OPNsense Forum

English Forums => General Discussion => Topic started by: phoenix on July 11, 2015, 06:54:50 PM

Title: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: phoenix on July 11, 2015, 06:54:50 PM
Hi everyone

I'm not sure if this is the correct forum for my post so please move it if it's more appropriate in another forum.

I'd also like to congratulate the team on getting this fork up and running in such a short time and with such a good UI, I'm looking forward to further developments. :)

I'm just a home user of pfSense (at the moment) after just converting from Endian Firewall a few months ago. I also have several servers that I need to access remotely and I've been trying to get openVPN running, I did eventually but a recent change seems to have broken it again (it seems extremely fragile to me) and I'm not really very experienced with the openVPN server. :( Despite being a pfSense user I'm running OPNsense in a test environment with the intention of converting to it soon.

To the point, at last. :)  I decided to abandon using openVPN and use a VPN server behind the firewall and after searching for a while I found a product called SoftEther VPN (http://www.softether.org/). It's easy to set up, light on system resources, you can also clone the functions of an openVPN server and seems pretty good to me - would it be possible to consider this for inclusion in a future version of OPNsense?

Regards

Bill
Title: Re: SoftEther VPN: A replacement for openVPN?
Post by: franco on July 15, 2015, 07:14:44 AM
Hi there,

I haven't seen SoftEther in the FreeBSD ports collection, but that doesn't mean we can't put it in there. I will do the following: see what it takes to get a port running and if it works provide it as an optional build, maybe even pushing it to FreeBSD ports mid-term.

I can't promise any GUI , but once the daemon is in it would be relatively easy for others to get started on this using our new MVC infrastructure.

See: https://github.com/opnsense/ports/issues/11

How does that sound? :)


Cheers,
Franco
Title: Re: SoftEther VPN: A replacement for openVPN?
Post by: phoenix on July 15, 2015, 08:37:54 AM
Thanks for your reply, your answer sounds great to me. :) I was thinking it might be more of a long term addition to OPNsense. Unfortunately I don't think anyone is building it for any distribution at the moment. It's fairly trivial to configure and manage from the command line or from a windows machine with their configuration tool. By "trivial to manage..." I am, of course, talking about my fairly simple needs.
Title: Re: SoftEther VPN: A replacement for openVPN?
Post by: franco on July 15, 2015, 09:14:45 PM
I took a peek and setting up the port seems like jumping through a few weird hoops regarding their versioning scheme and mirror layout. Pulling it through GitHub from FreeBSD ports seems like a more sensible approach. All in all, that'll take longer than initially expected.
Title: Re: SoftEther VPN: A replacement for openVPN?
Post by: phoenix on July 15, 2015, 09:54:31 PM
That's no problem for me, as I said I was expecting this for a longer term implementation in OPNsense. I have a version of SoftEtherVPN running on a CentOS server behind the firewall. I'll continue testing OPNsense for the moment and just switch over when I feel comfortable with it and continue my current VPN server setup. Thanks again for your prompt help with this and all your work on it, I look forward to future releases. :)
Title: Re: SoftEther VPN: A replacement for openVPN?
Post by: franco on September 10, 2015, 06:04:32 AM
Someone stepped up to the challenge and pushed SoftEther to FreeBSD ports. Initial builds look good for both OpenSSL and LibreSSL so the package will be available from the mirror starting with 15.7.12.

Yay for community work. :)
Title: Re: SoftEther VPN: A replacement for openVPN?
Post by: phoenix on September 10, 2015, 07:02:38 AM
Quote from: franco on September 10, 2015, 06:04:32 AM
Someone stepped up to the challenge and pushed SoftEther to FreeBSD ports. Initial builds look good for both OpenSSL and LibreSSL so the package will be available from the mirror starting with 15.7.12.
That's fantastic, I look forward to testing it. I assume there's no OPNsense GUI component for configuring it at the moment? It's trivial to use the SoftEther Windows server manager to do those tasks or even the command line. :)

Quote from: franco on September 10, 2015, 06:04:32 AMYay for community work. :)
Yes indeed, well done and many thanks from me to whoever did the work. :)
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: franco on September 10, 2015, 04:56:15 PM
Indeed, package only first. If the plugin is easy then all the better. steps on how to get softether up and running would be welcome, as it would allow others to pick it up without the full knowledge and get it into a testable state leading to a finished feature at some point. :)
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: kapara on April 25, 2017, 04:27:57 AM
Is this going to be a package on opnsense ?
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: csmall on April 26, 2017, 03:06:24 AM
I'm following this project. I don't think FreeBSD is supported yet but might be in the future.

Sounds like an interesting replacement for openvpn.

https://www.wireguard.io/ (https://www.wireguard.io/)
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: kapara on April 26, 2017, 03:14:59 AM
This means it has been ported right?

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188437

Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: franco on April 26, 2017, 06:11:33 AM
# pkg install softether

There is no GUI plugin though.

