Design and Implementation of SoftEther VPN

Similar documents
Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer

Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

Table of Contents. Cisco Cisco VPN Client FAQ

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Parallels Plesk Panel. VPN Module for Parallels Plesk Panel 10 for Linux/Unix Administrator's Guide. Revision 1.0

7.1. Remote Access Connection

Cisco Which VPN Solution is Right for You?

Total Protection for Enterprise-Advanced

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

AnyConnect VPN Client FAQ

Priority Pro v17: Hardware and Supporting Systems

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

How To Write A Windows Operating System (Windows) (For Linux) (Windows 2) (Programming) (Operating System) (Permanent) (Powerbook) (Unix) (Amd64) (Win2) (X

Joe Davies Principal Writer Windows Server Documentation

Simple, Secure and Flexible VPN solution for home and business

Why Cisco Routers with SoftEther VPN Server is the Best Solution?

MCTS Guide to Microsoft Windows 7. Chapter 14 Remote Access

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

TABLE OF CONTENTS NETWORK SECURITY 2...1

Central Management System

Configuring SSL VPN on the Cisco ISA500 Security Appliance

VPN. Date: 4/15/2004 By: Heena Patel

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Introduction to MPIO, MCS, Trunking, and LACP

Developing CPE Routers based on NetBSD: Fifteen Years of SEIL. Masanobu SAITOH Hiroki SUENAGA

New Obvious and Obscure MikroTik RouterOS v5 features. Budapest, Hungary MUM Europe 2011

Who s Endian?

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Network Probe User Guide

Windows Services. Support Windows and mixed-platform workgroups with high-performance, affordable network services. Features

10 WIRELESS, REMOTE, AND WIDE AREA NETWORKING

Network Access Security. Lesson 10

External Authentication with Windows 2008 Server with Routing and Remote Access Service Authenticating Users Using SecurAccess Server by SecurEnvoy

Setting up VPN Access for Remote Diagnostics Support

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

Cisco AnyConnect Secure Mobility Solution Guide

Volume SYSLOG JUNCTION. User s Guide. User s Guide

Pre-lab and In-class Laboratory Exercise 10 (L10)

RouterBOARD product overview. September, Gon Tel: +44 (0) Fax: +44 (0)

UPPER LAYER SWITCHING

Intel DPDK Boosts Server Appliance Performance White Paper

Install Guide for JunosV Wireless LAN Controller

Interconnecting Cisco Networking Devices, Part 2 **Part of CCNA Route/Switch**

SeeTec ExpansionPackage

Allocating Network Bandwidth to Match Business Priorities

Chapter 9 Monitoring System Performance

SVN5800 Secure Access Gateway

Using a VPN with Niagara Systems. v0.3 6, July 2013

IP SAN Fundamentals: An Introduction to IP SANs and iscsi

Perimeter Firewalls. Brandon Napier Rick Archibald Pete Jamison HAL PC & HLUG 09/22/2007. brought to you by: in association with

Parallels Plesk Panel

BabyWare Imperial PC Software

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Creating a VPN Using Windows 2003 Server and XP Professional

Module 6. Configuring and Troubleshooting Routing and Remote Access. Contents:

Secure IP Address Management Layer 2 Network Access Control Solution

Prestige 623R-T. Quick Start Guide. ADSL Dual-link Router. Version 3.40

V310 Support Note Version 1.0 November, 2011

Ford ANX Troubleshooting Procedure for use by Trading Partners

Virtual Private Networks

Cisco QuickVPN Installation Tips for Windows Operating Systems

ReadyNAS Remote White Paper. NETGEAR May 2010

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

pfsense and beyond Chris Buechler - cmb@pfsense.org

Chapter 4: Security of the architecture, and lower layer security (network security) 1

RVS-Seminar Implementation and Evaluation of WinJTAP Interface. Milan Nikolic Universität Bern

idatafax Troubleshooting

Networking. Systems Design and. Development. CRC Press. Taylor & Francis Croup. Boca Raton London New York. CRC Press is an imprint of the

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

The Barracuda Network Connector. System Requirements. Barracuda SSL VPN

SWsoft, Inc. Plesk VPN. Administrator's Guide. Plesk 7.5 Reloaded

Matrix Technical Support Mailer 167 NAVAN CNX200 PPTP VPN with Windows Client

Chapter 12 Supporting Network Address Translation (NAT)

