Table of contents
Combined revision comparison
...
For example, if a small business wants to set up a remote access VPN system, but has a dynamic global IP address (an IP address that changes every time a connection to the Internet is made), they are unable to install a stable VPN Server within the company. (It is possible to install a VPN Server on this type of network using the DDNS service as explained in section #10.10.4#,10.10 Your Home PC as VPN Relay for Protect WiFi Using, but this method is not recommended when stability is crucial.) There are also cases of small companies that have a static global IP address, but do not have the technical knowledge required for the daily management of a VPN Server. For these types of companies, a Virtual Hub hosting services provided by their ISP is a viable option. By making a permanent cascade connection from a VPN Bridge installed within the company to the Virtual Hub provided by the ISP, a company can provide a remote access VPN service as described in section # 10.4Build a Generic Remote Access VPN# to their employees without running their own VPN Server. An illustration of this type of network is shown in the figure below. Employees wanting to use the remote access VPN connect to the Virtual Hub on the VPN Server provided by the ISP. Data is then routed through this Virtual Hub and to the VPN Bridge connected to the company network by a local bridge, granting remote access to the network.
...
Also, using this type of service allows you to join two LANs without a static global IP address through the Virtual Hub hosting service provided by the ISP. Basically, you will be able to create a LAN-to-LAN VPN as described in section # 10.5 Build a LAN-to-LAN VPN (Using L2 Bridge)# without having to install a VPN Server on your company network.
...
Therefore, you will need to use the clustering capabilities of SoftEther VPN Server Enterprise Edition or SoftEther VPN Server Carrier Edition as explained in section #10.8 Build a Large Scale Remote Access VPN Service#. . Using clustering will enable you to create a large number of dynamic Virtual Hubs without taking a performance hit. It will also allow you to handle a high number of VPN sessions at once by balancing the load across multiple VPN Servers. Furthermore, if one of your VPN Servers malfunctions or needs to be taken down for maintenance, the fault-tolerance capability of the cluster controller will automatically move any VPN sessions connected to that VPN server to another, properly working VPN Server. With this in mind, it is possible to set up a large scale Virtual Hub hosting service that runs 24 hours a day, 365 days a year with no downtime.
...
The best one to use for a Virtual Hub hosting service is the dynamic Virtual Hub. (See section #3.9.8#.)
3.9 Clustering.)
...
You will have to estimate the number of incoming VPN connections to our VPN Server cluster when setting up a Virtual Hub hosting service.
First you will need to acquire enough product licenses to install your servers.
This network layout example would require VPN Server Enterprise Edition License x 5.
A service provider or other communications company could also use the VPN Server Carrier Edition License. See section #1.3.7# for more details.
Required Connection Licenses
The number of client and bridge connection licenses required by your VPN Server cluster will be determined by the number of client mode VPN sessions and bridge/routing mode VPN sessions that will be connected to the cluster at the same time. You should always prepare enough connection licenses to handle a slightly higher number of connections than you expect will actually be connected to your cluster, just to be safe.
If you are using the VPN Server Carrier Edition License then there is no need to purchase or register connection licenses beforehand. See section #1.3.7# for more details.
10.9.510.9.6 Installing and Configuring the Cluster Controller
...
Please refer to section 3.9 Clustering#3.9.2# for more information on setting up a VPN Server as a cluster controller.
...
10.9.610.9.7 Installing and Configuring the Cluster Member Servers
Each VPN Server installed after the first will connect to the cluster controller as a cluster member server. Please refer to section 3.9 Clustering#3.9.3# for more information on setting up a VPN Server as a cluster member server.
...
10.9.710.9.8 Creating Dynamic Virtual Hubs
...
10.9.810.9.9 Assigning Virtual Hub Administrator Rights
...
Handing off administrator rights is as easy as telling the user the administrator password for the Virtual Hub, or registering a password the user requests when you first create the Virtual Hub. Please refer to section 3.3 VPN Server Administration#3.3.4# for more information on giving out administrator rights.