As the thread suggest, all of this happened in 2015 ;)

https://github.com/opnsense/tools/commit/7e3f8cd9c


Cheers,
Franco
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: kapara on April 26, 2017, 08:43:49 AM
Such a shame.  The more I read about it the more it looks like the best vpn option out there!
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: franco on April 26, 2017, 08:48:27 AM
A shame? Why? It installs in a heartbeat, configuration is easy enough from the command line. I'm sure Bill can elaborate if asked nicely. :)


Cheers,
Franco
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: franco on May 03, 2017, 06:19:10 AM
Hi there,

Since digging up this thread is fun I use it as a way of letting you guys know that starting with 17.1.6, we also ship a package for the "development" version of SoftEther, which is a newer than the other one:

# pkg install softether-devel


Cheers,
Franco
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: QuentinC on August 14, 2017, 02:22:26 AM
Hello !

I've heard about SoftEther, and tried to configure it on my router.
As a simple test, I'm trying to build a bridged VPN to my LAN.

I can connect to the VPN using either the SoftEther client or SSTP fine, and I'm able to reach machines on my LAN. But I've not been able to reach the router itself this way...

I'm suspecting an ARP problem as the client appears this way on the ARP table:
"  at (incomplete) on re1 expired [ethernet] "

On the LAN machines, the VPN client has it's MAC address...

Is there some settings on OPNsense that may block this ?

Thanks !
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: Mena42 on November 13, 2017, 10:38:25 PM
I just tried Softether vpn. It did work with some issues at times just for my pc and not for my router to supply my whole house with. But I would caution everyone that after 2 months of use. I get a message from my isp today and they stopped my internet service do to downloads they saw on my account. Ask yourself this if it is free n they do keep logs that tell on you. Why just change the IP address. No one I know wants a vpn to just change the IP address. It is for privacy , so no will know what you are doing period. I wouldn't tell anyone to use this service. I made this account just to spread this experience.
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: ChrisH on November 14, 2017, 09:32:25 AM
I actually switched back from SoftEther to ZeroTier. ZT is SO much easier to configure and the documentation is much more straightforward. Looking back now SoftEther is needlessly complicated on so many levels.

TBH I didn't even know there was a OPNsense plugin for SoftEther...

And I never did like the SoftEther concept of bridging the local networks to my VPN server only to sort out all the broadcasts etc. there and only pass on the relevant packets to the other virtual switches. ZT does good plain old routing and it just works.
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: mimugmail on November 14, 2017, 11:53:27 AM
For SoftEther ist only a package, not a plugin (with UI). ZT has everything in it.
Also SoftEther hasn't received updates for long time .. I wouldnt advise to use it.
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: phoenix on November 14, 2017, 12:04:14 PM
SoftEther has received updates recently (but not the FreeBSD port) and the project itself has now been split into a LTS (stable) version and a development version with community developers, this should give some more traction to it moving forward. :) For those reasons and because of the age of the FreeBSD port I stopped using it on OPNsense and now use SoftEther on a VM in my LAN, I don't have any problems connecting  to it nor getting access to any of my machines, which is what I was trying to achieve,
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: xinnan on November 14, 2017, 12:04:31 PM
I checked out softether a few times over the years and recently.  The simplest and easiest setup I ever saw was too complicated.  I'm sure it works fine, but with openvpn for ease of use and ipsec for those who dislike openvpn, softether falls into the "why bother" category for me.  Id consider it if it were incorporated into opnsense much the same way openvpn is.  Otherwise, not worth fussing with for me. 
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: phoenix on November 14, 2017, 12:48:01 PM
There was no problem for me implementing it as an OPNsense plugin, a few simple commands had it up and working in no time but the only problem was the age of the port. We use whatever works for us and I've no problem with that, I was just pointing out that there was a newer version available and it does work as described. FWIW, I've always had problems with openVPN hence the reason I switched to SoftEtherVPN. :)
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: xinnan on November 14, 2017, 01:52:41 PM
What kind of problems did openvpn give you?
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: phoenix on November 14, 2017, 02:32:58 PM
Just general problems configuring it and problems setting up the client and getting it to connect. To be fair it was probably just me that was the problem. :) As soon as I tried SoftEtherVPN from an on-line tutorial I had it compiled and installed within a short while, exported the config for OpenVPN, imported that into the Android OpenVPN client and away it went. I've been a fan ever since and now build an rpm for my CentOs server, install it with appropriate systemd units and it takes a very short while to do that and upgrade versions.
Title: Re: [SOLVED] SoftEther VPN: A replacement for openVPN?
Post by: xinnan on November 14, 2017, 02:44:51 PM
The thing I like about openvpn is I can take your average idiot (and some below average ones), and export a client.  Just tell them to double click it and boom....   They are all set.  I've yet to meet the person who can't double click a file, so I'm a big fan of openvpn.  Generally speaking as soon as you say "OK - Now type this in...", you have already lost 90% of people.