Please help me set this up

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Please help me set this up

Post by NoobNeedsHelp » Thu Jun 14, 2018 8:14 pm

Thanks for the help :(
Last edited by NoobNeedsHelp on Tue Jun 19, 2018 1:14 am, edited 2 times in total.

jvanegmond
Posts: 3
Joined: Tue Jun 19, 2018 7:53 am

Re: Please help me set this up

Post by jvanegmond » Tue Jun 19, 2018 8:06 am

Hi,

For your understanding, SoftEther is a software which you can use to connect TWO computers together. One of the computers MUST have a publicly routable IP address.

If you just want to use this as a free VPN, this is not for you.

Could you elaborate on the machines that you have available, the publicly routable IP addresses that you have, and what you're trying to achieve here?

With kind regards,
jvanegmond

Retinaquester2
Posts: 14
Joined: Sun Jun 03, 2018 11:53 am

Re: Please help me set this up

Post by Retinaquester2 » Tue Jun 19, 2018 10:51 am

Hi,

had his network schematic up here.
But did not recevie any input. That's why he changed the first post.

Regards.

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Fri Jun 22, 2018 7:17 pm

LAN to LAN site A to site B

Site A SoftEther Server, 2 NIC's, one internet, one bridged to LAN A

Site B SoftEther Bridge, 2 NIC's, one internet, one bridged to LAN B

Continuous cascade connection initiated at B to server at A.

Question: Are the computers hosting the virtual hubs also part of the network? That is, say I have a peripheral device such as a printer, IP camera, usb device, etc. connected to Site A server computer ... will site B computers be able to "see" these devices?

Likewise, if peripherals are connected to the site B Bridge computer, will site A computers be able to "see" these.

Basically, I need to know if the Server and Bridge computers are completely dedicated vpn machines that only function for vpn communication, or can they also serve as clients in the new, SoftEther expanded LAN and allow all other computers to see peripherals connected to them.

~Noob

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Fri Jun 22, 2018 9:52 pm

@Noob

The physical machines Server/PC running the SoftEther(Server & Bridge) software can be accessed and their resources used by any computers on the network as long as these resources are shared, just like in any network.

If SoftEther is set up properly any shared device at either location should be visible and usable to any and all network computers as if they were connected to the same local network, including the SoftEther machines.

Retinaquester2
Posts: 14
Joined: Sun Jun 03, 2018 11:53 am

Re: Please help me set this up

Post by Retinaquester2 » Fri Jun 22, 2018 10:02 pm

Hi,

If the computers are Windows then yes by default, the sever can be reached.
(I myself have remote desktop and a SQL server running on the SE server)

From what I read: Linux SE Bridge/SE Server needs a TAP device to get acces to them.

I recommand you try it. If not on a live server. Setup a Virtual machine.

Retinaquester.

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Fri Jun 22, 2018 11:26 pm

Great! That simplifies things. I was afraid that I might have to make two new dedicated boxes for just hosting the vpn. Right now both LANs are working with Win machines. I just want them to be one LAN with common IP addressing where the server&bridge comps are also accessible. Thx.

~Noob

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Fri Jun 22, 2018 11:32 pm

[attachment=0]SoftEtherA-B.png[/attachment]

Before I waste a lot of time doing it wrong, may I ask that you check my logic please.

Site A SoftEther server:

192.168.1.1 goes to firewall box then internet modem
192.168.1.2 gets bridged to virtual hub and also physically connects via an ethernet cable to switch/LAN A?

Site B SoftEther bridge:

192.168.1.5 goes to firewall box then internet modem
192.168.1.6 gets bridged to virtual hub and also physically connects via an ethernet cable to switch/LAN B?

Then, with Windows machines any LAN A comp can "see" the desktop of LAN B Bridge comp and other LAN B comps, and vice-versa.

I hope my logic is correct.

~Noob
You do not have the required permissions to view the files attached to this post.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Sat Jun 23, 2018 2:16 pm

@ Noob

You logic is fine, however. Is the multi NIC computers A and B serving as gateways of some kind? I ask because they are before the switch in your image. Or are all 3 NICs on the Multi-MIC computers connected to the same switch as the 3 comps in the image?
IE:
CableModem=====>FirewallBOX=====>switch =====>( ALL computers and all 3 NICs Multi-NIC computer A).

I can expand further in regard to setting it up if you like.

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Tue Jun 26, 2018 5:56 pm

[quote=centeredki69 post_id=79980 time=1529763371 user_id=4937]
@ Noob

You logic is fine, however. Is the multi NIC computers A and B serving as gateways of some kind? I ask because they are before the switch in your image. Or are all 3 NICs on the Multi-MIC computers connected to the same switch as the 3 comps in the image?
IE:
CableModem=====>FirewallBOX=====>switch =====>( ALL computers and all 3 NICs Multi-NIC computer A).

I can expand further in regard to setting it up if you like.
[/quote]

Right now both at LAN A and at LAN B the switch is immediately after the firewall box, so that multiple computers can share internet behind the firewall.

In my schematic I put the switch behind the Multi-NIC server A and bridge B because I have some VOIP hardware that I would like to use over the SoftEther vpn. It is my understanding that with SoftEther vpn the two separate networks become one, larger network. I have already assigned IP's in both A and B networks so that the VOIP hardware should work seamlessly once the vpn is established. Right now, the VOIP hardware is working fine when exclusively on one of the two LAN's (in fact, simply connecting them by themselves via a switch works as well).

In actuality, I have four small switches. Two are immediately behind the firewalls to share the internet among various clients. The other two I have not hooked up yet but I plan to use them after the vpn for the VOIP hardware. Also, at least one client at each site needs to be "behind" the vpn so that I can use TeamViewer or similar remote desktop software EXCLUSIVELY limited to the LAN.

I have IP cameras already connected to the multi-NIC at A and, similarly, I have IP cameras already connected to the multi-NIC at B.