Once the user has their password they can use it to log in to the cluster controller via their own VPN server management tool or vpncmd and freely manage their Virtual Hub. They will have access to all the features a Virtual Hub administrator has such as adding new users/groups, configuring access lists, log file settings, and more. You can also restrict access to these operations as you see fit. Please refer to section 10.9.11#10.9.13# for more details.
...
10.9.910.9.10 Managing VPN Sessions on a Clustered VPN
...
10.9.1010.9.11 Automating the Creation and Management of a Large Quantity of Virtual Hubs or Users
...
Refer to section 6. Command Line Management Utility Manual#6# for more information about vpncmd. An ISP can use vpncmd to call its own internal automated system to automate the control of its VPN Servers or Virtual Hubs when providing a Virtual Hub hosting service.
10.9.1110.9.12 User's Usage Status and Billing
By connecting to the VPN Server with overall administrator rights you can manage or view the traffic volume of each Virtual Hub on the entire system. An ISP will need to use this to bill each user (Virtual Hub) appropriately according to the traffic volume of that individual user. You can get this information by retrieving the statistical data automatically created and managed by the VPN Server and each Virtual Hub. Also, this information is stored in the vpn_server.config configuration file generated by the cluster controller. By retrieving the data stored in this file you can measure the traffic volume for each user and bill them accordingly. Please refer to section 3.3 VPN Server Administration#3.3.10# for more information on the statistical data generated by VPN Server and the Virtual Hubs. You could also make a simple program that process and records this information to automatically calculate billing for you.
...
10.9.1210.9.13 Limiting Administrator Rights by Configuring the Virtual Hub Management Options
...
This feature is referred to as the Virtual Hub management options and is a standard feature of VPN Server. Please refer to section 3.5 Virtual Hub Security Features#3.5.12# for a list of items you can configure.
...
Version from 19:12, 3 Mar 2013
...
For example, if a small business wants to set up a remote access VPN system, but has a dynamic global IP address (an IP address that changes every time a connection to the Internet is made), they are unable to install a stable VPN Server within the company. (It is possible to install a VPN Server on this type of network using the DDNS service as explained in section #10.10.4#, but this method is not recommended when stability is crucial.) There are also cases of small companies that have a static global IP address, but do not have the technical knowledge required for the daily management of a VPN Server. For these types of companies, a Virtual Hub hosting services provided by their ISP is a viable option. By making a permanent cascade connection from a VPN Bridge installed within the company to the Virtual Hub provided by the ISP, a company can provide a remote access VPN service as described in section #10.4# to their employees without running their own VPN Server. An illustration of this type of network is shown in the figure below. Employees wanting to use the remote access VPN connect to the Virtual Hub on the VPN Server provided by the ISP. Data is then routed through this Virtual Hub and to the VPN Bridge connected to the company network by a local bridge, granting remote access to the network.
...
Also, using this type of service allows you to join two LANs without a static global IP address through the Virtual Hub hosting service provided by the ISP. Basically, you will be able to create a LAN-to-LAN VPN as described in section #10.5# without having to install a VPN Server on your company network.
...
Therefore, you will need to use the clustering capabilities of SoftEther VPN Server Enterprise Edition or SoftEther VPN Server Carrier Edition as explained in section #10.8#. Using clustering will enable you to create a large number of dynamic Virtual Hubs without taking a performance hit. It will also allow you to handle a high number of VPN sessions at once by balancing the load across multiple VPN Servers. Furthermore, if one of your VPN Servers malfunctions or needs to be taken down for maintenance, the fault-tolerance capability of the cluster controller will automatically move any VPN sessions connected to that VPN server to another, properly working VPN Server. With this in mind, it is possible to set up a large scale Virtual Hub hosting service that runs 24 hours a day, 365 days a year with no downtime.
...
The best one to use for a Virtual Hub hosting service is the dynamic Virtual Hub. (See section #3.9.8#.)
...
