOUBLE:yes|no] [/RAW:yes|no]
    Arguments for "TrafficClient":
    host:port Specify the host name or IP address and port number that the communication throughput measurement tool server (TrafficServer) is listening for. If the port number is omitted, 9821 will be used.
    /NUMTCP Specify the number of TCP connections to be concurrently established between the client and the server for data transfer. If omitted, 32 will be used.
    /TYPE Specify the direction of data flow when throughput measurement is performed. Specify one of the following options: "download", "upload" or "full". By specifying "download" the data will be transmitted from the server side to the client side. By specifying "upload" the data will be transmitted from the client side to the server side. By specifying "full", the data will be transferred in both directions. When "full" is specified, the NUMTCP value must be an even number of two or more (half the number will be used for concurrent TCP connections in the download direction and the other half will be used in the upload direction). If this parameter is omitted, "full" will be used.
    /SPAN Specify, using seconds, the time span to conduct data transfer for the measurement of throughput. If this parameter is omitted, "15" will be used.
    /DOUBLE When "yes" is specified, the throughput of the measured result will be doubled and then displayed. This option is used for cases when a network device etc. is somewhere on the data route and the total throughput capability that is input and output by this network device is being measured.
    /RAW By specifying "yes", the calculation will not make corrections for the TCP/IP header and MAC header data volume.

    ...

    Command Name TrafficServer
    Purpose Run Network Traffic Speed Test Tool in Server Mode
    Description Use this to execute the communication throughput measurement tool's server program.
    Two commands, TrafficClient and TrafficServer, are used for the communication throughput measurement tool to enable the measurement of communication throughput that can be transferred between two computers connected by IP network.
    To set the TCP port of this computer to the Listen status to listen for the connection from the TrafficClient of another computer, specify the port number and start the server program using the TrafficServer command.
    You can display more detailed information on the communication throughput measurement tool by inputting "TrafficClient /?".

    Note: This command can be called from the SoftEtherPacketiX VPN Command Line Management Utility. You can also execute this command while connected to the current VPN Server or VPN Client in Administration Mode but, what actually conducts communication and measures the throughput is the computer on which the command is running, and all this is executed in a context that has absolutely no relationship to the computer that is the destination of the Administration Mode connection.
    Command-line TrafficServer [port]
    Arguments for "TrafficServer":
    port Specify, using an integer, the port number at which to listen for the connection. If the specified port is already being used by another program, or if the port cannot be opened, an error will occur.

    ...

    6.3.68 "Check": Check whether SoftEtherPacketiX VPN Operation is Possible

    Command Name Check
    Purpose Check whether SoftEtherPacketiX VPN Operation is Possible
    Description Use this to check if the current computer that is running vpncmd is a suitable operation platform for SoftEtherPacketiX VPN Server / Bridge.
    If this check passes on a system, it is highly likely that SoftEtherPacketiX VPN software will operate correctly on that system.
    Also, if this check does not pass on a system, then this indicates that some type of trouble may arise if SoftEtherPacketiX VPN software is used on that system.
    Command-line Check
    Arguments for "Check":
    No arguments are required.

    ...

    Command Name IPsecEnable
    Purpose Enable or Disable IPsec VPN Server Function
    Description Enable or Disable IPsec VPN Server Function on SoftEtherPacketiX VPN Server.
    If you enable this function, Virtual Hubs on the VPN Server will be able to accept Remote-Access VPN connections from L2TP-compatible PCs, Mac OS X and Smartphones, and also can accept EtherIP Site-to-Site VPN Connection. VPN Connections from Smartphones suchlike iPhone, iPad and Android, and also from native VPN Clients on Mac OS X and Windows can be accepted.

