Data bandwidth and data size

[dustyFan19]

Hello,

I am setting up a work-from-home system for 9 staff members. I have successfully set up Softether to be used as our VPN connection to the office main server.

My question is: should we be concerned about data-usage and data transfers between our office server and client machine? I am thinking "yes" (and have instructed the staff to be aware of this), as I believe we are using Softether's freely-provided hardware to be the junction-point for communications and data transfers. Would I be incorrect in this assessment?

Of course, it would be great if we did not have to worry about data size and bandwidth. I would just like confirmation, or correction, to my assumption. Our work involves sometimes gigs-and-gigs worth of data, so I am erring on the side of caution. I don't want to stress any Softether-provided hardware and fall victim to a possible shut-out by the Softether admins.

Thank you.

[OliverTejada]

The only thing you can remotely stress, is the maximum egress bandwidth allowed by your ISP at the office, but softether itself will handle anything you throw at it just fine. It's ok to educate your remote workers to be gentle with the usage, as it may ruin other workers' remote experience due to the maximum upload bandwidth being shared with everyone, causing ocassional slowdowns to the other remote workers.. But again, NOT SoftEther's fault.

One thing I can say is to avoid SecureNAT for specific types of traffic. (I've seen VOIP calls randomly failing, SMB file transfers being terminated all of sudden, RDP sessions being closed due to encryption issues, etc...)

That being said, I recommend turning off Virtual NAT and binding a Virtual Hub to your physical network segment instead by creating a local bridge on SoftEther, this way, remote connections will be tunneled and processed by your office's network equipment instead of SoftEther's virtual router.

Please note, that when you bind a virtual hub to physical network segment, you need to turn VirtualNAT's DHCP. It will conflict with any DHCP servers at your office and cause chaos...

[dustyFan19]

@OliverTejada

Thank-you for the education!

So, you are saying that, essentially, the largest stress-concern would be my office's file server I/O and/or the maximum outgoing data imposed by our ISP? That's great news, but I am a bit dumbfounded as to how SoftEther can handle gigs-and-gigs of data from so many users. I am, of course, not an IT professional, but I was under the impression that re-routing all of this data must apply a lot of pressure to SoftEther's infrastructure...

[genesys]

SoftEther does not provide any hardward other than the Handshake server. It's only there to initialize the connection though, it does not route any data traffic.

[OliverTejada]

@OliverTejada

Thank-you for the education!

So, you are saying that, essentially, the largest stress-concern would be my office's file server I/O and/or the maximum outgoing data imposed by our ISP? That's great news, but I am a bit dumbfounded as to how SoftEther can handle gigs-and-gigs of data from so many users. I am, of course, not an IT professional, but I was under the impression that re-routing all of this data must apply a lot of pressure to SoftEther's infrastructure...

Yep, your ISP will pretty much bottleneck SoftEther's full potential by limiting your upload speed at the office.

[OliverTejada]

SoftEther does not provide any hardward other than the Handshake server. It's only there to initialize the connection though, it does not route any data traffic.

Please elaborate on that. SoftEther VPN itself is standalone, and does not depend on a handshake server when you're connecting to it directly.

[genesys]

SoftEther does not provide any hardward other than the Handshake server. It's only there to initialize the connection though, it does not route any data traffic.

Please elaborate on that. SoftEther VPN itself is standalone, and does not depend on a handshake server when you're connecting to it directly.

I'm referring to the VPNAzure option that SoftEtherServer offers

[genesys]

I'm taking that back.

Digging a bit further, it sounds to me as if vpnazure would TRY to connect client and server directly (using UDP hole punching and if and only if the SoftEther VPN client software is used) but will fall back to rerouting all VPN traffic if that fails.

I currently suspect that's why so many users complain about slow connection speed (around 1-2 mbs)

[centeredki69]

I personally have never had any speed issues using VPNAzure. However, I have read where other seem to experience problems. But according to the SoftEther own published documentation. The VPNAzure server is only for the initial connection and the bulk of the data is not sent through the relay server.

VPNazure.jpg

[genesys]

I personally have never had any speed issues using VPNAzure. However, I have read where other seem to experience problems. But according to the SoftEther own published documentation. The VPNAzure server is only for the initial connection and the bulk of the data is not sent through the relay server.
VPNazure.jpg

I saw that piece of documentation too and because of that I thought VPNAzure would never actually relay traffic, but I think what's actually going on is that it only TRIES to establish a UDP based direct tunnel (using UDP hole punching on both ends), but if that's unsucessful, it actually will actually relay all the VPN traffic.

The following piece from the FAQ seems indicative o that:

Code: Select all

Any method to improve the speed dramatically?
Yes. Install SoftEther VPN Client software on the home PC (client-side PC) instead of using MS-SSTP VPN built-in client.

A pair of SoftEther VPN Client and SoftEther VPN Server will try to make a fast UDP-based VPN link between them, even if both or any parties are behind the NAT or firewall. In order to make a fast UDP-based VPN link, SoftEther VPN exploits the UDP Hole Punching (NAT-Traversal) technique.

If your SSTP-VPN is very slow, install SoftEther VPN Client in the client-side PC. It will surprise you at high-throughput and low-latency.

This also would make sense, since UDP hole-punching to establish a tunnel can only work if the client has an actual software feature for this (as it will need to redirect its UDP packets to the actual server IP after the link has been established) - that's not a feature regular VPN clients support, therefore it can only work with the SoftEther VPN client and not using an MS-SSTP client. Since MS-SSTP clients however also can establish successful connections, there must be a fallback in which the vpnazure server relays all traffic (slow). I suppose the same fallback is also used if the SoftEther VPN client is used but the UDP hole punching is unsuccessful.

[centeredki69]

You bring up some interesting point. This might be the case. I have know idea. It would be nice to get a confirmation from the SE admins. Even so the original poster will not receive any type of restriction from SE as far as I’m aware even if his payload is even going through the Relay server. If there is a speed issue. The solution is to just open/forward the and direct connect. Or leave ports closed and see if NAT- transversal works this is still a direct connect option. VPNAzure should be used and I believe was designed as a last resort although I do activate it myself on all my servers as a backup in case any others don’t connect. I think all these options that SE offers as well as all the additional protocols is what makes it great. And it’s free.