Table of contents
Combined revision comparison
...
As you know, Ethernet is a technology for using on LANs (Local Area Networks). Ethernet is very convenient and reliable standard in order to connect several computers togethermutual. With Ethernet, you can enjoy many network programs such as file sharing, printer sharing and accessing amounts of data on RDBMS (Relational Database Management Systems). Today there are no companies who have no LANs with Ethernet in their office.
Standard formation of Ethernet-using network is hub-and-spoke model. There are hubs (as know as Ethernet switches) central and each computercomputers has a cable to the hub. Then all computers can communicate mutually. The advantage of Ethernet is that you can understand the model very easily. This is a certain reason why Ethernet has been spread the world. Computers and hubs connected in order to enable them free communication consists an Ethernet Segment. It is also called as "Layer-2 Segment" or "Broadcast Domain" .
...
But you cannot use Ethernet beyond the walls of an office or building. NormallyIn normal condition, you know you can connect computers togethermutual only in a room or a building. But you cannot make a computer on site-A the site-A to communicate with another computer on the site-B with only Ethernet. The reason why you cannot is that Ethernet needsmust need wired Ethernet network cables to connect between devices. Network cables can be laid only in the building. You cannot lay the cable between the separated two or more buildings, because you cannot place any cables across the road. Of course there are other limitations of Ethernet, for example maximum distance of cable. And these limitations cannot be solved by using other physical media as extensions of Ethernet lately invented, such as Wi-Fi and optical cables.
"Ethernet" is totally different to "Internet". The Internet is the interconnected network of a lot of private networks and ISPs joined togethermutually. It is certain that we can pay ISPs inexpensive money to enjoy the connection to the Internet. You can connect both offices of Tokyo and Beijing to the Internet. And computers on each office can now access to the Internet. But still you cannot enjoy any software written for LAN internal use between two sites, even if they are connected bythere are both two Internet connections. What you can do are only as follows; for example, to exchange emails, to use Skype and Messenger software in order to exchange short messages or voices, and to access the same groupware to exchange schedules and so on. You can do these things if you have two sites and both sites have each Internet connection. But you cannot enjoy any other profits which are came from software for LAN, for example file sharing, print sharing, database protocols, CRMs, ERPs, and other applications which are developed for specified purposes. Again, Ethernet is not Internet. Internet cannot become alternative to Ethernet. Even if you connect both sites to the Internet, two sites don't construct the single Ethernet segment at all. If you want to use application for LAN, you must construct a single Ethernet segment to surround every your computers.
...
By now you understand the advantagesYou understood about the advantage of Ethernet and the difference between Ethernet and Internet, and also the limitation which is came from the difference. But you probably wonder if an Ethernet segment can be extended to other sites beyond any distance, for example beyond roadways between two buildings. If it could, it might be possible to use any applications for purpose of LAN use between two or mote sites.
...
Then you need any other solution. Fortunately, the cost to connect a site to the Internet is very cheap today. You can keep connection two or more sites to the Internet easily. Then if you install SoftEther VPN on each site, you can connect each segment of all sites mutually in order to build a single Ethernet segment. Before you establish the VPN tunnel, every site's network has its own Ethernet segment. Every segment is separated completely from every other segmentand mutually. After the VPN tunnel has been established, however, every segment is combined together and unites them into a 'virtual'then unites to the single segment. After that, you can run any protocols between every remote site regardless of, crossing the physical distance. You can use this technique forto both purposes of remote accessing and site-to-site connections.
...
An Ethernet switch, alsoEthernetswitch,as known as Hub or Layer-2 Switch, is a device to exchange packets between Ethernet hosts. A switch has a FDB (Forwarding Database) inside itself in order to determine the appropriate destination port of outgoing for a packet which came from incoming port. This behavior is called as "Switching"," as a major function of switches.