When I am site A, I would like to securely (through the vpn) be able to "see" the desktop of multi-NIC B so that I can monitor and administer the cameras. When I am at site B, I would like to "see" the desktop of multi-NIC A. Therefore, at least one client at each site needs to be able to see the Server/Bridge computer at the other site. This is why I put the switch behind the multi-NIC's in the schematic.

By biggest noob question is "where do I plug in the LAN?" Obviously, the internet port at each site connects from the multi-NIC at each site to the firewall then modem.

But the bridged adapter at each site is what confuses me. Is this NIC card used exclusively for SoftEther communication with the software for the virtual hub, or do I also connect the rest of the LAN to this NIC card's port?

From my readings, SoftEther suggests removing all of the protocol stacks from this bridged adapter. Fine, this is easy enough. I have also read that assigning it an IP address is not necessary, but it doesn't really hurt anything either way. I plan to leave it with an IP address since it is already working fine without any errors.

Is this same bridged NIC card the one that I would plug into with an ethernet cable to take to the subsequent switch for the VOIP hardware and client using TeamViewer? I have a third unused NIC in each machine that could be used (quad port card) if needed.

I simply need to know what to do with the bridged NIC card in each machine. Also, yes, I guess each multi-NIC will be a gateway for their respective VOIP hardware and TeamViewer client. However, once the vpn is established won't these subsequent devices simply "see" a larger network and find the proper IP of the other device? That is, once the vpn is working, there should be no need for a gateway per say. Or am I missing something?

~Noob

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Thu Jun 28, 2018 7:49 pm

Update: I don't know what's going on.

At site A I set up SoftEther Server. When prompted during setup under the Server Manager I edited the Host Name to be the IP address of the NIC card that is used for internet access. For the bridge I selected a different NIC card from which I had already removed all protocols and IP. Was I supposed to bridge to my "main" NIC that also provides internet? It shows the hub as online.

I registered site A with Azure.net and the virtual hub seemed to be connected to the site A computer fine.

At site B I set up SoftEther Bridge. I set hostname to IP of site B computer's internet NIC. I bridged to a different NIC that has no protocols and no IP. The instructions say to use a dedicated NIC if possible. So I did that with both site A and site B. This virtual hub connects when I use the "internet NIC" IP or if i use localhost, but gives a port 443 error. The other default ports such as 5555 are listening. It shows online.

When I look under cascade connections at site B, trying to connect to site A, it gives a connection error no matter what I put for the destination vpn server. I put in site A's Azure name vpnxxxx.vpnazure.net. I put in vpnxxxx.softether.net. I made at least one user with password at site A.

It tells me to check network cables, settings, etc. Am I supposed to connect the "bridged" NIC to the internet? Right now I am simply keeping one cable from the "main" internet NIC's at both sites connected to their respective ISP's.

I thought that Azure automatically relays the proper destination for servers and clients.

Also, is there commercial, affordable software that could make a level 2 vpn besides SoftEther? All that I need is site A and site B to see each other with common IP addresses so that VOIP hardware can communicate and internal, LAN-only remote desktop software believes that it is seeing one, large network instead of two.

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Thu Jun 28, 2018 9:02 pm

I should add to my last reply (which hasn't posted yet) that at both Site A and Site B that I added firewall rules on the LAN to allow outbound access from the lan net to any destination for the default TCP ports shown during the SoftEther install, 443, 5555 etc.

Should I amend this to allow Source:any, Destination:any in case the firewall at A is blocking incoming TCP on these ports? I assumed that Azure.net would automatically negotiate this with the SoftEther Server at A.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Thu Jun 28, 2018 10:56 pm

@ noob,

Some of this you already have set up but I'm just clarifying


*****Site A SoftEther server:

192.168.1.1 is the internal IP address of the firewall box, and its WAN port (if it has one) connects to the internet modem an get a public internet IP
at least one of the other ports on the Firewall box needs to connect to the switch or multiple switches if you need.

All your devices connect to the switch or switches. INCLUDING NIC#1 and NIC#2 for the SoftEther server host

The firewall box/router will need ports forwarded to your Softether host NIC#1 "192.168.1.2" the host itself might also need to have inbound rule allowing those ports through is firewall as well but softEther might have opened them during its install. You also need to either set NIC#1 with that static IP address or set a MAC reservation in the Firewall BOX. NIC#1 will communicate with you local network and the internet just has any other computer.
NIC#2 will function as the "LOCAL BRIDGE" like you mentioned you will remove all protocols stacks via the NIC card properties, However you need to leave the "SoftEther Lightweight protocol". ( THIS NIC WILL NOT GET AN IP ADDRESS. IT WILL WORK AT A Layer 2 LEVEL I believe)

" just so you know you can use only one NIC card ( NIC#1) as the network/internet link and the "local bridge", however it supposedly can cause issues when there is a lot of overhead. but if you have 2 NICs Why not use them"

MORE TO COME

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Thu Jun 28, 2018 10:58 pm

I tried to reply but my post has to be reviewed

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Thu Jun 28, 2018 11:00 pm

@ noob,

Some of this you already have set up but I'm just clarifying

*****Site A SoftEther server:

192.168.1.1 is the internal IP address of the firewall box, and its WAN port (if it has one) connects to the internet modem an get a public internet IP
at least one of the other ports on the Firewall box needs to connect to the switch or multiple switches if you need.

