What is Reddit's opinion of
SoftEther VPN?
From 3.5 billion Reddit comments
➔ SoftEther VPN website
By popularity on Reddit, this Service is:
100 reviews of this app found across Reddit:
love it.
Porn Hub started offering a free VPN to the masses out of the kindness of their well-endowed breas..hearts.
I would go with Openvpn on a server or router if its supported. If you want to run it on a server you could look into https://www.softether.org/ , It's a nice looking solution that I use for my homelab.
+1 on the UBNT ERL. We deploy them for our non-MSP clients, it costs them $99 and it's a great unit. Make sure to upgrade the firmware to 1.7 for some traffic tracking.
I've not used the VPN options on the ERL since I like SoftEther VPN so much. If you need VPN either site-to-site or mobile VPN, I highly suggest SoftEther VPN server running on a little 512M memory VM.
You might also want to try SoftEther VPN. It's an open-source P2TP VPN server written by the University of Tsukuba in Japan. It is free, easy to use and most importantly it supports clustering and thereby scaling horizontally.
Ok, looks like the VPN you sent me uses their own closed source protocol. Those are your choices right now: OpenVPN(Probably not going to work since you said that all other VPNs don't work), L2TP over IPSec, PPTP(Not encrypted, not recommended), shadowsocks and the softether protocol(Only one that worked for me). The easiest way to set up all but one of those in a user friendly way is [Softether](softether.org) (open source). I suggest that you keep a pc on at home and remote control it via team viewer in case you need to configure something or make sure it is still on. Follow this tutorial to install the server on a Windows machine. Open up port 443 and enable it in softether as well. Next, try to connect to your VPN server using the softether client and your public ip. Success? Go try it out in school! Make sure your public IP address didn't change. Softether also supports l2tp over IPSec and MS-SSTP if you're interested in trying that out. You can also configure softethers dynamic subdomain if you don't want to check the IP every day. Please don't hesitate to ask me if you have any problems, but also don't forget to tell me if it worked ;) Your bandwidth is limited by your home's upload speed though but it's as easy(if you've done it 3 times like me) as installing it on a cheap vps.
SoftEther VPN is another (now open-source) option. It has support for loads of clients and protocols (including OpenVPN) and has some neat tunnelling features (VPN over HTTPS, DNS or ICMP)
You can actually just run the VPN server on your Windows VPS, such as SoftEther, enable the protocols you want so you can even access it from your OS native VPN client, then set the firewall to only allow listening to RDS from that interface, done.
Softether. You have client applications (for configuration) on windows and macos. The server itself can be on linux (VM). You have plenty of videos on youtube how to set it up.
If you guys have a Korean VPN, you can use this link for stream: http://sports.news.naver.com/tv/index.nhn?category=epl&gameId=2017121010011830574
You can find free Korean VPN here: https://www.softether.org/5-download
You just need the Korean VPN to start the stream, usually you can turn it off when it's up and going and it'll continue to work. It's a bit of work, but hey, it's 720p and decent frame rate (min. 30 fps).
SoftEther is also free open source software, is significantly easier to set up, works without client software on most operating systems, has many native ways of getting through firewalls and performs better
In this case you could circumvent the problem by utilizing a VPN, that is based on regular HTTPS (like SoftEther does) to use skype or streaming sites with the value package. Have used this VPN type quite a lot of times and it manages to fool DPI better than TOR bridges do.
You are on a cruise ship anyway, so get off your device.
This is very relevant and an easy way to circumvent MITM because afaik SoftEther is a VPN protocol wrapped inside HTTPS, this means even if the HTTPS connection is tampered with using MITM the data stream inside of HTTPS is still encrypted. The proxy would need to be built specifically to strip multiple layers of data, which is problematic because this would require the proxy to know the wrapped protocol. I'm unaware of a proxy software that loops decrypted data into the decryption routine again.
This double encryption can be disabled though if you need to for whatever reason
In that case, OP should actually consider running a softether VPN on port 443 instead of trying to fool around with onion service connections.
Don't get me wrong, onion servives will do what he wants it to; as long as the firewalled network allows tor connections. In most cases this isn't possible in a limited network without some kind of bridge. Every network is different though.
File transfer will be much faster if he goes the softether route. Also with OpenVPN support, he would be able to connect to it without special software on most smartphones. Configuring it on port 443 and using tcp traffic will pretty much guarantee he will always have a connection regardless of the network limitations.
Once I found out my school's website was using a crappy email suite's webserver, googled it, found an exploit, and was able to get a directory listing. It actually had all the teacher's emails, but I didn't check that, because I saw surveillance.htm. Clicked it, link to every camera in the school. They didn't password it at all. I checked it one day in programming class after I was done, other people saw it, next day EVERYONE in the school knew. day after, I get called in to the office "not to do anything I wasn't supposed to.". I told him to put passwords on the cameras. He ignored me. Before I left, on my last day, I checked and they still didn't have passwords.