Guideline for setting up a functional VPN

Performance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU

Cisco Packet Tracer 6.3 Frequently Asked Questions

Project 4: IP over DNS Due: 11:59 PM, Dec 14, 2015

INTRODUCTION TO FIREWALL SECURITY

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

2.4GHz / 5GHz Dual CPU 600Mbps 11N AP/Router

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

FWSM introduction Intro 5/1

Linux Network Security

Chapter 10 Troubleshooting

Network Defense Tools

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

OpenFlow with Intel Voravit Tanyingyong, Markus Hidell, Peter Sjödin

Aradial Installation Guide

GlobalSCAPE DMZ Gateway, v1. User Guide

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

ESR7550 KEY FEATURES PRODUCT DESCRIPTION

Data Sheet. NCP Secure Enterprise Management. Next Generation Network Access Technology

LevelOne. User Manual. FBR-1430 VPN Broadband Router, 1W 4L V1.0

Sophos UTM. Remote Access via SSL Configuring Remote Client

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Yealink Technical White Paper. Contents. About VPN Types of VPN Access VPN Technology... 3 Example Use of a VPN Tunnel...

Transcription:

Outline of Master Thesis, January 16, 2013. Design and Implementation of SoftEther VPN Daiyuu Nobori Department of Computer Science, Graduate School of Systems and Information Engineering, University of Tsukuba, Japan.

Background: Various VPN Protocols VPN Client Devices PCs: Windows, Mac, ios, Android, Routers: Cisco, Juniper, NEC, IIJ, VPN Protocols SoftEther VPN L2TP/IPsec SSTP OpenVPN L2TPv3/IPsec EtherIP/IPsec System Administrators have to prepare multiple VPN Servers for each VPN protocol. 2

Characteristics of VPN Protocols Upper Protocol Transport Protocol Proxy Support Restricted FW Client OS (PC) Client OS (Smartphone) Client OS (VPN Routers) L2TP SSTP PPTP OpenVPN L2TPv3 EtherIP SoftEther VPN IP IP IP Ethernet Ethernet Ethernet Ethernet IPsec HTTPS GRE Specific TCP/UDP IPsec IPsec HTTPS NO YES NO YES NO NO YES Blocked PASS Blocked Blocked Blocked Blocked PASS Windows Linux Mac Windows ios Android - Windows Linux Mac Windows Linux Mac Cisco - - - - FreeBSD Windows Linux ios Android - - - - Cisco IIJ SEIL NEC IX - 3

Local Area Network Windows Mac VPN Server Server iphone, ipad Cisco 1800 Series SYS OK SYS PWR Android Cisco IIJ SEIL NEC Various VPN Protocols

Ideal All-in-One VPN Server Program Ideal All-in-One VPN Server Program SSTP Server Function OpenVPN Server Function SSTP VPN Client (e.g. Windows) A VPN Server Computer Such a VPN Server Program doesn't Exists. OpenVPN Client (e.g. Mac OS X) 5

A Problem: There is No Such an Ideal VPN Server Program. 6

Existing VPN Server Programs Compatibles L2TP SSTP OpenVPN L2TPv3 EtherIP Microsoft RRAS - - - Mac OS X Server - - - - OpenVPN - - - - Cisco IOS - - - NEC IX Router OS - - - - IIJ SEIL Router OS - - 7

Supporting Multi VPN Protocols by Single VPN Server Computer Two VPN Server Programs Run Together on a Host. Microsoft RRAS IP Routing Between Two VPN Servers SSTP Server Function OpenVPN Server SSTP VPN Tunnel SSTP VPN Client (e.g. Windows) OpenVPN Server Function OpenVPN Tunnel A VPN Server Computer OpenVPN Client (e.g. Mac OS X) 8

Supporting Multiple VPN Protocols by Single VPN Server Overhead Problem Context Switching Costs User-to-Kernel Switching Costs Memory Copying Costs Management Problem User Management Tasks Log File Management Tasks Inefficient IP Address Polls 9

VPN Tunnel #1 VPN Tunnel #2 Overhead Problem VPN Server Program #1 VPN Server Program #2 VPN Protocol #1 VPN Protocol #2 User Mode Kernel Mode tun / tap / ppp Overhead tun / tap / ppp Overhead A VPN Server Host PC IP Router / Ethernet Bridge Overhead 10

