Hi,
I've just discovered Softether and before going on working on I would like to check if the following architecture can be done :
- SoftEther VPN Server on Windows 2016 Server (Azure VM)
- Remote network connected over plain IPSEC VPN (Firewall Sonicwall)
Main thoughts:
- Promiscuous mode not supported on Azure, so may be SoftEther not working ?
- SoftEther on Windows 2016 package offered on Azure marketplace , so seems possible to install however ?
- SoftEther Azure VPN Relay : useful in my case ?
Thank you for your hints.
PM.
SoftEther VPN server on Azure Windows VM, possible ?
-
- Posts: 3
- Joined: Thu Mar 05, 2020 11:29 am
-
- Posts: 329
- Joined: Wed Sep 18, 2013 1:49 pm
Re: SoftEther VPN server on Azure Windows VM, possible ?
- SoftEther VPN Server on Windows 2016 Server (Azure VM) ***** This will work fine
- Remote network connected over plain IPSEC VPN (Firewall Sonicwall) ****** This should work if you enable the IPSEC option on the "SE server"
- Promiscuous mode not supported on Azure, so may be SoftEther not working ? ***** You will need to enable and use the "SecureNAT" feature and NOT" local bridge"
- SoftEther on Windows 2016 package offered on Azure marketplace , so seems possible to install however ? ***** I install from the Official SE Website
- SoftEther Azure VPN Relay : useful in my case ? **** SE Azure is only need if you are restricted from opening/forwarding firewall ports. It is called "AzureVPN" because SoftEther choose to host their free relay services on "MS Azure servers" when they created the software. Not a requirement but can be used. https://www.softether.org/4-docs/2-howt ... .VPN_Azure
- Remote network connected over plain IPSEC VPN (Firewall Sonicwall) ****** This should work if you enable the IPSEC option on the "SE server"
- Promiscuous mode not supported on Azure, so may be SoftEther not working ? ***** You will need to enable and use the "SecureNAT" feature and NOT" local bridge"
- SoftEther on Windows 2016 package offered on Azure marketplace , so seems possible to install however ? ***** I install from the Official SE Website
- SoftEther Azure VPN Relay : useful in my case ? **** SE Azure is only need if you are restricted from opening/forwarding firewall ports. It is called "AzureVPN" because SoftEther choose to host their free relay services on "MS Azure servers" when they created the software. Not a requirement but can be used. https://www.softether.org/4-docs/2-howt ... .VPN_Azure
-
- Posts: 3
- Joined: Thu Mar 05, 2020 11:29 am
Re: SoftEther VPN server on Azure Windows VM, possible ?
Thank you for these details.
I've just given a try to SoftEther on Windows 2016.
It seems that plain IPSEC (IKEv2 IPSEC site to site tunnel with Sonicwall) is not really supported, rather than L2TP/IPSEC.
I managed to get IPSEC phase 1 going through, but no more.
Configuration seems to insist on having username/password to authenticate connection, but an IPSEC
tunnel is based on other parameters to identify the client side (IKE ID, IP, authentication protocols,...).
Logging is also a bit limited to be able to debug what's going on.
If you (or someone else) have some hints, they are welcomed.
Thank you.
PM.
I've just given a try to SoftEther on Windows 2016.
It seems that plain IPSEC (IKEv2 IPSEC site to site tunnel with Sonicwall) is not really supported, rather than L2TP/IPSEC.
I managed to get IPSEC phase 1 going through, but no more.
Configuration seems to insist on having username/password to authenticate connection, but an IPSEC
tunnel is based on other parameters to identify the client side (IKE ID, IP, authentication protocols,...).
Logging is also a bit limited to be able to debug what's going on.
If you (or someone else) have some hints, they are welcomed.
Thank you.
PM.
-
- Posts: 3
- Joined: Thu Mar 05, 2020 11:29 am
Re: SoftEther VPN server on Azure Windows VM, possible ?
After some thoughts and tries, I don't think this IPSEC configuration would ever work between Sonicwall and SE.
I end up setting up a Linux VM on Azure side, with strongswan installed.
Worked immediatly...
PM.
I end up setting up a Linux VM on Azure side, with strongswan installed.
Worked immediatly...
PM.