I also used to play a standalone copy of team fortress classic with 3 other guys during lunch. about a week after a school shooting threat, some new teacher said we weren't allowed to play violent games. We told her we've never had anyone say anything about it before, and as far as we knew there were no rules in the school handbook nor the computer usage agreement about restricting content like this, and pointed out that the principal had seen us playing it before with no issues. She went and whined to him and he said that some parents might get offended if they come in the school. We told him we'd tell them off for him, but he declined the offer.
My college's wifi blocks a lot of stuff, including the website for SoftEther, a proxy software, but strangely not ssh clients. It also blocks steam client logins, but not the steam website.
close origin
download this
https://www.softether.org/5-download
when you install it, open it, and double click the second option "VPN gate public VPN relay servers"
find a north korean one and connect.
re-open origin. It should say the time and date it unlocks at
once you open the game, you can disconect the VPN, but you will have to close origin, VPN, and then open it until next friday
If you don't mind using an external company to manage your network connections, and you can live with the limits they all place on free accounts, then Tailscale, ZeroTier, Enclave, Wiretrustee and a bunch of other like services are now available, and all if properly configured, can access systems behind NAT firewalls.
If you want something that gives you more control of your network, but can still get through NAT firewalls, without having to open ports, look at https://www.softether.org/ Softether has been around for years, it is opensource and is well supported out of the University of Tsukuba, in Japan. It has free external helper services to handle ddns and to keep ports open if your system resides behind a fully blocked router, without being as heavy handed and restricted as Tailscale and like programs. There is no sign-up or limits on using their helper services. It runs on Windows, MAC and Linux, and there is even an Openwrt port that I use on my travel router. I have been using Softether for years.
Install the SoftEther server on your VPS, enable the virtual hub for the network interface connected to the internet, a virtual NAT for the VPN client, then create a local bridge between the client and the virtual hub.
It's a little bit complicated though configuring it unless you want the various SoftEther features. If you just want to turn your Linux based VPS to be your VPN server, installing OpenVPN and Wireguard is far more straightforward.
Yup. I thought after all this years kancolle finally released from region lock. But then I couldn't login without KC3 after chrome's cache is cleared. Android app could login just fine though.
https://www.softether.org is Japanese VPN i often use.
edit :link
As others have said, VPN is the most secure way to go. OpenVPN comes as a VM appliance for either ESXi or HyperV.
Softether is a free solution as well that installs as an application on Windows or Linux (or MacOS). It's pretty easy to set up and use. The only problem is you have to open quite a few ports on your router but Softether can be secured with AD creds (or just username and password). I've never had a problem with security in Softether (except that one time I was testing with a public login and forgot to turn it off).
Another less secure solution is to just open port 3389 to your server and remote in using RDP. I have this set up as a backup option if my VPN isn't working. I changed my RDP port on the VM I remote into from 3389 to something more obscure and less often scanned for.
relatively simple procedure:
1. create a server and put files on it.
2. install a VPN on the server and your laptop. (This looks promising)
3. map a drive.
4. profit?
Then choose VPNGate and find a Korean VPN that works. I can confirm that it is working as of now. The game unlocked 3 minutes ago and I just launched it.
NOTE: It IS against the Steam TOS/other stuff to use a VPN for this. It is entirely up to you if you want to risk that.
Personally I've done this a couple of times before and it has worked fine. That is still no guarantee that it will for you, so please be careful.
I'm running SoftEther on a VPS, with clients across Windows, Linux, and Android. It's incredibly easy to manage and configure; much much much easier than OpenVPN. And it supports multiple protocols, so you can have the same virtual VPN host supporting L2TP/IPSec, OpenVPN, SSTP, etc, and it has the ability to tunnel a VPN through HTTPS, DNS, and ICMP (for use where the devices are behind restrictive firewalls, though I do not condone this practice generally.)
The Linux server setup isn't hard, the Windows server setup is a cakewalk, and once setup you can admin it from either the command line or a rather nice Windows administration UI.
On Android devices, I just use the built in VPN to connect to it via L2TP/IPSec, but you could use any OpenVPN client just as easily. SoftEther will generate the config file and you just drop it in basically.
>a window shows up telling me what the assigned IP address is.
>Is this the address i need to put into the Firewall rule to be allowed in
Correct
>what IP address do I put when i launch Remote Desktop Connection to that server
The SoftEther VPN's IP, from https://www.softether.org/index.php?title=4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.7_Virtual_NAT_%26_Virtual_DHCP_Servers see the Virtual Host Network Interface's IP address. It should be in the same subnet as the assigned IP to the client.
If the ISP & router allows opening port, it should be just plugging a Pi with PiVPN and that's it, update can be configured to install automatically. If opening port is impossible, install Softether and use their free Azure relay (your traffic still go straight to your family, Azure is only used for initial handshake)
Softether. https://www.softether.org/
​
It was designed to be essentially a drop in replacement for several VPN clients.
​
You can even do L2 bridging, and it will support it with Cisco hardware too.
​
Great utility and has a Windows version if you need that as well.
OK, so here's likely why it's having issues.