Management Problem VPN Server Admin Register Register User A User B User C Same Users User A User B User C Microsoft RRAS SSTP Server Function OpenVPN Server OpenVPN Server Function A VPN Server Computer 11

Log File Problem Confusing Log Files of MS-RRAS Microsoft RRAS SSTP Server Function VPN Server Admin Log Files of OpenVPN OpenVPN Server OpenVPN Server Function A VPN Server Computer 12

IP Address Pool Duplication Problem 192.168.0.101-192.168.0.150 IP Pool #1 Microsoft RRAS SSTP Server Function 192.168.0.151-192.168.0.200 Duplicate IP Address Reserves IP Pool #2 OpenVPN Server OpenVPN Server Function 13

Goal of the Research L2TP SSTP OpenVPN L2TPv3 EtherIP SoftEtherVPN Microsoft RRAS - - - - Mac OS X Server - - - - - OpenVPN - - - - - Cisco IOS - - - - NEC IX Router OS - - - - - IIJ SEIL Router OS - - - SoftEther VPN 14

"SoftEther" means Software Ethernet. SoftEther VPN Server A high-performance VPN server which supports multiple VPN protocols. SE-VPN OpenVPN L2TP EtherIP MS-SSTP L2TPv3 Windows Linux Mac ipad Android Tab Windows RT iphone Android Windows Phone Cisco VPN Routers Supports various VPN client devices. 15

Difficulties of the Research 7 VPN protocols by one VPN server Inter-VPN protocol packet exchange Bridges between L2 (Ether) / L3 (IP) Management User authentication Dynamic IP address assignment to VPN clients Security Security policy / Packet filter Packet log Isolation 16

How to Support 7 VPN Protocols? L2 VPN Protocols SoftEther VPN OpenVPN (L3) EtherIP/IPsec L2TPv3/IPsec L3 VPN Protocols L2TP/IPsec SSTP/IPsec OpenVPN (L2) Strategy #1 Separate L2 VPN Ethernet / L3 VPN Router Layer-conversions between L2 / L3 Problem: Duplication of Security Implementations, Complicated Codes Strategy #2 [adopted] Treat all L3 VPN as L2 VPN All L3 packets will be descended to L2 Ether frames. Benefit: Single Security Implementations, Simple Codes 17

Design #1 Ethernet (L2) as Common Bus. Virtual Ethernet Switching Hub. Layer conversion for IP-based VPN protocols (L2TP, SSTP, OpenVPN L3). Virtual DHCP Client. 18

Design #2 Kernel-mode Difficult to debug Lack of portability Multiple User-mode Process Easy to implement Overhead Problem still occurs Single User-mode process [adopted] Easy to implement Reduce overhead 19

Virtual Ethernet Switching Hub Virtual Hub Exchange Frames Ether User IP Pkt Ether User IP Pkt VPN Session #1 Forwarding Database (FDB) VPN Session #2 Ether User IP Pkt VPN Server Module #1 VPN Server Module #2 20

L3/L2 Transparent Conversion Virtual Hub Ethernet Frame Dest MAC Src MAC TP ID User IP Pkt DHCP Server IP Address Pool Insert an Ethernet Header DHCP Request DHCP Response L3 <-> L2 Protocol Converter Ethernet Frame Dest MAC Src MAC Session TP ID User IP Pkt ARP Request ARP Response Other Hosts on Ethernet L2 (Ethernet) L3 (IP) User IP Pkt L3-VPN VPN User IP Pkt 21

All-in-One VPN Server Virtual Hub (Software Ethernet Switch) Module L2-VPN Protocol Module (e.g. SE-VPN, L2TPv3, etc.) VPN Session Pass "As-Is" Ether Frame Ether User IP Pkt L3-VPN Protocol Module (e.g. L2TP, SSTP, etc.) VPN Session Pass Converted Ether Frame Ether User IP Pkt Ether User IP Pkt User IP Pkt Convert to Ethernet Frame L2-VPN Tunnel VPN Decapsulate Ether User IP Pkt L3-VPN Tunnel VPN User IP Pkt Decapsulate Encapsulate Encapsulate Ether User IP Pkt User IP Pkt L2-VPN Client L3-VPN Client 22