    To execute this command, you must have VPN Server administrator privileges.
    This command cannot be run on VPN Bridge.
    You cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
    Command-line IPsecEnable [/L2TP:yes|no] [/L2TPRAW:yes|no] [/ETHERIP:yes|no] [/PSK:pre-shared-key] [/DEFAULTHUB:default_hub]
    Arguments for "IPsecEnable":
    /L2TP Enable or Disable the L2TP over IPsec Server Function. To accept VPN connections from iPhone, iPad, Android, Windows or Mac OS X, enable this option.
    /L2TPRAW Enable or Disable the L2TP Server Function (Raw L2TP with No Encryptions). To accept special VPN clients, enable this option.
    /ETHERIP Enable or Disable the EtherIP / L2TPv3 over IPsec Server Function (for site-to-site VPN Server function). Router Products which are compatible with EtherIP over IPsec can connect to Virtual Hubs on the VPN Server and establish Layer-2 (Ethernet) Bridging.
    /PSK Specify the IPsec Pre-Shared Key. An IPsec Pre-Shared Key is also called as "PSK" or "secret". Specify it equal or less than 8 letters, and distribute it to every users who will connect to the VPN Server. Please note: Google Android 4.0 has a bug which a Pre-Shared Key with 10 or more letters causes a unexpected behavior. For that reason, the letters of a Pre-Shared Key should be 9 or less characters.
    /DEFAULTHUB Specify the default Virtual HUB in a case of omitting the name of HUB on the Username. Users should specify their username such as "Username@Target Virtual HUB Name" to connect this L2TP Server. If the designation of the Virtual Hub is omitted, the above HUB will be used as the target.

    ...

    Command Name IPsecGet
    Purpose Get the Current IPsec VPN Server Settings
    Description Get and view the current IPsec VPN Server settings on the SoftEtherPacketiX VPN Server.

    To execute this command, you must have VPN Server administrator privileges.
    This command cannot be run on VPN Bridge.
    You cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
    Command-line IPsecGet
    Arguments for "IPsecGet":
    No arguments are required.

    ...

    Version from 17:21, 4 Mar 2013

    This revision modified by yagi (Ban)

    ...

    Command Name MakeCert
    Purpose Create New X.509 Certificate and Private Key
    Description Use this to create a new X.509 certificate and private key and save it as a file.
    The algorithm used to create the public key and private key of the certificate is RSA 1024 bit.
    You can choose to create a root certificate (self-signed certificate) or a certificate signed by another certificate. To create a certificate that is signed by another certificate, you require a private key file (base 64 encoded) that is compatible with the certificate that uses the signature (X.509 format file).

    When creating a certificate, you can specify the following: Name (CN), Organization (O), Organization Unit (OU), Country (C), State (ST), Locale (L), Serial Number, and Expiration Date.
    The created certificate will be saved as an X.509 format file and the private key file will be saved in a Base 64 encoded RSA 1024 bit format file.

    The MakeCert command is a tool that provides the most rudimentary function for creating certificates. If you want to create a more substantial certificate, we recommend that you use either free software such as OpenSSL, or commercial CA (certificate authority) software.

    Note: This command can be called from the PacketiX VPN Command Line Management Utility. You can also execute this command while connected to the current VPN Server or VPN Client in Administration Mode but, what actually performs the RSA computation, generates the certificate data and saves it to file is the computer on which the command is running, and all this is executed in a context that has absolutely no relationship to the computer that is the destination of the Administration Mode connection.
    Command-line MakeCert [/CN:cn] [/O:o] [/OU:ou] [/C:c] [/ST:st] [/L:l] [/SERIAL:serial] [/EXPIRES:expires] [/SIGNCERT:signcert] [/SIGNKEY:signkey] [/SAVECERT:savecert] [/SAVEKEY:savekey]
    Arguments for "MakeCert":
    /CN Specify the Name (CN) item of the certificate to create. You can specify "none".
    /O Specify the Organization (O) item of the certificate to create. You can specify "none".
    /OU Specify the Organization Unit (OU) item of the certificate to create. You can specify "none".
    /C Specify the Country (C) item of the certificate to create. You can specify "none".
    /ST Specify the State (ST) item of the certificate to create. You can specify "none".
    /L Specify the Locale (L) item of the certificate to create. You can specify "none".
    /SERIAL Specify the Serial Number item of the certificate to create. Specify using hexadecimal values. You can specify "none".
    /EXPIRES Specify the Expiration Date item of the certificate to create. If you specify "none" or "0", 3650 days (approx. 10 years) will be used. You can specify a maximum of 10950 days (about 30 years).
    /SIGNCERT For cases when the certificate to be created is signed by an existing certificate, specify the X.509 format certificate file name to be used to sign the signature. When this parameter is omitted, such signature signing is not performed and the new certificate is created as a root certificate.
    /SIGNKEY Specify a private key (RSA, base-64 encoded) that is compatible with the certificate specified by /SIGNCERT.
    /SAVECERT Specify the file name to save the certificate you created. The certificate is saved as an X.509 file that includes a public key that is RSA format 1024 bit.
    /SAVEKEY Specify the file name to save private key that is compatible with the certificate you created. The private key will be saved as an RSA-format 1024-bit private key file.

