Specification

Version from 01:43, 23 Feb 2013

This page has no content. Enrich SoftEther.org by contributing.

Current version

Basic Capabilities of SoftEther VPN Server

Maximum Concurrent VPN Sessions

• 4,096 Sessions

Maximum Virtual Hubs

• 4,096 Virtual Hubs

Remote Access VPN

• Layer-2 (Ethernet Bridging)
• Layer-3 (IP Routing)

Site-to-Site VPN

• Layer-2 (Ethernet Bridging)
• Layer-3 (IP Routing)

Traffic Control

• VoIP / QoS Priority Control
• Traffic Shaping for Per Users or Groups

Maximum Objects in a Virtual Hub

• Users: 10,000
• Groups: 10,000
• Access List Entries: 32,768
• MAC Address Table Entries: 65,536
• IP Address Table Entries: 65,536
• Cascade Connections: 128

SecureNAT Function

• Virtual NAT Function: Maximum 4,096 Dynamic Mapping
• User-mode NAT
• Kernel-mode NAT
• Virtual DHCP Function

High Availability and Clustering

• Maximum Cluster Members: 64
• Load Balancing
• Load Balancing Weight Control
• Dynamic Mode Virtual Hub Mapping over Cluster Members
• Static Mode Virtual Hub Mapping over Cluster Members
• Fault Terrance

Security Features

• External User-authentication Methods: RADIUS / NT Domain / Active Directory
• Security Policy Settings for Per User / Per Group
• Security Logs Isolation for Each Virtual Hubs
• Works as System-mode Background Service
• Works as User-mode Program
• DoS Attacks Detection and Protection (SYN Flood)

Management Functions

• VPN Server Manager GUI for Windows
• Command-line Management Utility (vpncmd)
• Listener Ports Dynamic Add / Delete

VPN Protocols Supported by SoftEther VPN Server

• SoftEther VPN Protocol (Ethernet over HTTPS)
• OpenVPN (L3-mode and L2-mode)
• L2TP/IPsec
• MS-SSTP (Microsoft Secure Socket Tunneling Protocol)
• SSTP/IPsec
• EtherIP/IPsec

SoftEther VPN Protocol Specification

• Upper Underlying Protocol: SSL (Secure Socket Layer) 3.0 / TLS (Transport Layer Security) 1.0
• Lower Underlying Protocol: TCP/IP and UDP/IP Hybrid (on IPv4 and IPv6)
• Ciphers:
  RC4-MD5, RC4-SHA, AES128-SHA, AES256-SHA, DES-CBC-SHA and DES-CBC3-SHA
• Data Compression: zlib
• Session-key: 128bit
• Based Standards: Extended HTTPS over SSL Protocol (RFC2818, RFC 5246)
• WAN Optimization: 1-32 Parallel TCP Connection to Construct a Logical VPN Session
• Persistent Link: Infinite Auto-reconnect Function
• Proxy Support: HTTP Proxy Server, SOCKS Proxy Server
• User-authentication:
  - Anonymous
  - Standard Password Authentication
  - Password Authentication for RADIUS
  - Password Authentication for NT Domain and Active Directory
  - X.509 RSA PKI Certification Authentication (Key file on Disk)
  - X.509 RSA PKI Certification Authentication (PKCS#11 Smart-cards or USB Tokens)
• VPN Encapsulation Payload
  Ethernet (IEEE802.3) Frames (Up to 1,514bytes or 1,518bytes for IEEE802.1Q VLAN Tags)
• Supported VPN Clients: SoftEther VPN Client
• Supported Client OS: Windows and Linux
• Supported VPN Topologies: Remote-access VPN, Site-to-Site VPN (L2-Bridging) and Site-to-Site VPN (L3-Routing)

L2TP/IPsec Sever Function Specifications on SoftEther VPN Server

• User-authentication Methods: PAP and MS-CHAPv2
• NAT-Traversal: RFC3947 IPsec over UDP Encapsulation
• Supported Ciphers:
  DES-CBC, 3DES-CBC, AES-CBC, Blowfish-CBC and CAST-128-CBC
• Supported Hashes:
  MD5 and SHA-1
• Supported Diffie-Hellman Groups:
  MODP 768 (Group 1), MODP 1024 (Group 2) and MODP 1536 (Group 5)
• Compatible VPN Clients: Built-in VPN Clients on Windows, Mac, iOS and Android
• Compatible Client OS: Windows, Mac, iOS, Android and other L2TP-supported VPN Client OS
• Supported VPN Topologies: Remote-access VPN

OpenVPN Server Function Specifications on SoftEther VPN Server

• OpenVPN Clone Function for Compatibility with OpenVPN Technologies, Inc.'s implementations.
• Supported Ciphers:
  AES-128-CBC, AES-192-CBC, AES-256-CBC, BF-CBC, CAST-CBC, CAST5-CBC, DES-CBC, DES-EDE-CBC, DES-EDE3-CBC, DESX-CBC, RC2-40-CBC, RC2-64-CBC and RC2-CBC
• Supported Hashes:
  SHA, SHA1, MD5, MD4 and RMD160
• Operational Mode: L2 (Bridging) and L3 (Routing)
• Compatible VPN Clients: OpenVPN for PC (Windows, Mac, Linux) and OpenVPN Connect by OpenVPN Technologies, Inc.
• Compatible Client OS: Windows, Linux, Mac, iOS and Android
• Supported VPN Topologies: Remote-access VPN, Site-to-Site VPN (L2-Bridging) and Site-to-Site VPN (L3-Routing)

SSTP Server Function Specifications on SoftEther VPN Server

• Clone Function for SSTP-VPN Server of Microsoft's Windows Server 2008 R2.
• User-authentication Methods: PAP and MS-CHAPv2
• Supported Ciphers and Hashes on TLS:
  RC4-MD5, RC4-SHA, AES128-SHA, AES256-SHA, DES-CBC-SHA and DES-CBC3-SHA
• Compatible VPN Clients: Built-in VPN Clients on Windows Vista, 7, 8, RT
• Compatible Client OS: Windows Vista, 7, 8, RT, Server 2008, Server 2008 R2, Server 2012
• Supported VPN Topologies: Remote-access VPN

L2TPv3 Server Function Specifications on SoftEther VPN Server

• Clone Function for Cisco's L2TPv3 Site-to-Site VPN Server
• NAT-Traversal: RFC3947 IPsec over UDP Encapsulation
• Supported Ciphers:
  DES-CBC, 3DES-CBC, AES-CBC, Blowfish-CBC and CAST-128-CBC
• Supported Hashes:
  MD5 and SHA-1
• Supported Diffie-Hellman Groups:
  MODP 768 (Group 1), MODP 1024 (Group 2) and MODP 1536 (Group 5)
• Supported VPN Topologies: Site-to-Site VPN (L2-Bridging)
• Compatible VPN Clients: Cisco IOS's L2TPv3 VPN Client
• Compatible Client OS: Cisco IOS or other compatible O

EtherIP Server Function Specifications on SoftEther VPN Server

• NAT-Traversal: RFC3947 IPsec over UDP Encapsulation
• Supported Ciphers:
  DES-CBC, 3DES-CBC, AES-CBC, Blowfish-CBC and CAST-128-CBC
• Supported Hashes:
  MD5 and SHA-1
• Supported Diffie-Hellman Groups:
  MODP 768 (Group 1), MODP 1024 (Group 2) and MODP 1536 (Group 5)
• Supported VPN Topologies: Site-to-Site VPN (L2-Bridging)
• Compatible VPN Clients: EtherIP VPN Client
• Compatible Client OS: EtherIP compatible OS

...