About VPN Azure

Post your questions about VPN Gate Academic Experiment Service here. Please answer questions if you can afford.
Post Reply
Nindya
Posts: 7
Joined: Tue Sep 30, 2014 12:16 pm

About VPN Azure

Post by Nindya » Sun Nov 30, 2014 3:30 am

Hi, I'm new in this VPN Azure of Softether thing
Can I get a full paper of how VPN Azure of Softether work ?

Thank you

acampeau
Posts: 32
Joined: Mon Dec 01, 2014 2:09 am

Re: About VPN Azure

Post by acampeau » Mon Dec 01, 2014 2:15 am

Have you seen http://www.vpnazure.net ?

Basicly, it uses a relay to open NATs on the server and clients.

Here's my explaination as far as I know.

In detail? When setup, the server keeps a constant "keep-alive connection" to the relay server. When a client connects to a server (via XXXXX.vpnazure.net) the relay server ask the vpn server via the already existing connection to have an open "user" port for the client. The server replies with a port (usually in the range of 50000+).

The relay send the port to the client and the connection is made without the need for open port, but the "keep-alive connection" is requiered for the relay to ask the open port to the server.

As the port keeps changing, traffic is send regularly to the relay server to obtain the new port.

Nindya
Posts: 7
Joined: Tue Sep 30, 2014 12:16 pm

Re: About VPN Azure

Post by Nindya » Mon Dec 08, 2014 5:07 am

I'm still a little bit confuse about how can it penetrate firewall

I read this line
'Can work behind NAT or Firewall.
(No need to open a TCP or UDP port on the firewall by admin.)'

Can you explain this, please ?

BoredAus
Posts: 115
Joined: Sun Nov 23, 2014 3:29 am

Re: About VPN Azure

Post by BoredAus » Wed Dec 17, 2014 9:15 am

The presumption with no need to open TCP/UDP ports on the firewall or NAT is to do mainly with the fact that the communication is masked as SSL traffic. That added with the fact that the server is normally run on port 443 which is HTTP-SSL traffic which are generally not filtered by firewalls because one could be doing things like internet banking, using Gmail or doing whatever HTTP securely. It is basically masked as HTTPS traffic even if one tries to examine the traffic and that you are connected to virtually the same IP i.e. same server IP and not visiting to whatever random site that you are otherwise prohibited to visit and thus also allows you access to resources from within a corporate firewall environment, or home environment, wherever you set your VPN Azure server as.

So if a firewall does block every known TCP and UDP ports there are available which is obviously stupid as virtually no traffic would flow in, out or through it other than ICMP and maybe IGMP then VPN Azure would definitely not work. The point with VPN Azure is really to make use of SSTP which firewalls normally do not block and probably are not easy to block.

The screenshots as well as the link acampeau stated clearly mentioned the use of SSTP and with a bit of research shows this:
https://www.bestvpn.com/blog/4147/pptp- ... n-vs-sstp/

Also wikipedia has information about SSTP as well. Besides, I think this thread should probably go into the SoftEther VPN section considering that it may have more views on this as well as the fact that VPN Gate != VPN Azure. VPN Gate filters host's internal network so things like network shares or remote access to a machine are inaccessible to the VPN Gate client whereas VPN Azure allows access of such things as well as external connectivity. Personally VPN Azure is much like VPN Gate in terms of communication methods except potentially that: Azure uses SSTP only presumably, Azure allows access to VPN host's internal resources.

Post Reply