10.9.5 Calculating the Number of Required Licenses
Required Product Licenses
You will have to estimate the number of incoming VPN connections to our VPN Server cluster when setting up a Virtual Hub hosting service.
First you will need to acquire enough product licenses to install your servers.
This network layout example would require VPN Server Enterprise Edition License x 5.
A service provider or other communications company could also use the VPN Server Carrier Edition License. See section #1.3.7# for more details.
Required Connection Licenses
The number of client and bridge connection licenses required by your VPN Server cluster will be determined by the number of client mode VPN sessions and bridge/routing mode VPN sessions that will be connected to the cluster at the same time. You should always prepare enough connection licenses to handle a slightly higher number of connections than you expect will actually be connected to your cluster, just to be safe.
If you are using the VPN Server Carrier Edition License then there is no need to purchase or register connection licenses beforehand. See section #1.3.7# for more details.
...
10.9.6 Installing and Configuring the Cluster Controller
...
Please refer to section #3.9.2# for more information on setting up a VPN Server as a cluster controller.
...
10.9.7 Installing and Configuring the Cluster Member Servers
Each VPN Server installed after the first will connect to the cluster controller as a cluster member server. Please refer to section #3.9.3# for more information on setting up a VPN Server as a cluster member server.
...
10.9.8 Creating Dynamic Virtual Hubs
...
10.9.9 Assigning Virtual Hub Administrator Rights
...
Handing off administrator rights is as easy as telling the user the administrator password for the Virtual Hub, or registering a password the user requests when you first create the Virtual Hub. Please refer to section #3.3.4# for more information on giving out administrator rights.
Once the user has their password they can use it to log in to the cluster controller via their own VPN server management tool or vpncmd and freely manage their Virtual Hub. They will have access to all the features a Virtual Hub administrator has such as adding new users/groups, configuring access lists, log file settings, and more. You can also restrict access to these operations as you see fit. Please refer to section #10.9.13# for more details.
...
10.9.10 Managing VPN Sessions on a Clustered VPN
...
10.9.11 Automating the Creation and Management of a Large Quantity of Virtual Hubs or Users
...
Refer to section #6# for more information about vpncmd. An ISP can use vpncmd to call its own internal automated system to automate the control of its VPN Servers or Virtual Hubs when providing a Virtual Hub hosting service.
10.9.12 User's Usage Status and Billing
By connecting to the VPN Server with overall administrator rights you can manage or view the traffic volume of each Virtual Hub on the entire system. An ISP will need to use this to bill each user (Virtual Hub) appropriately according to the traffic volume of that individual user. You can get this information by retrieving the statistical data automatically created and managed by the VPN Server and each Virtual Hub. Also, this information is stored in the vpn_server.config configuration file generated by the cluster controller. By retrieving the data stored in this file you can measure the traffic volume for each user and bill them accordingly. Please refer to section #3.3.10# for more information on the statistical data generated by VPN Server and the Virtual Hubs. You could also make a simple program that process and records this information to automatically calculate billing for you.
...
10.9.13 Limiting Administrator Rights by Configuring the Virtual Hub Management Options
...
This feature is referred to as the Virtual Hub management options and is a standard feature of VPN Server. Please refer to section #3.5.12# for a list of items you can configure.
...
Version as of 18:34, 4 Mar 2013
...
For example, if a small business wants to set up a remote access VPN system, but has a dynamic global IP address (an IP address that changes every time a connection to the Internet is made), they are unable to install a stable VPN Server within the company. (It is possible to install a VPN Server on this type of network using the DDNS service as explained in section 10.10 Your Home PC as VPN Relay for Protect WiFi Using, but this method is not recommended when stability is crucial.) There are also cases of small companies that have a static global IP address, but do not have the technical knowledge required for the daily management of a VPN Server. For these types of companies, a Virtual Hub hosting services provided by their ISP is a viable option. By making a permanent cascade connection from a VPN Bridge installed within the company to the Virtual Hub provided by the ISP, a company can provide a remote access VPN service as described in section 10.4Build a Generic Remote Access VPN to their employees without running their own VPN Server. An illustration of this type of network is shown in the figure below. Employees wanting to use the remote access VPN connect to the Virtual Hub on the VPN Server provided by the ISP. Data is then routed through this Virtual Hub and to the VPN Bridge connected to the company network by a local bridge, granting remote access to the network.