User Authentication User Auth Request Virtual Hub Configured to Use the External Radius. User Auth Response External Radius Server User 'A' Pass '123' User 'B' Pass '456' User Authentication Database SSTP Server Function L2TP/IPsec Server Function Session #1 Session #2 SSTP Client (e.g. Windows) Login as User 'A' Pass '123' L2TP/IPsec Client (e.g. Mac OS X) Login as User 'B' Pass '456' Supports PAP (Password Authentication Protocol) and MS-CHAPv2 (Microsoft Challenge-Handshake Authentication Protocol ver 2) via Local User-auth DB and External Radius/Active Directory Server. 23

Security Virtual Hub Security Functions Packet Filter Security Policy Enforcer Packet Logger Packet Filter Rules User Authentication Database Session #1 Exchange Frames Ether User IP Pkt Session #2 Packet Logs to the Disk 24

Isolation between Virtual Hubs VPN Server Process Virtual Hub #1 Virtual Hub #2 Ether User IP Pkt Ether User IP Pkt L2-VPN Tunnel L3-VPN Tunnel L2-VPN Tunnel L3-VPN Tunnel L2-VPN Client L3-VPN Client L2-VPN Client L3-VPN Client VPN Group #1 Isolated VPN Group #2 25

Implementation SoftEther VPN Server Current features Virtual Ethernet Switching Hub Security Policy / Packet Filter Enforcement Packet Logging Internal and External User-authentication Language C / C++ IPsec Modules based on BitVisor IPsec Client (Univ of Tsukuba) 26

SoftEther VPN Architecture Physical Local Area Network Physical Network Adapter Virtual Hub #1 Local Bridge Session SoftEther VPN Server IP Routing between Segments Virtual Hub #2 Security Functions Packet Filter Security Policy Enforcer Packet Logger Virtual Layer-3 Switch Exchange Frames Ether User IP Pkt Packet Adapter FDB Packet Adapter Packet Log Lazy Writer VPN Session #1 VPN Session #2 VPN Ether User IP Pkt VPN Ether User IP Pkt SoftEther VPN Client SoftEther VPN Client 27

OS Abstraction Layer User Mode Kernel Mode NDIS Virtual Network Adapter Driver SoftEther VPN Functions (Cedar Module) Win32 Library Routines (Mayaqua Module) Abstraction Layer Function Calls UNIX 9x NT Linux FreeBSD Solaris Darwin System Calls NDIS Local Bridge Driver tap Driver SOL_PACKET Raw Sockets OS Independent Parts OS Dependent Parts 28

7 Protocol Modules SoftEther VPN Server L2 VPNs Virtual Hub L3 VPNs SE-VPN Protocol Module L2TP/IPsec Protocol Module SSTP Protocol Module OpenVPN (L3) Protocol Module OpenVPN (L2) Protocol Module L2TPv3/IPsec Protocol Module EtherIP/IPsec Protocol Module SE-VPN L2TP SSTP OVPNL3 OVPNL2 L2TPv3 EtherIP Windows Linux Mac ipad Android Tab Windows RT iphone Android Windows Phone Cisco VPN Routers Various Types of VPN Clients 29

Divide 7 VPN Protocols into Sub Modules Overlapped Parts of Processing VPN Protocols PPP stack is used by L2TP and SSTP. IPsec stack is used by L2TP, L2TPv3 and EtherIP. OpenVPN stack is used by OpenVPN L2 and L3. A portion of L2TP stack is used by L2TPv3. Divide into Sub Modules Minimize Volumes of Codes Reduce Bugs Connections between Sub Modules Tube : A new fast in-process pipe for Single-thread and Multi-thread inter-module communication. 30

Sub Modules SoftEther VPN Server A Virtual Hub L3 / L2 Protocol Converter SE-VPN Sub Module PPP Sub Module L2TPv3 Sub Module HTTP Parser Sub Module L2TP Sub Module EtherIP Sub Module SSL Sub Module OpenVPN Sub Module IPsec Sub Module SE-VPN Listener L2TP/IPsec Listener SSTP Listener OpenVPN (L3) Listener OpenVPN (L2) Listener L2TPv3/IPsec Listener EtherIP/IPsec Listener SE-VPN L2TP SSTP OVPNL3 OVPNL2 L2TPv3 EtherIP L2 VPNs L3 VPNs 31

