Hi,
I have set up softether on a VPS and have L2TP/IPSEC vpn working very well.
Now I would like to use Ethernet over HTTPS, as L2TP/IPSEC is not stable in the long run.
From reading the softether documentation I cannot find any detailed information on how to make this work and am beginning to run out of ideas. Can anyone help me with a simple step by step guide on how to set up my server and client so that I am using Ethernet over HTTPS as a vpn connection?
Server Configuration:
Debian (3.16.7-x86_64)
Softether Version 4.12 Build 9514 (SecureNAT on)
UFW firewall, ports 443, 22, 500, 4500 open
Clients:
OSX Yosemite & Android
Thanks!
VPN over HTTPS
-
thecower
- Posts: 5
- Joined: Sat Dec 27, 2014 11:33 pm
Re: VPN over HTTPS
Do you read this topic?
http://hexalibs.blogspot.com.tr/2013/12 ... 6-x32.html
http://hexalibs.blogspot.com.tr/2013/12 ... 6-x32.html
-
rolders
- Posts: 4
- Joined: Sun Jan 04, 2015 10:49 pm
Re: VPN over HTTPS
thecower wrote:
> Do you read this topic?
>
> http://hexalibs.blogspot.com.tr/2013/12 ... 6-x32.html
Just read it - it describes how to set up softether in local bridge mode. Not what I was asking. Maybe I am missing something?
Cheers
> Do you read this topic?
>
> http://hexalibs.blogspot.com.tr/2013/12 ... 6-x32.html
Just read it - it describes how to set up softether in local bridge mode. Not what I was asking. Maybe I am missing something?
Cheers
-
BoredAus
- Posts: 115
- Joined: Sun Nov 23, 2014 3:29 am
Re: VPN over HTTPS
I believe Ethernet over HTTPS or better known as SoftEther VPN's own unique protocol requires both the server as well as the clients to use SoftEther VPN software. Therefore, both your Mac client as well as your Android client has to use SoftEther VPN client manager in order to utilise SoftEther VPN's unique protocol.
See here for further details about Ethernet over HTTPS: http://www.softether.org/1-features/1._ ... nnectivity
Besides, connection stability does not necessarily boil down to the protocol at fault. Just because you are having issues with L2TP/IPSec over prolonged periods, it does not necessarily mean that you are guaranteed to get better connectivity via Ethernet over HTTPS. Network latency usually plays a big part in the connection stability but is not the only issue.
See here for further details about Ethernet over HTTPS: http://www.softether.org/1-features/1._ ... nnectivity
Besides, connection stability does not necessarily boil down to the protocol at fault. Just because you are having issues with L2TP/IPSec over prolonged periods, it does not necessarily mean that you are guaranteed to get better connectivity via Ethernet over HTTPS. Network latency usually plays a big part in the connection stability but is not the only issue.
-
rolders
- Posts: 4
- Joined: Sun Jan 04, 2015 10:49 pm
Re: VPN over HTTPS
BoredAus wrote:
> I believe Ethernet over HTTPS or better known as SoftEther VPN's own unique protocol
> requires both the server as well as the clients to use SoftEther VPN software. Therefore,
> both your Mac client as well as your Android client has to use SoftEther VPN client
> manager in order to utilise SoftEther VPN's unique protocol.
Thanks - That's my understanding as well. I tried connecting using the Softether client for OSX, but can't get the vpn connection to work over HTTPS. I had checked this via closing down the usual L2TP ports to see if could still connect but was not able to.
>
> See here for further details about Ethernet over HTTPS: http://www.softether.org/1-features/1._ ... nnectivity
Thanks - I have read this. It is more a description of features as opposed to instructions on how to set this up.
>
> Besides, connection stability does not necessarily boil down to the protocol at fault.
> Just because you are having issues with L2TP/IPSec over prolonged periods, it does
> not necessarily mean that you are guaranteed to get better connectivity via Ethernet
> over HTTPS. Network latency usually plays a big part in the connection stability
> but is not the only issue.
