New user, new setup - many questions.

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
IngwiePhoenix
Posts: 1
Joined: Mon Dec 05, 2022 12:48 pm
Contact:

New user, new setup - many questions.

Post by IngwiePhoenix » Mon Dec 05, 2022 1:10 pm

Good day!

I am currently working on shifting from renting remote servers to self-hosting several services at and from home - meaning that some of them are indeed ment to be accessible publicy (i.e. HomeAssistant requires it form certain integrations) whilst others should only live in the VPN and thus only be accessible when I log in.

Right now, I have two VPSes (drachennetz.com and birb.it). The former is a low-power dual-core VM with just about 650 MB of memory, whilst the other is a quad-core CPU with 6GB of memory but bandwidth limitation. Both of them run Caddy as the webserver to reverse-proxy to applications ran on them (like a Matrix server, for instance).

My idea is that I would use either of those servers (or both?) to act as an entry to services hosted from home. I want to realize that by "linking" my home server to either of the VPSes via a VPN and using Caddy to reverse-proxy to those services specifically. There are a few other things to be configured (routing, dns, dhcp, ...) on the local network to hopefuly ease the integration and access - but my absolute main concern is to get the linking to work.

But while reading the Softether documentation, I noticed a few intriguing features that I would like to ask about. Instead of spamming the forum with a multitude of threads, I thought I would make one central thread instead. I hope this is the proper approach here - I am new here, and thus don't know about the general thread ettiquete here :)

My questions:

1. My home network has a TV, a NAS, my PC, a few IoTs and my main router (FriendlyElec NanoPi R6s with OpenWRT). I plan on configuring the router as the main VPN client. However: I saw that there is also a "Bridge" mode that I can use. Does this bridge mode mean that I can have my VPS access other devices on my home network as well and not just the connecting client? For example: Say I host most of my services on the NanoPi but one or two on my NAS, can my VPS also access that NAS as well although it is not directly connected as a proper client but just happens to be on the same network as the NanoPi?

2. My internet usually disconnects for a few minutes every day as my modem (Draytek Vigor 167) reconnects. How does Softether handle such an outage? I tested a setup like this with plain OpenVPN before and this caused the client to get completely stuck and unresponsive, requiring manual restarting. In a scenario where my NextCloud instance would be tunneled to through the VPN, it would be pretty unpractical if this happened.

3. I would like to set up a virtual hub for me and my friends to get on and play LAN games together - using Virtual DHCP to assign IPs, a basic login and possibly a rule so they can access my NanoPi's SMB shares. How can I limit a Virtual Hub to only certain devices in said hub but also allow the connected clients to only connect to certain IPs on certain ports? I don't want them to connect to my TVHeadend instance, for example, just the Samba shares. (I am honestly afraid they'd break something ;) ...).

4. As I have two VPSes with one having and the other not having bandwidth limitations, would it be possible to group the two together? The former has a far slower down-/upstream compared to the later with the bandwidth limitation. It would be pretty useful to connect to the faster server from my home network but to the slower one for everything else. Can this be achieved?

5. I noticed that the website lists 4.x releases - but as Beta - as the latest downloads, whilst the Debian Bullseye repository has a 5.02 release instead - and only that one. Which is the stable "setup and forget" release that only needs to be updated occasionally (or due to security issues as seen with recent OpenSSL related updates)? And, in that regard, which installation method would you recommend?

6. I saw mentions of port 443 being used as a listener. Well, those are already taken on both servers by Caddy and served with LetsEncrypt certificates. Is it fine if I just reverse-proxy to that? And, in general, which ports - aside from 5555 - should I allow on my servers' firewall?

Thank you very much in advance!

Greetings from Germany and kind regards,

Ingwie

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: New user, new setup - many questions.

Post by solo » Mon Dec 05, 2022 11:50 pm

Hello,

1. yes
2. flawlessly
3. ACL - https://www.softether.org/4-docs/1-manu ... ccess_List
4. maybe
5. 4.38-9760-rtm - https://www.softether-download.com/file ... 8.17-tree/
6. 992, 5555, or preset any other

Start the project and we'll try to resolve specific network configuration issues.

Post Reply