Tube (fast lightweight pipe) Module A (on Thread 1) TubeSend() Packet Queue Tube for Single Thread Packet Packet Packet Packet TubeRecv() Packet Module B (on Thread 1) Module A (on Thread 1) TubeSend() Packet Queue Tube for Multi Threads Packet Packet Packet Packet TubeRecv() Packet Module B (on Thread 2) TubeFlush() Synchronization Object GetCancel(), WaitSockEvent() etc. 32

Programming C / C++ Source Codes 396,867 Lines (11.5MB) (including 31,686 comment lines) Compiler Visual C++ 2008 for Windows Binaries gcc (any version) for UNIX and Linux Binaries Planning to be Open Source (GPL) in Mid 2013. Now translating a lot of comments into English before releasing the source. 33

Screen Shots SoftEther VPN Client 34

Screen Shots SoftEther VPN Server (GUI Config Tools) 35

Screen Shots A lot of VPN Server Setting Screens (total 70+ dialogs) 36

Screen Shots L2TP / L2TPv3 / EtherIP OpenVPN (L2 & L3) / SSTP 37

Screen Shots Ethernet over DNS, Ethernet over ICMP (Enjoy your Wi-Fi Life!) 38

Screen Shots Beautiful Installer for SoftEther VPN 39

Screen Shots User-Mode Install Option (System Admins will be Surprised!) 40

Screen Shots Multi-languages Support 41

Evaluation 1. Functional Tests Self Test Beta Test 2. Performance Tests Simple throughput test Comparison to existing methods 42

L2TP/IPsec ios Android Windows Mac OS X SSTP 43

OpenVPN 44

L2TPv3/IPsec, EtherIP/IPsec L2TPv3: Cisco IOS, IIJ SEIL EtherIP: NEC IX 45

Results of Self Functional Tests VPN Protocol VPN Client Software / Device Results L2TP/IPsec iphone (ios 4.x, 5.x, 6.x) ipad (ios 4.x, 5.x, 6.x) Android (2.x, 3.x, 4.x) Windows XP, Vista, 7, 8, RT Mac OS X (10.6, 10.7, 10.8) SSTP Windows Vista, 7, 8, RT OpenVPN (L3) Windows, Linux, Mac, iphone, Android L2TPv3/IPsec Cisco 892J Cisco 1812J EtherIP/IPsec NEC IX2015 OpenVPN (L2) OpenVPN 2.2 for Windows, Linux 46

Results of Beta Tests 4,007 Users on Jan 09, 2013. 47

Achievement L2TP SSTP OpenVPN L2TPv3 EtherIP SoftEtherVPN Microsoft RRAS - - - - Mac OS X Server - - - - - OpenVPN - - - - - Cisco IOS - - - - NEC IX Router OS - - - - - IIJ SEIL Router OS - - - SoftEther VPN (Old) - - - - - SoftEther VPN (New) 48

Performance Tests Computer CPU Fujitsu PRIMERGY TX100 S3 (3 Pieces) Intel Xeon E3-1230 3.2GHz 8M RAM 16GB (4GB 1333MHz DDR3 ECC CL9 DIMM x 4) Chipset NIC #1, #2 OS Intel C202 Intel 10 Gigabit CX4 Dual Port Server Adapter Windows Server 2008 R2 x64 Windows Server 2003 R2 x64 (for OS abstraction-layer performance tests) Linux 2.6.32 x64 (for OS abstraction-layer performance tests) 49

Target Protocols SoftEther VPN Protocol L2TP/IPsec SSTP OpenVPN (L3) OpenVPN (L2) 50

Test 1. Each Protocol (Solo) Our Implementation vs. Vendor s Original Implementation for L2TP, for SSTP, for OpenVPN SoftEther VPN vs. for L2TP, for SSTP for OpenVPN Examples (for SSTP) SSTP Server PC (k1) Windows Server 2008 R2 RRAS (SSTP) Server PC (k1) SoftEther VPN Server 4.0 (SSTP) SSTP SSTP SSTP Compare PC (k3) Server PC (k1) Windows Server 2008 R2 RRAS (SSTP) Physical LAN PC (k3) Server PC (k1) SoftEther VPN Server 4.0 (SSTP) Physical LAN SSTP VPN Client #1 SSTP VPN Client #2 SSTP VPN Client #1 SSTP VPN Client #2 SSTP Compare SSTP Client PC #1 (k2) Client PC #2 (k3) Client PC #1 (k2) Client PC #2 (k3) SSTP VPN Client #1 SSTP VPN Client #1 Microsoft s SSTP-VPN Implementation Our SSTP-VPN Implementation Client PC #1 (k2) Microsoft s SSTP-VPN Implementation Client PC #1 (k2) Our SSTP-VPN Implementation PC-to-PC VPN PC-to-LAN VPN 51