All your devices connect to the switch or switches. INCLUDING NIC#1 and NIC#2 for the SoftEther server host

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Thu Jun 28, 2018 11:01 pm

@NOOB

The firewall box/router will need ports forwarded to your Softether host NIC#1 "192.168.1.2" the host itself might also need to have inbound rule allowing those ports through is firewall as well but softEther might have opened them during its install. You also need to either set NIC#1 with that static IP address or set a MAC reservation in the Firewall BOX. NIC#1 will communicate with you local network and the internet just has any other computer.
NIC#2 will function as the "LOCAL BRIDGE" like you mentioned you will remove all protocols stacks via the NIC card properties, However you need to leave the "SoftEther Lightweight protocol". ( THIS NIC WILL NOT GET AN IP ADDRESS. IT WILL WORK AT A Layer 2 LEVEL I believe)

" just so you know you can use only one NIC card ( NIC#1) as the network/internet link and the "local bridge", however it supposedly can cause issues when there is a lot of overhead. but if you have 2 NICs Why not use them"

MORE TO COME

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Thu Jun 28, 2018 11:03 pm

In softEther create your "Virtual HUB A" then highlight and manage "HUB A" and create a user and password to allow connection

NOTE: Leave the HUB off Line until you set everything up.

Go back to the main screen and
1)Look down, " local bridge settings" is in the lower left corner. Click "Local bridge settings".
2)In "local bridge settings" Choose the "virtual HUB A" you want to allow local access, then choose the adapter NIC#2
3) Hit create local bridge and it will give some warning acknowledge the warning then it should start working.

You will need to do the same Virtual HUB B and Local bridge set up at " location B" using its respective IP address you mentioned in you previous posts.
You also need to create a "cascade connection " going to "Virtual HUB A" at the other site, Using the username and password you created at site A.
The casscade is you site to site VPN link

****Important****** If you have DHCP servers at both locations issuing IP address you will need to filter DHCP packets in the softether software. This can be done in the the "user settings under Set security policies" or under "group security policies" in manage virtual hub area. MORE TO COME
Last edited by centeredki69 on Fri Jun 29, 2018 3:45 pm, edited 1 time in total.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Thu Jun 28, 2018 11:11 pm

@NOOB

I have used the "L-2 cascade Connection bridge" set up with "local bridge" for many years connecting 3 locations. I of course had to use the same IP address range at all location Like you are trying to do. I set each DHCP servers at each locations to only issue a set range of IP address and made sure none of the ranges overlapped at the other locations.
Something like
Site A : IP range (1-99)
Site B : IP range (100-200)
Site C : IP range (201-250)
I then filtered out The DHCP protocol in Softether so no DHCP packets would broadcast through the cascade connections.

Once you get it set right it works

I hope I didn't confuse you more

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Fri Jun 29, 2018 5:24 am

Yes you give useful information. I will have to reread it several times before I drive there again (it's a long drive to Site A).

At both sites I have a dedicated pfSense box. Site A has an old PC with two NIC's. Site B has a small atom box with four ports, WAN, LAN, OPT1, and OPT2. I have always had problems with OPT1 and OPT2 so I simply use a switch behind the LAN port to share the internet. Likewise A has a switch behind the pfSense LAN to share the internet.

I will set the firewall rule on the Site A pfSense to allow incoming ports for those needed by SoftEther. Since B is the one sending it, I assume that it is sufficient to allow outgoing-only on those ports at B.

Would you happen to know how to port forward what I need in pfSense? I've never really had the need before this to forward ports on the firewalls.

I have set every IP in both LAN's to be static. I made sure that I didn't overlap any IP addresses. I might or might not have pfSense set to act as a DHCP server, but with my static clients it seems to be fine. I think I might have pfSense act as a DHCP server on LAN at Site A server. But the LAN IP is static, chosen by me.

Site A pfSense has WAN DHCP assigned by ISP, LAN 192.168.1.1 assigned by me. NIC1-A, NIC2-A static assigned by me.
Site B pfSense has WAN DHCP assigned by ISP, LAN 192.168.1.5 assigned by me. NIC1-B, NIC2-B static assigned by me.

So, am I understanding you correctly that BOTH NIC's 168.1.2 and 168.1.3 (which no longer has an IP since I removed it) should plug into the SAME switch which is currently connected to the LAN port of the firewall? Likewise 168.1.6 and 168.1.7 should plug into the SAME switch connected to the pfSense LAN at Site B? That is, both the "internet" NIC and the SoftEther bridge NIC physically plug into the SAME switch that also connects to pfSense LAN?

Since I set LAN A internet NIC on the Server PC to static 192.168.1.2, I do not have to do the MAC reservation on pfSense, correct? I do not remember seeing a SoftEther Lightweight protocol when I unchecked them (Win7 x64) under IPv4 properties. I will check this again.

One last caveat is my DSL modem at Site A also acts as a 4 port router/switch. I then take one of these ports and plug it into the WAN of the pfSense box. So really my "public" IP gets converted to a private IP by my modem. Then that gets converted to yet another, different private IP chosen by me, at the pfSense firewall. It's probably a non-issue but I wanted to throw that out there just in case. Site B modem is just a modem, no router. Public IP on pfSense WAN and private IP set by me on LAN.

Thank you very much for your replies. I will try to wrap my head around them this weekend and get to Site A asap to give it another try. I'm not sure if I have either of the hubs set up properly. The only video tutorial that I could find was a guy on YouTube who connected a Win7 server to a Win10 client. So I used that as a template for the LAN to LAN. (obviously unsuccessfully).

I am still a bit unclear about the cascade connection. With dynamic internet providers at both sites, I clicked the little Azure.net radio button at install at Site A server. It gave me a unique azure.net identity. It is my understanding that this id is sufficient to get B Bridge to find A Server.

I will start at the Site A Server in a few days then go from there.

~Noob

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Tue Jul 03, 2018 10:37 pm

see below
Last edited by centeredki69 on Wed Jul 04, 2018 6:43 pm, edited 1 time in total.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Tue Jul 03, 2018 10:42 pm

see below
Last edited by centeredki69 on Wed Jul 04, 2018 6:43 pm, edited 1 time in total.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Tue Jul 03, 2018 10:48 pm

Noob*** I will set the firewall rule on the Site A pfSense to allow incoming ports for those needed by SoftEther. Since B is the one sending it, I assume that it is sufficient to allow outgoing-only on those ports at B.

