Table of contents
Combined revision comparison
...
However with SoftEther VPN you don't have to install VPN Server on a computer with a public IP address. VPN Server will work just fine on a computer behind NAT or a firewall in your private IP address space. Please refer to section 10.2 Common Concepts and Knowledge#10.2.3# for more details on setting up a server under these circumstances.
...
- When the administrator of the server you are about to install VPN Server on will be the same as the VPN Server administrator
In this case you can install VPN Server yourself. Once the VPN Server install is completed you will be able to set all administrator passwords. - When the administrator of the server you are about to install VPN Server on is not going to be the VPN Server administrator
In this case you must request that the server's administrator (root or Administrator) install VPN Server for you. Once the installation has been completed log in locally or remotely to the VPN Server service by using the VPN server administration tool and set all administrator passwords.
If you are going to operate VPN Server in User Mode (see section 3.2 Operating Modes#3.2.2#for more information) and you can log into the server machine as a general user then you can use VPN Server under your own user privileges without asking the system administrator. However, this method is not recommended.
...
Once you have installed VPN Server you must decide how many Virtual Hubs to create, their names, and what purpose each will serve. If you wish to give Virtual Hub administrator rights to another user then set the Virtual Hub administrator password and give your administrator rights to that user. (See section 3.4 Virtual Hub Functions#3.3.4# for more information.)
...
You must allow TCP/IP traffic to pass through at least 2 of the VPN Server TCP/IP listen ports described in section #3.3.6#.3.3 VPN Server Administration. Under most situations we recommend you to open traffic to port 443. The reason for this is that using this port VPN Clients can easily send VPN packets through firewalls or proxy servers masked as HTTPS data.
...
With conventional firewall or NAT hardware you can configure them to allow TCP/IP traffic to pass through at least port 443 (HTTPS). However a few extremely secure networks will filter data addressed to port 443 from the Internet. In that case, if there is another port which you can route TCP/IP traffic through you can use that port to allow VPN Server to be seen from the Internet. (See section 3.3 VPN Server Administration#3.3.6# for more information on how to change port numbers.)
...
However, if there will be many users logging in to the VPN Server with each entering their own authentication data (such as for a PC-to-PC VPN or a remote access VPN) you must choose your user authentication method wisely. Please refer to section #10.4.3#10.4 Build a Generic Remote Access VPN for more information on selecting an authentication method for remote access VPNs.
For more information on all the user authentication methods utilized by VPN Server, please refer to section #2.2#.
2.2 User Authentication.
...
As was explained in Chapter 3. SoftEther VPN Server Manual#3#, VPN Server , VPN Server contains a lot of functionality. However, there rarely comes a time when you need to use all of these features at once.
In most cases you can build a sufficient VPN with only the local bridging functionality to connect the Virtual Hub to a physical LAN (see section #3.6 Local Bridges#) ) and the cascade connection functionality to connect Virtual Hubs together (see section #3.4.11#).3.4 Virtual Hub Functions).
...
For more information on Virtual Layer 3 Switching please refer to section #3.8#.
3.8 Virtual Layer 3 Switches.
...
Please refer to section 3.7 Virtual NAT & Virtual DHCP Servers#3.7.5# for more information about the Virtual DHCP Server functionality.
...
- When you wish to communicate with an existing physical LAN via the Virtual Hub but you can not use local bridging. This situation is most commonly encountered when you do not have administrator rights on the target system to install VPN Server / VPN Bridge, or the target system's OS is something other than Windows, Linux, or Solaris.
- When you want to use VPN Server / VPN Bridge for some special situation. (See section
#10.11Exploit SecureNAT for Remote Access into Firewall without Any Permission#))
...
Please refer to section 3.7 Virtual NAT & Virtual DHCP Servers#3.7.3# for more information about Virtual NAT.
...
Version from 19:10, 3 Mar 2013
...
However with SoftEther VPN you don't have to install VPN Server on a computer with a public IP address. VPN Server will work just fine on a computer behind NAT or a firewall in your private IP address space. Please refer to section #10.2.3# for more details on setting up a server under these circumstances.
...
- When the administrator of the server you are about to install VPN Server on will be the same as the VPN Server administrator
In this case you can install VPN Server yourself. Once the VPN Server install is completed you will be able to set all administrator passwords. - When the administrator of the server you are about to install VPN Server on is not going to be the VPN Server administrator
In this case you must request that the server's administrator (root or Administrator) install VPN Server for you. Once the installation has been completed log in locally or remotely to the VPN Server service by using the VPN server administration tool and set all administrator passwords.
If you are going to operate VPN Server in User Mode (see section#3.2.2#for more information) and you can log into the server machine as a general user then you can use VPN Server under your own user privileges without asking the system administrator. However, this method is not recommended.
...
Once you have installed VPN Server you must decide how many Virtual Hubs to create, their names, and what purpose each will serve. If you wish to give Virtual Hub administrator rights to another user then set the Virtual Hub administrator password and give your administrator rights to that user. (See section #3.3.4# for more information.)
...
You must allow TCP/IP traffic to pass through at least 2 of the VPN Server TCP/IP listen ports described in section #3.3.6#. Under most situations we recommend you to open traffic to port 443. The reason for this is that using this port VPN Clients can easily send VPN packets through firewalls or proxy servers masked as HTTPS data.
