1. Ultimate Powerful VPN Connectivity

    Version as of 18:36, 4 Nov 2025

    to this version.

    Return to Version archive.

    View current version

    1.1. Firewall, Proxy and NAT Transparency

    One of the key features of SoftEther VPN is the transparency for firewalls, proxy servers and NATs (Network Address Translators). NATs are sometimes implemented on broadband router products.

     

    Backgrounds

    Generally, in company networks of nowadays, there are firewalls to isolate between the inside network and outside for ensuring security. Not only for purpose of security, but also companies use firewalls, proxies and NATs in order to share the precious IP addresses with many computer users in the office. So such devices are indispensable today.

    Tunnels of legacy VPN protocols, such as IPsec, L2TP and PPTP, cannot often be established through firewalls, proxy servers and NATs. There protocols were developed in the era before NATs were widely spread. For example, IPsec and L2TP use ESP (Encapsulating Security Payload) packets, and PPTP uses GRE (Generic Routing Encapsulation) packets. These packets are special forms of IP packets. Therefore generally firewalls, proxies and NATs are unable to pass these legacy VPN packets. Recently some venders of VPN products with IPsec, L2TP and PPTP tried to invent the extend method to pass through these wall devices, and some of VPN products are implemented with that extensions. But such extensions of legacy VPN protocols still have a problem of compatibles. In many cases, a user tries to establish a VPN connection by either L2TP or PPTP on the network which is with firewalls, proxy servers and NATs, but he will fail. You might have an experience that you stayed in the hotel room and tried to connect to your company's network by remote access VPN with either L2TP or PPTP but failed. The reason why it failed is that firewalls, proxy servers and NATs on the network were incompatible with either L2TP or PPTP.

    Hence, it can be said that today's network administrators have a headache for a problem of incompatibles between VPN connections and security devices.

    SoftEther VPN's Solution: Using HTTPS Protocol to Establish VPN Tunnels

    SoftEther VPN uses HTTPS protocol in order to establish a VPN tunnel. HTTPS (HTTP over SSL) protocol uses the 443 of TCP/IP port as destination. This port is well-know and almost all firewalls, proxy servers and NATs can pass the packet which are consisted in HTTPS protocol.

    HTTPS protocol is widely used on the Internet. When you open a web browser and access to the web site with security communications, HTTPS is used automatically. Thanks to HTTPS, you can transmit secret information such as credit card numbers via the Internet. Today's society activities are depending on HTTPS. Without HTTPS, you can no longer to use the Internet as a tool for electrical commercial transactions.

    Due to the fact that HTTPS is de-facto standard, almost all firewalls, proxy servers and NATs opens a path for HTTPS. Anyone who is in the LAN (Local Area Network) can establish any HTTPS connection between their hosts and any hosts on the Internet remotely. Exploiting this condition is the best way to realize a good transparency for VPN protocol.

    Thus, SoftEther VPN adopted HTTPS as the protocol for stabilizing and tunneling mechanism for VPN. SoftEther VPN can be used within almost all network environments, such as enterprise LAN, hotel room and airport free Wi-Fi access, differ to any other legacy VPNs such as IPsec, PPTP and L2TP.

    Due to this feature of SoftEther VPN, you can easily design your own VPN topology which is suitable for your demands with a minimal effort of modifying the existing current your network security devices. If you want to use SoftEther VPN on your network, you need few efforts of modifying the current configuration and policy on your network thanks to SoftEther VPN's feature of good connectivity.

    On the other hand, if you want to use legacy VPNs on your network, you have to modify the current network policies on the security devices such as firewall to allow passing the special IP protocol such as ESP and GRE. You also have to modify the configuration file on the firewall. Such works needs your extra effort and might cause some troublesome side effects on your stable and precious network. Not only bothering you by requirements of your efforts, you will have a risk to make the network dangerous because you have to change the setting of the firewall to punch a hold on it in order to allow passing the packet of legacy VPNs. If you use SoftEther VPN, you don't need either of these efforts and risks.

    Some networks such as airport Wi-Fi and hotel-room Internets are restricting of using any other VPN else HTTP and HTTPS, due to security reason. In such a highly restricted network, the only single way to use VPN is to use HTTPS-packet-tunneling VPN such as SoftEther VPN.

    Conclusions: SoftEther VPN is not just a VPN, but also very good VPN for an aspect of compatibility for Firewalls, Proxies and NATs.