*****You are correct. Only Site A needs the open port. However forward them at both location if you want to remotely maintain and administer them ( using the sofetether server manager)

Noob*** Would you happen to know how to port forward what I need in pfSense? I've never really had the need before this to forward ports on the firewalls.

*****Firewall, NAT, Port Forward, ADD. Interface =WAN, Protocol =TCP, Destination = Wan address
Destination port range = from and to = custom whatever port you choose (I use the default 5555)
Redirect target IP = your 192.168.1.2 ( softether host)
The fire wall rules should auto create
Good “ how to” pfsense forward Video https://www.youtube.com/watch?v=Jr5vynorkkk

Noob*** Site A pfSense has WAN DHCP assigned by ISP, LAN 192.168.1.1 assigned by me. NIC1-A, NIC2-A static assigned by me.
Site B pfSense has WAN DHCP assigned by ISP, LAN 192.168.1.5 assigned by me. NIC1-B, NIC2-B static assigned by me.

*****This is fine

Noob*** So, am I understanding you correctly that BOTH NIC's 168.1.2 and 168.1.3 (which no longer has an IP since I removed it) should plug into the SAME switch which is currently connected to the LAN port of the firewall? Likewise 168.1.6 and 168.1.7 should plug into the SAME switch connected to the pfSense LAN at Site B? That is, both the "internet" NIC and the SoftEther bridge NIC physically plug into the SAME switch that also connects to pfSense LAN?

***YES**** that is exactly what I mean.

Noob*** One last caveat is my DSL modem at Site A also acts as a 4 port router/switch. I then take one of these ports and plug it into the WAN of the pfSense box. So really my "public" IP gets converted to a private IP by my modem. Then that gets converted to yet another, different private IP chosen by me, at the pfSense firewall. It's probably a non-issue but I wanted to throw that out there just in case. Site B modem is just a modem, no router. Public IP on pfSense WAN and private IP set by me on LAN.

*****I was going to ask you this but forgot. You are double NATed. (a router behind a router)
You have 2 options. 1)(and the BEST) most DSL modems will allow a type of bridge mode, or passthrough, or Pinhole-DMZ. It basically passes or SHARES your true WAN IP address with another device you choose (in your case the Pfssense) then ALL ports will be open through the DSLs firewall to your pfsense (the pfsense firewall will then be the only protector of your network which is fine) I have to do this with my AT&T gig fiber connection and also did it with AT&T ADSL years ago. “GOOGLE your DSL modem model asking bridge , passthrough mode” This is very common now days.
2) if no #1 modes are available. SET your pfsense to a static address in a range given off by the DSL modems DHCP, and forward the same softether port to that address. What you are doing here is forwarding then forwarding (these above 2 options are done in the DSL modem /Router. (the better option is #1)


Noob*** I am still a bit unclear about the cascade connection. With dynamic internet providers at both sites, I clicked the little Azure.net radio button at install at Site A server. It gave me a unique azure.net identity. It is my understanding that this id is sufficient to get B Bridge to find A Server.

*****“””Run off the Azure. Net radio button””” Softether provides a Dynamic DNS servers for free. The option is below the Local Bridge button on the main screen. It will give a numerical address (vpn58914XXXXXX.softether.net) or you can create a custom one. Create the dynamic at site A and use it as your “Host Name” at site be when you create your cassacade connection. However set the Dynamic DNS up at both locations. Below is the reason for both

Noob*** I will have to reread it several times before I drive there again (it's a long drive to Site A).

*****Once you get the ports opened and set up you can administer and control both softether bridge and server software Via the “softtether server manager” you just need to know the WAN IP (or the dynamic DNS names created). This is the reason for Dynazmic DNS address at both locations.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Wed Jul 04, 2018 7:22 pm

If you cant get the ports open at SITE A. Do not worry!
You can delete the Bridge software at site B and install the server software at Site B. Leave the Server software at Site A as well.

The only thing that makes the bridge software so called "bridge" is that it is a stripped down version of the server software and does not allow inbound connections. It only allows "Virtual Hub" creation and connects and outbound "cassade" and "local bridge". ( I never use the bridge software) The Server software gives you all options at all locations. Whether you us them is your choice, based on your needs.

I use the server software at all my locations. That way I can create connection in either direction if I need. I have had issues with not being able to see and access various network computers at a remote sites even with all ports opened. I would then disable the Cassade connection going from the remote site back to my local and create a connection the other way( from my local to the remote) and all would work . Its something to do with the way some firewalls work on some routers.
You have to realize the software does not care which way the cassade connection is connected. The "cassade connection" connects two "Vitual Hubs" HUB-Site-A and HUB-Site-B as if it were a long ethernet cable and this connection is VPN encrypted. The "Local bridge" then connects you local network to the Virtual HUB at it's location which are connected to the other Virtual Hub at the other location via the casscade connection.

Local network A<==>Local Bridge<===>Virtual Hub A<===Cassade Connetion(VPN encrypted)===>Virtual Hub B<===>Local Bridge<==> Local Network B


Once you have a sit to site connection working then its just a matter of getting your local bridges set and then traffic flows.

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Mon Jul 09, 2018 9:26 pm

Thank you for the help. I finally drove back to Site A. I port forwarded the SoftEther ports in both pfSense and in the ISP provided DSL modem. I also allowed two-way traffic on pfSense for the same ports. Perhaps it is overkill, but I don't see where it would hurt anything wrt vpn communication.

One question about the SoftEther protocol. I am using Win7 pro x64 and do not see "SoftEther Lightweight Protocol" listed under IPv4 properties.

I unchecked everything under IPv4 at Server site A on the NIC card used for the bridge at A. Perhaps the newest version of SoftEther does not display this protocol? Of course, I left all of the protocol stacks on the internet NIC card.