    ...

    Command Name TrafficClient
    Purpose Run Network Traffic Speed Test Tool in Client Mode
    Description Use this to execute the communication throughput measurement tool's client program.
    Two commands, TrafficClient and TrafficServer, are used for the communication throughput measurement tool to enable the measurement of communication throughput that can be transferred between two computers connected by IP network. The TrafficServer command is used first on another computer which puts the communication throughput measurement tool server in a listening condition. Then the TrafficClient command is used to connect to that server by specifying its host name or IP address and port number, which makes it possible to measure the communication speed.
    Measurement of the communication speed is carried out by concurrently establishing multiple TCP connections and calculating the actual number of bits of data that can be transferred within a specified time based on the respective results of transferring the maximum stream data on each connection and then using that to calculate the average value (bps) of communication throughput. Normally when there is one TCP connection, it is common to only be able to achieve communication speeds slower than the actual net throughput because of limitations related to the TCP algorithm. We therefore recommend the establishment of multiple concurrent TCP connections when measuring communication results. Because the throughput that is measured using this measurement method is calculated from the bit length of the data that arrives on the receiver side as a stream by TCP, the packet loss that occurs during transfer and the packets with corrupted data are not included in the packets that actually arrive, which means it is possible to calculate a genuine value that is close to the maximum possible communication bandwidth of the network.
    Using the measurement results, i.e. the stream size transferred by TCP, the approximate value of data volume that actually passed through the network is calculated and this is divided by time to calculate the bits per sec (bps). The calculation assumes the type of the physical network is Ethernet (IEEE802.3) and the MAC frame payload size is 1,500 bytes (TCP MSS is 1,460 bytes). By specifying the /RAW option, the calculation will not make corrections for the TCP/IP header and MAC header data volume.

    Note: This command can be called from the PacketiX VPN Command Line Management Utility. You can also execute this command while connected to the current VPN Server or VPN Client in Administration Mode but, what actually conducts communication and measures the throughput is the computer on which the command is running, and all this is executed in a context that has absolutely no relationship to the computer that is the destination of the Administration Mode connection.
    Command-line TrafficClient [host:port] [/NUMTCP:numtcp] [/TYPE:download|upload|full] [/SPAN:span] [/DOUBLE:yes|no] [/RAW:yes|no]
    Arguments for "TrafficClient":
    host:port Specify the host name or IP address and port number that the communication throughput measurement tool server (TrafficServer) is listening for. If the port number is omitted, 9821 will be used.
    /NUMTCP Specify the number of TCP connections to be concurrently established between the client and the server for data transfer. If omitted, 32 will be used.
    /TYPE Specify the direction of data flow when throughput measurement is performed. Specify one of the following options: "download", "upload" or "full". By specifying "download" the data will be transmitted from the server side to the client side. By specifying "upload" the data will be transmitted from the client side to the server side. By specifying "full", the data will be transferred in both directions. When "full" is specified, the NUMTCP value must be an even number of two or more (half the number will be used for concurrent TCP connections in the download direction and the other half will be used in the upload direction). If this parameter is omitted, "full" will be used.
    /SPAN Specify, using seconds, the time span to conduct data transfer for the measurement of throughput. If this parameter is omitted, "15" will be used.
    /DOUBLE When "yes" is specified, the throughput of the measured result will be doubled and then displayed. This option is used for cases when a network device etc. is somewhere on the data route and the total throughput capability that is input and output by this network device is being measured.
    /RAW By specifying "yes", the calculation will not make corrections for the TCP/IP header and MAC header data volume.