    1.2. Supports Multiple Standard VPN Protocols

    SoftEther VPN Server supports not only VPN over HTTPS protocol described in the section 1.1. SoftEther VPN Server supports also L2TP/IPsec, OpenVPN, MS-SSTP, L2TPv3 and EtherIP protocols. They are Internet VPN standard protocols.

    Your iPhone, iPad, Android, Windows Mobile and other mobile devices are now able to connect to your SoftEther VPN Server from anywhere, anytime. You can also use Cisco Systems or other VPN router vendor's edge VPN products which are supporting L2TPv3/IPsec or EtherIP/IPsec in order to connect to your SoftEther VPN Server.

     

    Support L2TP/IPsec Protocol

    The following devices have built-in L2TP/IPsec VPN clients. They can connect to your SoftEther VPN Server, without any installation of client software on such devices.

    • iPhone
    • iPad
    • Android
    • Windows Mobile
    • Windows XP / Vista / 7 / 8 / RT
    • Mac OS X

     

    Support OpenVPN Protocol

    SoftEther VPN Server has a "clone function" of OpenVPN. If you have already installed OpenVPN for remote-access VPN or site-to-site VPN, you can replace the current OpenVPN Server program to SoftEther VPN Server program, and you can enjoy the strong functions and high-performance abilities of SoftEther VPN.

    The "close function" of OpenVPN on SoftEther VPN Server works same to OpenVPN Technologies, Inc.'s implementation, not only enough but also better performance and functionality. Your OpenVPN Client devices or edge-sites of VPN can connect to new SoftEther VPN Server very easily. You can adopt SoftEther VPN on both remote-access L3 VPN and site-to-site L2 VPN.

    The advantages to adopt SoftEther VPN Server instead of old OpenVPN Server program are as follows:

    • SoftEther VPN Server has easier configuration than OpenVPN Server by OpenVPN Technologies, Inc.
    • You can use Automated OpenVPN Configuration File Generator tool to make a configuration file (.ovpn) for VPN client.
    • SoftEther VPN Server supports not only OpenVPN. It supports all standard VPN functions, including SSL-VPN, L2TP/IPsec, MS-SSTP, L2TPv3/IPsec and EtherIP/IPsec. So you can integrate OpenVPN and other protocol's VPN servers into just one VPN Server by using SoftEther VPN Server.
    • User administration and security settings can be configured by GUI tools. The management functions are integrated. You can use single-path operation to manage the server.
    • All operating system which supports OpenVPN (e.g. Linux, Mac OS X, Linux, UNIX, iPhone and Android) can connect to SoftEther VPN Server.

     

    Support Microsoft SSTP VPN Protocol

    SoftEther VPN Server has a "clone function" of Microsoft SSTP VPN Server. You can connect to SoftEther VPN Server from Windows 7 / 8 / RT with built-in SSTP VPN Clients. SSTP (Secure Socket Tunneling Protocol) is a PPP over HTTPS protocol which Microsoft Corporation suggested.

    Originally, SSTP VPN Server functions are implemented on only Microsoft Windows Server 2008 / 2012. However, licensing fees of such Microsoft's server operating systems are very expensive. They are also difficult to configure for normal-skilled users. You can use SoftEther VPN Server to realize almost same functions and performances by using the close server of Microsoft SSTP VPN Server.

    The advantages to adopt SoftEther VPN Server instead of Microsoft SSTP VPN Server are as follows:

    • Very easy configuration than Microsoft's SSTP VPN Server.
    • No need to install a VPN Client on Windows clients. Built-in SSTP VPN client on Windows can be used to connect to SoftEther VPN Server.
    • Windows RT (ARM version of Windows) also has a built-in SSTP VPN client.
    • User administration and security settings can be configured by GUI tools. The management functions are integrated. You can use single-path operation to manage the server.
    • You are no longer to need purchase expensive Windows Serer 2008 / 2012. It can save your cost.
    • The SSTP VPN Server Clone Function of SoftEther VPN Server runs on non-Windows operating systems. It works on Linux, Mac OS X, FreeBSD and Solaris perfectly.

     

    Support L2TPv3/IPsec and EtherIP/IPsec Protocols

    Most of Cisco System's router products and other vendor's products supports L2TPv3/IPsec or EtherIP/IPsec VPN protocols. These protocols are to make site-to-site L2 bridging VPNs. SoftEther VPN Server supports L2TPv3 and EtherIP over IPsec. You can build a site-to-site L2 bridge connection by using your Cisco's router as an edge, and SoftEther VPN Server as a center. This has an advantage to reduce the cost. Cisco's center routers are very expensive. You can simply replace Cisco's high-end router in the center of VPN, to SoftEther VPN Server.