Since softether is bringing the client on in bridge mode, this is why your home router is the one assigning the DHCP address.
Since you're coming in on that IP address, and that has the same physical (L2) address, I'm wondering if it's an issue with stale arp entries on your home main router or the Debian server itself, the inability to get the "hairpin" , or something related to that.
If it were me, I would consider flipping the vpnserver into L3 - routed mode.
The only way they would know your location is by looking at your IP address. If you have someone technical in the family, they can install a VPN server on one of the computers at your "official" address and you can always tunnel your internet connection through that server so it appears you are always connecting from there. Of course if Enterprise has its own VPN that you need to connect to, it most likely won't work.
Here's some free vpn servers:
There are many out there, but those 2 are cross-platform, and I don't know what operating system you would want to run yours on.
my comment want not entirely useless, but this will make is more useful
https://www.softether.org/4-docs/2-howto/3.VPN_for_Mobile/1.iPhone_and_Android
The best for me is SoftEther VPN Project. One person installs the server and the other the client. It seems to be the only one to support broadcast packets. If configured correctly, your friend wouldn't need to connect to you in CoD2' server browser via IP, your server would be shown to him, like a physical LAN network. Tested and working perfectly in old games like Age of Mythology and Counter-Strike 1.6. I do this myself to connect to computers of a LAN gaming center from my home. Port forwarding and static *LAN IP*s would be needed though.
I like to use softether because it's such a powerful tool. Censorship bypass, faster than openvpn, open source, etc. IIRC it's ddns system can get around port forwarding by using STUN if you don't want to do it. It also hosts multiple different VPN servers at the same time, like openvpn, l2tp, sstp, etc.
This should help out. https://www.softether.org/4-docs/2-howto/6.VPN_Server_Behind_NAT_or_Firewall/2.VPN_Azure
Additionally, a document here explains that the UDP hole punching method used for nat traversal will use their servers. https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/src/WARNING.TXT
You can try r/https://www.softether.org/
It's shared residential IPs which have JPN IPs as well. I was able to connect and browse on Netflix Japan contents.
Using this just to watch Terrace House. lol
We once setup a L2TP VPN server in our public VPC: https://www.softether.org/
I think it's possible to connect FritzBoxes to L2TP VPN servers.
EDIT: Yes it is, see here.
Ok, so the hardware is fine. PC Engines boxes were the "go to" for a pfSense install for a long time.
I have the same hardware with the latest pfSense (2.4.3-p1 or whatever the naming convention is), and that is the maximum single-core throughput.
For a bunch of different OS-specific reasons, FreeBSD/pf limits a single "flow" - TCP data stream, for example - to a single CPU core. If you can get enough parallelization in your traffic - enough "flows" - FreeBSD/pf will max out your CPU cores. The idea being you could have multiple 250Mbit data streams, which would be distributed across the CPU cores, giving you 1Gbit of throughput.
See my post about it: https://www.reddit.com/r/PFSENSE/comments/8sa0p6/update_for_multicore_routingfirewall_and_openvpn/e0y8u8x/
And the corresponding post by the head pfSense developer at Netgate (I think that's the right description): https://www.reddit.com/r/PFSENSE/comments/8sa0p6/update_for_multicore_routingfirewall_and_openvpn/e0yf68t/
I don't know how many other implementations of OpenVPN (the protocol) other than OpenVPN (the software) there are, but OpenVPN's (the project) implementation of OpenVPN (the protocol) ~~may be~~isn't the only one, and it is most certainly not that efficient. (confusing, right? The project and the protocol have the same name)
EDIT: SoftEther VPN is a competing implementation of the OpenVPN protocol: https://www.softether.org/
I can offer the observation - and some anecdotes - where SSL VPN technologies are ALWAYS slower than IPsec VPN implementations. OpenVPN on whatever your firewall OS is is just one of many examples. OpenVPN is not a good test of the encryption throughput of the device.
usa SoftEther! qua la guida Per Android!
Progetto nato nell' universita' di retsuba come tesi di laurea di tale Dayuu Nobori, oggi e' un protocollo VPN open source criptato e decentralizzato, implementato secondo i piu' stringenti criteri di sicurezza e rigore nipponico.
Rilasciato sotto licenza GPL per evitare magheggi governativi, SoftEther consente a chiunque lo desideri di fungere da server per chiunque ne abbia bisogno.
Ai profani lo consiglio per praticita' e versatilita', agli esperti per l' ingegno che ci sta dietro. Leggetevi la pagine della documentazione, Nobori mette in atto idee molto interessanti anche dal punto di vista didattico.
Welcome to my world. I have a spare windows laptop set up for times when my ISP gives me shit. Same set up may work for you.
Here is what you need to do:
- Get a cheap VPS Server. I am using BuyVM's $15/year VPS. Cheapest I could find.
- Install SoftEther Server on the VPS.
- Install the SoftEther Admin and Client apps on your local machine.
- Connecting to SoftEther will provide a tunnel interface. I use my WiFi connection to connect to ISP router.
- Share the tunnel with your Ethernet interface and use network cable to connect Xbox.