    ...

    Command Name TrafficServer
    Purpose Run Network Traffic Speed Test Tool in Server Mode
    Description Use this to execute the communication throughput measurement tool's server program.
    Two commands, TrafficClient and TrafficServer, are used for the communication throughput measurement tool to enable the measurement of communication throughput that can be transferred between two computers connected by IP network.
    To set the TCP port of this computer to the Listen status to listen for the connection from the TrafficClient of another computer, specify the port number and start the server program using the TrafficServer command.
    You can display more detailed information on the communication throughput measurement tool by inputting "TrafficClient /?".

    Note: This command can be called from the PacketiX VPN Command Line Management Utility. You can also execute this command while connected to the current VPN Server or VPN Client in Administration Mode but, what actually conducts communication and measures the throughput is the computer on which the command is running, and all this is executed in a context that has absolutely no relationship to the computer that is the destination of the Administration Mode connection.
    Command-line TrafficServer [port]
    Arguments for "TrafficServer":
    port Specify, using an integer, the port number at which to listen for the connection. If the specified port is already being used by another program, or if the port cannot be opened, an error will occur.

    ...

    6.3.68 "Check": Check whether PacketiX VPN Operation is Possible

    Command Name Check
    Purpose Check whether PacketiX VPN Operation is Possible
    Description Use this to check if the current computer that is running vpncmd is a suitable operation platform for PacketiX VPN Server / Bridge.
    If this check passes on a system, it is highly likely that PacketiX VPN software will operate correctly on that system.
    Also, if this check does not pass on a system, then this indicates that some type of trouble may arise if PacketiX VPN software is used on that system.
    Command-line Check
    Arguments for "Check":
    No arguments are required.

    ...

    Command Name IPsecEnable
    Purpose Enable or Disable IPsec VPN Server Function
    Description Enable or Disable IPsec VPN Server Function on PacketiX VPN Server.
    If you enable this function, Virtual Hubs on the VPN Server will be able to accept Remote-Access VPN connections from L2TP-compatible PCs, Mac OS X and Smartphones, and also can accept EtherIP Site-to-Site VPN Connection. VPN Connections from Smartphones suchlike iPhone, iPad and Android, and also from native VPN Clients on Mac OS X and Windows can be accepted.

    To execute this command, you must have VPN Server administrator privileges.
    This command cannot be run on VPN Bridge.
    You cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
    Command-line IPsecEnable [/L2TP:yes|no] [/L2TPRAW:yes|no] [/ETHERIP:yes|no] [/PSK:pre-shared-key] [/DEFAULTHUB:default_hub]
    Arguments for "IPsecEnable":
    /L2TP Enable or Disable the L2TP over IPsec Server Function. To accept VPN connections from iPhone, iPad, Android, Windows or Mac OS X, enable this option.
    /L2TPRAW Enable or Disable the L2TP Server Function (Raw L2TP with No Encryptions). To accept special VPN clients, enable this option.
    /ETHERIP Enable or Disable the EtherIP / L2TPv3 over IPsec Server Function (for site-to-site VPN Server function). Router Products which are compatible with EtherIP over IPsec can connect to Virtual Hubs on the VPN Server and establish Layer-2 (Ethernet) Bridging.
    /PSK Specify the IPsec Pre-Shared Key. An IPsec Pre-Shared Key is also called as "PSK" or "secret". Specify it equal or less than 8 letters, and distribute it to every users who will connect to the VPN Server. Please note: Google Android 4.0 has a bug which a Pre-Shared Key with 10 or more letters causes a unexpected behavior. For that reason, the letters of a Pre-Shared Key should be 9 or less characters.
    /DEFAULTHUB Specify the default Virtual HUB in a case of omitting the name of HUB on the Username. Users should specify their username such as "Username@Target Virtual HUB Name" to connect this L2TP Server. If the designation of the Virtual Hub is omitted, the above HUB will be used as the target.

