how to setup our own "vpnazure like" server on public cloud

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
flygun
Posts: 13
Joined: Tue May 18, 2021 4:23 am

how to setup our own "vpnazure like" server on public cloud

Post by flygun » Wed May 19, 2021 1:57 am

My SE server and SE client are both behind NAT, My current choice is using "myhost.vpnazure.net" to do NAT Traversal. And it works fine now. but this may be block one day for unkown reason (eg. the DNS vpnazure.net be block by local internet provider).

so how can I use my cloud VPS with 1M low speed bandwidth to act as "myhost.vpnazure.net".

the easiest way is use my VPS as a port forwarding(eg. SSH -R), but the VPN connection will be very low speed(1M)

I then try do NAT Traversal like bellow, it works but have some issues.

1, on SE server side , I use STUN client to find my PUBLICIP and UDP port (eg.1.2.3.4:5678) and local UDP IP:PORT (eg. 10.10.10.10:6500)
2, on SE server side , I use socat to forward UDP forward to TCP of my SE server port 10.10.10.11:443
socat -d -d -lf ./socat.svr.txt udp4-listen:6500,reuseaddr,fork TCP:10.10.10.11:443
3, on client side, I use socat to listen on TCP forward to UDP of SE server's PUBLICIP:PORT
socat -d -d -lf ./socat.cli.txt tcp4-listen:38080,reuseaddr,fork UDP4:1.2.3.4:5678
4, on client side, I use SE client to connect to local lan ip's 38080 port.

use these steps above my SE client can connect to SE server, and can get a DHCP from server, doing most work. but the problem is :
both my SE client and SE server has an ADSL with 100M download rate and 25M upload rate. The SEVPN connection will broken every time when I copy a big file from/to another side.
I think the reason is : socat can not limit speed from TCP to UDP, and UDP will simply drop packet when rate exceed 25M bps.
I have try find some way to limit the TCP speed, but that won't be a good way.

so my question is : can we setup a "myhost.vpnazure.net" like server with low bandwidth cloud VPS, and let SE server use our own VPS as a STUN and NAT-T protocol server? and how to do it?

hope you guys write your advice here, thanks!

Post Reply