...
With conventional firewall or NAT hardware you can configure them to allow TCP/IP traffic to pass through at least port 443 (HTTPS). However a few extremely secure networks will filter data addressed to port 443 from the Internet. In that case, if there is another port which you can route TCP/IP traffic through you can use that port to allow VPN Server to be seen from the Internet. (See section #3.3.6# for more information on how to change port numbers.)
...
However, if there will be many users logging in to the VPN Server with each entering their own authentication data (such as for a PC-to-PC VPN or a remote access VPN) you must choose your user authentication method wisely. Please refer to section #10.4.3# for more information on selecting an authentication method for remote access VPNs.
For more information on all the user authentication methods utilized by VPN Server, please refer to section #2.2#.
...
As was explained in Chapter #3#, VPN Server contains a lot of functionality. However, there rarely comes a time when you need to use all of these features at once.
In most cases you can build a sufficient VPN with only the local bridging functionality to connect the Virtual Hub to a physical LAN (see section #3.6#) and the cascade connection functionality to connect Virtual Hubs together (see section #3.4.11#).
...
For more information on Virtual Layer 3 Switching please refer to section #3.8#.
...
Please refer to section #3.7.5# for more information about the Virtual DHCP Server functionality.
...
- When you wish to communicate with an existing physical LAN via the Virtual Hub but you can not use local bridging. This situation is most commonly encountered when you do not have administrator rights on the target system to install VPN Server / VPN Bridge, or the target system's OS is something other than Windows, Linux, or Solaris.
- When you want to use VPN Server / VPN Bridge for some special situation. (See section
#10.11#)
...
Please refer to section #3.7.3# for more information about Virtual NAT.
...
Version as of 17:42, 4 Mar 2013
...
However with SoftEther VPN you don't have to install VPN Server on a computer with a public IP address. VPN Server will work just fine on a computer behind NAT or a firewall in your private IP address space. Please refer to section 10.2 Common Concepts and Knowledge for more details on setting up a server under these circumstances.
...
- When the administrator of the server you are about to install VPN Server on will be the same as the VPN Server administrator
In this case you can install VPN Server yourself. Once the VPN Server install is completed you will be able to set all administrator passwords. - When the administrator of the server you are about to install VPN Server on is not going to be the VPN Server administrator
In this case you must request that the server's administrator (root or Administrator) install VPN Server for you. Once the installation has been completed log in locally or remotely to the VPN Server service by using the VPN server administration tool and set all administrator passwords.
If you are going to operate VPN Server in User Mode (see section 3.2 Operating Modes for more information) and you can log into the server machine as a general user then you can use VPN Server under your own user privileges without asking the system administrator. However, this method is not recommended.
...
Once you have installed VPN Server you must decide how many Virtual Hubs to create, their names, and what purpose each will serve. If you wish to give Virtual Hub administrator rights to another user then set the Virtual Hub administrator password and give your administrator rights to that user. (See section 3.4 Virtual Hub Functions for more information.)
...
You must allow TCP/IP traffic to pass through at least 2 of the VPN Server TCP/IP listen ports described in section 3.3 VPN Server Administration. Under most situations we recommend you to open traffic to port 443. The reason for this is that using this port VPN Clients can easily send VPN packets through firewalls or proxy servers masked as HTTPS data.
...
With conventional firewall or NAT hardware you can configure them to allow TCP/IP traffic to pass through at least port 443 (HTTPS). However a few extremely secure networks will filter data addressed to port 443 from the Internet. In that case, if there is another port which you can route TCP/IP traffic through you can use that port to allow VPN Server to be seen from the Internet. (See section 3.3 VPN Server Administration for more information on how to change port numbers.)
...
However, if there will be many users logging in to the VPN Server with each entering their own authentication data (such as for a PC-to-PC VPN or a remote access VPN) you must choose your user authentication method wisely. Please refer to section 10.4 Build a Generic Remote Access VPN for more information on selecting an authentication method for remote access VPNs.
For more information on all the user authentication methods utilized by VPN Server, please refer to section 2.2 User Authentication.
...
As was explained in Chapter 3. SoftEther VPN Server Manual, VPN Server contains a lot of functionality. However, there rarely comes a time when you need to use all of these features at once.
In most cases you can build a sufficient VPN with only the local bridging functionality to connect the Virtual Hub to a physical LAN (see section 3.6 Local Bridges) and the cascade connection functionality to connect Virtual Hubs together (see section 3.4 Virtual Hub Functions).
...
For more information on Virtual Layer 3 Switching please refer to section 3.8 Virtual Layer 3 Switches.
...
Please refer to section 3.7 Virtual NAT & Virtual DHCP Servers for more information about the Virtual DHCP Server functionality.
...
- When you wish to communicate with an existing physical LAN via the Virtual Hub but you can not use local bridging. This situation is most commonly encountered when you do not have administrator rights on the target system to install VPN Server / VPN Bridge, or the target system's OS is something other than Windows, Linux, or Solaris.
- When you want to use VPN Server / VPN Bridge for some special situation. (See section 10.11Exploit SecureNAT for Remote Access into Firewall without Any Permission)
...
Please refer to section 3.7 Virtual NAT & Virtual DHCP Servers for more information about Virtual NAT.
...