    ...

    Command Name IPsecGet
    Purpose Get the Current IPsec VPN Server Settings
    Description Get and view the current IPsec VPN Server settings on the PacketiX VPN Server.

    To execute this command, you must have VPN Server administrator privileges.
    This command cannot be run on VPN Bridge.
    You cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
    Command-line IPsecGet
    Arguments for "IPsecGet":
    No arguments are required.

    ...

    Current version

    This revision modified by yagi (Ban)

    ...

    Command Name MakeCert
    Purpose Create New X.509 Certificate and Private Key
    Description Use this to create a new X.509 certificate and private key and save it as a file.
    The algorithm used to create the public key and private key of the certificate is RSA 1024 bit.
    You can choose to create a root certificate (self-signed certificate) or a certificate signed by another certificate. To create a certificate that is signed by another certificate, you require a private key file (base 64 encoded) that is compatible with the certificate that uses the signature (X.509 format file).

    When creating a certificate, you can specify the following: Name (CN), Organization (O), Organization Unit (OU), Country (C), State (ST), Locale (L), Serial Number, and Expiration Date.
    The created certificate will be saved as an X.509 format file and the private key file will be saved in a Base 64 encoded RSA 1024 bit format file.

    The MakeCert command is a tool that provides the most rudimentary function for creating certificates. If you want to create a more substantial certificate, we recommend that you use either free software such as OpenSSL, or commercial CA (certificate authority) software.

    Note: This command can be called from the SoftEther VPN Command Line Management Utility. You can also execute this command while connected to the current VPN Server or VPN Client in Administration Mode but, what actually performs the RSA computation, generates the certificate data and saves it to file is the computer on which the command is running, and all this is executed in a context that has absolutely no relationship to the computer that is the destination of the Administration Mode connection.
    Command-line MakeCert [/CN:cn] [/O:o] [/OU:ou] [/C:c] [/ST:st] [/L:l] [/SERIAL:serial] [/EXPIRES:expires] [/SIGNCERT:signcert] [/SIGNKEY:signkey] [/SAVECERT:savecert] [/SAVEKEY:savekey]
    Arguments for "MakeCert":
    /CN Specify the Name (CN) item of the certificate to create. You can specify "none".
    /O Specify the Organization (O) item of the certificate to create. You can specify "none".
    /OU Specify the Organization Unit (OU) item of the certificate to create. You can specify "none".
    /C Specify the Country (C) item of the certificate to create. You can specify "none".
    /ST Specify the State (ST) item of the certificate to create. You can specify "none".
    /L Specify the Locale (L) item of the certificate to create. You can specify "none".
    /SERIAL Specify the Serial Number item of the certificate to create. Specify using hexadecimal values. You can specify "none".
    /EXPIRES Specify the Expiration Date item of the certificate to create. If you specify "none" or "0", 3650 days (approx. 10 years) will be used. You can specify a maximum of 10950 days (about 30 years).
    /SIGNCERT For cases when the certificate to be created is signed by an existing certificate, specify the X.509 format certificate file name to be used to sign the signature. When this parameter is omitted, such signature signing is not performed and the new certificate is created as a root certificate.
    /SIGNKEY Specify a private key (RSA, base-64 encoded) that is compatible with the certificate specified by /SIGNCERT.
    /SAVECERT Specify the file name to save the certificate you created. The certificate is saved as an X.509 file that includes a public key that is RSA format 1024 bit.
    /SAVEKEY Specify the file name to save private key that is compatible with the certificate you created. The private key will be saved as an RSA-format 1024-bit private key file.