Ethernet network cable, as known as Cat5e or Cat6 Copper Cable, is a device to connect between Ethernet devices, such as Ethernet switches and Ethernet adapters. Ethernet Adapters are also called "NIC (Network Interface Card)" and placed on computer. Nowadays a computer usually has an Ethernet adapter built into its motherboard ("Onboard" adapter) . Additional adapters can be inserted onto theon its board. It is called "Onboard" . You know that you can insert more adapters on PCI or USB bus of the computer if neededyou need.
SoftEther VPN virtualizes Ethernet switching and emulatesswitch and emulate it. The virtual Ethernet switch is called "Virtual Hub" in the software. And SoftEther VPN virtualizes Ethernet adapter and emulate it. The virtual Ethernet adapter is called "Virtual Network Adapter" in the software. SoftEther VPN also virtualizes Ethernet network cable and emulates it. The virtual Ethernet network cable is called "VPN Session" or "VPN Tunnel" in the software.
Above three elements are important to understand SoftEther VPN. For example, when you want to build a remote access VPN in order to accept VPN connections from remote site to the company LAN, you will create a Virtual Hub on the VPN Server in the company LAN. That Virtual Hub constructs an Ethernet segment. And you connect together both the Virtual Hub and the physical network adapter on the server computer mutually. Then both segments of the Virtual Hub and the existing physical LAN are now combined and united as the single Ethernet segment. VPN Client software is then installedAnd you will installVPN Client software on the remote client PCsPC, for instance, a laptop PC. VPN Client software can create a Virtual Network Adapter on the client PC. You will create a connection setting in order to connect the VPN Client to the Virtual HubHUB on the VPN Server in your company. When you initiateignite the connection, a new VPN Session will be established between the Virtual Network Adapter and the Virtual Hub. This situation is very similar to that whenthat you attach the one end-side of an Ethernet cable to the physical Hub and the other end-side to the physical Ethernet adapter on the computer. From a functional and logical perspective, it is identical to a physical Ethernet connectionNot only similar, but it is also exactly same in the logical aspect of behavior of Ethernet. After you established the VPN connection, you can send and receive any protocols suitable for Ethernet. All packets are transmitted on the virtual cable, as called as VPN Session or VPN Tunnel.
OnceAfter once you understood the architecture of usingrealizing method of SoftEther VPN, you will also be able to understand that the potential possibilities for range of use of SoftEther VPN is almost infinite. The above example showsshow you the way to construct a remote access VPN, but you can apply the techniquethis way to make any other form of VPN. It is very easy to build a site-to-site VPN. The onlyOnly difference to remote access VPN is the opposite endends from the VPN Server is not a VPN Client but a VPN Bridge.
...
2.5. Virtual HubsHUBs, Cascades and Local Bridges
SoftEther VPN Server and SoftEther VPN Bridge has the concepts of Virtual HubsHUBs, Cascades and Local Bridges.
Virtual HubHUB
A Virtual HubHUB is an entity on the VPN Server and VPN Bridge which emulates a behavior of Ethernet switches in the real world. A Virtual HubHUB has its own FDB (Forwarding Database). Many of VPN Sessions will be connected to a Virtual HubHUB. Then every endpoint of VPN sessions can send and receive any Ethernet packets.
Any Virtual HubHUB can accept connections from both of VPN Clients and other Virtual HubsHUBs. VPN Client is a software program which is running on the user's client-endpoint PC.
...
On SoftEther VPN Server, you can create multiple Virtual HubsHUBs as you wish (up to 4096). Every Virtual HubHUB constructs own Ethernet segment and totally separated to other HubsHUBs even they are located on the same VPN Server computer. It is similar to a situation that there are some Ethernet switches on the same desk. Each Ethernet switch is not connected mutually so each Ethernet segment is independent. But if you connect an Ethernet network cable between any ports of every switch, Ethernet segments will be united as you did. As same as that, you can create a link between virtual HubsHUBs on the same computer if necessary. It is called "Cascade Connection" or simply "Cascade" . Cascade is a popular technical term of Ethernet. If a cascade connection is established, then every Ethernet segment on each Virtual HubHUB is now united as a single segment.