My overall connection looks like this:
ISP Router -wifi-> Laptop -vpn-> Softether(Server) -ethernet-> Xbox
Let me know if you need more specifics.
So I might have answered my own question: https://www.softether.org/ Looks like its a clone of OpenVPN but uses "SSL-VPN Tunneling on HTTPS" to avoid deep packet inspection. What do you guys think?
i use this https://www.softether.org/ just connect to any VPN and load the stream once it loaded you can disconnect the VPN so it wouldn't be laggy. Problem is you would need to redo the VPN thingy to open a new stream else it wont load.
You can create your own VPN in aws/azure using openvpn. It's $15/yr. per client license (with 2 free).. Took me about an hour or so to set up and I'm not a sysop..
Edit: SoftEther VPN is free..
No, the server side runs on Linux just fine.
You probably mean the Server Manager admin software, that is Windows only but its an optional utility. You don't need it to run the VPN server. That is a click and point GUI interface to manage multiple VPN servers remotely trough the Internet.
You can install it on any Windows computer and then connect it remotely to your Linux VPN server for management, you can actually connect Windows and Linux VPN servers to it and manage multiple VPN servers from the same graphical interface: https://www.softether.org/4-docs/1-manual/2._SoftEther_VPN_Essential_Architecture/2.4_VPN_Server_Manager
If you are comfortable with running commands on Linux you don't need it.
Here it is clearly stated https://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server/1.Setup_L2TP%2F%2F%2F%2FIPsec_VPN_Server_on_SoftEther_VPN_Server that you need to forward the UDP ports 500 and 4500 to the server for L2TP/IPSec, if you want to use the L2TP that is built-in iOS.
Your other option is https://www.softether.org. softether is an L2tp solution so in most cases you won't have to install client software on your device, the OS will already have the option to connect to the VPN. This is especially useful for devices like the Chromebook where setting up openvpn is extremely hard unless you have access to Android apps.
I was using windows build in VPN server for my iPhone, but with the update of iOS 10 i could no longer use windows default due to windows is PPTP and iOS 10 doesn't support it anymore. Well long story short i did like you and posted a question and someone came through with this wonderful software. I installed a setup a L2TP VPN server and its flawless! Now I didn't sit around and forward each port i just set my router to DMZ to that windows PC because there isn't shit on it but the VPN service running :)
edit
I also am tech savvy but for the life of me i couldn't get OpenVPN to work for me! I mean i gave it hours of time and i just couldn't get it. Now i may of just missed something stupid but i couldn't get it, i installed Softether and within less then 10min i had a VPN setup and my Mac and iPhone both connecting without issue!
Someone on the network probably had some infection which was either spamming, DDOSing or trying to bruteforce which resulted in the blacklist.
Unfortunately, there isn't much you can do. I believe the entire block might get blacklisted in some cases. You could try using a VPN, but they face this issue more often.
The above VPN is free and the bandwidth is contributed by other uses, so that might work for you.
No, what he actually is trying to say is to set up an SSTP server. IIS supports the option to do this while continuing to host a regular HTTPS website, and you don't need to do essentials for this: Any windows server install will do it. That said, you probably don't want windows server at all, so the best alternative is probably SoftEther which will also happily allow you to run a VPN server for free, and it supports Windows, Linux, FreeBSD, Solaris, and Mac OSX. It also supports a multitude of alternative VPN connection types (L2TP/IPSec, OpenVPN, etc). It's pretty easy to get up and going as well: The only annoying thing about it is it doesn't support Let's Encrypt out of the box (So you'd have to import the cert manually. Don't know how they store them either, so you might have to do it every 3 months.)
That said, SSTP is just a VPN: It wouldn't do that 'each user can only access HIS data' part. You could technically set up active directory and set up user permissions so that is the case but that's probably a bit advanced for what you want.
Simply setup your Pi with SoftEther (OpenSource, can be compiled on Pi).
You can configure all common VPN protocols, however I would go with SSTP for windows devices. It appears as common ssl traffic and no additional software is needed.
Good luck
No way for me test it out (don't even have gigabit locally), but check out https://www.softether.org/
They claim > 900Mbps throughput, in their own benchmarking (in 2012 I think)
The testing environment was: Windows Server 2008 R2 x64 on Intel Xeon E3-1230 3.2GHz and Intel 10 Gigabit CX4 Dual Port Server Adapter.
SoftEther VPN Protocol achieved 980Mbps by using SoftEther VPN Server. L2TP/IPsec Protocol resulted 614Mbps by SoftEther VPN Server, while resulted 593Mbps by Microsoft's Windows Server 2008 R2's Routing and Remote Access service (RRAS). SSTP resulted 737Mbps by SoftEther VPN Server, while resulted 715Mbps by Microsoft' s Windows Server 2008 R2. OpenVPN (L3) resulted 89Mbps by SoftEther VPN Server, while resulted 76Mbps by OpenVPN's original implementation. OpenVPN (L2) resulted 90Mbps by SoftEther VPN Server, while resulted 83Mbps by OpenVPN's original implementation.