Test 1 Results (PC-to-PC) Original VPN Software v.s. SoftEther VPN Server 4.0 (1 VPN Protocol, PC to PC) 1,200 Mbps 1,000 Mbps 800 Mbps 600 Mbps 400 Mbps 200 Mbps 0 Mbps 974.8 779.8 664.3 478.0 383.8 89.8 86.4 80.0 85.8 SEVPN L2TP SSTP OpenVPN (L3) OpenVPN (L2) By Original VPN Software By SoftEther VPN Server 4.0 52

Test 1 Results (PC-to-LAN) Original VPN Software v.s. SoftEther VPN Server 4.0 (1 VPN Protocol, PC to LAN) 1,200 Mbps 1,000 Mbps 800 Mbps 600 Mbps 400 Mbps 200 Mbps 0 Mbps 980.0 715.1 737.8 593.7 614.0 76.6 89.8 83.8 90.1 SEVPN L2TP SSTP OpenVPN (L3) OpenVPN (L2) By Original VPN Software By SoftEther VPN Server 4.0 53

Test 2. Combination of 2 Protocols Our Implementation (New) vs. Mixture of 2 VPN Programs (Traditional) SoftEther VPN Solo vs. + Mixture + Mixture SoftEther VPN Example (for SSTP+OpenVPN L3) VPN Server PC (k1) IP Routing VPN Server PC (k1) MS Win2008 R2 SSTP Server OpenVPN2.2.2 (L3 Mode) SoftEther VPN Server NIC #1 NIC #2 Compare NIC #1 NIC #2 SSTP VPN Protocol Tunnel OpenVPN (L3) Protocol Tunnel SSTP VPN Protocol Tunnel OpenVPN (L3) Protocol Tunnel SSTP VPN Client Traffic OpenVPN Client (L3 Mode) SSTP VPN Client Traffic OpenVPN Client (L3 Mode) VPN Client PC #1 (k2) VPN Client PC #2 (k3) VPN Client PC #1 (k2) VPN Client PC #2 (k3) 54

Combination Matrix No. Protocol 1 Protocol 2 Bridge / Routing 1 SEVPN L2TP/IPsec IP Routing 2 SEVPN SSTP IP Routing 3 SEVPN OpenVPN_L3 IP Routing 4 SEVPN OpenVPN_L2 Ethernet Bridging 5 L2TP/IPsec SSTP IP Routing 6 L2TP/IPsec OpenVPN_L3 IP Routing 7 L2TP/IPsec OpenVPN_L2 IP Routing 8 SSTP OpenVPN_L3 IP Routing 9 SSTP OpenVPN_L2 IP Routing 10 OpenVPN_L3 OpenVPN_L2 IP Routing Total 10 Tests 55

Test2 Results (Throughput) Original VPN Software v.s. SoftEther VPN Server 4.0 (2 VPN Protocols) 1,200 Mbps 1,000 Mbps 800 Mbps 600 Mbps 608.0 546.8 716.0 662.5 612.9 557.6 400 Mbps 200 Mbps 83.4 86.6 83.6 86.6 80.2 84.1 82.9 86.6 83.8 87.9 82.7 87.3 86.0 88.0 0 Mbps SEVPN+L2TP SEVPN+SSTP SEVPN+OVPNL3 SEVPN+OVPNL2 L2TP+SSTP L2TP+OVPNL3 L2TP+OVPNL2 SSTP+OVPNL3 SSTP+OVPNL2 OVPNL3+OVPNL2 By Combination of Two Original VPN Software By SoftEther VPN Server 4.0 Standalone 56