And you can also create a cascade connection between remote VPN Servers. So if you have VPN Server on both side of Tokyo and Beijing, and each VPN Server has a Virtual HubHUB, then you can establish a cascade connection between two Hubs. Then each HubHUBs. Then each HUB is now united as a single segment. A computer which is belonging to Tokyo's HubHUB is now able to communicate to another computer which is belonging to Beijing's HubHUB.
You can also define multiple cascade connections on a Virtual HubHUB.
...
Only the situation of existences of Virtual HubsHUBs, cascades and VPN Clients is not so convenient, because every computers have to be installed VPN Client each and have to connect to a Virtual HubHUB in order to make a communication between computers mutually. In that usage, any computers which are outside of the Virtual HubHUB's segment cannot participate in the communication circle. It is possible but not good for company use of VPN.
The Local Bridge function can be used to extend an Ethernet segment in Virtual HubsHUBs to the outside physical Ethernet segments.
Local Bridge is a technology to unite the virtual Ethernet segment and the physical Ethernet segment. You company has an existing Ethernet segment on the psychical Ethernet switch. To realize a usable remote either accessing VPN or site-to-site VPN, you have to connect between the Ethernet segment on the Virtual HubHUB and the Ethernet segment on the physical Ethernet switch somehow. The answer is to use Local Bridge. Local Bridge can be created for a purpose to make two segments to exchange Ethernet packets mutually. If you have a Local Bridge between the physical Ethernet segment and the Virtual HubHUB's segment, then all computers who are connecting on the Virtual HubHUB can communicate to all computers on the physical existing network. Practically, Local Bridges must be applied between a Virtual HubHUB and an Ethernet network adapter which is connected to the physical Ethernet switch. So in order to use Local Bridge you need dedicated physical Ethernet adapter. (In fact, the Ethernet adapter can be shared with other purpose, such as transmitting packets physically to the Internet in order to keep the VPN Session, but it is highly recommended to prepare a dedicated one due to performance matter.)
...
You can create not only virtual layer-2 switch (Virtual HubHUB) on the VPN Server, but also you can create Virtual Layer-3 Switch on the VPN Server. Layer-3 switch is an entity acts with behavior same as IP router. Current version of SoftEther VPN supports only IPv4 protocol on any Layer-3 Switches. Same as Virtual HubsHUBs, you can create multiple Virtual Layer-3 Switches on a VPN Server.
A Virtual Layer-3 Switch has multiple virtual interfaces and each interface can be connected to the Virtual HubsHUBs on the same VPN Server. Then you can organize IPv4 subnet routing for inter-Virtual HubsHUBs. If you want to create separated several Virtual HubsHUBs for any reason, for example security or management convenience, but you want to enable them to be routed by IPv4 traditional routing mechanisms, it is a simple way to create Virtual Layer-3 Switches to fulfill your demand rather than placing the physical IP routers or expensive layer-3 switch products on the physical network.
...
Version from 20:06, 22 Feb 2013
...
As you know, Ethernet is a technology for using on LANs (Local Area Networks). Ethernet is very convenient and reliable standard in order to connect several computers mutual. With Ethernet, you can enjoy many network programs such as file sharing, printer sharing and accessing amounts of data on RDBMS (Relational Database Management Systems). Today there are no companies who have no LANs with Ethernet in their office.
Standard formation of Ethernet-using network is hub-and-spoke model. There are hubs (as know as Ethernet switches) central and each computers has a cable to the hub. Then all computers can communicate mutually. The advantage of Ethernet is that you can understand the model very easily. This is a certain reason why Ethernet has been spread the world. Computers and hubs connected in order to enable them free communication consists an Ethernet Segment. It is also called as "Layer-2 Segment" or "Broadcast Domain" .