    ...

    Command Name TrafficClient
    Purpose Run Network Traffic Speed Test Tool in Client Mode
    Description Use this to execute the communication throughput measurement tool's client program.
    Two commands, TrafficClient and TrafficServer, are used for the communication throughput measurement tool to enable the measurement of communication throughput that can be transferred between two computers connected by IP network. The TrafficServer command is used first on another computer which puts the communication throughput measurement tool server in a listening condition. Then the TrafficClient command is used to connect to that server by specifying its host name or IP address and port number, which makes it possible to measure the communication speed.
    Measurement of the communication speed is carried out by concurrently establishing multiple TCP connections and calculating the actual number of bits of data that can be transferred within a specified time based on the respective results of transferring the maximum stream data on each connection and then using that to calculate the average value (bps) of communication throughput. Normally when there is one TCP connection, it is common to only be able to achieve communication speeds slower than the actual net throughput because of limitations related to the TCP algorithm. We therefore recommend the establishment of multiple concurrent TCP connections when measuring communication results. Because the throughput that is measured using this measurement method is calculated from the bit length of the data that arrives on the receiver side as a stream by TCP, the packet loss that occurs during transfer and the packets with corrupted data are not included in the packets that actually arrive, which means it is possible to calculate a genuine value that is close to the maximum possible communication bandwidth of the network.
    Using the measurement results, i.e. the stream size transferred by TCP, the approximate value of data volume that actually passed through the network is calculated and this is divided by time to calculate the bits per sec (bps). The calculation assumes the type of the physical network is Ethernet (IEEE802.3) and the MAC frame payload size is 1,500 bytes (TCP MSS is 1,460 bytes). By specifying the /RAW option, the calculation will not make corrections for the TCP/IP header and MAC header data volume.

    Note: This command can be called from the SoftEther VPN Command Line Management Utility. You can also execute this command while connected to the current VPN Server or VPN Client in Administration Mode but, what actually conducts communication and measures the throughput is the computer on which the command is running, and all this is executed in a context that has absolutely no relationship to the computer that is the destination of the Administration Mode connection.
    Command-line TrafficClient [host:port] [/NUMTCP:numtcp] [/TYPE:download|upload|full] [/SPAN:span] [/DOUBLE:yes|no] [/RAW:yes|no]
    Arguments for "TrafficClient":
    host:port Specify the host name or IP address and port number that the communication throughput measurement tool server (TrafficServer) is listening for. If the port number is omitted, 9821 will be used.
    /NUMTCP Specify the number of TCP connections to be concurrently established between the client and the server for data transfer. If omitted, 32 will be used.
    /TYPE Specify the direction of data flow when throughput measurement is performed. Specify one of the following options: "download", "upload" or "full". By specifying "download" the data will be transmitted from the server side to the client side. By specifying "upload" the data will be transmitted from the client side to the server side. By specifying "full", the data will be transferred in both directions. When "full" is specified, the NUMTCP value must be an even number of two or more (half the number will be used for concurrent TCP connections in the download direction and the other half will be used in the upload direction). If this parameter is omitted, "full" will be used.
    /SPAN Specify, using seconds, the time span to conduct data transfer for the measurement of throughput. If this parameter is omitted, "15" will be used.
    /DOUBLE When "yes" is specified, the throughput of the measured result will be doubled and then displayed. This option is used for cases when a network device etc. is somewhere on the data route and the total throughput capability that is input and output by this network device is being measured.
    /RAW By specifying "yes", the calculation will not make corrections for the TCP/IP header and MAC header data volume.

    ...

    Command Name TrafficServer
    Purpose Run Network Traffic Speed Test Tool in Server Mode
    Description Use this to execute the communication throughput measurement tool's server program.
    Two commands, TrafficClient and TrafficServer, are used for the communication throughput measurement tool to enable the measurement of communication throughput that can be transferred between two computers connected by IP network.
    To set the TCP port of this computer to the Listen status to listen for the connection from the TrafficClient of another computer, specify the port number and start the server program using the TrafficServer command.
    You can display more detailed information on the communication throughput measurement tool by inputting "TrafficClient /?".

