Messages

Same here, we use it in production and as per the above I offered to contribute documentation for it. It's been very stable for us, for many years, on many different systems and in multiple use cases.

All that users need to grasp is that it behaves like its own IP stack side-by-side to the OS, and once you wrap your head around that everything falls into place. Most of the trouble people have is when it tries to compete with OPNsense itself for the same addresses etc.

I wish there was a way to get it installable again, either from the main repo or from the mimugmail repo. Please!! :-)

In discussion with Michael we're going to remove it in 25.7.3 -- it was never released officially and feedback was very low and inconclusive over the years. Better VPN alternatives exist these days.

Oh what a pity... just noticed on a new install that this is not installable anymore.
 
I contributed the patch to have it follow carp state. I am using this on roughly 40 HA pairs to connect remote offices with datacenter backends. We explicitly migrated to softether from openvpn because in the dual HA configuration this works very well, the active tunnel endpoint on each side just follows CARP master.

Usually if there is no feedback, it just works [tm].

I would obviously be interested to a) be able to install it again and b) receive updates for it.

First and foremost, a heartfelt "thank you" for the response, flexibility and community spirit.

Both options are great. I'd be happy to contribute back to the community, relaying our experience within the scope of our specific use case. Softether is pretty broad in its configuration options. I'll put together an outline and DM you (mimugmail) the draft. The main thing to understand is that it essentially operates its own independent IP stack, and hence would best be separated from both the kernel and IP address of the OPNsense instance. Once you wrap your head around that, everything becomes pretty straightforward as you configure routing between two separate virtual devices with separate IP addresses that peacefully coexist.

Thinking about it, the final disposition for the softether package may probably best be within the mimugmail community repo. We already use it for the cloudflared package as undoubtedly many others do for the vast array of other useful packages it brings that are "just outside" what would otherwise be within the core scope of the OPNsense project itself, and IMHO that would aptly be true for softether as well in this case.

Thanks again,

Matt

...we're going to remove it in 25.7.3

Hi,

If there is any way to change your mind or to merely plead for this decision to be reversed, please reconsider. We have had great success with Softether on OPNsense for years, in production, for both road-warrior and site-to-site scenarios. It's in production on over a dozen instances serving quite a few sites and users.

It does require a touch of configuration (specifically not using its kernel IP NAT engine) but has been rock-solid and its removal from 25.7.3 would force us into a difficult bind regarding either delayed upgrades or a significant network overhaul.

Many thanks,

Matt