...
But you cannot use Ethernet beyond the walls of office or building. In normal condition, you know you can connect computers mutual only in a room or a building. But you cannot make a computer on the site-A to communicate with another computer on the site-B with only Ethernet. The reason why you cannot is that Ethernet must need wired Ethernet network cables to connect between devices. Network cables can be laid only in the building. You cannot lay the cable between the separated two or more buildings, because you cannot place any cables across the road. Of course there are other limitations of Ethernet, for example maximum distance of cable. And these limitations cannot be solved by using other physical media as extensions of Ethernet lately invented, such as Wi-Fi and optical cables.
"Ethernet" is totally different to "Internet". The Internet is the interconnected network of a lot of private networks and ISPs mutually. It is certain that we can pay ISPs inexpensive money to enjoy the connection to the Internet. You can connect both offices of Tokyo and Beijing to the Internet. And computers on each office can now access to the Internet. But still you cannot enjoy any software written for LAN internal use between two sites, even if there are both two Internet connections. What you can do are only as follows; for example, to exchange emails, to use Skype and Messenger software in order to exchange short messages or voices, and to access the same groupware to exchange schedules and so on. You can do these things if you have two sites and both sites have each Internet connection. But you cannot enjoy any other profits which are came from software for LAN, for example file sharing, print sharing, database protocols, CRMs, ERPs, and other applications which are developed for specified purposes. Again, Ethernet is not Internet. Internet cannot become alternative to Ethernet. Even if you connect both sites to the Internet, two sites don't construct the single Ethernet segment at all. If you want to use application for LAN, you must construct a single Ethernet segment to surround every your computers.
...
You understood about the advantage of Ethernet and the difference between Ethernet and Internet, and also the limitation which is came from the difference. But you probably wonder if an Ethernet segment can be extended to other sites beyond any distance, for example beyond roadways between two buildings. If it could, it might be possible to use any applications for purpose of LAN use between two or mote sites.
...
Then you need any other solution. Fortunately, the cost to connect a site to the Internet is very cheap today. You can keep connection two or more sites to the Internet easily. Then if you install SoftEther VPN on each site, you can connect each segment of all sites mutually in order to build a single Ethernet segment. Before you establish the VPN tunnel, every site's network has its own Ethernet segment. Every segment is separated completely and mutually. After the VPN tunnel has been established, however, every segment is combined together and then unites to the single segment. After that, you can run any protocols between every remote site, crossing the physical distance. You can use this technique to both purposes of remote accessing and site-to-site connections.
...
Ethernet switch, as known as Hub or Layer-2 Switch, is a device to exchange packets between Ethernet hosts. A switch has a FDB (Forwarding Database) inside itself in order to determine the appropriate destination port of outgoing for a packet which came from incoming port. This behavior is called as "Switching" as a major function of switches.
Ethernet network cable, as known as Cat5e or Cat6 Copper Cable, is a device to connect between Ethernet devices, such as Ethernet switches and Ethernet adapters. Ethernet Adapters are also called "NIC (Network Interface Card)" and placed on computer. Nowadays a computer has an Ethernet adapter on its board. It is called "Onboard" . You know that you can insert more adapters on PCI or USB bus of the computer if you need.
SoftEther VPN virtualizes Ethernet switch and emulate it. The virtual Ethernet switch is called "Virtual Hub" in the software. And SoftEther VPN virtualizes Ethernet adapter and emulate it. The virtual Ethernet adapter is called "Virtual Network Adapter" in the software. SoftEther VPN also virtualizes Ethernet network cable and emulates it. The virtual Ethernet network cable is called "VPN Session" or "VPN Tunnel" in the software.
