Table of contents
The revision history of each SoftEther VPN build is here.
- SoftEther VPN 4.14 Build 9529 Beta (February 2, 2015)
We are very sorry. The previous version 4.13 (beta) has a problem to accept L2TP connections due to the session-state quota-limitation code by the minor change between Build 9514 and 9524. The problem is fixed on this build. Please update to this build if you are facing to the L2TP problem on version 4.13.
Added the function to record physical source IP addresses of VPN clients on every packet log lines. This function can be disabled by set the "NoPhysicalIPOnPacketLog" flag in the Virtual Hub Extended Option to "1".
- SoftEther VPN 4.13 Build 9524 Beta (January 31, 2015)
Modified the behavior of the Local Bridge function in the VPN Server on Linux. In the previous versions, if several Local Bridge creation operations will be made, then the operations to disable the offloading function on the target Ethernet devices will be conducted as many as same. After this version, the operation to disabling the offloading function will be called only once if several Local Bridge creation operations will be made on the same Ethernet device.
Added the "SecureNAT_RandomizeAssignIp" Virtual Hub Extending Option. If you set this option to non-zero value, then the Virtual DHCP Server of the SecureNAT function will choose an unused IP address randomly from the DHCP pool while the default behavior is to choose the first unused IP address.
Added the "DetectDormantSessionInterval" Virtual Hub Extending Option. If you set this option to non-zero value, then the Virtual Hub will treat the VPN sessions, which have transmitted no packets for the last specified intervals (in seconds), as Dormant Sessions. The Virtual Hub will not flood packets, which should be flood, to any Dormant Sessions.
Added the implementation of the SHA() function in the source code. This made the building process easier on the low-memory embedded hardware which has its OpenSSL implementation without the SHA () function.
Improved the behavior on Windows 10 Technical Preview to show the OS version information correctly.
- SoftEther VPN 4.12 Build 9514 Beta (November 17, 2014)
Added the VLAN ID dynamic assignment function by RADIUS. It is very useful when the layer-2 Ethernet segment with aggregated IEEE802.1Q tagged VLANs is bridged to your Virtual Hub. Each VPN session will be assigned its own VLAN ID by the RADIUS attribute value when the user is authenticated by the external RADIUS server unless the user object has a VLAN ID security policy. The RADIUS attribute with the name "Tunnel-Pvt-Group-ID" (ID = 81) will be used as the VLAN ID. The data type must be STRING. This function is disabled by default. You have to set the "AssignVLanIdByRadiusAttribute" value to "1" in the Virtual Hub Extended Options in advance.
Added the OpenVPNDefaultClientOption option in the vpn_server.config. The specified option string will be used alternatively when the connecting OpenVPN Client does not provide the connection string. Some incomplete OpenVPN Clients with the --enable-small compiling option always forget to specify this connection string. This option can make VPN Server allow such OpenVPN Clients.
Improved the DHCP option parser to allow the external DHCP server pushes the classless routing table which exceeds 255 bytes.
Added the support for "hair-pin connection" on the NAT Traversal function.
Fixed the performance problem when the server computer has the wrong resolv.conf setting file on Linux.
Fixed the VPN Client configuration backup folder name which the setup wizard automatically creates.
Fixed the UDP checksum value of the beacon packets which are sent by the Virtual Layer 3 Switch function.
- SoftEther VPN 4.11 Build 9506 Beta (October 22, 2014)
As a response to the SSLv3 POODLE problem we added the "AcceptOnlyTls" configuration flag on the vpn_server.config for SoftEther VPN Server. Please set this flag is you want to completely disable the SSLv3 function in SoftEther VPN Server.
Added the perfect forward security (PFS) support on SSL/TLS. SoftEther VPN Server can now accept connections with DHE-RSA-AES128-SHA or DHE-RSA-AES256-SHA ciphers.
- SoftEther VPN 4.10 Build 9505 Beta (October 3, 2014)
Implemented the hash table algorithm for the MAC address database of Virtual Hubs. It improves the performance when there are a large number of MAC addresses registered on the database.
Improved the performance on slow-CPU hardware (e.g. embedded Linux boxes).
Added the DoNotDisableOffloading flag on Local Bridge settings. This flag will disable the automated disabling operation for hardware offloading on the specified Ethernet interface on Linux.
Supports the kernel-supported IEEE802.1Q tagged VLAN on Windows and Linux. It will enable tagged-VLAN support on the Local Bridge function with some specific network interface drivers.
Added the FloodingSendQueueBufferQuota option.
