10.4 Build a PC-to-LAN Remote Access VPN

Combined revision comparison

...

• If your company already has a UNIX server or a Windows domain controller (including Active Directory) with a large number of registered users and you want to give those users access to the VPN, then you should use RADIUS authentication or Active Directory authentication. For more information on these authentication methods please refer to sections 2.2.3 RADIUS2.2 User Authentication and 2.2.4 NT Domain and Active Directory Authentication.
• If your company already has a CA (certificate authority) that issues a X.509 certificate/private key file or smart card that supports SoftEther VPN then you should use certificate authentication as your user authentication scheme. For more information please refer to section 2.2.5 Individual Certificate Authentication2.2 User and 2.2.6 Signed Certificate Authentication.
• If you have no existing authentication infrastructure then you can also register individual user names and passwords for users to connect to the Virtual Hub. For more information on password authentication please refer to section 2.2.2 Password2.2 User Authentication. Even if no authentication infrastructure is in place you can still use certificate authentication in order to improve your network's security.

...

Because the VPN Server must receive incoming VPN connections from the Internet it must have a public IP address or be able to receive TCP/IP communication through NAT, a firewall, or a reverse proxy system as described in section 10.2.1 VPN Server Location10.2 Common Concepts and Knowledge. Please consult with your network administrator if you are unsure about any of these issues.

...

• As explained in detail in section  3.6.3 Preparing the Local Bridge network adapter3.6 Local Bridges, if possible, try to set aside network adapters strictly for local bridging when making your local bridge connection. We recommend that you do not use a protocol stack for your local bridge network adapters, and do not assign TCP/IP IP addresses to them.
• We also recommend that you use a high quality network adapter from a trusted maker for your local bridge connections. For more information please refer to 3.6.5 Supported Network Adapter Types and 3.6.6 Use of network adapters not supporting Promiscuous Mode3.6 Local Bridges.

...

Other changes:

1. /body/ul/li/a/@href: "mks://localhost/4-docs/1-manual/2/2.2" ⇒ "mks://localhost/4-docs/1-manual/2/2.2#2.2.3_RADIUS_Authentication"
2. /body/ul/li/a/@title: "4-docs/1-manual/2/2.2" ⇒ "2.2.3 RADIUS Authentication"
3. /body/ul/li[2]/a/@href: "mks://localhost/4-docs/1-manual/2/2.2" ⇒ "mks://localhost/4-docs/1-manual/2/2.2#2.2.5_Individual_Certificate_Authentication"
4. /body/ul/li[2]/a/@title: "4-docs/1-manual/2/2.2" ⇒ "2.2.5 Individual Certificate Authentication"
5. /body/ul/li[3]/a/@href: "mks://localhost/4-docs/1-manual/2/2.2" ⇒ "mks://localhost/4-docs/1-manual/2/2.2#2.2.2_Password_Authentication"
6. /body/ul/li[3]/a/@title: "4-docs/1-manual/2/2.2" ⇒ "2.2.2 Password Authentication"
7. /body/p[16]/a/@href: "mks://localhost/4-docs/1-manual/A/10.2" ⇒ "mks://localhost/4-docs/1-manual/A/10.2#10.2.1_VPN_Server_Location"
8. /body/p[16]/a/@title: "4-docs/1-manual/A/10.2" ⇒ "10.2.1 VPN Server Location"
9. /body/p[17]/a/@title: "3.6 Local Bridges" ⇒ "4-docs/1-manual/3/3.6"
10. /body/ul[2]/li/a/@href: "mks://localhost/4-docs/1-manual/3/3.6" ⇒ "mks://localhost/4-docs/1-manual/3/3.6#3.6.3_Preparing_the_Local_Bridge_network_adapter"
11. /body/ul[2]/li/a/@title: "4-docs/1-manual/3/3.6" ⇒ "3.6.3 Preparing the Local Bridge network adapter"
12. /body/ul[2]/li[2]/a[2]/@href: "mks://localhost/4-docs/1-manual/3/3.6" ⇒ "mks://localhost/4-docs/1-manual/3/3.6#3.6.6_Use_of_network_adapters_not_supporting_Promiscuous_Mode"
13. /body/ul[2]/li[2]/a[2]/@title: "4-docs/1-manual/3/3.6" ⇒ "3.6.6 Use of network adapters not supporting Promiscuous Mode"