But... They only blocked VOip on mobile, not landlines... Are you telling me you're playing Battlefield through a mobile connection? Daamn.
Reading through it again I realized the article was from 2010, so nevermind XD
Anyway, you can try Freelan? There's also SoftEther so you can try it if Freelan doesn't work out for you :)
Use a VPN. If you don't want to pay for a VPN and you have a machine at home you can keep on, download softether.
It's free, it's fairly easy to set up for a novice (Easier than OpenVPN) and it'll give you an OpenVPN compatible endpoint you can use on your phone, as well as a fast and easy to use VPN system on your laptop.
I'd recommend for people to use SoftEther instead of OpenVPN. It's a lot easier to configure, has built-in support for dynamic DNS, and has optional compatibility with OpenVPN clients as well as other VPN protocols. I've been using it on my RPi until recently (just upgraded to an ODROID-C1 for GigE) with no problems.
SoftEther looks neat. I think I'll play with it, but I doubt I'll switch to it permanently from OpenVPN and IPsec.
To provide a counterpoint to their claim that it's faster than OpenVPN though, a couple weeks ago I tweaked OpenVPN 2.3.6 (latest) on Debian Stable to ~1.9 Gbit/Sec between two VMs on the same ESXi 5.5 host with an E3-1230v3 CPU (2.4 Gbit/Sec when using jumbo frames). This is a similar hardware setup to what's listed on the SoftEther graphic, which shows it at <100Mbps. My server config file:
cipher AES-128-CBC tun-mtu 24000 fragment 0 mssfix 0 sndbuf 2097152 rcvbuf 2097152
ifconfig 10.8.0.1 10.8.0.2 dev tun secret static.key user nobody group nogroup persist-key persist-tun keepalive 10 120
I did have to read the man page top to bottom, but in the end there's really not much to it. Without the top half, OpenVPN uses its defaults for everything, and even then I got 430 Mbit/Sec. So they are showing performance for it from a version that is 3+ years old.
IPsec in transport mode is even faster, and incurs less CPU usage.
As for stability, I have several persistent site-to-site OpenVPN tunnels that have been rock solid for over a year.
A VPN is basically a software you use that runs in background, nothing really hard. If you're running Linux or Windows, I suggest SoftEther. It's very easy to configure, and supports a lot of VPN protocols, so you're sure it runs fine with both iOS and Android, and all computer OSs.
Here is a link to SoftEther: https://www.softether.org
And here is a link to the tutorial I followed: https://www.digitalocean.com/community/tutorials/how-to-setup-a-multi-protocol-vpn-server-using-softether
The tutorial is for Linux, so it's mainly Terminal work. But if you're on Windows, it's even easier because SoftEther has a GUI for it.
You'll also need to forward a few ports of you're on your Home Network. Easy as well, so I can give you a tutorial link if you don't know how to forward ports.
Good luck, and just ask if you have any question. I'd love to help.
You would need to be connecting through your chosen VPN client.
I happen to chose this one https://www.softether.org/ since it claims to accept connections from some other clients as well.[](/chibiluna)
SoftEther is a free, easy to configure, and open source VPN system [works on Windows, Mac, and Linux]. That plus dynamic DNS if your NAT'd network has a dynamic public IP should work well. I've included a link to the page on NAT traversal features. I'll throw together a test real quick with VMs to see if the solution works as expected.
You can use the Amazon method, which seems to be popular. http://www.pso-world.com/forums/showthread.php?t=220299
I haven't personally tried the Amazon method, so I don't know how well it works, but I see it recommended quite a bit.
You can try SoftEther, and use vpngate.net. SoftEther has a built in thing for VPNGate that will list all the servers available. I've installed it a few times on different machines, and sometimes it isn't there for some reason. May be an issue with something I'm doing. But, I also have issues connecting and finding a reliable VPN through SoftEther.
I personally use OpenVPN, and have a config file from vpngate.net that seems to work pretty well 90% of the time. I get the occasional disconnect (not very often) or lag spike (also not very often). If you'd like my config file for OpenVPN I can send it to you.
AirPort's can only allow VPN passthrough with Port Forwarding. They cannot actually serve as a VPN themselves. If you want to setup a VPN, I'd suggest using SoftEther. It's really simple to setup.
However, you could also use Back to My Mac to access the TimeCapsule.
The Windows app is just a manager app to change the configs, once you set it up you can just remove it. If you don't have a Windows PC where you can install it, they have [command line manager](https://www.softether.org/4-docs/1-manual/2._SoftEther_VPN_Essential_Architecture/2.6_VPN_Command_Line_Management_Utility_(vpncmd\))
Softether works on Pi and it can emulate L2TP, you don't even need to port forward with the built-in relay service (after the handshake connection go directly without cloud)
I did a quick dive online into if they were blocking ports. This might work for you. https://www.softether.org/
"There are many type of VPN protocol. Here are few.
SSTP, PPTP, L2TP/IP Sec, OPENVPN, IKEv2, SoftEther.