I plugged everything into a SINGLE switch. Here is what is connected to the switch:

-WAN access coming from pfSense firewall box (LAN output for pfSense)
-NIC1 internet card for Server A
-NIC2 bridged card for Server A
-peripherals such as 2nd computer & voip hardware (not my concern yet until I get the vpn working, but why not hook them up now)

These are all connected into one switch. I have internet access and also checked that the required ports were visible from an external source (port checking websites).

I hope this is correct as it may be a few weeks before I drive to Site A again.

~Noob

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Tue Jul 10, 2018 6:34 pm

@ centered,

I followed your suggestions and now have a cascade connection established from Bridge B to Server A.

However, nothing is working.

I cannot "see" anything on LAN A from computers on LAN B. SoftEther says I am connected when I look under cascade connections. Note: it connected when I used destination hub of vpnxxxx.softether.net but did NOT work when I used vpnxxxx.vpnazure.net even though I set up Server A to use Azure.

What am I missing? Do I have to set up some kind of "viewer" here at LAN B in order to see hardware connected at LAN A? Windows explorer is not finding anything. Before I took the hardware to A, I made sure that Server A was recognized and visible to computers on LAN B. So it is not a matter of network privileges. At least I don't think it is.

So the vpn apparently is connected. Now what? Thank you for any feedback.

~Noob

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Tue Jul 10, 2018 6:48 pm

@ noob,

Did you create the "local bridge" at both locations? ( I assume you are at site B)

If so using the softether server manager connect to your local site B softether server.

Highlight your virtual HUB, Click "manage virtual Hub button", then click "manage sessions" in lower right by the exit button, Than click "IP address table list" at bottom. Do you see any ip address from your remote site A?

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Thu Jul 12, 2018 5:41 pm

No, there are no IP addresses listed there.

The following snippits are all from the BRIDGE computer at Site B.

[attachment=0]SoftEther3.PNG[/attachment][attachment=0]SoftEther3.PNG[/attachment][attachment=1]SoftEther2.PNG[/attachment][attachment=2]SoftEther1.PNG[/attachment]
You do not have the required permissions to view the files attached to this post.

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Thu Jul 12, 2018 5:42 pm

Two more

[attachment=0]SoftEther5.PNG[/attachment][attachment=1]SoftEther4.PNG[/attachment]
You do not have the required permissions to view the files attached to this post.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Thu Jul 12, 2018 6:47 pm

If you would like I could post a contact email so we can correspond directly. Maybe we could do a Team viewer session and I could point you in the direction as I watch you trouble shoot your issue in real time. Unless you have proprietary info one your computers you would not feel comfortable revealing which I completely understand. I would only want to post the email briefly and then take it down.
It seems your very close but still something is wrong. I looked at my own setup and I have Packet data entries showing in some areas that you still have zeros showing.

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Fri Jul 13, 2018 1:44 am

Centered,

That is a very generous offer that I may take you up on. But before that, I have another idea that I am going to try.

I have an extra PC at each site. I am going to take the spare NIC cards and put them in these machines. Then I am going to make the spare at B the Server and the spare at A the Bridge. Perhaps the different motherboards/chipsets/no-quad-port-nic/no-double-nat-server setup will have better luck communicating.

I assume to uninstall SoftEther on the current machines all that I have to do is double click uninstall under Windows control panel, correct? Or is there a more elaborate unistall sequence? Do I have to do something special to delete the bridges?

It will be a few weeks before I get back to Site A to try this different setup.

~Noob

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Fri Jul 13, 2018 5:29 pm

I am wondering if I installed incorrectly at both locations.

On both computers I did NOT see SoftEther Light Protocol listed on the protocol stack where IPv4, client for MS networks, etc are listed on the NIC properties.

On both computers I removed all protocols on the bridged NIC before I installed SoftEther. I am wondering now if I should have left them alone, installed, then removed protocols after the install. Perhaps that makes a difference.

Also, for the Hub at each location, during install I set the hub destination to "localhost" or to the IP address of the NIC card handling the internet for that machine. I assume this is correct. I was following some guy on YouTube's install. I used the IP address of the internet NIC on each respective machine.

I just don't want to make the same mistakes with a second attempt. Any ideas why my initial install is connecting but not working?

~Noob

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Fri Jul 13, 2018 5:45 pm

There should be the light protocol, Did you use the latest version download? I don't think the older version had it. I only noticed it recently after updating but I could be wrong and just never noticed it.

Update: I loaded the server software on a WINDOWS 7 Machine which is what I ran it on for years and it does not install the Light adaptor. I confirmed it works without as I casseded to my off site server. It must be a Modern Win server 20012 2016/ WIN 10 thing.

Are you using WIN 7 machines? If so It most likely will not have the light adapter but should still work.

"Local host" do you mean when you launch the server manager you see local host as your option?

FYI: I noticed you keep saying you have to drive a long way to Site A. You can configure all setting on the SoftEther VPN server at site A remotely using the Server manager at site B or anywhere for that matter. All that is needed is to know site A's WAN ip address or the dynamic VPNxxxxxx.softether.net name which you know because you are using it for the cassade connection. You also need the open port number and admin password. See the pic # 1 below. The top 2 servers are off site servers I manage remotely.
Localhost is the local machine ( this can also be the IP address of the localhost which is what I think you meant you changed as the video suggested)
You do not have the required permissions to view the files attached to this post.
Last edited by centeredki69 on Sat Jul 28, 2018 9:46 pm, edited 1 time in total.

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Sat Jul 14, 2018 7:50 am

Yes, they are both Win7 machines.

When I first install SoftEther it asks to set up the Hub. For the hostname I put the internal IP address of the NIC card that accesses the internet (coming from the LAN of pfSense). For example, at Server A the pfSense LAN is 192.168.1.xxx. I assigned the Server machine a static IP of say 192.168.1.5. This is the number that I put in for the Server A hostname for hubA.

Likewise, at Bridge B I also have pfSense assigning to the LAN 192.168.1.xxx, making sure that nothing has overlapping IP's. When installing SoftEther at Bridge B I put in the Bridge B computer static IP of say 192.168.1.2 in the box for the hostname of the hubB.