Above three elements are important to understand SoftEther VPN. For example, when you want to build a remote access VPN in order to accept VPN connections from remote site to the company LAN, you will create a Virtual Hub on the VPN Server in the company LAN. That Virtual Hub constructs an Ethernet segment. And you connect both the Virtual Hub and the physical network adapter on the server computer mutually. Then both segments of the Virtual Hub and the existing physical LAN are now combined and united as the single Ethernet segment. And you will installVPN Client software on the remote client PC, for instance, laptop PC. VPN Client software can create a Virtual Network Adapter on the client PC. You will create a connection setting in order to connect the VPN Client to the Virtual HUB on the VPN Server in your company. When you ignite the connection, a new VPN Session will be established between the Virtual Network Adapter and the Virtual Hub. This situation is very similar that you attach the one-side of an Ethernet cable to the physical Hub and the other-side to the physical Ethernet adapter on the computer. Not only similar, but it is also exactly same in the logical aspect of behavior of Ethernet. After you established the VPN connection, you can send and receive any protocols suitable for Ethernet. All packets are transmitted on the virtual cable, as called as VPN Session or VPN Tunnel.
After once you understood the architecture of realizing method of SoftEther VPN, you will be able to understand that the potential possibilities for range of use of SoftEther VPN is almost infinite. The above example show you the way to construct a remote access VPN, but you can apply this way to make any other form of VPN. It is very easy to build a site-to-site VPN. Only difference to remote access VPN is the opposite ends from the VPN Server is not a VPN Client but a VPN Bridge.
...
2.5. Virtual HUBs, Cascades and Local Bridges
SoftEther VPN Server and SoftEther VPN Bridge has the concepts of Virtual HUBs, Cascades and Local Bridges.
Virtual HUB
A Virtual HUB is an entity on the VPN Server and VPN Bridge which emulates a behavior of Ethernet switches in the real world. A Virtual HUB has its own FDB (Forwarding Database). Many of VPN Sessions will be connected to a Virtual HUB. Then every endpoint of VPN sessions can send and receive any Ethernet packets.
Any Virtual HUB can accept connections from both of VPN Clients and other Virtual HUBs. VPN Client is a software program which is running on the user's client-endpoint PC.
...
On SoftEther VPN Server, you can create multiple Virtual HUBs as you wish (up to 4096). Every Virtual HUB constructs own Ethernet segment and totally separated to other HUBs even they are located on the same VPN Server computer. It is similar to a situation that there are some Ethernet switches on the same desk. Each Ethernet switch is not connected mutually so each Ethernet segment is independent. But if you connect an Ethernet network cable between any ports of every switch, Ethernet segments will be united as you did. As same as that, you can create a link between virtual HUBs on the same computer if necessary. It is called "Cascade Connection" or simply "Cascade" . Cascade is a popular technical term of Ethernet. If a cascade connection is established, then every Ethernet segment on each Virtual HUB is now united as a single segment.
And you can also create a cascade connection between remote VPN Servers. So if you have VPN Server on both side of Tokyo and Beijing, and each VPN Server has a Virtual HUB, then you can establish a cascade connection between two HUBs. Then each HUB is now united as a single segment. A computer which is belonging to Tokyo's HUB is now able to communicate to another computer which is belonging to Beijing's HUB.
You can also define multiple cascade connections on a Virtual HUB.
...
Only the situation of existences of Virtual HUBs, cascades and VPN Clients is not so convenient, because every computers have to be installed VPN Client each and have to connect to a Virtual HUB in order to make a communication between computers mutually. In that usage, any computers which are outside of the Virtual HUB's segment cannot participate in the communication circle. It is possible but not good for company use of VPN.
The Local Bridge function can be used to extend an Ethernet segment in Virtual HUBs to the outside physical Ethernet segments.
