Table of contents
Combined revision comparison
...
To build a remote access network you must create a Virtual Hub in your VPN Server and connect it to the target LAN already in place via a local bridge connection. Please refer to section # 3.6 Local Bridges# for more information about local bridging.
...
- If your company already has a UNIX server or a Windows domain controller (including Active Directory) with a large number of registered users and you want to give those users access to the VPN, then you should use RADIUS authentication or Active Directory authentication. For more information on these authentication methods please refer to sections
#2.2.3#2.2 User Authenticationand #2.2.4#.. - If your company already has a CA (certificate authority) that issues a X.509 certificate/private key file or smart card that supports SoftEther VPN then you should use certificate authentication as your user authentication scheme. For more information please refer to section
#2.2.5#2.2 User Authenticationand #2.2.6#.. - If you have no existing authentication infrastructure then you can also register individual user names and passwords for users to connect to the Virtual Hub. For more information on password authentication please refer to section
#2.2.2#.2.2 User Authentication. Even if no authentication infrastructure is in place you can still use certificate authentication in order to improve your network's security.
...
Let's calculate how many licenses will be needed for this network layout. You will definitely need a VPN Server product license to receive incoming connections from VPN Clients. This example only deals with a small number of connections and does not require clustering capabilities. Thus, the Standard Edition license will provide all the functionality you need for this type of setup.
Finally, you have 5 VPN Clients connecting to the VPN Server at the same time, so you will need a 5 client connection license.
The bridge connection required to connect the VPN Server's Virtual Hub to the existing LAN will be handled by VPN Server so a bridge connection license is not required.
Thus, the required product licenses and connection licenses are as shown below. Please refer to section #1.3# for more information about the licensing system.
VPN Server Standard Edition License x 1 VPN Server Client Connect License (5 Clients) x 1
10.4.510.4.6 Installing VPN Server On a LAN
...
Because the VPN Server must receive incoming VPN connections from the Internet it must have a public IP address or be able to receive TCP/IP communication through NAT, a firewall, or a reverse proxy system as described in section #10.2.1#.10.2 Common Concepts and Knowledge. Please consult with your network administrator if you are unsure about any of these issues.
...
10.4.610.4.7 Configuring the Local Bridge
Once you have VPN Server installed, create a Virtual Hub and connect it to the layer 2 segment you wish to remotely connect to via local bridging. For a detailed explanation of this process please refer to section #3.6Local Bridges#..
...
- As explained in detail in section
#3.6.3#,3.6 Local Bridges, if possible, try to set aside network adapters strictly for local bridging when making your local bridge connection. We recommend that you do not use a protocol stack for your local bridge network adapters, and do not assign TCP/IP IP addresses to them. - We also recommend that you use a high quality network adapter from a trusted maker for your local bridge connections. For more information please refer to
#3.6.5#3.6 Local Bridgesand #3.6.6#..
10.4.710.4.8 Connecting to the VPN Remotely/Performing a Communication Test
...
Version from 19:10, 3 Mar 2013
...
To build a remote access network you must create a Virtual Hub in your VPN Server and connect it to the target LAN already in place via a local bridge connection. Please refer to section #3.6# for more information about local bridging.
...
- If your company already has a UNIX server or a Windows domain controller (including Active Directory) with a large number of registered users and you want to give those users access to the VPN, then you should use RADIUS authentication or Active Directory authentication. For more information on these authentication methods please refer to sections
#2.2.3#and #2.2.4#. - If your company already has a CA (certificate authority) that issues a X.509 certificate/private key file or smart card that supports SoftEther VPN then you should use certificate authentication as your user authentication scheme. For more information please refer to section
#2.2.5#and #2.2.6#. - If you have no existing authentication infrastructure then you can also register individual user names and passwords for users to connect to the Virtual Hub. For more information on password authentication please refer to section
#2.2.2#.Even if no authentication infrastructure is in place you can still use certificate authentication in order to improve your network's security.