I did not use the WAN IP as it is dynamic from the ISP in both cases and both computers sit behind a pfSense firewall.

By default during install the hostname on SoftEther was set to localhost. Should I have left it as "localhost" during the install instead of using the internal IP?

When assigning the dynamic DNS hostname on the server A, SoftEther assigned a vpnxxxx.softether.net hostname, and in the summary info it showed the true global WAN IP address from the ISP at A. So it was smart enough to know the true, public IP from the ISP at A.

At Bridge B for the vpn connection I put in the vpnxxxx.softether.net hostname of A and the virtual hub name of hubA. I created a user at Server A and used these credentials for the cascade connection from Bridge B to Server A.

Like I stated earlier, I bubbled the radio button for AZURE.net at Server A. But the cascade connection would not work using the azure hostname. Instead, the screenshots above and connection were using the vpnxxxx.softether.net hostname.

I am wondering if somehow in network-never-never-land it was able to connect via vpnxxxx.softether.net but was expecting other information over vpnxxxx.vpnazure.net. As I understand Azure, it simply initiates the connection info wrt dynamic IP addresses and then its job is over. It doesn't proxy any of the actual communications, but simply acts like a telephone book to keep track of the IP addresses and let everyone know where everyone's current IP location is.

To further complicate matters, the DSL modem at A did not have a "port-forward" option like the pfSense firewalls do. Instead it had a "port trigger" function (which requires an internal LAN application to initiate the communication) and a "virtual server" function that reroutes packets from the WAN to a specific IP for specific ports. This latter "virtual server" is what I used. I set the input and output ports the same for those ports needed by SoftEther, and sent them to the WAN input IP for the pfSense box.

Example, pfSense WAN is dynamically assigned 192.168.2.10 by the DSL modem which I do not power off or change ethernet port/plug it is plugged into. In my logic that should be the same as "port forwarding" the WAN packets on those ports through the DSL modem to the WAN of pfSense. Then pfSense port forwards those again to the pfSense LAN.

So, that "virtual server" thing may not be working as I think it does.

In any case, I believe that I will try to reverse the topology of my vpn connection. I am going to use a different machine to host the Server at B and use a different machine to initiate the cascade connection as Bridge at A. That way it is the Bridge, not the server, behind the double NAT. I should be able to "undo" the virtual server at DSL modem A. I can then port forward the SoftEther ports at pfSense A. And with some luck it may work better that way.

My biggest questions are glaringly simple and noob. When I first create the hubs at each location, for the hostname do I use the internal IP of the internet NIC of that machine, respectively? The second NIC does not concern me. I simply choose it as the Bridge, remove IP and protols from it, and plug it into the same switch as everything else. At least this is what I have gained from the previous replies in this post.

My understanding:

-Make hub at A, hub bridges a dedicated NIC and uses second NIC's IP to make a virtual, local hub at A
-repeat above at B to make a virtual, local hub at B
-initiate vpn cascade connection from one hub to the other hub

This is how I interpret what is going on.

~Noob

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Tue Jul 17, 2018 3:15 pm

Hello Noob,
NOOB-When I first create the hubs at each location, for the hostname do I use the internal IP of the internet NIC of that machine, respectively?
Creating Virtual HUBS only requires you to give it a Virtul HUB name , user and password.

Do you mean when you first connect the newly installed Server/Bridge using the Server Manager?

Answer: When you install the" server" or "Bridge" software on a machine the "server manager" also installs by default. When you launch the "server manager" the first time it assumes that you are launching it on the machine you just installed a server on so it give you LOCALHOST. However you can enter the ip address of that machine instead. ( I leave mine as Local host in case I change the static IP address on the machine the server manager still finds it as it is the LOCALHOST). That same "Server manager can also manage other SE "servers" and "bridges" Meaning it can manage the LocalHost and for instance the SE "server" or "Bridge" at your Site A location.

The Server Manager Is not the Server or Bridge software. It is a connector/managment tool that allows you access to 1 or many SE "servers or bridges" to manage. It can be installed as a stand alone manager even without installing the server or bridge.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Tue Jul 17, 2018 3:39 pm

INSTALL THE SERVER SOFTWARE AT BOTH LOCATIONS ( DO NOT USE THE BRIDGE AS IT HAS FEWER OPTIONS)
Leave it as"local host" if the the server manager is on the same machine the server is running. But it will work with the IP also.

SITE B:::NO DOUBLE NAT HERE::: 1) Log into localHost 2) MAIN SCREEN- Create Virtual HUB give it a name HUB-B 3) Create "Local Bridge"connecting dedicated NIC( NO PROTOCOLS) with HUB-B 4)Manage HUB-B & create a user and password That site A will use to connect

SITE A::::: 1) Log into localHost 2) Create Virtual HUB give it a name HUB-A 3) Create "Local Bridge"connecting dedicated NIC( NO PROTOCOLS) with HUB-A 4)Manage HUB-A & create cassade connection going to Sites B's VPNxxxxx.softether.net using the above username and password. initiate the cassade connection

I cant get VPNxxxxxvpnazure.net to work either

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Mon Jul 23, 2018 9:04 am

Yes,

That is exactly what I was curious about.

I plan to try this over the next few days. I will set BOTH sites up as servers then. And I will leave BOTH sites set to localhost.

Hopefully this second attempt will do the trick. Thank you for the advice.

One question: Do you remove the protocols from the bridge NIC BEFORE or AFTER installing SoftEther and making the virtual hub?

Last time I removed them before I installed. Does it matter? If I do not remove them right away will the vpn still work?

~Noob

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Mon Jul 23, 2018 2:19 pm

@centered,

Before I drive back to site A, I decided to set up a new server at B (non-double-NAT, where I currently am) on a different PC with a different bridge NIC (Intel Pro, works fine). I connected to site A which is still up and acting as a server as well. It says that the cascade connection is established. And, unlike the original "bridge" computer at B, this other PC here at B running SoftEther server shows more traffic instead of 0's everywhere.