Agreed. What I meant by connection stability is because I am in China and L2TP/IPSec connections are often disrupted or blocked after a short while by the Chinese firewall. I am hoping that using Ethernet over HTTPS I can make my VPN connection more reliable.
Any more ideas on what I can try to get this to work? Has anyone been able to successfully set up an Ethernet over HTTPS connection with Softether?
> I believe Ethernet over HTTPS or better known as SoftEther VPN's own unique protocol
> requires both the server as well as the clients to use SoftEther VPN software. Therefore,
> both your Mac client as well as your Android client has to use SoftEther VPN client
> manager in order to utilise SoftEther VPN's unique protocol.
Thanks - That's my understanding as well. I tried connecting using the Softether client for OSX, but can't get the vpn connection to work over HTTPS. I had checked this via closing down the usual L2TP ports to see if could still connect but was not able to.
>
> See here for further details about Ethernet over HTTPS: http://www.softether.org/1-features/1._ ... nnectivity
Thanks - I have read this. It is more a description of features as opposed to instructions on how to set this up.
>
> Besides, connection stability does not necessarily boil down to the protocol at fault.
> Just because you are having issues with L2TP/IPSec over prolonged periods, it does
> not necessarily mean that you are guaranteed to get better connectivity via Ethernet
> over HTTPS. Network latency usually plays a big part in the connection stability
> but is not the only issue.
Agreed. What I meant by connection stability is because I am in China and L2TP/IPSec connections are often disrupted or blocked after a short while by the Chinese firewall. I am hoping that using Ethernet over HTTPS I can make my VPN connection more reliable.
Any more ideas on what I can try to get this to work? Has anyone been able to successfully set up an Ethernet over HTTPS connection with Softether?
-
BoredAus
- Posts: 115
- Joined: Sun Nov 23, 2014 3:29 am
Re: VPN over HTTPS
rolders wrote:
> BoredAus wrote:
> > I believe Ethernet over HTTPS or better known as SoftEther VPN's own unique protocol
> > requires both the server as well as the clients to use SoftEther VPN software.
> Therefore,
> > both your Mac client as well as your Android client has to use SoftEther VPN client
> > manager in order to utilise SoftEther VPN's unique protocol.
>
> Thanks - That's my understanding as well. I tried connecting using the Softether
> client for OSX, but can't get the vpn connection to work over HTTPS. I had checked
> this via closing down the usual L2TP ports to see if could still connect but was
> not able to.
>
In that case it is usually either a routing issue or firewall issue. Make sure that both the client and the server can see each other first then check to see if one can reach the other via ports. In a LAN scenario this could be easily achieved but over internet is generally a different story.
> >
> > See here for further details about Ethernet over HTTPS: http://www.softether.org/1-features/1._ ... nnectivity
>
> Thanks - I have read this. It is more a description of features as opposed to instructions
> on how to set this up.
>
The link was to indicate the former case about SoftEther VPN's unique protocol, it wasn't a guide on how to set it up. I think that you have already setup the server properly, it is now just a matter of troubleshooting before it all works.
> >
> > Besides, connection stability does not necessarily boil down to the protocol at
> fault.
> > Just because you are having issues with L2TP/IPSec over prolonged periods, it
> does
> > not necessarily mean that you are guaranteed to get better connectivity via Ethernet
> > over HTTPS. Network latency usually plays a big part in the connection stability
> > but is not the only issue.
>
> Agreed. What I meant by connection stability is because I am in China and L2TP/IPSec
> connections are often disrupted or blocked after a short while by the Chinese firewall.
> I am hoping that using Ethernet over HTTPS I can make my VPN connection more reliable.
>
> Any more ideas on what I can try to get this to work? Has anyone been able to successfully
> set up an Ethernet over HTTPS connection with Softether?
I guess you can try in regards to using Ethernet over HTTPS but playing with Great FireWall (GFW) you have basically entered into a game of cat and mouse. There are potential ways but one needs to keep probing away.
