Search found 25 matches

by roxy
Fri Mar 16, 2018 4:27 pm
Forum: SoftEther VPN General Discussion
Topic: Enabling Cluster convert all Virtual Hub to Dynamic
Replies: 1
Views: 460

Enabling Cluster convert all Virtual Hub to Dynamic

If I convert a Standalone VPN Server to a Cluster Controller, all present "Standalone" Virtual Hubs are converted to Dynamic Virtual Hubs deleting all Cascade Connections. We have many Virtual Hubs we want to become Static Virtual Hubs in the new Cluster Controller Role, it is possible to change thi...
by roxy
Thu Jan 11, 2018 12:13 pm
Forum: SoftEther VPN General Discussion
Topic: OpenVPN MAC
Replies: 11
Views: 4466

Re: OpenVPN MAC

To be more robust we developed our software to get id from devices to distinguish also if different devices be using some IP so we cannot reproduce with easy the issue. If we can in the near future reproduce I'll send you log file.
by roxy
Wed Dec 20, 2017 2:04 pm
Forum: SoftEther VPN General Discussion
Topic: IPSec L3 tunnel
Replies: 1
Views: 729

IPSec L3 tunnel

Does softether support IPSec tunnel at L3 instead of adding a L2TP L2 bridge tunnell ?
We need to accept a customer having Fortigate that des not want to configure IPSec/L2TP (L2 Bridge)
by roxy
Tue Dec 19, 2017 12:21 pm
Forum: SoftEther VPN General Discussion
Topic: OpenVPN MAC
Replies: 11
Views: 4466

Re: OpenVPN MAC

tun mode
by roxy
Wed Oct 18, 2017 2:13 pm
Forum: SoftEther VPN General Discussion
Topic: OpenVPN MAC
Replies: 11
Views: 4466

Re: OpenVPN MAC

Turn off ? what do you mean for "turn off" a virtual hub ?
Virtual Hub is Online if you mean this
by roxy
Thu Sep 14, 2017 7:50 pm
Forum: SoftEther VPN General Discussion
Topic: OpenVPN MAC
Replies: 11
Views: 4466

Re: OpenVPN MAC

There are MAC address conflict also if no restart happen, probably session id are not managed to be unique in long time intervals, so if one client disconnect and a new client connect nre client get session id of previous client, and so MAC address. It should be sufficent to manage session id to avo...
by roxy
Thu Aug 10, 2017 1:13 pm
Forum: SoftEther VPN General Discussion
Topic: OpenVPN MAC
Replies: 11
Views: 4466

Re: OpenVPN MAC

I do not know where, if upper case conversion or hashing, but MAC address in some point is not uniquely assigned to every DIFFERENTE combination of: machine name virtual hub name session unique ID As we get same MAC for 2 different machine for 2 different sessions on the same virtual hub. tap is not...
by roxy
Tue Jul 25, 2017 12:42 pm
Forum: SoftEther VPN General Discussion
Topic: OpenVPN MAC
Replies: 11
Views: 4466

OpenVPN MAC

Hi, we have Virtual Hub configured with Virtual DHCP Server enabled. Several OpenVPN connecting clients change IP before DHCP lease time expires (we used standard 7200 seconds lease time as now). Analysing logs we see different OpenVPN Client having same MAC address and we see also same client conne...
by roxy
Thu Apr 06, 2017 1:58 pm
Forum: SoftEther VPN General Discussion
Topic: Access List andother config export/import/copy
Replies: 1
Views: 1143

Access List andother config export/import/copy

There is a function or workaround that allow to copy Access List between different virtual hubs or different softether installation ?

Also useful is to duplicate/copy Virtual Hub configuration using one as base for new one.
by roxy
Thu Apr 06, 2017 1:54 pm
Forum: SoftEther VPN General Discussion
Topic: Denied packet filter log
Replies: 3
Views: 2204

Re: Denied packet filter log

It'll be a great function, allowing to set security in a more granular and fast way. we use grep also on windows, but information present for all traffic is huge. It is impossible that a denied log function will be developed in softether ? Also filtering for objects (users, group, ecc.) be very usef...
by roxy
Wed Mar 29, 2017 1:31 pm
Forum: SoftEther VPN General Discussion
Topic: Denied packet filter log
Replies: 3
Views: 2204

Denied packet filter log

It is possible to have a packet log only for Blocked / Denied traffic, so during test steps one can identify blocked protocols opening only needed to do something ?

It is possible also to limit packet log for a single user ?