Sets the lower priority value on the oom_adj process parameter for Linux.
Randomized the reconnection interval in Cascade Connection.
Increased the memory usage limit on 64-bit systems.
Modified the behavior of the ConfigGet command and the /CSV option in vpncmd for Windows to work around for the Windows console API bug.
Added the DisableSessionReconnect option on VPN Server and VPN Bridge. It makes Cascade Connection client sessions to disconnect immediately from the destination VPN Server when the based TCP connection is disconnected.
Makes it enable to use the PrivacyFilterMode security policy on Cascade server VPN sessions.
Added the GlobalParams configuration option on VPN Server and VPN Bridge. It allows administrators to modify and optimize the performance parameters of VPN Server and VPN Bridge.
Reduced the processor time of looking up the ACL entries when storing and forwarding packets across a Virtual Hub.
Reduced the usage of the memory on embedded Linux environments.
Fixed a minor bug on the GUI setting screen of the SecureNAT routing table pushing option.
Added the ServerLogSwitchType and the LoggerMaxLogSize option on VPN Server and VPN Bridge. They can change the logging behavior of VPN Server and VPN Bridge.
Implemented the config template file. The template filename is "vpn_server_template.config" for VPN Server, and "vpn_server_template.config" for VPN Bridge. The VPN Server and VPN Bridge loads the template file as the initial configuration state when the configuration file does not exists.
- SoftEther VPN 4.10 Build 9473 Beta (July 12, 2014) Added the "SuppressClientUpdateNotification" option in the Virtual Hub Extending Option list. This option will push the flag to the VPN Client to suppress the update notification screen on the VPN Client manager. To push this flag, set "1" to the "SuppressClientUpdateNotification" option in your Virtual Hub.Added the warning message when the background service process is run by a non-root user (only in UNIX).Fixed the deadlock bug when UNIX versions of SoftEther VPN Server process is shutting down.Added supports for third-party PKCS#11 DLLs: ePass 1000 ND / ePass 2000 / ePass 2003 / ePass 3000.Fixed typo.The expression of the disclaimer statement for exporting / importing has been modified.Fixed the VPN Azure connection problem on Version 4.09 Build 9451 Beta.Fixed the problem that VPN Server Manager and VPN Client Manager sometimes become slow when the update check server is unreachable from the computer.Removed space characters in every URLs of all download files on the SoftEther VPN Download Center web site to avoid the downloading problem in some HTTP clients.A github patch which was posted by a contributor has been applied: "update debian packaging, install init script".
- SoftEther VPN 4.09 Build 9451 Beta (June 9, 2014)
Improves User-mode SecureNAT performance by modifying the processing of TCP_FIN packets. It should improve the performance of the FTP protocol.
- SoftEther VPN 4.08 Build 9449 (June 8, 2014)
Add a new command to generate a RSA 2048 bit certificate.The vpncmd command-line utility has MakeCert command to generate a 1024 bit self-signed RSA certificate. However, in recent years it is recommended to use 2048 bit RSA certificates. Therefore, on this version a new command MakeCert2048 has been added. Use this command to generate a 2048 bit self-signed RSA certificate.Workaround for the NAT traversal problem.Adjusted the priority between TCP/IP Direct Connection and UDP-based NAT-Traversal. On this version (Ver 4.08), NAT-Traversal will always be used if the client program detects that the specified TCP destination port on the destination server is occupied by non-SoftEther VPN Server. Anyone who faces to the connection problem on the VPN Server which is behind the NAT-box should install this update.In the previous version (Ver 4.07), when the VPN Client attempts to connect to the VPN Server, the client firstly establish the connection via the TCP/IP direct protocol. If the TCP connection establishes successfully (in the layer-3) but the TCP port returns non-VPN protocol data (in the layer-7), the protocol error occurs immediately even if the NAT-Traversal connection attempt is still pending. This phenomenon often occurs when the VPN Server is behind the NAT-box, and the NAT-box has a listening TCP-443 port by itself. In that condition, the VPN Client attempts to connect to that TCP-443 port firstly, and the protocol error occurs immediately NAT-box returns non-VPN protocol (e.g. HTML-based administration page).In order to work around that, this version (Ver 4.08) of VPN Client changed the behavior. On this version, if the VPN Client detects that the destination TCP Port is occupied by a non-VPN program, then the client will always use NAT-Traversal socket. This minor change will fix the connection problem to VPN servers behind the NATs.Note: The built-in NAT-Traversal function on SoftEther VPN is for temporary use only. It is not recommended to keep using UDP-based NAT-Traversal connection to beyond the NAT-box when the VPN Server is behind the NAT-box, for long-term use. It is reported that some cheap NAT-boxes disconnect UDP session in regular period (a few minutes) after NAT-Traversal connection has been made. The strongly recommended method to run VPN Server behind the NAT is to make a TCP port mapping on the NAT-box to transfer incoming VPN connection packets (e.g. TCP port 443) to the private IP address of the VPN Server.
