SoftEther VPN User Forum

SoftEther VPN User Forum
https://www.vpnusers.com/

The built-in NAT Traversal "Punched Hole" explanation

https://www.vpnusers.com/viewtopic.php?f=7&t=61830

Page 1 of 1

The built-in NAT Traversal "Punched Hole" explanation

Posted: Mon Aug 27, 2018 1:38 pm
by ercole77
Hi all
a newbie question: i've set my Softether VPN server in a NAT traversal configuration, so i didnt forward any port.
VPN client connects without any problem and its working great, anyway i have some question about security:

- Is punched hole using an intermediary server to work?
- What is this server?
- What are possible security implications about this server used as intermediary?

Thank you very much for your replies

Re: The built-in NAT Traversal "Punched Hole" explanation

Posted: Tue Aug 28, 2018 10:13 am
by cedar
- Is punched hole using an intermediary server to work?

Yes

- What is this server?

It is a dedicated Web service to synchronize the transmission of UDP packets.
The service is operated by SoftEther corp. in Japan.

- What are possible security implications about this server used as intermediary?

SoftEther corp. can know which client is trying to connect to which server.
Services other than VPN Azure and VPN Gate don't leak communication contents to SoftEther corp.
SoftEther corp. may submit logs in response to a request from a judicial agency.

Re: The built-in NAT Traversal "Punched Hole" explanation

Posted: Thu Aug 30, 2018 5:48 am
by ercole77
Hi Cedar
thank you very much for your kind explanation.
My concerns are about possible data leaks or intrusion using the punching hole through the firewall.

Re: The built-in NAT Traversal "Punched Hole" explanation

Posted: Thu Aug 30, 2018 5:54 am
by cedar
If the firewall is not prohibiting access from the LAN to the Internet like a web access, there is a possibility of leakage of information irrespective of UDP hole punching.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/