What encryption technology does the SoftEther VPN use?

The SoftEther VPN L2TP/IPSec VPN client uses a shared secret to secure the tunnel. Each server uses it's own secret key, and no server is able to decrypt or decrypt the traffic sent by another server.

In order to calculate the shared secret, each server requests the secret key of the remote server from the server itself. This continues until the entire circuit is secured. The secret key calculation is done in a SPAO-like fashion, and each user gets a SPAO secret key for accessing the VPN network.

Deterministic Automated Public Key Infrastructure (DAPKI) is used as the public key infrastructure for configuring the shared secret. DAPKI is the first cryptographic mechanism that can be used as cryptographic puzzle and then verified without the need for any human intervention whatsoever. It is heavily based on the Secure Remote Password protocol (SRP).

How are the servers arranged? There are two types of server: master server and anchor server. The master server stores the shared secret, and serves all the requests. Each master server is connected to a number of anchor servers. The anchor servers are connected to clients and perform the key generation and encryption/decryption of traffic. There is one master server and a number of anchor servers for each master server.

When a client needs access to the VPN network, he requests a shared secret from his master server. The request is encrypted with the shared key of the remote server, and the master server returns the decrypted version of the request to the client.

The master server will automatically assign the client a certain number of anchor servers. The assignment algorithm is based on a round-robin basis, so the client will always be allocated a different pool of anchor servers when he goes online.

The decrypted shared secret is then passed on to the anchor servers and used to generate and encrypt a new shared secret, which will be assigned to the client. What happens if the client leaves? Subscribers may leave the SoftEther VPN service at any time and still have access to their VPN network. Whenever the client disconnects, the master server will go back to the anchor servers, and will look up the shared secret for the client in the same way as before.

What protocol does SoftEther use?

(eg TCP or UDP or something else)

What does SoftEther use as a default port number for incoming traffic? Are there any changes to the EtherSim configuration file if you want to change the WAN port it uses? For example, in the NAT section, if you were to set up your WAN interface to use a different port, would you need to change this configuration? (eg after setting up port forwarding, and receiving a port warning in your router at certain times). Or will using a different port account for your new WAN connection automatically? Is there anything I should know about which is not covered by FAQs? Visit our Frequently Asked Questions page to find out more. If you have a question not covered by the FAQs, or any suggestions about improvements, please make a suggestion on this mailing list or github issue.

What is SoftEther VPN Bridge?

SoftEther VPN Bridge is an add-on app that enables Windows users to set up SoftEther VPN on top of another VPN protocol, Internet Connection Sharing, a standard Windows networking setting. The SoftEther app allows you to share another person's internet access while preserving your own security configuration.

This add-on app works only with SoftEther VPN as it's built on SoftEther's core technology. It provides PC and mobile apps, and a web client.

Contents: What is VPN Bridge? Installation. Usage. FAQ

Version History. Why? VPN Bridge is installed for almost all SoftEther VPN users. It also facilitates easy access to Quick VPN and VPN Settings screen right from Scout screen in the SoftEther VPN Client. It can be easily downloaded and offers much more features than the regular SoftEther VPN Client.

SoftEther VPN Bridge requires SoftEther VPN 6.0 or later.

Because you don't have to paid VPNs, VPN Bridge can eliminate the need to login to VPN servers. VPN Bridge allows you to access private networks seamlessly. How Version 6.x or later, this add-on app can run on the same server segment as SoftEther VPN 6.2 or later. Any pre-release version of VPN Bridge is supported.

When VPN Bridge is invoked, it takes over SoftEther VPN's IPNETWORK variable entry and its corresponding DNS entries. If VPN Bridge is not properly installed, experienced a problem, or firewall blocked traffic coming from the VPN service, then VPN Bridge won't work.DNS that allow you to register your real IP address.DNS) to make VPN Bridge work.

If VPN Bridge is activated on a wireless network, the wireless router must be configured to route VPN tunnel traffic (9001 or above). Otherwise, the VPN bridge will fail to forward the traffic to the actual VPN gateway.

Think of VPN Bridge as a "dynamic" gateway.