- SoftEther VPN 4.07 Build 9448 (June 6, 2014)
We updated the internal OpenSSL to 0.9.8za.
This fixes the latest OpenSSL vulnerability which has unfold on June 05.This vulnerability does not affect on SoftEther VPN. However, we updated the SoftEther VPN build with OpenSSL 0.9.8za. The new build also includes additional improvements.More details about this OpenVPN vulnerability is described at http://www.openssl.org/news/secadv_20140605.txt.
Other updates on this build are as followings:The problem with OpenVPN Connect for Android 1.1.14 has been fixed. In the previous versions, OpenVPN Connect for Android 1.1.14 reports "PolarSSL Error" when it connects to the SoftEther VPN Server, if the server SSL certificate is self-signed root certificate. This X.509 certificate parsing problem is OpenVPN Connect's bug, however we performed work around for this OpenVPN Connect's bug. Please mind that you need to regenerate your self-signed root certificate in order to comply with OpenVPN Connect at once after upgrading the VPN Server to this version. To regenerate the certificate, use the GUI tool on VPN Server Manager, or execute the "ServerCertRegenerate" command on vpncmd.The automated root certificate and intermediate certificates downloading function has been implemented. It is very helpful when you use a commercial certificate which has been issued by a commercial CA (Certificate Authority), including VeriSign, GlobalSign or RapidSSL. In previous versions, you had to install the root certificate and intermediate certificates manually into the "chain_certs" directory. On this version, you do not need any longer to do such a manual installation of chained certs.The OpenVPN configuration file generating function identifies the root certificate correctly, in order to embed it as the "<ca>" inline directive in the auto-generated OpenVPN configuration file. It is very helpful if you are using a commercial certificate which has been issued by a commercial CA (Certificate Authority), including VeriSign, GlobalSign or RapidSSL. (In previous versions, you had to perform the editing task for the OpenVPN configuration file manually.)UI typos have been fixed, and some minor bugs have been fixed.
- SoftEther VPN 4.06 Build 9435 (Beta) (March 26, 2014)
Previous versions of VPN Client have a port-confliction problem of the TCP port (TCP 9930) for RPC (Remote Procedure Call) on the VPN Client service for Windows, if the same port is occupied by another service. This version has solved the confliction problem.
- SoftEther VPN 4.06 Build 9433 (Beta) (March 21, 2014)
Fixed a crashing bug on NAT-Traversal connections.
We sincerely apologize that the SoftEther VPN Server of the last build (Build 9432) has a serious crashing bug if a VPN client connects to the VPN Server in the NAT Traversal mode, in UNIX system. This serious bug was caused by the problem of the processing of Unicode string (which is used by a warning message for NAT Traversal connections). We fixed the serious bug by this Build 9433. If you are using SoftEther VPN Server Build 9430 or 9432 in UNIX, please update it to Build 9433 as soon as possible.
- SoftEther VPN 4.06 Build 9432 (Beta) (March 20, 2014)
We apologize that the previous build (Build 9430) has a problem that the RSA certificate authentication doesn't work.This build has been fixed the problem. Please use Build 9432 if you are intending to use the RSA certificate authentication function.
- SoftEther VPN 4.06 Build 9430 (Beta) (March 20, 2014)
Thank you for waiting!
Added the following five advanced functions into SoftEther VPN Server (experimental):- RADIUS / NT Domain user authentication function- RSA certificate user authentication function- Deep-inspect packet logging function- Source IP address control list function
Added the split-tunneling function (experimental):
- Split tunneling is the function for enterprises to allow users communicate only to the specified IPv4 subnets through a VPN tunnel.
- You can set up either SecureNAT Virtual DHCP Server or any external DHCP server to push static routing tables to all VPN clients.
- The Virtual DHCP Server function in SecureNAT now supports classless static routing table pushing option (RFC 3442).
- All types of VPN clients (SoftEther VPN Client, OpenVPN Client, L2TP/IPsec client and MS-SSTP client) can receive the static routing table pushed.
Added the function which allows the VPN server administrator to obtain the DDNS private key on the DDNS setup dialog-box.
