What is the best port for SoftEther?

My SoftEther server is only able to ping and talk on TCP/IP, not UDP/IP. I have been given a choice of ports to use. I have heard that most SoftEther servers, if they can't ping or talk, are set to only talk on UDP/IP (port 4500).

But I am told I should be using port 53 for my SoftEther server, and the client software will be able to listen to UDP/IP from the SoftEther server (port 1775), instead of TCP/IP. I have been able to get a softether client to talk to SoftEther (on UDP/IP), but only when i'm not in the same building, and even then, I have to manually open port 1775 to the netgear router that has SoftEther on it. I'm sure that would be a security problem if someone would try to crack the netgear router. But I think all the routers still would have a problem talking to each other unless they use TCP/IP, so I'm not sure why my SoftEther server would be blocking TCP/IP, even when I am only pinging and talking on TCP/IP.

I've just discovered the SoftEther FAQ link at. The only question that might help answer your problem: Why do you choose TCP/IP protocol on your SoftEther server? SoftEther server will use "outbound" connections to send the DHCP messages to your ISP. This requires TCP/IP connection between the SoftEther server and the network.

Also, I think I read somewhere that you cannot install both SoftEther and OpenVPN on the same port number. If this is the case, you need to choose a different port for SoftEther, like port 100000, and have OpenVPN running on port 10002. Then, when the client connects, it has to first choose the correct port and connect to the correct port. Otherwise it will run OpenVPN on port 100000 and SoftEther on port 100001. And the reverse is true for the server.

I would guess that if you set both of them on the same port it would require two connections. I believe this is what that FAQ says.

What ports do I need to forward for L2TP?

I have L2TP-CLIENT on my LAN but there's no L2TP-SERVER in my LAN as far as I can tell? Does that mean L2TP-CLIENT is already L2TP-SERVER?

Also, is it L2TP-SERVER that will provide the VPN connection? Not sure if I can connect to LAN with IP address of L2TP-CLIENT or if the VPN client need to be provided with a different IP address. I will also need to add this new IP address to my Firewall as it doesn't have any default IP address to use as my LAN IP.

Re: How do I get Linux vpn going with the Cisco 3506

Thanks @sudhirt for your explanation. The Cisco manual really confused me so I appreciate your effort in teaching me. Now I know how this works. The key question is where do I need to forward the port on my router?

So for me to run L2TP-PE with my router I need to provide my external IP to a server (L2TP-SERVER) and then point the route to that server's external IP? The point here being the external IP address does not need to be known by my ISP and it also does not need to be known by my router (unless it has a known IP as mentioned here). For example, if my router needs to use external IP 1.1 for the connection, then I need to forward UDP 500 on my LAN for TCP 500 from my L2TP-CLIENT on port 500 to the external IP 1. My question now is that if I do that, then I should NOT be able to reach the other computers on my LAN, right?

If that is the case, then will I be forwarding the ports for L2TP on the router or on the L2TP-CLIENT? I know I shouldn't forward the external IP to my LAN because that is done with an OpenVPN configuration and there is another way around that for OpenVPN to reach the network on my router? In short, I don't quite understand the purpose of the NAT as I have seen in some of the links in this thread.

What ports does SoftEther L2TP VPN use?

SoftEther L2TP VPN, which is a proprietary SoftEther VPN (L2TP) VPN system, is used on your network for the following purposes: For internal VPN (L2TP). For external VPN (L2TP). Internal IP address sharing. External IP address sharing. VPN users are authenticated based on the internal and external security policies. The system uses ports 443, 1194, 8888, 1818 to communicate. The TCP port number 443 is used for the internal and external client. The TCP port number 1194 is used for the internal client to send the authentication request to the internal server.

The TCP port number 8888 is used for the internal server to connect back to the external client. The TCP port number 1818 is used for the external server to connect back to the internal client.

Note. You should avoid using these ports if your network is already used by other services. For example, you cannot use 8888 to talk to other hosts on your network.

What protocols does the SoftEther L2TP VPN system use? In general, all protocols that provide a virtual IP layer and network layer protocols can be used with the L2TP client. The default setting of SoftEther VPN is IKEv2 for the IPsec protocol. Note that this depends on the version of the operating system on the computer. For example, IPv6 support may be required, depending on the version of the operating system and the setting in the computer's network setting. The IPv6 support of the network is disabled by default.

How can I modify the default setting for the SoftEther L2TP VPN system? In the System menu, select Configuration > System Settings > Advanced. In the System Settings area, select the IKEv2 option to configure the SoftEther VPN system.

How do I modify the SoftEther L2TP VPN system to use an IPSec mode instead of IKEv2? In the System Settings area, select the IPSec option to configure the SoftEther VPN system. Do I need to use a specific certificate? Certificates are used to ensure that your computers authenticate you when you use an external or internal IP address.