Generally all https traffic is routed through port 443 and this port is open for all school or college. Try connecting to VPN through this port, it may work.
But some college are strictly monitoring all traffic and all VPN tunnels are blocked. In that case you can try to use SSTP. This will use port 443 and encrypt all data and a VPN connection can be made.
But some clever IT managers can detect SSTP connection and can temporarily block SSTP. You can just disconnect and reconnect to establish a VPN session again.
You can also use Softether. There is an option to connect through 443 port and it also works good. But make sure your VPN provider have support for SoftEther. SoftEther and SSTP are almost similar."
If your firewall has it built-in, that's definitely the best way to go.
If not, fire up SoftEther on that W12 server and go through the step-by-step for the installation/configuration. I've used it for my home network, a family friends' small business who will never trust OneDrive or G Drive and SWEARS by his W2003 network drive, etc. and it's extremely simple and has a TON of great features. You can use AD for authentication, access the VPN from an iOS device, and even use the built-in VPN client in Windows i.e., NO extra software to install on your employee devices!
>I’d love to have Airsonic or Navidrome on the VPS accessing the file on the NAS at my home. What would be the best way? I was thinking about Wireguard but I’m quite a newbie and don’t know where to start.
Also, you can use Softether VPN or tinc to set up a VPN network between two sites/locations. https://www.softether.org/
Just wanted to recommend a few things:
Every Friday 9pm-10pm JPT, there will be a FGO Radio here: https://www.uniqueradio.jp/agplayer5/player.php
Also, for streams like the upcoming new year ones where it is region locked, you can use this free VPN that is headed by a Japanese University: https://www.softether.org/
You need to enter it to the "remote". From the firewall's PoV your SoftEther interface is a "remote" (despite actually being a virtual adapter in your server)
See https://www.softether.org/index.php?title=4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.7_Virtual_NAT_%26_Virtual_DHCP_Servers for the configs.
>Would it be possible to create a VM on my PC, leave it turned on 7/24, and then let them use 1 (or more) VMs remotely pretty much anytime they want to?
Sure. Create as many VMs as your PC is able to run proving expected/sustained performance.
To connect VMs remotely set up VPN. You can use Softether VPN or tinc. https://www.softether.org/
https://www.tinc-vpn.org/
Going to recommend SoftEther VPN since no one else has yet.
It is completely open-source and free and it is maintained by a community, not a company.
No VPN is perfect, but I trust open-source tech a lot more than I trust shady proprietary programs that are run by companies just looking to make a buck.
To avoid doing something like this at work, I implemented SoftEther VPN on an old Windows laptop. Works great and seems secure.
Worth considering. Of course there are other VPN solutions, but this is free.
There is some service such as SoftEther Azure Relay where the server maintains a connection to an Azure relay server, so client trying to connect will contact the Azure relay server first, which trigger the server to open a direct connection to the client. But this is meant for situations where the server can't have an open listening port due to ISP or corp firewall limitation, notice that the server still have an open port to the Azure relay server.
Now you probably think "but that means the server can't be port scanned", well that's precisely what tls-auth does, without a valid signature, any incoming UDP packet is dropped, so there's literally no way for attackers to find out if anything is actually listening on that port.
For softether the logs are localized and more for diagnostic purposes. They can be disabled: https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.A_Logging_Service
As for logs being taken by the Burmese junta, they do not have the expertise nor manpower to actively monitor them. Their modus operandi is to keep these logs for all users so they can use it to prosecute them once they are arrested.
I know this is not a Wireguard answer, but you may want to look at https://www.softether.org/ as they have a free, open-source solution, that will penetrate most firewalls without port forwarding. It can be setup on your Linux system and it uses some free provided external systems to punch a hole in your firewall. It also has a free DDNS service so you do not need to know your home IP address. I have set it up multiple times and it lets me ssh into my systems remotely behind some very tight firewalls, but this is not the group to discuss SoftEther. Wireguard is wonderful and I use it where I can use UDP, I have control of port forwarding, and have root access to the router.
I've never used it in a docker container, bu there's also SoftEther VPN I think wireguard is the best choice as other have said, but if you really really need a gui to set it up, you can try this.
Also isn't OpenVPN still completely free as long as you're not using the access server edition?
>is there another option for a secure connection that would allow access to each other that I'm not seeing? I'm good with computers but not well versed in networking tool knowledge.
Also you can try to set SoftEther VPN between your hosts. https://www.softether.org/4-docs/1-manual/A._Examples_of_Building_VPN_Networks/10.5_Build_a_LAN-to-LAN_VPN_(Using_L2_Bridge)
> Yearly tradition, we'll have end of the year and new year special. Will air on TOKYO MX, Gunma TV, Tochigi TV, BS11, Nico Live, and ABEMA. On the 31st of December, 10pm to 11:55pm JST.
I wonder if we are getting a live stream version or just the prerecorded anime version.
Also, for those of us outside of Japan, here is a VPN that might let you watch the ABEMA version.