As for the latter paragraph, the main thing left is mainly to troubleshoot. I guess in theory if L2TP/IPSec worked but over SSL doesn't it might be something to do with stateful packet inspection (SPI). If after trying over a few open ports but neither can connect to each other via SSL but only L2TP/IPSec there is a good chance that the SPI has been tweaked to filter out SSL.
The case with Ethernet over HTTPS is working well in general, I personally host a free VPN service and have seen clients using Ethernet over HTTPS without any major issues. There are a few catches, namely to do with OS compatibility with the software but otherwise they don't seem to have issues. Though I must insist that when you are trying to connect from China to an overseas server, you are basically playing with fire.
> BoredAus wrote:
> > I believe Ethernet over HTTPS or better known as SoftEther VPN's own unique protocol
> > requires both the server as well as the clients to use SoftEther VPN software.
> Therefore,
> > both your Mac client as well as your Android client has to use SoftEther VPN client
> > manager in order to utilise SoftEther VPN's unique protocol.
>
> Thanks - That's my understanding as well. I tried connecting using the Softether
> client for OSX, but can't get the vpn connection to work over HTTPS. I had checked
> this via closing down the usual L2TP ports to see if could still connect but was
> not able to.
>
In that case it is usually either a routing issue or firewall issue. Make sure that both the client and the server can see each other first then check to see if one can reach the other via ports. In a LAN scenario this could be easily achieved but over internet is generally a different story.
> >
> > See here for further details about Ethernet over HTTPS: http://www.softether.org/1-features/1._ ... nnectivity
>
> Thanks - I have read this. It is more a description of features as opposed to instructions
> on how to set this up.
>
The link was to indicate the former case about SoftEther VPN's unique protocol, it wasn't a guide on how to set it up. I think that you have already setup the server properly, it is now just a matter of troubleshooting before it all works.
> >
> > Besides, connection stability does not necessarily boil down to the protocol at
> fault.
> > Just because you are having issues with L2TP/IPSec over prolonged periods, it
> does
> > not necessarily mean that you are guaranteed to get better connectivity via Ethernet
> > over HTTPS. Network latency usually plays a big part in the connection stability
> > but is not the only issue.
>
> Agreed. What I meant by connection stability is because I am in China and L2TP/IPSec
> connections are often disrupted or blocked after a short while by the Chinese firewall.
> I am hoping that using Ethernet over HTTPS I can make my VPN connection more reliable.
>
> Any more ideas on what I can try to get this to work? Has anyone been able to successfully
> set up an Ethernet over HTTPS connection with Softether?
I guess you can try in regards to using Ethernet over HTTPS but playing with Great FireWall (GFW) you have basically entered into a game of cat and mouse. There are potential ways but one needs to keep probing away.
As for the latter paragraph, the main thing left is mainly to troubleshoot. I guess in theory if L2TP/IPSec worked but over SSL doesn't it might be something to do with stateful packet inspection (SPI). If after trying over a few open ports but neither can connect to each other via SSL but only L2TP/IPSec there is a good chance that the SPI has been tweaked to filter out SSL.
The case with Ethernet over HTTPS is working well in general, I personally host a free VPN service and have seen clients using Ethernet over HTTPS without any major issues. There are a few catches, namely to do with OS compatibility with the software but otherwise they don't seem to have issues. Though I must insist that when you are trying to connect from China to an overseas server, you are basically playing with fire.
-
colapig
- Posts: 148
- Joined: Tue Oct 14, 2014 5:36 am
Re: VPN over HTTPS
I think you mean Ethernet over HTTPS. As my understanding, when you use windows/Mac OS build in L2TP connection to connect to the SoftEther server, L2TP will be used as the communication method between client and server. The Ethernet over HTTPS would be used Only when you use the softether client to connect to the server, So, I think use the client softwear to make VPN connection is more reliable than use L2TP/OpenVPN/SSTP. But you can't use the client on your mobile phone.
Another issue, how can you know if you are using Ethernet over HTTPS? I saw a guy's post said he captured the data and found the data is not encrypted. I am not sure if this is true.
Another issue, how can you know if you are using Ethernet over HTTPS? I saw a guy's post said he captured the data and found the data is not encrypted. I am not sure if this is true.