Improved the behavior of the Privacy Filter Mode security policy. In the previous versions, a VPN session which is enabled the Privacy Filter Mode option cannot transmit any packets toward other Privacy Filter Mode enabled VPN sessions, except broadcast packets and ARP packets. On or after this version, both broadcast packets and ARP packets will also be blocked by the Privacy Filter Mode policy to eliminate the broadcast traffics. For the backward compatibility, this behavior can be changed by the "DropBroadcastsInPrivacyFilterMode" and "DropArpInPrivacyFilterMode" bool options on the Virtual Hub Extended Options.
Added the generating function of X.509 v3 certificates with the SHA-2 (SHA-256) hashing algorithm to improve the security.
According to the users reports, on very minor Linux environment, the "vpnserver stop" shutdown operation sometimes hangs up. The SoftEther VPN Project hasn't reproduce the issue yet. However, we added the fail-safe code to run "killall -KILL vpnserver" after the process shutdown operation times out (90 seconds).
Added the option to disable the NAT Traversal tunneling function on the connection settings screen in VPN Client and Cascade Connection.
Added Several Fixes for OS X.
Added Improved Simplified Chinese UI resources.
Added Workaround for when vpnserver hangs on stop on minor Linux environments.
On VPN Servers in People's Republic of China, the above five functions are currently disabled by default, under the orders from Beijing. Although Chinese users can enable these functions manually, Enterprise users in People's Republic of China are recommended to use these enterprise functions with PacketiX VPN Server 4.0 Chinese Edition.
- SoftEther VPN 4.05 Build 9423 (Beta) (February 18, 2014)
Added Files for building CentOS/RHEL RPM.
Set the "VPN over DNS" and "VPN over ICMP" functions disabled by default on VPN Server / VPN Bridge.
- SoftEther VPN 4.05 Build 9422 (Beta) (February 17, 2014)
Added the supporting of /hostname and /password command-line arguments on VPN Client.
Added the NSDI 6.x Lightweight Helper Kernel-mode Module for the local-bridge function. This kernel-mode driver runs only on Windows 8.1 / Windows Server 2012 R2 or later.
- SoftEther VPN 4.05 Build 9416 (Beta) (February 6, 2014)
Added the adminip.txt CIDR support.Added the .zip package with vpnsmgr.exe and vpncmd.exe for system administrators.
- SoftEther VPN 4.04 Build 9412 (January 15, 2014)
Whole English UI texts are checked and corrected by a native speaker of English. Fixed typos.
- SoftEther VPN 4.03 Build 9411 (January 7, 2014)
Modified the source-code tree. In the build 9408, some C# build-utility source codes were missing. In this build, full set of all source codes including the BuildUtil program are appended. No functional differences between this build and the last build.
- SoftEther VPN 4.03 Build 9408 (Jaunary 4, 2014)
SoftEther VPN became open source software from this build. More details on this page. Note that the major version 3.xx was skipped for internal reason of our project. So this open-sourced new version starts with major version 4.xx.
- SoftEther VPN 2.00 Build 9387 (September 16, 2013)
This build realizes the compatibility with Microsoft Windows 8.1 and Windows Server 2012 R2 (RTM). This build supports Windows 8.1 and Windows Server 2012 R2 officially. This build fixes the former problem when the user upgrades from Windows 8 to Windows 8.1 by upgrade installation.The major version number of SoftEther VPN was incremented on this build.
- SoftEther VPN 1.01 Build 9379 RTM (August 18, 2013)
This security update is to strengthen the security of SoftEther VPN 1.0 (Server and Bridge).
There is a remote administration function on SoftEther VPN 1.0. The function is to allow administrators to connect to the VPN server remotely to manage the server. In older versions, a third person can login to the VPN Server in the Virtual Hub Administration Mode if the administrator has forgot to set the administrator's password on a Virtual Hub. Older versions are also safe if any strong password is set on the Virtual Hub. However we suppose that there are some administrators who have forgot to set passwords for Virtual Hubs. In order to protect such potential vulnerable servers, this security update strengthens the VPN server program to deny all empty (not set) passwords on the Virtual Hub Administration Mode. Your VPN server has been safe also in older versions if you set any passwords for Virtual Hubs. However, we strongly recommend to apply this update program to all VPN server administrators who might have potential empty passwords on Virtual Hubs.
- SoftEther VPN 1.00 Build 9376, 9377 RTM (August 3, 2013)
This is a minor fix.
Improvement Stability of NAT Traversal.