...
Also, using this type of service allows you to join two LANs without a static global IP address through the Virtual Hub hosting service provided by the ISP. Basically, you will be able to create a LAN-to-LAN VPN as described in section 10.5 Build a LAN-to-LAN VPN (Using L2 Bridge) without having to install a VPN Server on your company network.
...
Therefore, you will need to use the clustering capabilities of SoftEther VPN Server Enterprise Edition or SoftEther VPN Server Carrier Edition as explained in section 10.8 Build a Large Scale Remote Access VPN Service. Using clustering will enable you to create a large number of dynamic Virtual Hubs without taking a performance hit. It will also allow you to handle a high number of VPN sessions at once by balancing the load across multiple VPN Servers. Furthermore, if one of your VPN Servers malfunctions or needs to be taken down for maintenance, the fault-tolerance capability of the cluster controller will automatically move any VPN sessions connected to that VPN server to another, properly working VPN Server. With this in mind, it is possible to set up a large scale Virtual Hub hosting service that runs 24 hours a day, 365 days a year with no downtime.
...
The best one to use for a Virtual Hub hosting service is the dynamic Virtual Hub. (See section 3.9 Clustering.)
...
10.9.5 Installing and Configuring the Cluster Controller
...
Please refer to section 3.9 Clustering for more information on setting up a VPN Server as a cluster controller.
...
10.9.6 Installing and Configuring the Cluster Member Servers
Each VPN Server installed after the first will connect to the cluster controller as a cluster member server. Please refer to section 3.9 Clustering for more information on setting up a VPN Server as a cluster member server.
...
10.9.7 Creating Dynamic Virtual Hubs
...
10.9.8 Assigning Virtual Hub Administrator Rights
...
Handing off administrator rights is as easy as telling the user the administrator password for the Virtual Hub, or registering a password the user requests when you first create the Virtual Hub. Please refer to section 3.3 VPN Server Administration for more information on giving out administrator rights.
Once the user has their password they can use it to log in to the cluster controller via their own VPN server management tool or vpncmd and freely manage their Virtual Hub. They will have access to all the features a Virtual Hub administrator has such as adding new users/groups, configuring access lists, log file settings, and more. You can also restrict access to these operations as you see fit. Please refer to section10.9.11 for more details.
...
10.9.9 Managing VPN Sessions on a Clustered VPN
...
10.9.10 Automating the Creation and Management of a Large Quantity of Virtual Hubs or Users
...
Refer to section 6. Command Line Management Utility Manual for more information about vpncmd. An ISP can use vpncmd to call its own internal automated system to automate the control of its VPN Servers or Virtual Hubs when providing a Virtual Hub hosting service.
10.9.11 User's Usage Status and Billing
By connecting to the VPN Server with overall administrator rights you can manage or view the traffic volume of each Virtual Hub on the entire system. An ISP will need to use this to bill each user (Virtual Hub) appropriately according to the traffic volume of that individual user. You can get this information by retrieving the statistical data automatically created and managed by the VPN Server and each Virtual Hub. Also, this information is stored in the vpn_server.config configuration file generated by the cluster controller. By retrieving the data stored in this file you can measure the traffic volume for each user and bill them accordingly. Please refer to section 3.3 VPN Server Administration for more information on the statistical data generated by VPN Server and the Virtual Hubs. You could also make a simple program that process and records this information to automatically calculate billing for you.
...
10.9.12 Limiting Administrator Rights by Configuring the Virtual Hub Management Options
...
This feature is referred to as the Virtual Hub management options and is a standard feature of VPN Server. Please refer to section 3.5 Virtual Hub Security Features for a list of items you can configure.
...
