Necessary ports for Softether

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
zwingler
Posts: 3
Joined: Sun Dec 30, 2018 10:32 am

Necessary ports for Softether

Post by zwingler » Sun Dec 30, 2018 11:27 am

Hello,

I set up a VPN with softether on Layer 3 as described.
First it did not work probably. Ping was working 5 or 6 times then timeout and then working agian... and so on...

Then I opened completely my Firewall on google where my softether vpn server is located. Then it works perfect.

afterwords I reduced the firewall ports opend to tcp 5555 and udp 40000-65535. Everything is still working fine...but without udp open it is working bad again as described above.

Now my question: What ports has to be open for softether to work properly? Are they fix oder dynamic.
in documentation I only found something on the standard tcp ports... but without udp ports it is not working.

Any suggestions?

Thanks, Herbert

zwingler
Posts: 3
Joined: Sun Dec 30, 2018 10:32 am

Re: Necessary ports for Softether

Post by zwingler » Sat Jan 19, 2019 2:43 pm

Does noone has the correct ports for softether? Unbelievable...

ksuuk
Posts: 2
Joined: Sat Jan 19, 2019 8:19 am

Re: Necessary ports for Softether

Post by ksuuk » Sat Jan 19, 2019 10:33 pm

From https://www.softether.org/4-docs/2-howt ... VPN_Server

"If your SoftEther VPN Server is behind the NAT or firewall, you have to expose the UDP port 500 and 4500. On the NAT, UDP 500 and 4500 should be transferred to the VPN Server. If any packet filters or firewalls are existing, open UDP 500 and 4500 ports."

If Your server is running on linux, then You can check what ports vpnserver is listen with command netstat -alnp | grep vpnserver, mine result is:

tcp 0.0.0.0:5555
udp 0.0.0.0:9601
udp 127.0.0.1:4500
udp external_ip:4500
udp 0.0.0.0:48048
udp 0.0.0.0:55357
udp 0.0.0.0:56523
udp 127.0.0.1:500
udp external_ip:500

So I'd say, that udp 500 and 4500 are correct ports.

zwingler
Posts: 3
Joined: Sun Dec 30, 2018 10:32 am

Re: Necessary ports for Softether

Post by zwingler » Sun Jan 20, 2019 10:31 am

Thanks for your answer...

I saw this while implementing. But ist is not working with udp 500 and 4500 only...

I tried again and it failed...

I switched back to tcp 5555 and udp 40000-65535. Then it is working well again.

Only if I make a firewall rule with this ports it is possible to ping systems on remote site...

so the problem still the same... I have to open many many ports...

Can we specify it more precisely? in your list are also many ports above 40000 udp...

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Necessary ports for Softether

Post by thisjun » Thu Feb 21, 2019 6:27 am

UDP acceleration uses an ephemeral port which is provided by socket API.
So, used port depends on the environment.
I think you should disable UDP acceleration.

Post Reply