Test2 Results (Percentage of Improvement) Percentage of Improvement 120% 100% 111.2% 108.1% 103.8% 103.5% 109.9% 104.9% 104.4% 104.9% 105.5% 102.3% 80% 60% 40% 20% 0% SEVPN+L2TP SEVPN+SSTP SEVPN+OVPNL3 SEVPN+OVPNL2 L2TP+SSTP L2TP+OVPNL3 L2TP+OVPNL2 SSTP+OVPNL3 SSTP+OVPNL2 OVPNL3+OVPNL2 SEVPN+L2TP SEVPN+SSTP SEVPN+OVPNL3 SEVPN+OVPNL2 L2TP+SSTP L2TP+OVPNL3 L2TP+OVPNL2 SSTP+OVPNL3 SSTP+OVPNL2 OVPNL3+OVPNL2 57

Test 3. Evaluation of OS-Abstraction Layer 2,500 Mbps 2,000 Mbps 4.1.1. SEVPN RC4 PC-to-PC OS Comparison (Throughput) 2,500 Mbps 2,000 Mbps 4.1.3. SEVPN RC4 PC-to-LAN OS Comparison (Throughput) 1,500 Mbps 1,000 Mbps 951 1,037 1,094 929 1,021 1,104 941 979 1,011 1,500 Mbps 1,000 Mbps 1,106 1,033 1,088 918 915 1,042 1,041 1,048 987 500 Mbps 500 Mbps 0 Mbps Download Upload Both 0 Mbps Download Upload Both SEVPN RC4 (PC-to-PC) by SoftEther VPN on WinServer2003 R2 SEVPN RC4 (PC-to-LAN) by SoftEther VPN on WinServer2003 R2 SEVPN RC4 (PC-to-PC) by SoftEther VPN on WinServer2008 R2 SEVPN RC4 (PC-to-LAN) by SoftEther VPN on WinServer2008 R2 SEVPN RC4 (PC-to-PC) by SoftEther VPN on Linux 2.6.32 SEVPN RC4 (PC-to-LAN) by SoftEther VPN on Linux 2.6.32 4.1.5. L2TP PC-to-PC OS Comparison (Throughput) 4.1.6. L2TP PC-to-LAN OS Comparison (Throughput) 2,500 Mbps 2,500 Mbps 2,000 Mbps 2,000 Mbps 1,500 Mbps 1,500 Mbps 1,000 Mbps 500 Mbps 372 387 327 354 381 294 367 392 303 1,000 Mbps 500 Mbps 630 645 620 583 706 673 482 581 518 0 Mbps Download Upload Both 0 Mbps Download Upload Both L2TP (PC-to-PC) by SoftEther VPN on WinServer2003 R2 L2TP (PC-to-LAN) by SoftEther VPN on WinServer2003 R2 L2TP (PC-to-PC) by SoftEther VPN on WinServer2008 R2 L2TP (PC-to-LAN) by SoftEther VPN on WinServer2008 R2 L2TP (PC-to-PC) by SoftEther VPN on Linux 2.6.32 L2TP (PC-to-LAN) by SoftEther VPN on Linux 2.6.32 58

Conclusions #1 This Research Designs and Implements a New VPN Server Program. Supports 7 VPN Protocols. SoftEter VPN, L2TP over IPsec, SSTP, OpenVPN (L3, L2), EtherIP over IPsec and L2TPv3 over IPsec. The World s First VPN Server Program for Support All of Above VPN Protocols. Runs on Windows, Linux, Mac, FreeBSD and Solaris. Unified Management, Security, User-auth and IP Address Assignment. 59

Conclusions #2 Results of Performance Tests show: Generally better throughputs, compare to Microsoft and OpenVPN s implementations. Overheads of combination of different VPN protocols are reduced. (Performance Improvements: 102.3% - 111.2%) OS Abstraction Layer works well. 60

Future Works More Improvements of Performance. Additional VPN Protocols. IKEv2, PPTP and IPsec Tunnel Mode Release as Open-Source Software (GPL license). SoftEther VPN, http://www.softether.org/ Estimated release date: by end of March 2013. (First, close-source with binaries. Translate all Japanese comments to English and release it in middle 2013.) Enable third-developers to Add More VPN Protocol Modules Easily. 61

Outline of Master Thesis, January 16, 2013. Design and Implementation of SoftEther VPN Daiyuu Nobori Department of Computer Science, Graduate School of Systems and Information Engineering, University of Tsukuba, Japan.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information