5.2 Operating Modes

    The user can operate the SoftEther VPN Bridge in two modes: Service Mode and User Mode. Below is an explanation of these two modes.

     

    5.2.1 Service Mode

    Service Mode is the normal operating mode. Installing and operating the SoftEther VPN Bridge in Service Mode will cause the SoftEther VPN Bridge to operate in the background as a part of the OS, launch when the OS launches prior to user log in and await VPN session connection as the VPN Bridge . In addition, the server will automatically shutdown when the operating system shuts down.

    The word "service" here refers to a background system service in Windows and some UNIX operating systems and is sometimes referred to as a daemon in other operating systems.

    When the VPN Bridge is operating in Service Mode, said operation is not depended upon by users currently logged onto the operating system. That is why we recommend running the VPN Bridge in Service Mode on most occasions.

    When using the VPN Bridge in Service Mode, the VPN Bridge process (executable file name vpnbridge ) typically runs on system or root authority.

    The method for installing the VPN Bridge in Service Mode on the Windows version differs to that of other UNIX versions.

    • Installing the Windows version SoftEther VPN Bridge from the installer results in the installation of the Service Mode and automatic initiation of its operation as a background service. For details, please refer to 7.2 Install on Windows and Initial Configurations.
    • In order to install the SoftEther VPN Bridge in Service Mode on the Linux version or other UNIX versions, it is necessary to register it on the system as a daemon process. For details, please refer to 7.3 Install on Linux and Initial Configurations.

    Service Mode cannot be used in the following situations, in which case the VPN Bridge should be used in User Mode.

    • When the system on which the SoftEther VPN Bridge is to operate does not have System Administrator authority.
    • When the client wishes to install and use the SoftEther VPN Bridge temporarily rather than continuously.
    • When the client wishes to launch the SoftEther VPN Bridge with general user authority for security reasons.

     

    The executable file name for the 32-bit Windows version SoftEther VPN Bridge is "vpnbridge .exe", while the file name for the 64-bit version is "vpnbridge_x64.exe". The description in this manual assumes use of the 32-bit version, so please apply the relevant changes in the case of the 64-bit version.

     

    The Explanation of Service Mode for Windows Version SoftEther VPN Bridge

    We recommend using the installer when installing the Windows version VPN Bridge in Service Mode. This method automatically launches and runs the VPN Bridge as a service without the need for any special operation by the client. Even if the system is rebooted, the VPN Bridge will automatically begin operating upon system start-up. Because the VPN Bridge is launched as a background task, the computer on which the server is installed can be used for other tasks without the client having to be aware of said server's installation.

    In addition, the Windows version SoftEther VPN Bridge service can be commenced or terminated by attaching the relevant command line argument to the executable file name (vpnbridge .exe), or can be removed or re-registered from the Windows system via the Windows system service list.

    The shortened service name of the SoftEther VPN Bridge service registered on the Windows system is "sevpnbridge " and the long service name is "SoftEther VPN Bridge ".

    In order to register vpnbridge .exe as a service when the SoftEther VPN Bridge service is not currently installed on the Windows system, insert the following from the command prompt and execute vpnbridge .exe (System Administrator authority is required).

    > vpnbridge  /install 

    To delete the SoftEther VPN Bridge service when it is already installed on the Windows system, insert the following from the command prompt and execute vpnbridge .exe (System Administrator authority is required).

    > vpnbridge  /uninstall 

    Furthermore, attaching the /start or /stop arguments enables the service to be commenced or terminated. For details on other arguments which can be designated in the vpnbridge program, please refer to the message box which appears when directly executing vpnbridge .exe.

    The service can also be started and terminated by accessing [Control Panel] > [Administrative Tools] > [Services] (or [Control Panel] > [Services] in the case of Windows NT 4.0). It is possible to change the server from [Automatic] to [Manual] startup by selecting SoftEther VPN Bridge from the [Services] list, then clicking open [Startup type]. Changing the startup type to [Manual] means that the service does not launch automatically on startup, and does not operate until initiated by a user with Administrator authority.

    It is also possible to start and stop the SoftEther VPN Bridge service using the net command. Enter net start sevpnbridge to start the service, and net stop sevpnbridge to terminate the service.

    The SoftEther VPN Server emulates the service system of Windows NT or later when operating on an older OS. There may be several limitations in this case, such as the process terminating when the user logs off.
     

    5-2-1.png

    SoftEther VPN Bridge registered as a service.

    Service Mode for UNIX Version SoftEther VPN Bridge

    Please refer to 7.3 Install on Linux and Initial Configurations for details on installing and launching the Linux and other UNIX versions of the SoftEther VPN Bridge in Service Mode.

    5.2.2 User Mode

    User Mode is a special type of operating mode. Operating the SoftEther VPN Bridge in User Mode causes the SoftEther VPN Bridge to run in the background as a user process. To operate the SoftEther VPN Bridge in User Mode, it is necessary to log onto the system as a user and launch the vpnbridge executable file each time the server is launched. Operations may differ depending on the operating system as described below.

    • Launching the VPN Bridge in User Mode on the Windows OS will result in the server process running in the background only while the user is logged on, and the process will terminate at the same time that the user logs off.
    • Meanwhile, launching the VPN Bridge in User Mode on a UNIX OS will result in the VPN Bridge 's server process creating a child process at that time, and running that in the background, thereby enabling separation of the process from the user session. Consequently, the VPN Bridge process will remain operational on the OS even if the user logs off, and will continue running until the system is shutdown or rebooted.