However, it still does not show any of the remote IP addresses under "manage sessions".

Is there something extra that I am missing? Should the remote computers in LAN A show up in Windows Explorer or do I need to set up some extra software to actually "use" the vpn?

I plan to set up a different server at A on a different PC with a different NIC bridge (Intel Pro) later today.

What exactly should I be seeing in order to interact with the remote LAN? I simply assumed that once the vpn was established that other computers would show in the Network under Windows Explorer.

~Noob

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Mon Jul 23, 2018 6:02 pm

Hi NOOB,

Is really doesn't matter
The way I do it is I Install the software first, then remove the protocols from the one I intend to use for the LOCAL BRIDGE. I then rename it as something Like SE local Bridge This is all done in the WIndows network adapter settings.

This is only so I can identify it easily in the "LAN Adapter" drop down when creating the local Bridge in in the SE software. This is just a personal preference.

Meaning if I have 2 REALTEC or 2 INTEL NICs installed on the machine it is sometime hard to distinguish which one to choose in the dropdown ( the one with out protocols)

I then finish setting up all the stuff in the SE software.


Good Luck

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Mon Jul 23, 2018 8:23 pm

Okay partial success.

I am at Site A now. I installed SoftEther Server on a different PC here. I made a cascade connection to the new Server B. It connected. It shows the correct IP of both Server A and Server B under the SoftEther "manage session IP tables".

I opened Windows Explorer network icon on the left pane of Windows Explorer and at first it showed nothing. So I typed the computer name of B (I am at A) in the location space \\ServerB-PC for example.

It did not do anything. But then it showed both computers, A and B, under the network on the left-panel of Windows Explorer. I clicked on B, which would be the remote from my current location.

It eventually asked for username and password. I put in my Windows username and password for that machine. But then it did nothing. So I restarted this Server A several times.

Now, the network under Windows Explorer doesn't show anything, not even Server A which is what I am on.

Win7 has always been cantankerous with showing networked computers using Windows Explorer. I also tried typing in the IP address of Server B but it tried to access it from Firefox like a router, which of course did not work.

So now I apparently have a vpn connection from A to B, but stupid Windows won't show the computers.

I pinged the IP of Server B using the Windows Console Ping command from here at Server A. It sent 4 packets and lost 1. So I assume that means the vpn is working, at least in part.

Any suggestions?

~Noob

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Tue Jul 24, 2018 12:29 am

UPDATE: 75% success

I am now back at Site B. Before leaving Site A I set up cascade connection to B. I was having difficulties seeing Server B in Windows Explorer on Server A.

Here at Site B I am able to see Server A and the VOIP hardware at both locations. The VOIP hardware is communicating and working, but the voice is choppy.

When trying to access Server A's Desktop the vpn is very slow. Eventually it tells me that I do not have permission to access it and contact the system admin (me of course). I swear I had that PC set up to accept network connections. I checked before taking it up to Site B.

So, the vpn appears to be easier to manage from Site B, which is now the official "central server". However, it seems very slow. And I'm not sure what Win7 settings I need to change to allow access to the Server A Desktop. I removed the double-port-forward at Site A, since that server is the one calling out to B. Would resetting it to double-port-forward improve throughput?

When I ping B's IP from A, sometimes it times out for all 4 packets, sometimes it loses 1, sometimes it loses 2, and sometimes it receives all 4 with 0% loss. Site A is DSL with 30M down, 6M up and Site B cable with 100M down, 10M up. Is this not sufficient for the vpn? Is the VOIP choppiness and slowness of the vpn due to the upload speeds?

~Noob

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Tue Jul 24, 2018 8:59 pm

ONE MORE NOOB QUESTION:

I am sitting in front of Server B and, of course, I am able to change the Virtual Hub B extended options. How can I change these extended options on Virtual Hub A without actually physically driving there?

~Noob

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Tue Jul 24, 2018 11:08 pm

You can create a new setting on Site B's SERVER MANAGER but you will need the WAN ip address of SITE A unless you enable the DYNAMIC DNS option at that location then you can use site A's vpnxxxx.softtether.net. On Site B's where you see localhost Server Manager Hit new settings enter IP address or Dynamic hostname(VPNxxxSoftether.net) and credentials. Note this might not work as you stated you closed the double port forward. ( I would leave the forward enabled for just this reason) as well as it gives clients the ability to connect directly to Site A. It still might connect VIA NAT-Transversal
Or
If the cassade bridge it up you can use the SERVER MANGER at site B. Hit new settings enter SITE A local IP address and credentials. This is the same as above but you are traveling through the VPN cassade tunnel to get to the other server not the regular internet. Be careful if you do some thing to drop the cassade you might not be able to get it to connect again until you travel.
OR
You can remote desktop into SITE A server if you enabled it on that WIN 7 machine and launch the SERVER MANAGER on that PC. If cassade is up.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Tue Jul 24, 2018 11:11 pm

I answered your post but you will not get it for 3 days. I don't understand why they have post restriction on this forum. It makes it impossible to help someone with the delayed response. They need to open private messaging.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Tue Jul 24, 2018 11:15 pm

Old post Might help in the mean time
You can configure all setting on the SoftEther VPN server at site A remotely using the Server manager at site B or anywhere for that matter. All that is needed is to know site A's WAN ip address or the dynamic VPNxxxxxx.softether.net name which you know because you are using it for the cassade connection. You also need the open port number and admin password. See the pic # 1 below. The top 2 servers are off site servers I manage remotely.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Tue Jul 24, 2018 11:16 pm

The Server Manager Is not the Server or Bridge software. It is a connector/managment tool that allows you access to 1 or many SE "servers or bridges" to manage. It can be installed as a stand alone manager even without installing the server or bridge.
You do not have the required permissions to view the files attached to this post.

