[SOLVED] SoftEther VPN: A replacement for openVPN?

[phoenix]

Hi everyone

I'm not sure if this is the correct forum for my post so please move it if it's more appropriate in another forum.

I'd also like to congratulate the team on getting this fork up and running in such a short time and with such a good UI, I'm looking forward to further developments.

I'm just a home user of pfSense (at the moment) after just converting from Endian Firewall a few months ago. I also have several servers that I need to access remotely and I've been trying to get openVPN running, I did eventually but a recent change seems to have broken it again (it seems extremely fragile to me) and I'm not really very experienced with the openVPN server. Despite being a pfSense user I'm running OPNsense in a test environment with the intention of converting to it soon.

To the point, at last.   I decided to abandon using openVPN and use a VPN server behind the firewall and after searching for a while I found a product called SoftEther VPN (http://www.softether.org/). It's easy to set up, light on system resources, you can also clone the functions of an openVPN server and seems pretty good to me - would it be possible to consider this for inclusion in a future version of OPNsense?

Regards

Bill

[franco]

Hi there,

I haven't seen SoftEther in the FreeBSD ports collection, but that doesn't mean we can't put it in there. I will do the following: see what it takes to get a port running and if it works provide it as an optional build, maybe even pushing it to FreeBSD ports mid-term.

I can't promise any GUI , but once the daemon is in it would be relatively easy for others to get started on this using our new MVC infrastructure.

See: https://github.com/opnsense/ports/issues/11

How does that sound?


Cheers,
Franco

[phoenix]

Thanks for your reply, your answer sounds great to me. I was thinking it might be more of a long term addition to OPNsense. Unfortunately I don't think anyone is building it for any distribution at the moment. It's fairly trivial to configure and manage from the command line or from a windows machine with their configuration tool. By "trivial to manage..." I am, of course, talking about my fairly simple needs.

[franco]

I took a peek and setting up the port seems like jumping through a few weird hoops regarding their versioning scheme and mirror layout. Pulling it through GitHub from FreeBSD ports seems like a more sensible approach. All in all, that'll take longer than initially expected.

[phoenix]

That's no problem for me, as I said I was expecting this for a longer term implementation in OPNsense. I have a version of SoftEtherVPN running on a CentOS server behind the firewall. I'll continue testing OPNsense for the moment and just switch over when I feel comfortable with it and continue my current VPN server setup. Thanks again for your prompt help with this and all your work on it, I look forward to future releases.

[franco]

Someone stepped up to the challenge and pushed SoftEther to FreeBSD ports. Initial builds look good for both OpenSSL and LibreSSL so the package will be available from the mirror starting with 15.7.12.

Yay for community work.

[phoenix]

Someone stepped up to the challenge and pushed SoftEther to FreeBSD ports. Initial builds look good for both OpenSSL and LibreSSL so the package will be available from the mirror starting with 15.7.12.

That's fantastic, I look forward to testing it. I assume there's no OPNsense GUI component for configuring it at the moment? It's trivial to use the SoftEther Windows server manager to do those tasks or even the command line.

Yay for community work.

Yes indeed, well done and many thanks from me to whoever did the work.

[franco]

Indeed, package only first. If the plugin is easy then all the better. steps on how to get softether up and running would be welcome, as it would allow others to pick it up without the full knowledge and get it into a testable state leading to a finished feature at some point.

[kapara]

Is this going to be a package on opnsense ?

[csmall]

I'm following this project. I don't think FreeBSD is supported yet but might be in the future.

Sounds like an interesting replacement for openvpn.

https://www.wireguard.io/

[kapara]

This means it has been ported right?

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188437

[franco]

# pkg install softether

There is no GUI plugin though.

As the thread suggest, all of this happened in 2015

https://github.com/opnsense/tools/commit/7e3f8cd9c


Cheers,
Franco

[kapara]

Such a shame.  The more I read about it the more it looks like the best vpn option out there!

[franco]

A shame? Why? It installs in a heartbeat, configuration is easy enough from the command line. I'm sure Bill can elaborate if asked nicely.


Cheers,
Franco

[franco]

Hi there,

Since digging up this thread is fun I use it as a way of letting you guys know that starting with 17.1.6, we also ship a package for the "development" version of SoftEther, which is a newer than the other one:

# pkg install softether-devel


Cheers,
Franco