SoftEther VPN User Forum

According to the Manual and a several forum posts,
1st, it enabled very easy with the only one check-mark in the server's config and nothing more,
2nd, it activated automatically when the two "generic" (Direct and NAT-T) ways to connect fails,
3rd, it's impossible to forcibly activate this mode.
But a lot of post are flying around the Net about a bunch of tests that brings up very critical thoughts.

Let's take a very basic logic and think:
- I've set up a remote server and it works,
- I've enabled these "over-something" in its config,
(condition "1st" completed)
- I've created the respective connection to this server and tested it,
- this connection works both directly and via NAT-T,
- next in my firewall I've blocked both TCP and UDP and explicitly enabled any ICMP, everything pointing to/from my-server-ip, and checked it of course,
(condition "2nd" completed)
- and then I've tried to make connection again.

Now, taking in account these 3 conditions described at the beginning, what result shall I wait for? Remember, we're thinking logically! Connection made via this VPN-over-ICMP, right?

Boo! You lose!

So, just a pair of very simple questions:
1. How to set up this super-mega-feature right?
2. How to prove it works?

Curious about this as well. I remember trying without success years ago, but don't quote me on that as I had few firewall knowledge back then

Have you tried the vpn over dns feature as well?

drkrool wrote: ↑

Mon May 25, 2020 5:12 am

Have you tried the vpn over dns feature as well?

No, I didn't. I see no meaning difference between this and a "generic" tcp/udp, except a worldwide passing port. May be I'll check it sometime later, but the one only thing that will make me count this variant as a something different is a eDNS payload usage or something like that.