Local Bridge is a technology to unite the virtual Ethernet segment and the physical Ethernet segment. You company has an existing Ethernet segment on the psychical Ethernet switch. To realize a usable remote either accessing VPN or site-to-site VPN, you have to connect between the Ethernet segment on the Virtual HUB and the Ethernet segment on the physical Ethernet switch somehow. The answer is to use Local Bridge. Local Bridge can be created for a purpose to make two segments to exchange Ethernet packets mutually. If you have a Local Bridge between the physical Ethernet segment and the Virtual HUB's segment, then all computers who are connecting on the Virtual HUB can communicate to all computers on the physical existing network. Practically, Local Bridges must be applied between a Virtual HUB and an Ethernet network adapter which is connected to the physical Ethernet switch. So in order to use Local Bridge you need dedicated physical Ethernet adapter. (In fact, the Ethernet adapter can be shared with other purpose, such as transmitting packets physically to the Internet in order to keep the VPN Session, but it is highly recommended to prepare a dedicated one due to performance matter.)
...
You can create not only virtual layer-2 switch (Virtual HUB) on the VPN Server, but also you can create Virtual Layer-3 Switch on the VPN Server. Layer-3 switch is an entity acts with behavior same as IP router. Current version of SoftEther VPN supports only IPv4 protocol on any Layer-3 Switches. Same as Virtual HUBs, you can create multiple Virtual Layer-3 Switches on a VPN Server.
A Virtual Layer-3 Switch has multiple virtual interfaces and each interface can be connected to the Virtual HUBs on the same VPN Server. Then you can organize IPv4 subnet routing for inter-Virtual HUBs. If you want to create separated several Virtual HUBs for any reason, for example security or management convenience, but you want to enable them to be routed by IPv4 traditional routing mechanisms, it is a simple way to create Virtual Layer-3 Switches to fulfill your demand rather than placing the physical IP routers or expensive layer-3 switch products on the physical network.
...
Current version
...
As you know, Ethernet is a technology for using on LANs (Local Area Networks). Ethernet is very convenient and reliable standard in order to connect several computers together. With Ethernet, you can enjoy many network programs such as file sharing, printer sharing and accessing amounts of data on RDBMS (Relational Database Management Systems). Today there are no companies who have no LANs with Ethernet in their office.
Standard formation of Ethernet-using network is hub-and-spoke model. There are hubs (as know as Ethernet switches) central and each computer has a cable to the hub. Then all computers can communicate mutually. The advantage of Ethernet is that you can understand the model very easily. This is a certain reason why Ethernet has been spread the world. Computers and hubs connected in order to enable them free communication consists an Ethernet Segment. It is also called as "Layer-2 Segment" or "Broadcast Domain" .
...
But you cannot use Ethernet beyond the walls of an office or building. Normally, you know you can connect computers together only in a room or a building. But you cannot make a computer on site-A communicate with another computer on site-B with only Ethernet. The reason why you cannot is that Ethernet needs wired Ethernet network cables to connect between devices. Network cables can be laid only in the building. You cannot lay the cable between the separated two or more buildings, because you cannot place any cables across the road. Of course there are other limitations of Ethernet, for example maximum distance of cable. And these limitations cannot be solved by using other physical media as extensions of Ethernet lately invented, such as Wi-Fi and optical cables.
"Ethernet" is totally different to "Internet". The Internet is the interconnected network of a lot of private networks and ISPs joined together. It is certain that we can pay ISPs inexpensive money to enjoy the connection to the Internet. You can connect both offices of Tokyo and Beijing to the Internet. And computers on each office can now access to the Internet. But still you cannot enjoy any software written for LAN internal use between two sites, even if they are connected by Internet connections. What you can do are only as follows; for example, to exchange emails, to use Skype and Messenger software in order to exchange short messages or voices, and to access the same groupware to exchange schedules and so on. You can do these things if you have two sites and both sites have each Internet connection. But you cannot enjoy any other profits which are came from software for LAN, for example file sharing, print sharing, database protocols, CRMs, ERPs, and other applications which are developed for specified purposes. Again, Ethernet is not Internet. Internet cannot become alternative to Ethernet. Even if you connect both sites to the Internet, two sites don't construct the single Ethernet segment at all. If you want to use application for LAN, you must construct a single Ethernet segment to surround every your computers.
