Table of contents
- 1. 9.2.1 Selecting the Installation Mode
- 2. 9.2.2 Installation Procedure Using the Installer
- 3. 9.2.3 Optimizing the TCP/IP Communication Settings
- 4. 9.2.4 Precautions After Installation
- 5. 9.2.5 Managing VPN Bridge with VPN Server Manager
- 6. 9.2.6 Managing with vpncmd
- 7. 9.2.7 Starting and Stopping Service
- 8. 9.2.8 Adding and Deleting the Service
- 9. 9.2.9 Limitations when Starting with General User Rights
This section describes how to install SoftEther VPN Bridge to an operating system with Windows 2000 or later. This assumes that in the Windows operating system, no extra application software is installed after performing a clean install of the system. This also assumes that the Windows function for blocking communication to TCP/IP ports from the outside (firewall function) is disabled.
9.2.1 Selecting the Installation Mode
As described in #3.2#, SoftEther VPN Bridge can be operated in either service mode or user mode. When configuring VPN Bridge for use as part of an everyday operation system, we recommend installing SoftEther VPN Server in Bridge mode. The installer for the Windows version of VPN Bridge installs the VPN Bridge program to the system in service mode.
9.2.2 Installation Procedure Using the Installer
Preparing the Installer File
The installation of the Windows version of SoftEther VPN Bridge is very easy as it is almost completely performed automatically. To install VPN Bridge , use any of the following methods to obtain the Windows installer file.
- When SoftEther VPN Bridge is purchased as a product, the installer file is distributed on a CD-ROM. Place the CD-ROM on the CD-ROM drive of the computer and select the executable file to install the Windows version of VPN Bridge .
- You can also download the latest VPN Bridge installer file from the SoftEther VPN Project website (http://www.softether.com/). We recommend checking the above website for the latest version of VPN Bridge even if you have the CD-ROM with the installer file. If you signed a maintenance contract with a partner using SoftEther VPN, please contact your partner representative in advance and check whether the latest version can be installed.
- If you received the latest version of VPN Bridge on a CD-ROM or as electronic files from your partner using SoftEther VPN, install the software using those files.
The VPN Bridge Windows version installer file is an executable file with the name vpnbridge-build-number-win32-x86.exe. At the time of writing this manual, the installer file of the latest build is vpnbridge-5070-rtm-win32-x86.exe.
/html/images/9-2-1.gif) Figure 9-2-1 VPN Bridge Installer |
Starting the Installer
Start the installer by double-clicking the VPN Bridge installer file. The Windows Installer-based installer starts automatically. Using the installation wizard, you can select the name of the installation directory. (By default, the program is installed to Program Files\SoftEther VPN Bridge on the system drive.) The VPN Bridge process writes large log files to the installation directory, so we recommend selecting an area on the hard drive that has a large amount of disk space and is quickly accessible.
/html/.images/9-2-2.gif) Figure 9-2-2 Specifying the VPN Bridge Installation Directory |
During the installation, the end-user license agreement may be displayed. Please thoroughly read the agreement. If you agree to the terms and conditions, the installation continues.
/html/images/9-2-3.gif) Figure 9-2-3 VPN Bridge End-User License Agreement |
The installer automatically registers the SoftEther VPN Bridge system service and sets the program to automatically start in background mode at Windows startup.
9.2.3 Optimizing the TCP/IP Communication Settings
The window for optimizing the TCP/IP communication settings may be displayed during installation of VPN Bridge .
/html/images/9-2-4.gif) Figure 9-2-4 Changing the TCP/IP Communication Settings |
The TCP/IP communication settings optimization function can be used to perform the following.
- Using a TCP/IP send/receive window buffer size of 64 KB or more by means of the window scaling option can improve the communication speed over a broadband line.
- The buffer size of the Windows AFD service can be rewritten to a value for high-speed communication.
However, there are reports that enabling the TCP/IP window scaling option can create unstable communication or completely block communication through a firewall device, such as some transparent proxies. These problems seem to occur with older versions of firewall devices on a network that do not support the window scaling option. If, after optimizing the TCP/IP communication settings, TCP/IP communication becomes unstable, you can restore the optimized TCP/IP communication settings to their original settings. To restore the optimized TCP/IP communication settings (and use the default values of the operating system), we recommend clicking [Start] > [SoftEther VPN Bridge ] > [TCP Communication Optimization Utility]], and then changing the [TCP Incoming Window Size] and [TCP Outgoing Window Size] values to [Use the default value of the operating system].
/html/images/9-2-5.gif) Figure 9-2-5 Restoring the TCP/IP Communication Settings to the Default Values of the Operating System |
9.2.4 Precautions After Installation
When installation of the Windows version of VPN Bridge is completed, the SoftEther VPN Bridge service is already running in the background on the Windows system. Normally, the computer does not have to be restarted after installation of the program. However, if you expect to use the local bridge function while using a network adapter that supports hardware offloading, as described in #3.6.10#, we recommend that you restart the computer.
To check whether the VPN Bridge installer properly installed the SoftEther VPN Bridge service to the Windows system, click [Control Panel] > [Administrative Tools] > [Services], and check that [SoftEther VPN Bridge ] is displayed on the list of services.
9.2.5 Managing VPN Bridge with VPN Server Manager
This section is approximately same as initial setting after the installation of VPN Server. Please refer to "#7.2.5" about the initial setting of VPN Server.
9.2.6 Managing with vpncmd
This section is approximately same as initial setting after the installation of VPN Server. Please refer to "#7.2.6" about the initial setting of VPN Server.
9.2.7 Starting and Stopping Service
The installer for the Windows version of VPN Bridge automatically installs the SoftEther VPN Bridge service. This service continually operates while Windows is running, and it automatically shuts down when Windows shuts down.
If the service must be restarted for management reasons or because VPN Bridge operations become unstable, you can click [Control Panel] > [Administrative Tools] > [Services], and start or stop the service. An easier and more reliable method is to call the net command at the command prompt and start or stop the service.
To stop the service, type the following command.
> net stop vpnbridge |
To start the service, type the following command.
> net start vpnbridge |
If, in the unlikely event, the VPN Bridge process hangs and cannot be controlled using the net command, you can use Task Manager in Windows to forcibly terminate the vpnbridge.exe process.
9.2.8 Adding and Deleting the Service
You can add or delete the service for the vpnbridge.exe process using the method described in the description of the service mode of the Windows SoftEther VPN Bridge in #3.2.1#. You can use this method, for example, to move all setting files in the VPN Bridge installation directory to a different directory or hard drive, and then re-register the process as a service. (However, we cannot recommend using this method as the uninstaller may not be able to properly uninstall the program.)
9.2.9 Limitations when Starting with General User Rights
We recommend operating the Windows version of VPN Bridge as a service mode program, but you can also start VPN Bridge in the user mode by using the method described in #3.2.2#. When VPN Bridge is started in user mode, critical security holes, such as buffer overruns, exist temporarily on the VPN Bridge , but because only user accounts starting VPN Bridge in user mode would be affected if an attack were to occur, VPN Bridge can be used relatively securely and safely. However, SoftEther VPN Project does not recommend actually operating VPN Bridge in user mode for the following reasons.
- The local bridge function cannot be used. (For details, please refer to #3.6#.)
- Some features of the disaster recovery function, such as automatic recovery when an error occurs in a self process, cannot be used. (For details, please refer to #3.3.12#.)
- To start the VPN Bridge process in user mode, the user must remained logged on to the server. The user cannot operate VPN Bridge when the user logs off or when no users are logged on to the server after Windows starts. For these reasons, user mode is not suited for actual operation of VPN Bridge .