    Note: This command can be called from the SoftEther VPN Command Line Management Utility. You can also execute this command while connected to the current VPN Server or VPN Client in Administration Mode but, what actually conducts communication and measures the throughput is the computer on which the command is running, and all this is executed in a context that has absolutely no relationship to the computer that is the destination of the Administration Mode connection.
    Command-line TrafficServer [port]
    Arguments for "TrafficServer":
    port Specify, using an integer, the port number at which to listen for the connection. If the specified port is already being used by another program, or if the port cannot be opened, an error will occur.

    ...

    6.3.68 "Check": Check whether SoftEther VPN Operation is Possible

    Command Name Check
    Purpose Check whether SoftEther VPN Operation is Possible
    Description Use this to check if the current computer that is running vpncmd is a suitable operation platform for SoftEther VPN Server / Bridge.
    If this check passes on a system, it is highly likely that SoftEther VPN software will operate correctly on that system.
    Also, if this check does not pass on a system, then this indicates that some type of trouble may arise if SoftEther VPN software is used on that system.
    Command-line Check
    Arguments for "Check":
    No arguments are required.

    ...

    Command Name IPsecEnable
    Purpose Enable or Disable IPsec VPN Server Function
    Description Enable or Disable IPsec VPN Server Function on SoftEther VPN Server.
    If you enable this function, Virtual Hubs on the VPN Server will be able to accept Remote-Access VPN connections from L2TP-compatible PCs, Mac OS X and Smartphones, and also can accept EtherIP Site-to-Site VPN Connection. VPN Connections from Smartphones suchlike iPhone, iPad and Android, and also from native VPN Clients on Mac OS X and Windows can be accepted.

    To execute this command, you must have VPN Server administrator privileges.
    This command cannot be run on VPN Bridge.
    You cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
    Command-line IPsecEnable [/L2TP:yes|no] [/L2TPRAW:yes|no] [/ETHERIP:yes|no] [/PSK:pre-shared-key] [/DEFAULTHUB:default_hub]
    Arguments for "IPsecEnable":
    /L2TP Enable or Disable the L2TP over IPsec Server Function. To accept VPN connections from iPhone, iPad, Android, Windows or Mac OS X, enable this option.
    /L2TPRAW Enable or Disable the L2TP Server Function (Raw L2TP with No Encryptions). To accept special VPN clients, enable this option.
    /ETHERIP Enable or Disable the EtherIP / L2TPv3 over IPsec Server Function (for site-to-site VPN Server function). Router Products which are compatible with EtherIP over IPsec can connect to Virtual Hubs on the VPN Server and establish Layer-2 (Ethernet) Bridging.
    /PSK Specify the IPsec Pre-Shared Key. An IPsec Pre-Shared Key is also called as "PSK" or "secret". Specify it equal or less than 8 letters, and distribute it to every users who will connect to the VPN Server. Please note: Google Android 4.0 has a bug which a Pre-Shared Key with 10 or more letters causes a unexpected behavior. For that reason, the letters of a Pre-Shared Key should be 9 or less characters.
    /DEFAULTHUB Specify the default Virtual HUB in a case of omitting the name of HUB on the Username. Users should specify their username such as "Username@Target Virtual HUB Name" to connect this L2TP Server. If the designation of the Virtual Hub is omitted, the above HUB will be used as the target.

    ...

    Command Name IPsecGet
    Purpose Get the Current IPsec VPN Server Settings
    Description Get and view the current IPsec VPN Server settings on the SoftEther VPN Server.

    To execute this command, you must have VPN Server administrator privileges.
    This command cannot be run on VPN Bridge.
    You cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster.
    Command-line IPsecGet
    Arguments for "IPsecGet":
    No arguments are required.

    ...