Thank you
Regards
by roxy
Tue May 24, 2016 11:00 am
Forum: SoftEther VPN General Discussion
Topic: prevent multiple login for openvpn client
Replies: 19
Views: 21939

Re: prevent multiple login for openvpn client

This is a strong restriction. How if more users connect from the same network, some public IP (as in natted networks) ?
by roxy
Tue May 24, 2016 10:58 am
Forum: SoftEther VPN General Discussion
Topic: Cluster Solution Availability Limits
Replies: 4
Views: 4285

Re: Cluster Solution Availability Limits

Do you mean an Active/Passive cluster configuration ? In an Active/Active cluster configuration with failover on the remaining nodes cannot be active the same configuration file on different nodes. Each node has its own configuration and know other node configuration to take place for failed nodes a...
by roxy
Tue May 24, 2016 10:52 am
Forum: SoftEther VPN General Discussion
Topic: Packet Filtering
Replies: 9
Views: 6890

Re: Packet Filtering

I do not think this is a solution. Drop All Rule that works is the same as that that does not work, the only difference is that in the working Drop All rule we specified User or Group, generic Drop All rules seems to take precedence also if there are previous more specific rules (in which one specif...
by roxy
Mon Apr 18, 2016 2:05 pm
Forum: SoftEther VPN General Discussion
Topic: Disallow Password Save in VPN Client not honored
Replies: 5
Views: 4937

Re: Disallow Password Save in VPN Client not honored

krs tell you about some important cases. The problem is that SoftEther VPN Server has an option for this in the security policy and we set in the Group Security Policy, but on client side is allowed to save the password, with no respect for Server Side configuration.

see in attach

Best Regards
by roxy
Mon Apr 18, 2016 1:58 pm
Forum: SoftEther VPN General Discussion
Topic: Packet Filtering
Replies: 9
Views: 6890

Re: Packet Filtering

I cannot make larger, windows cannot be resized. In attach right part with contentscolumn
by roxy
Sun Apr 03, 2016 12:08 pm
Forum: SoftEther VPN General Discussion
Topic: Default Gateway
Replies: 0
Views: 3322

Default Gateway

Some Windows computers do not always respect the metric of the network cards, thus also setting the metrics for virtual network card of softether VPN Client to an higher value, the computer uses it as a default gateway to the network of the VPN connection. There is a mechanism that allows you to del...
by roxy
Thu Mar 31, 2016 6:07 am
Forum: SoftEther VPN General Discussion
Topic: Cluster Solution Availability Limits
Replies: 4
Views: 4285

Re: Cluster Solution Availability Limits

Secondary controller sever share configuration with Primary Controller Server ? If not this solution is not applicable in production, as one must have 2 parallel configurations to maintain and at failover time many inconsistency an problems can arise.
by roxy
Fri Mar 25, 2016 1:58 pm
Forum: SoftEther VPN General Discussion
Topic: Disallow Password Save in VPN Client not honored
Replies: 5
Views: 4937

Disallow Password Save in VPN Client not honored

I'm using SoftEther VPN Server 4,19 build 9599 64 bit on Windows 2012 server. SoftEther VPN Client can save the password. Cannot impose to not save password and enter at connection time (it is a big security risk for notebook and mobile clients).
by roxy
Fri Mar 25, 2016 1:52 pm
Forum: SoftEther VPN General Discussion
Topic: prevent multiple login for openvpn client
Replies: 19
Views: 21939

Re: prevent multiple login for openvpn client

On a PC connect a VPN using SoftEther connect to the some server (configured with max 1 connection per user as group policy) with OpenVPN client on Android smatphone. Connection take place without restriction.
by roxy
Fri Mar 25, 2016 1:47 pm
Forum: SoftEther VPN General Discussion
Topic: Packet Filtering
Replies: 9
Views: 6890

Re: Packet Filtering

As you can see in the screenshot, I can make to work drop any packet non specifically allowed only using group. If I enable the last 2 rules without group specified in the rule (more generalized drop for all connection for IPv4 and IPv6), nothing is allowed also if these are the last 2 rules evaluat...
by roxy
Tue Mar 01, 2016 2:17 pm
Forum: SoftEther VPN General Discussion
Topic: Cluster Solution Availability Limits
Replies: 4
Views: 4285

Cluster Solution Availability Limits

The Cluster is a big solution to allow scalability, but not to have availability. What about availability if Cluster Controller is down for failure or for maintenance ?
by roxy
Mon Feb 22, 2016 6:37 pm
Forum: SoftEther VPN General Discussion
Topic: prevent multiple login for openvpn client
Replies: 19
Views: 21939

Re: prevent multiple login for openvpn client

I'm using SoftEther VPN Server 4,19 build 9599 64 bit on Windows 2012 server. Only SoftEther VPN Client honors the "Maximum number of multiples logins" = 1. OpenVPN like clients (OpenVPN, Securepoint OpenVPN) make connection also if one connection is just on, Maximum numer of multiple logins does no...
by roxy
Sun Feb 21, 2016 5:20 pm
Forum: SoftEther VPN General Discussion
Topic: Packet Filtering
Replies: 9
Views: 6890

Packet Filtering

The Packet Filtering Access List SoftEther provides is a big mechanism applied on Layer-2 connection. So one can benefit from Layer-2 having a robust security mechanism to use to Allow/Drop certain packets. Using the Access List as is now however is not so practical nor very intuitive. I configured ...