...
10.4.5 Calculating the Number of Required Licenses
Let's calculate how many licenses will be needed for this network layout. You will definitely need a VPN Server product license to receive incoming connections from VPN Clients. This example only deals with a small number of connections and does not require clustering capabilities. Thus, the Standard Edition license will provide all the functionality you need for this type of setup.
Finally, you have 5 VPN Clients connecting to the VPN Server at the same time, so you will need a 5 client connection license.
The bridge connection required to connect the VPN Server's Virtual Hub to the existing LAN will be handled by VPN Server so a bridge connection license is not required.
Thus, the required product licenses and connection licenses are as shown below. Please refer to section #1.3# for more information about the licensing system.
VPN Server Standard Edition License x 1VPN Server Client Connect License (5 Clients) x 1
...
10.4.6 Installing VPN Server On a LAN
...
Because the VPN Server must receive incoming VPN connections from the Internet it must have a public IP address or be able to receive TCP/IP communication through NAT, a firewall, or a reverse proxy system as described in section #10.2.1#. Please consult with your network administrator if you are unsure about any of these issues.
...
10.4.7 Configuring the Local Bridge
Once you have VPN Server installed, create a Virtual Hub and connect it to the layer 2 segment you wish to remotely connect to via local bridging. For a detailed explanation of this process please refer to section #3.6#.
...
- As explained in detail in section
#3.6.3#,if possible, try to set aside network adapters strictly for local bridging when making your local bridge connection. We recommend that you do not use a protocol stack for your local bridge network adapters, and do not assign TCP/IP IP addresses to them. - We also recommend that you use a high quality network adapter from a trusted maker for your local bridge connections. For more information please refer to
#3.6.5#and #3.6.6#.
...
10.4.8 Connecting to the VPN Remotely/Performing a Communication Test
...
Version as of 17:45, 4 Mar 2013
...
To build a remote access network you must create a Virtual Hub in your VPN Server and connect it to the target LAN already in place via a local bridge connection. Please refer to section 3.6 Local Bridges for more information about local bridging.
...
- If your company already has a UNIX server or a Windows domain controller (including Active Directory) with a large number of registered users and you want to give those users access to the VPN, then you should use RADIUS authentication or Active Directory authentication. For more information on these authentication methods please refer to sections 2.2 User Authentication.
- If your company already has a CA (certificate authority) that issues a X.509 certificate/private key file or smart card that supports SoftEther VPN then you should use certificate authentication as your user authentication scheme. For more information please refer to section 2.2 User Authentication.
- If you have no existing authentication infrastructure then you can also register individual user names and passwords for users to connect to the Virtual Hub. For more information on password authentication please refer to section 2.2 User Authentication. Even if no authentication infrastructure is in place you can still use certificate authentication in order to improve your network's security.
...
10.4.5 Installing VPN Server On a LAN
...
Because the VPN Server must receive incoming VPN connections from the Internet it must have a public IP address or be able to receive TCP/IP communication through NAT, a firewall, or a reverse proxy system as described in section 10.2 Common Concepts and Knowledge. Please consult with your network administrator if you are unsure about any of these issues.
...
10.4.6 Configuring the Local Bridge
Once you have VPN Server installed, create a Virtual Hub and connect it to the layer 2 segment you wish to remotely connect to via local bridging. For a detailed explanation of this process please refer to section 3.6Local Bridges.
...
- As explained in detail in section 3.6 Local Bridges, if possible, try to set aside network adapters strictly for local bridging when making your local bridge connection. We recommend that you do not use a protocol stack for your local bridge network adapters, and do not assign TCP/IP IP addresses to them.
- We also recommend that you use a high quality network adapter from a trusted maker for your local bridge connections. For more information please refer to 3.6 Local Bridges.
10.4.7 Connecting to the VPN Remotely/Performing a Communication Test
...