Add HTTP User-Agent Indication Behavior when using VPN Gate Client.
- SoftEther VPN 1.00 Build 9371 RTM (July 25, 2013)
This is the RTM version of SoftEther VPN 1.0. It is not a BETA version.
We have fixed a lot of bugs in former builds. This RTM build is a stable build for everyone.
We will continue to improve features and performances on SoftEther VPN hereafter.
- SoftEther VPN 1.00 Build 9367 RC4 (July 21, 2013)
This should be the final beta release before the RTM version of SoftEther VPN 1.0.
- SoftEther VPN 1.00 Build 9091 RC3 (May 19, 2013)
We released RC3 with the following improvements. RC3 should be the final release candidate before the GA (Generally Available) build.- Fixed a crush bug which might occurred during the shutdown of vpnserver process with using L2TPv3 or EtherIP over IPsec.- The statistics of cumulative transferred-bytes and packets-counter are appended on the list of Visual Hubs and on the list of User Objects on each Virtual Hub, on VPN Server Manager and vpncmd.- On the list of User Objects enumeration in both VPN Server Manager and vpncmd, the expire-date of each User Object are appended on the displayed list.- Improvements of stability of Dynamic DNS Function and NAT-Traversal Function.
- SoftEther VPN 1.00 Build 9079 RC2 Fix17 (May 5, 2013)
Fixed a typo. Fixed a wrong bitmap image on the installer.
- SoftEther VPN 1.00 Build 9078 RC2 Fix16 (April 28, 2013)
A security fix. The previous versions have ignored the "deny_empty_password" option in the Virtual Hub Administration Options List. This build fixed this security bug.
Fixed some minor bugs.
Improvement of the respond-time on IPv6 DNS name resolver.
- SoftEther VPN 1.00 Build 9074 RC2 Fix15 (April 24, 2013)
Minor improvement around the Dynamic DNS Client function.
- SoftEther VPN 1.00 Build 9071 RC2 Fix14 (April 20, 2013)
Fixed a minor timeout bug.
- SoftEther VPN 1.00 Build 9070 RC2 Fix13 (April 18, 2013)
Enabled advanced security check routines for butter overflow (Win32 binaries only.)
File sizes have been increased a little, but the performance wasn't affected.
- SoftEther VPN 1.00 Build 9069 RC2 Fix12 (April 17, 2013)
Fixed a minor bug on SSL packet processing.
Fixed a miror bug on TCP listener. (very rare crash)
- SoftEther VPN 1.00 Build 9053 RC2 Fix11 (April 8, 2013)
Fixed a minor bug on UDP packet processing.
Added a new feature: IKE and OpenVPN (in UDP packets) Packet Logging Function.
- SoftEther VPN 1.00 Build 9045 RC2 Fix10 (April 2, 2013)
Fixed a minor bug, and improved the stability.
- SoftEther VPN 1.00 Build 9043 RC2 Fix9 (April 1, 2013)
Fixed a critical bug was in the HTTP packet parser.
Improvement of the stability of UDP-based communication.
Fixed a problem: SecureNAT's connectivity polling packet interval was too short.
- SoftEther VPN 1.00 Build 9035 RC2 Fix8 (March 26, 2013)
Fixed a crash bug: While you are changeing the X.509 server certificate, if a new SSL-VPN connection is being made, the new connection attempt will cause the crash because lack of critical section locking. However this bug was very rare. We found it in the heavy stress test.
- SoftEther VPN 1.00 Build 9033 RC2 Fix7 (March 22, 2013)
Fixed a minor bug.
- SoftEther VPN 1.00 Build 9030 RC2 Fix6 (March 21, 2013)
Fixed a bug: A logged error message around the L2TP/SSTP/OpenVPN user-authentication was incorrect.
- SoftEther VPN 1.00 Build 9029 RC2 Fix5 (March 17, 2013)
Fixed a minor bug and typo.
- SoftEther VPN 1.00 Build 9027 RC2 Fix4 (March 12, 2013)
Fixed a minor bug.
- SoftEther VPN 1.00 Build 9026 RC2 Fix3 (March 10, 2013)
Fixed a bug: the timeout to the DDNS server was too small.
- SoftEther VPN 1.00 Build 9024 RC2 Fix2 (March 09, 2013)
Fixed a bug: On Windows, VPN over DNS could not be enabled.
- SoftEther VPN 1.00 Build 9023 RC2 Fix1 (March 08, 2013)
Fixed a minor bug.
- SoftEther VPN 1.00 Build 9022 RC2 (March 08, 2013)
The initial release.