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Wed Jul 25, 2018 10:33 pm

Thanks,

I'll give it a shot. Right now the vpn is so slow that the VOIP hardware is pretty much useless. It works, it is connected. But the performance is terrible. I can imagine Remote Desktop access will have similar performance.

~Noob.

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Thu Jul 26, 2018 12:50 am

What kind of mili seconds are you getting when you ping something at the other location?
Also if you can create a user on the Site A hub you and use The SE client software at Site B to connect to the Site A location and and see if the ping results differ.
The client Might connect via NAT-T but most likely the ports at site A will need opened. (Which will also help with connecing with the Server manager).This is for trouble shooting I know this is not your perminate solution.
You might want to turn offline the HUB B to offline when trying this to make sure you are going out the client. When you turn it back on Site A Cascade will auto reconnect.
I ran a similar set up using a DSL 6mb down and 1mb up casscading to a Cable 75mb down and 10mb up 750 miles apart. Remote desktop only had a little lag. So something is still is not correct.

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Sat Jul 28, 2018 9:21 pm

@centered,

Update: Success! All of my computers and VOIP hardware at both sites can see eachother.

I disabled Udp acceleration and basically anything dealing with IPv6 under the Hub Extended Properties at both sites. It seems to have helped and the VOIP is not as choppy. My remote desktop software has acceptable framerates being sent between the two sites.

Thanks for the help. It is greatly appreciated.

~Noob

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Sat Jul 28, 2018 9:46 pm

The disable UDP acceleration was going to be one of my next suggestions. I was waiting to see what your MS ping times were. I had to disable the UDP acceleration once when I was running an older version of PFsense, But I noticed my transfer speeds were not as fast as with it enabled. However I was able to re-enable it later after upgrading to the most recent version of PFsense. Don't ask me why I never figured it out. I was told that some firewalls deal with packets differently.
MY OLD POST ABOUT PFSENSE
http://www.vpnusers.com/viewtopic.php?f ... 479#p21479

FYI: you can also disable UDP acceleration on the advanced setting of the casscade connection. There is a checkbox. That is how I did it.
I didn't realize it could be done in extended properties. So you just taught me something new.

I'm glade your set up is working now. Good luck to you.

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Sun Aug 05, 2018 8:30 pm

One last question:

I am trying to change the number of concurrent TCP connections to a value other than 8.

I have looked everywhere at both Site A and Site B SoftEther servers/hubs/cascade/sessions, etc. connections. The SoftEther online manuals are definitely referring to previous versions of SoftEther when describing the advanced tweaking features. I cannot find out anywhere how to change the number of parallel connections to anything other than the default of 8 using the latest SoftEther release.

There is an optimization tool installed with SoftEther that allows some TCP properties such as maximum packet size to be adjusted. But it does not allow for more than 8 (or less than 8) parallel TCP connections.

The reason I ask is because the vpn seems to be asymmetrical. In one direction the frame rate is great using remote-desktop softwares. The IP cameras can be viewed with almost the same frame rates as being directly in front of the remote computer. The other way, however, is much more choppy and laggy using the same remote-desktop softwares in the "reverse" direction (cameras at both locations). It works, but just not as fast.

I suspect that the upload speeds of the slower, DSL end may be influencing this quite a bit. But I wanted to see if adding more TCP channels might improve it a bit.

Thanks again for all the help.

~Noob

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Fri Aug 10, 2018 7:23 pm

MODERATORS:

You instantly allow spam posts but real posts that need answers take many days to post. Please either moderate the forum or change the format to unmoderated. I asked a follow-up question over a week ago and it has yet to post. I reported the post above as spam over a week ago as well.

~Noob

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Sat Aug 11, 2018 6:25 pm

Noob,
I was thinking the exact same thing.

I posted a comment on the VPN-Gate forum area and it took over a month before it was viable.

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Fri Aug 17, 2018 7:55 pm

Centered,

Thank you for continuing to monitor this post. If I keep my question short it should post immediately. How do I increase the number of parallel TCP channels using the latest version of SoftEther? Currently the default is 8 and there is no way to change it. Online instructions for advanced features do not apply to this latest SoftEther release. The included TCP tweaking tool changes the packet sizes but not the number of simultaneous TCP channels. The vpn is fine, but a bit laggy in one direction, not laggy in the other direction.

~Noob

centeredki69
Posts: 329
Joined: Wed Sep 18, 2013 1:49 pm

Re: Please help me set this up

Post by centeredki69 » Sat Aug 18, 2018 7:50 pm

Hello Noob,

I am able to change mine by editing the cascade connection look under "advanced settings" . The drop-down looks grayed out but I can still choose up to 32 TCP connections. I'm not sure if it is doing anything to improve my connection though. (Ver 4.27, Build 9668, beta)

NoobNeedsHelp
Posts: 26
Joined: Thu Jun 14, 2018 7:45 pm

Re: Please help me set this up

Post by NoobNeedsHelp » Mon Sep 17, 2018 5:53 am

Sir,

Sorry for the late reply. Thank you for your help. I was able to find the number of TCP connections under Manage Cascade Connections, highlighting the cascade that was connected, clicking Edit, then selecting Advanced Options. Note to other readers: this only works on the computer that is initiating the connection.

It took many, many remote reboots and tweaking of setting to re-establish the vpn (almost a full day). Now I have bumped up the number of TCP connections above 8. SoftEther seems to be very, very picky about what numbers you choose. Example: 12 didn't work at all no matter what I tried, 18 worked fine, 24 connected but did not transmit any traffic.

It seems to have helped the lag. But I would not suggest anyone do it if they are in a hurry or if the vpn needs to stay up. I lost the vpn repeatedly while tweaking the numbers. Now, everything is up and running about as fast as I can get it given the upload constraints of my DSL provider.

You're a great guy. Thanks for the help. Mods, you may close this thread if you choose.

~Noob

Post Reply