I would look into softhether. They offer two solutions, one is of course a standard easy to setup traditional vpn. But the other is through "their" VPN Azure setup (aka zero confirmation setup).
This last one just has your "server" connect to one of their remote servers, and then your clients connect to their remote server and they relay the connection between the two. It's not the fastest thing in the world. But it's functional and again doesn't remote any firewall (other than the servers local firewall) or dns changes.
Website: https://www.softether.org/
I don't have a setup guide for that in FreeNAS. But I personally use https://www.softether.org/ - setup was pretty forward.
There is a VPN manager (client software) for setting everything up from a remote windows machine. There are many supported protocols (OpenVPN, ipsec, l2tp).
>I have an edgerouter 6p and may get an edgerouter x to test stuff and possibly use with a 4g lte modem for travel. Would a site to site vpn work without a static ip? Can I have the er-x initiate the connection and keep it active?
From what I see, you should look at SoftEther VPN. It allows to set up a VPN without a static IP https://www.softether.org/
It's been almost ten years since I've run a study, but back then we discovered that failure-to-connect happened roughly equally with IPsec-based and TCP-based client VPNs. This was surprising since it was assumed that TCP would "always" work, and that it was thus a safe bet to use just a TCP-based client VPN, but it wasn't -- at least at the time.
Today, many but not all client VPNs fall back from something else, with the least-preferred protocol tunneling over tcp/443. You want to avoid using TCP as first preference because tunning TCP inside TCP leads to unnecessary problems with TCP windowing and other misbehavior.
However, there are no "standard" methods of falling back from one VPN to another, which is why most sites seem to use some variety of proprietary VPN client software on client machines. Microsoft "Always On VPN" only works on W10, and seems to only fall back to SSTP. SSTP is a quasiproprietary protocol, but there are seems to be one client and a couple of servers that run on Linux.
While we still use some client VPNs, we've been aggressively replacing them with well-authenticated and authorized TLS/HTTPS connections. The biggest issue is when external or internal stakeholders want to use client VPNs as a quick fix to solve their proximate problem.
Lo abbiamo fatto anni fa per metter su la VPN aziendale molto molto a budget.
SoftEther e' una VPN che molto banalmente prende il traffico ethernet da un punto e lo sposta via VPN in un altro https://www.softether.org/ .
Quindi scheda di rete virtuale sul server, client softeher montato su N raspberry, un raspberry per ogni ufficio, fine.
Softether will easily break this solution.
The reason i am against this is that if they want, it will be damn easy for them to start restricting communication for people who oppose the rulers. On top if you are reporting something which can endanger you then you will be using a voip with the help of a VPN in the first place. You cant register yourself cause as it would defeat the purpose of hiding who you are.
Here you go bro, I use: https://www.softether.org/
- It's free and easy to set up
- I've been using it for years, never once had an issue connecting to Japanese netflix
As this is self hosted there is a really easy way of doing it on a windows PC (or Linux)
Its got a windows client, very fast, has a windows setup for running the server, gui for you to manage the server / setup accounts.
Honestly after having meraki (Cisco) on the support over a few days we have up on getting the our MX to reliably serve as a VPN host.
We switched to softether (https://www.softether.org). And had it setup and fully functional in about 30 mins (after never setting it up before). And it's been great!
Setup a SoftEther server (https://www.softether.org/) and use it to run an L2TP vpn. The client is included in Windows, Linux & OS X. Only takes 5 min for the most incompetent user to setup on their home computer. RDP directly to their work machine over the VPN.
I use OpenVPN for Android v0.7.8
On my VPS I run SoftEther Server. Created an OpenVPN profile, copied it to my FS4K. When I open the profile (using ES) I select OpenVPN which happily loads the profile up.
Works very well.
BTW I hugely recommend SoftEther as it is multi-protcol and you can connect the client to hundreds of free SoftEther servers round the world (not good for general usage but great for creating a temporary presence)
Actually, for the AirMessage port, I am using TunnelBlick and Portmap.io.
SoftEther works like a virtual Ethernet cable (if u use the client) and a reg. VPN on devices that don't have the client. It's the fastest VPN protocol and it'll be like ur using your home wifi with the speeds of the actually connection (no latency).
^Also the port it uses (25555) isn't blocked by most businesses/schools. They can block the other VPN ports (my school blocks all vpn ports, but SoftEther still works)
https://www.softether.org/ If ur curious, you can read up about it. They probably have a better explanation than mine :p
Adding to your second point, I've have just ran into two occasions last week where ping shows excellent connection quality (low average latency and variation, no packet loss) but the network toasts when it comes to real-world application.
It started with a old shitty Linksys router that shits itself if it sees too much UDP traffic (and guess what uses UDP?) but handles web-browsing and downloading perfectly fine. I had to tunnel my traffic with a VPN on TCP so I can play with my friends until I get a new router.
Then I noticed my web browsing starts acting funny on the VPN: long TTFB, slow download of elements but ping and speed test is perfect. In the end it turned out the performance of the virtual-NAT function (https://www.softether.org/index.php?title=4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.7_Virtual_NAT_%26_Virtual_DHCP_Servers) is, well, questionable. I had to bite the bullet and set up a tun interface, bridge and masquerading.