...
By now you understand the advantages of Ethernet and the difference between Ethernet and Internet, and also the limitation which is came from the difference. But you probably wonder if an Ethernet segment can be extended to other sites beyond any distance, for example beyond roadways between two buildings. If it could, it might be possible to use any applications for purpose of LAN use between two or mote sites.
...
Then you need any other solution. Fortunately, the cost to connect a site to the Internet is very cheap today. You can keep connection two or more sites to the Internet easily. Then if you install SoftEther VPN on each site, you can connect each segment of all sites mutually in order to build a single Ethernet segment. Before you establish the VPN tunnel, every site's network has its own Ethernet segment. Every segment is separated completely from every other segment. After the VPN tunnel has been established, however, every segment is combined together and unites them into a 'virtual' single segment. After that, you can run any protocols between every remote site regardless of the physical distance. You can use this technique for both purposes of remote accessing and site-to-site connections.
...
An Ethernet switch, also known as Hub or Layer-2 Switch, is a device to exchange packets between Ethernet hosts. A switch has a FDB (Forwarding Database) inside itself in order to determine the appropriate destination port of outgoing for a packet which came from incoming port. This behavior is called as "Switching", a major function of switches.
Ethernet network cable, as known as Cat5e or Cat6 Copper Cable, is a device to connect between Ethernet devices, such as Ethernet switches and Ethernet adapters. Ethernet Adapters are also called "NIC (Network Interface Card)" and placed on computer. Nowadays a computer usually has an Ethernet adapter built into its motherboard ("Onboard" adapter) . Additional adapters can be inserted onto the PCI or USB bus of the computer if needed.
SoftEther VPN virtualizes Ethernet switching and emulates it. The virtual Ethernet switch is called "Virtual Hub" in the software. And SoftEther VPN virtualizes Ethernet adapter and emulate it. The virtual Ethernet adapter is called "Virtual Network Adapter" in the software. SoftEther VPN also virtualizes Ethernet network cable and emulates it. The virtual Ethernet network cable is called "VPN Session" or "VPN Tunnel" in the software.
Above three elements are important to understand SoftEther VPN. For example, when you want to build a remote access VPN in order to accept VPN connections from remote site to the company LAN, you will create a Virtual Hub on the VPN Server in the company LAN. That Virtual Hub constructs an Ethernet segment. And you connect together both the Virtual Hub and the physical network adapter on the server computer. Then both segments of the Virtual Hub and the existing physical LAN are now combined and united as the single Ethernet segment. VPN Client software is then installed on the remote client PCs, for instance, a laptop PC. VPN Client software can create a Virtual Network Adapter on the client PC. You will create a connection setting in order to connect the VPN Client to the Virtual Hub on the VPN Server in your company. When you initiate the connection, a new VPN Session will be established between the Virtual Network Adapter and the Virtual Hub. This situation is very similar to that when you attach the one end of an Ethernet cable to the physical Hub and the other end to the physical Ethernet adapter on the computer. From a functional and logical perspective, it is identical to a physical Ethernet connection. After you established the VPN connection, you can send and receive any protocols suitable for Ethernet. All packets are transmitted on the virtual cable, as called as VPN Session or VPN Tunnel.
Once you understood the architecture of using SoftEther VPN, you will also be able to understand that the potential possibilities for range of use of SoftEther VPN is almost infinite. The above example shows you the way to construct a remote access VPN, but you can apply the technique to make any other form of VPN. It is very easy to build a site-to-site VPN. The only difference to remote access VPN is the opposite end from the VPN Server is not a VPN Client but a VPN Bridge.
...
2.5. Virtual Hubs, Cascades and Local Bridges
SoftEther VPN Server and SoftEther VPN Bridge has the concepts of Virtual Hubs, Cascades and Local Bridges.
