Hello,
I'm curious about a few things about SoftEther VPN.
1.
What exactly is the nat-traversal technique used in SoftEther VPN?
I've been browsing through the website a little and if I remember well, I've found reference to Hole punching, but I don't understand how the server can punch a hole into the NAT for any incoming connection.
According to some documentation I found here: https://www.usenix.org/legacy/event/use ... d/ford.pdf,
the hole has to be specifically opened towards the (ip,port) of the client attempting to connect to the SoftEther VPN, and therefore it cannot be done without an external "Rendez-vous" server.
Can someone explain me how things runs in SoftEther VPN?
2.
2.1. Is there an option to explicitly enable/disable NAT-Traversal inside vpn_client.conf?
2.2 Is NAT-T enable by default?
2.3 If yes(2.2), should I add "/tcp" at the end of the server hostname to disable it as suggested by the Windows GUI?
3.
3.1. Is VPN Azure related with the hole punching method and/or the nat-traversal technique used in SoftEther VPN?
3.2 If yes(3.1), can it be used to create direct tunnels from client to server without relaying every packet
on the vpnazure servers (and thus avoid a potential extra latency)
4.
4.1. Is VPN Azure Server open source?
(Cedar/AzureServer.c is emtpy ...)
4.2. If no(4.1) , is it intended to stay closed in the future, or is it temporary?
5.
Is VPN Azure related to Microsoft Azure cloud services or is it just a coincidence if they are called by the same name?
EDIT:
6.
Is there a way to run a script automatically when the client service has created the virtual interface in Linux
(i.e. can I do something like:
...
declare UnixVLan
{
declare vpn
{
bool Enable true
bool MacAdress 00:AC:....
string UpScript "ifup vpn_vpn" # IS THERE SUCH AN OPTION or an equivalent ?
}
}
...
)
I may have made some mistakes with my english, just ask if there is something that you don't understand.
Thank you.
Nat traversal and other questions.
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Nat traversal and other questions.
> 1.
> According to some documentation I found here: https://www.usenix.org/legacy/event/use ... d/ford.pdf,
> the hole has to be specifically opened towards the (ip,port) of the client attempting
> to connect to the SoftEther VPN, and therefore it cannot be done without an external
> "Rendez-vous" server.
There is "Rendez-vous" server.
> 2.
> 2.1. Is there an option to explicitly enable/disable NAT-Traversal inside vpn_client.conf?
Yes.
To disable, add "/tcp" after server host name.
> 2.2 Is NAT-T enable by default?
Yes.
> 2.3 If yes(2.2), should I add "/tcp" at the end of the server hostname to disable
> it as suggested by the Windows GUI?
Yes.
> 3.
> 3.1. Is VPN Azure related with the hole punching method and/or the nat-traversal
> technique used in SoftEther VPN?
VPN Azure doesn't need hole punching method. However this is another NAT-T technique.
> 3.2 If yes(3.1), can it be used to create direct tunnels from client to server without
> relaying every packet
> on the vpnazure servers (and thus avoid a potential extra latency)
If your server can use NAT-T, you can create direct tunnel when you use VPN Azure.
> 4.
> 4.1. Is VPN Azure Server open source?
> (Cedar/AzureServer.c is emtpy ...)
No.
> 4.2. If no(4.1) , is it intended to stay closed in the future, or is it temporary?
I don't know.
> 5.
> Is VPN Azure related to Microsoft Azure cloud services or is it just a coincidence
> if they are called by the same name?
No.
> EDIT:
> 6.
> Is there a way to run a script automatically when the client service has created
> the virtual interface in Linux
> (i.e. can I do something like:
> .
A interface automatically up when VPN connect.
Try to use any daemon which detect interface up.
> According to some documentation I found here: https://www.usenix.org/legacy/event/use ... d/ford.pdf,
> the hole has to be specifically opened towards the (ip,port) of the client attempting
> to connect to the SoftEther VPN, and therefore it cannot be done without an external
> "Rendez-vous" server.
There is "Rendez-vous" server.
> 2.
> 2.1. Is there an option to explicitly enable/disable NAT-Traversal inside vpn_client.conf?
Yes.
To disable, add "/tcp" after server host name.
> 2.2 Is NAT-T enable by default?
Yes.
> 2.3 If yes(2.2), should I add "/tcp" at the end of the server hostname to disable
> it as suggested by the Windows GUI?
Yes.
> 3.
> 3.1. Is VPN Azure related with the hole punching method and/or the nat-traversal
> technique used in SoftEther VPN?
VPN Azure doesn't need hole punching method. However this is another NAT-T technique.
> 3.2 If yes(3.1), can it be used to create direct tunnels from client to server without
> relaying every packet
> on the vpnazure servers (and thus avoid a potential extra latency)
If your server can use NAT-T, you can create direct tunnel when you use VPN Azure.
> 4.
> 4.1. Is VPN Azure Server open source?
> (Cedar/AzureServer.c is emtpy ...)
No.
> 4.2. If no(4.1) , is it intended to stay closed in the future, or is it temporary?
I don't know.
> 5.
> Is VPN Azure related to Microsoft Azure cloud services or is it just a coincidence
> if they are called by the same name?
No.
> EDIT:
> 6.
> Is there a way to run a script automatically when the client service has created
> the virtual interface in Linux
> (i.e. can I do something like:
> .
A interface automatically up when VPN connect.
Try to use any daemon which detect interface up.
-
tomtix
- Posts: 14
- Joined: Wed Jul 15, 2015 9:41 am
Re: Nat traversal and other questions.
Thank you for your helpful answer.