The point of this wall of text? So many things can go wrong with a network, and ping is far far from enough to catch them.
Yes, you need a VPN.
If you don’t have a VPN- capable router or raspberry pi, Softether is a multi-protocol VPN server software which can run on any OS and can connect using its own native client, OpenVPN, Microsoft SSTP or L2TP/IPSec. Extremely easy to set up and manage on a Windows computer.
softether might work? it runs all VPN traffic over a few different ports including 443. I've had it work well where i don't have access to the firewall. The traffic will appear to be http traffic but admins will still be able to see its a pi on the network unless you spoof the mac.
We don't receive notifications if you don't reply directly or tag us (/u/J0n4t4n).
> The SoftEther VPN is configured in SecureNat mode (No additional network adapter)
I honestly don't understand why you would use that considering the downsides, but whatever. Good to know for debugging purposes.
> To be honest i configured the UFW firewall on Ubuntu and opened only the ports needed for SoftEther VPN.
If that is true, then you've most likely misconfigured SoftEther VPN to allow unauthenticated traffic. I could see the DNS Redirect feature potentially being dangerous.
> After doing that everything seemed to work normally... even though port 53 is blocked from the outside Pihole still worked.
This part is a bit ambiguous. I assume you mean from within the VPN?
It would be easier for us, if you could just post your firewall rules. Can you check that you are indeed running an open resolver? You can just use dig, nslookup or an online service.
If you've a computer which you can leave switched on, or you can have it automatically boot at specific times through the BIOS options (if available) then you could VPN into your home network through SoftEther.
It runs as a server on your computer, you open the needed ports on your router and connect to a custom made sublevel domain such as myhomevpn.softether.org.
<strong>SoftEther VPN</strong> ("SoftEther" means "Software Ethernet") is one of the world's most powerful and easy-to-use multi-protocol VPN software. It runs on Windows, Linux, Mac, FreeBSD and Solaris.
https://www.softether.org/1-features/5._Easy_Installation_and_Management
You should find OpenVPN option in management tool then just use normal openvpn client to connect with that profile. Softether client is only available for mac and windows but servers tool can generate multiple protocols that can be used directly from mobile devices.
I use SoftEther
Its a multi protocol server which supports its own client, OpenVPN, SSTP and L2TP/IPSec connections. Easy to set up on Linux or Windows and very flexible.
I run it under Linux using a tap interface then use netfilter/iptables for access control and NAT, however it you can bridge the vpn network to a physical interface and manage access control in the software.
Very easy, flexible. Highly recommend
As a temporary workaround, you may want to consider using SoftEther VPN (https://www.softether.org). I'd say it's a good compromise between features, ease-of-use, and security (SSL3) if you're a small to medium business.
You can install the server software on pretty much any suitable computer inside your network and connect to it with either their client software, or inbuilt OS clients using L2TP/Ipsec. Their client software will bypass any firewall without configuration. L2TP/Ipsec will need port forwarding in your firewall. Its speed scales with the resources of the computer, so it's mostly limited by your office's Internet speeds. Just be aware that I've found that the bridge adapter it installs likely won't play nice with other virtual adapters such as Windows Server NIC teaming and possibly virtualisation.
Ultimately though, you're probably going to want a proper hardware VPN in a firewall/router device (separate to your Internet router to avoid CPU bottlenecks) where you can configure the VPN to all of the current best practices, as opposed to a third-party (albeit open-source) solution installed on an server. It's just that I've learned the hard way just how much of a time-consuming and frustrating task that can be, so you may as well have something acceptable running in the meantime.
SoftEther is free anyway and open source .
It is sponsored by a large University in Japan.
I just never spent too much time on it because the configuration tool only runs on Windows.
But for a school that's no big deal.
Once configured SoftEther can be used by windows, mac, linux, phones etc
The PPTP protocol mentioned in that tutorial only uses TCP port 1723 for connection setup. Actual data are transmitted using the GRE protocol which is IP protocol 47. This is not a TCP/UDP port.
Some routers can pass it through using special rules or DMZ. I would google the router model and "GRE passthrough" or "PPTP passthrough".
If your router doesn't support it, you can try SoftEther which provides a very friendly graphical interface with a reasonably simple setup process. Note only the OpenVPN and SSTP protocols can work with TCP/UDP passthrough.
> Worst thing about it is that the school district also blocked all VPN ports as well as found a way to block most reddit alternative sites.
some VPN systems will do their work over HTTPS so the school can't differentiate it from normal web traffic
Using a VPN might be your only option, then.
You could try using SoftEther VPN (You'll also need this: https://www.vpngate.net/en/download.aspx) to browse Nexus and download a mod or two. Pretty easy to install and is free since it's open source and good enough if you use it for only one thing, won't recommend using it as a permanent VPN solution, though.
Have a look at SoftEther, I've not used it but it has features that will do what you want