Virtual Hub
A Virtual Hub is an entity on the VPN Server and VPN Bridge which emulates a behavior of Ethernet switches in the real world. A Virtual Hub has its own FDB (Forwarding Database). Many of VPN Sessions will be connected to a Virtual Hub. Then every endpoint of VPN sessions can send and receive any Ethernet packets.
Any Virtual Hub can accept connections from both of VPN Clients and other Virtual Hubs. VPN Client is a software program which is running on the user's client-endpoint PC.
...
On SoftEther VPN Server, you can create multiple Virtual Hubs as you wish (up to 4096). Every Virtual Hub constructs own Ethernet segment and totally separated to other Hubs even they are located on the same VPN Server computer. It is similar to a situation that there are some Ethernet switches on the same desk. Each Ethernet switch is not connected mutually so each Ethernet segment is independent. But if you connect an Ethernet network cable between any ports of every switch, Ethernet segments will be united as you did. As same as that, you can create a link between virtual Hubs on the same computer if necessary. It is called "Cascade Connection" or simply "Cascade" . Cascade is a popular technical term of Ethernet. If a cascade connection is established, then every Ethernet segment on each Virtual Hub is now united as a single segment.
And you can also create a cascade connection between remote VPN Servers. So if you have VPN Server on both side of Tokyo and Beijing, and each VPN Server has a Virtual Hub, then you can establish a cascade connection between two Hubs. Then each Hub is now united as a single segment. A computer which is belonging to Tokyo's Hub is now able to communicate to another computer which is belonging to Beijing's Hub.
You can also define multiple cascade connections on a Virtual Hub.
...
Only the situation of existences of Virtual Hubs, cascades and VPN Clients is not so convenient, because every computers have to be installed VPN Client each and have to connect to a Virtual Hub in order to make a communication between computers mutually. In that usage, any computers which are outside of the Virtual Hub's segment cannot participate in the communication circle. It is possible but not good for company use of VPN.
The Local Bridge function can be used to extend an Ethernet segment in Virtual Hubs to the outside physical Ethernet segments.
Local Bridge is a technology to unite the virtual Ethernet segment and the physical Ethernet segment. You company has an existing Ethernet segment on the psychical Ethernet switch. To realize a usable remote either accessing VPN or site-to-site VPN, you have to connect between the Ethernet segment on the Virtual Hub and the Ethernet segment on the physical Ethernet switch somehow. The answer is to use Local Bridge. Local Bridge can be created for a purpose to make two segments to exchange Ethernet packets mutually. If you have a Local Bridge between the physical Ethernet segment and the Virtual Hub's segment, then all computers who are connecting on the VirtualHub can communicate to all computers on the physical existing network. Practically, Local Bridges must be applied between a Virtual Hub and an Ethernet network adapter which is connected to the physical Ethernet switch. So in order to use Local Bridge you need dedicated physical Ethernet adapter. (In fact, the Ethernet adapter can be shared with other purpose, such as transmitting packets physically to the Internet in order to keep the VPN Session, but it is highly recommended to prepare a dedicated one due to performance matter.)
...
You can create not only virtual layer-2 switch (Virtual Hub) on the VPN Server, but also you can create Virtual Layer-3 Switch on the VPN Server. Layer-3 switch is an entity acts with behavior same as IP router. Current version of SoftEther VPN supports only IPv4 protocol on any Layer-3 Switches. Same as Virtual Hubs, you can create multiple Virtual Layer-3 Switches on a VPN Server.
A Virtual Layer-3 Switch has multiple virtual interfaces and each interface can be connected to the Virtual Hubs on the same VPN Server. Then you can organize IPv4 subnet routing for inter-Virtual Hubs. If you want to create separated several Virtual Hubs for any reason, for example security or management convenience, but you want to enable them to be routed by IPv4 traditional routing mechanisms, it is a simple way to create Virtual Layer-3 Switches to fulfill your demand rather than placing the physical IP routers or expensive layer-3 switch products on the physical network.
...
