The built-in NAT Traversal "Punched Hole" explanation

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
ercole77
Posts: 8
Joined: Fri Aug 03, 2018 8:05 am

The built-in NAT Traversal "Punched Hole" explanation

Post by ercole77 » Mon Aug 27, 2018 1:38 pm

Hi all
a newbie question: i've set my Softether VPN server in a NAT traversal configuration, so i didnt forward any port.
VPN client connects without any problem and its working great, anyway i have some question about security:

- Is punched hole using an intermediary server to work?
- What is this server?
- What are possible security implications about this server used as intermediary?

Thank you very much for your replies

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: The built-in NAT Traversal "Punched Hole" explanation

Post by cedar » Tue Aug 28, 2018 10:13 am

- Is punched hole using an intermediary server to work?

Yes

- What is this server?

It is a dedicated Web service to synchronize the transmission of UDP packets.
The service is operated by SoftEther corp. in Japan.

- What are possible security implications about this server used as intermediary?

SoftEther corp. can know which client is trying to connect to which server.
Services other than VPN Azure and VPN Gate don't leak communication contents to SoftEther corp.
SoftEther corp. may submit logs in response to a request from a judicial agency.

ercole77
Posts: 8
Joined: Fri Aug 03, 2018 8:05 am

Re: The built-in NAT Traversal "Punched Hole" explanation

Post by ercole77 » Thu Aug 30, 2018 5:48 am

Hi Cedar
thank you very much for your kind explanation.
My concerns are about possible data leaks or intrusion using the punching hole through the firewall.

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: The built-in NAT Traversal "Punched Hole" explanation

Post by cedar » Thu Aug 30, 2018 5:54 am

If the firewall is not prohibiting access from the LAN to the Internet like a web access, there is a possibility of leakage of information irrespective of UDP hole punching.

Post Reply