    User Mode for Windows Version SoftEther VPN Bridge

    To launch the Windows version VPN Bridge in User Mode, attach the [/usermode] option to the vpnbridge .exe executable file and then launch.

    > vpnbridge /usermode

    Once the launch is complete, an icon will appear in the task tray and the VPN Bridge will have launched in User Mode. In this mode, the VPN Bridge program operates as one which can be executed with general user authority, similar to other application programs operating in User Mode (such as Word, calculator and so on). That is why absolutely no System Administrator authority is required to launch the VPN Bridge in User Mode. However, the VPN Bridge process also terminates at the same time that the user logs off. We recommend saving the above /usermode option attached to the command line as a shortcut on the desktop or setting it up in the [Startup] folder in order to facilitate the frequent launch of the VPN Bridge in User Mode.

    5-2-2.png

    SoftEther VPN Bridge launched in User Mode.

     

    To terminate the User Mode once it has been launched, right click on the icon in the task tray and select [Exit SoftEther VPN Bridge ].

    Furthermore, clicking on [Hide task tray icon], hides the icon in the task tray display. This function is available when the VPN Bridge is launched regularly in User Mode and the icon display becomes a hindrance. Note, however, that the VPN Bridge cannot be terminated from the menu when the task tray icon is hidden. In this case, press the Ctrl + Alt + Del keys to open the Task Manager and end the vpnbridge .exe process. When launching vpnbridge .exe the next time in User Mode, the task tray icon can be restored by attaching the /usermode_showtray option.

    5-2-3.png

    Hide task tray icon menu.

     

    When using the SoftEther VPN Bridge , rather than operating the server by using System Administrator authority and registering the server as a system service, operating the server in User Mode with general user authorization may enable security to be enhanced. Launching the SoftEther VPN Bridge in User Mode may, however, result in the inability to use the local bridge function.

    User Mode for Unix Version SoftEther VPN Bridge

    To launch the VPN Bridge in User Mode on UNIX systems including Linux, rather than registering the vpnbridge executable file in the system as a daemon, attach the start argument from the command line as shown below as if launching a normal application command (such as ls, cat, etc.) and launch vpnbridge .

    $ ./vpnbridge  start
    SoftEther VPN Bridge Service Started.
    $ 

    If control returns to the shell after the message [SoftEther VPN Bridge Service Started.] is output, this means that the VPN Bridge was properly launched in User Mode. To terminate the VPN Bridge once it has been launched, attach the stop argument and launch the vpnbridge as follows.

    $ ./vpnbridge  stop
    SoftEther VPN Bridge Service Stopped.
    $  

    When the VPN Bridge is launched on UNIX in User Mode, the process operates and becomes a background process with that user's authority. Therefore, the vpnbridge process continues to operate even if the user logs out or disconnects the SSH connection. The process continues to operate until the system is rebooted or until the process is forcibly terminated by root.

    As described in 7.3 Install on Linux and Initial Configurations, daemonizing and using the vpnbridge process in UNIX operating systems is simply a matter of registering it so as to instruct the operating system's startup script to call up vpnbridge start. Even when running the VPN Bridge in Service Mode, something equivalent to the procedure described here is automatically performed by a system with root authority so there is fundamentally no difference. Accordingly, the items described below also apply generally to the daemonized VPN Bridge .

    As shown below, the vpnbridge process is launched in two stages on the UNIX version VPN Bridge . First, the first process named execsvc is launched as a background process, after which that process creates a child process using the fork() system call, and this child process carries out the actual VPN processing. The parent process (process ID 1549 in the example below) constantly monitors the child process (process ID 1550 in the example below) and in the event that an abnormal error occurs, immediately terminates the process and launches it again to attempt recovery (see 3.3 VPN Server Administration for details). The example below was actually run on a particular Linux system so it may not appear the same on different Linux or other operating systems. In addition, in order to display multiple threads as multiple processes in the case of versions with old Linux kernels (i.e. versions not compatible with native threads), the actual vpnbridge processes created may be more than those in the example below but this is a display issue and operation is in fact normal.

    $ ps auxf
    USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
    neko 1549 0.0 0.8 5188 560 ? S< Nov24 0:00 /tmp/vpnbridge  execsvc
    neko 1550 0.0 4.0 11888 2520 ? S< Nov24 0:08 \_ /tmp/vpnbridge  execsvc 

    Although it only occurs rarely, in the event that the VPN Bridge process launched in User Mode goes out of control for some reason such as a hardware malfunction (a memory shortage, for instance) and is unable to be stopped by vpnbridge /stop, first forcibly terminate the parent vpnbridge process (process ID 1549 in the example above) by sending a signal to it using kill -KILL, then forcibly terminate the remaining process (process ID 1550 in the above example) by sending a signal to it with kill -KILL. Forcibly terminating the child process first may cause the parent process to determine that the child process terminated abnormally and launch it again. Depending on the system, killall -KILL vpnbridge may enable the simultaneous termination of all vpnbridge processes.

    Moreover, when the vpnbridge receives the TERM signal (the normal termination request signal), it performs termination processing properly.

    The use of TCP/IP ports with a port number less than 1024 in standby mode is not permitted for processes operating with general user authority in the case of UNIX operating systems. That is why TCP/IP listener ports with a port number less than 1024 cannot be opened when operating the SoftEther VPN Bridge in User Mode with general user authority rather than operating it after registration as a system service with System Administrator authority. Please note that although the SoftEther VPN Bridge attempts to open the three ports 443, 992 and 5555 in default as listener ports, operating the server in User Mode means that only the 5555 port goes into listen mode. Additionally, launching the SoftEther VPN Bridge in User Mode may result in inability to use the local bridge function.