design and implementation of softether vpnja.softether.org/@api/deki/files/399/=softethervpn.pdf ·...
TRANSCRIPT
Design and Implementationof SoftEther VPN
Daiyuu NoboriDepartment of Computer Science,
Graduate School of Systems and Information Engineering,University of Tsukuba, Japan.
Outline of Master Thesis,
January 16, 2013.
Background:Various VPN Protocols
• VPN Client Devices• PCs: Windows, Mac, iOS, Android, …
• Routers: Cisco, Juniper, NEC, IIJ, …
• VPN Protocols• SoftEther VPN
• L2TP/IPsec
• SSTP
• OpenVPN
• L2TPv3/IPsec
• EtherIP/IPsec
• System Administrators have to prepare multiple VPN Servers for each VPN protocol.
2
3
L2TP SSTP PPTP OpenVPN L2TPv3 EtherIPSoftEther
VPN
Upper
ProtocolIP IP IP Ethernet Ethernet Ethernet Ethernet
Transport
ProtocolIPsec HTTPS GRE
Specific
TCP/UDPIPsec IPsec HTTPS
Proxy
SupportNO YES NO YES NO NO YES
Restricted
FWBlocked PASS Blocked Blocked Blocked Blocked PASS
Client OS
(PC)
Windows
Linux
Mac
Windows
Windows
Linux
Mac
Windows
Linux
Mac- FreeBSD
Windows
Linux
Client OS(Smartphone)
iOS
Android -iOS
Android - - - -
Client OS(VPN Routers)
Cisco - - -Cisco
IIJ SEILNEC IX -
Characteristics of VPN Protocols
Mac
iPhone, iPad
Android
Cisco 1800 Series
SYS
PWR
SYS
OK
CiscoIIJ SEIL NEC
Windows
Various VPN Protocols
Server
VPN Server
Local Area Network
Ideal All-in-OneVPN Server Program
5
SSTP VPN Client
(e.g. Windows)
Ideal All-in-One
VPN Server Program
OpenVPN Client
(e.g. Mac OS X)
SSTP
Server Function
OpenVPN
Server Function
Such a VPN Server Program
doesn't Exists.
A VPN Server
Computer
A Problem:
There is No Such an IdealVPN Server Program.
6
7
L2TP SSTP OpenVPN L2TPv3 EtherIP
Microsoft
RRAS ✓ ✓ - - -Mac OS X
Server ✓ - - - -
OpenVPN - - ✓ - -
Cisco IOS ✓ - - ✓ -NEC IX
Router OS - - - - ✓IIJ SEIL
Router OS ✓ ✓ - ✓ -
Existing VPN Server Programs Compatibles
Supporting Multi VPN Protocolsby Single VPN Server Computer
8
Two VPN Server Programs
Run Together on a Host.
OpenVPN Server
SSTP VPN Client
(e.g. Windows)
Microsoft RRAS
OpenVPN Client
(e.g. Mac OS X)
SSTP VPN Tunnel
OpenVPN Tunnel
SSTP
Server Function
OpenVPN
Server Function
A VPN Server
Computer
IP Routing
Between Two
VPN Servers
Supporting Multiple VPN Protocols by Single VPN Server
•Overhead Problem• Context Switching Costs
• User-to-Kernel Switching Costs
• Memory Copying Costs
•Management Problem• User Management Tasks
• Log File Management Tasks
• Inefficient IP Address Polls9
Overhead Problem
10
VPN Server Program #2VPN Server Program #1V
PN
Tunnel #
1
VPN
Tunnel #
2
VPN Protocol #1 VPN Protocol #2
A VPN Server Host PC
User Mode
Kernel Mode
IP Router /
Ethernet Bridge
tun / tap / ppp tun / tap / ppp
Overhead Overhead
Overhead
Management Problem
11
OpenVPN Server
Microsoft RRAS
SSTP
Server Function
OpenVPN
Server Function
A VPN Server
Computer
User A User B User C
User A User B User C
VPN Server
Admin
Register
RegisterSame Users
Log File Problem
12
OpenVPN Server
Microsoft RRAS
SSTP
Server Function
OpenVPN
Server Function
A VPN Server
Computer
VPN
Server
Admin
Log Files
of MS-RRAS
Log Files
of OpenVPN
Confusing
IP Address Pool Duplication Problem
13
OpenVPN Server
Microsoft RRAS
SSTP
Server Function
OpenVPN
Server Function
IP Pool #1
IP Pool #2
Duplicate
IP Address Reserves
192.168.0.101-
192.168.0.150
192.168.0.151-
192.168.0.200
14
L2TP SSTP OpenVPN L2TPv3 EtherIP SoftEtherVPN
Microsoft
RRAS ✓ ✓ - - - -Mac OS X
Server ✓ - - - - -
OpenVPN - - ✓ - - -
Cisco IOS ✓ - - ✓ - -NEC IX
Router OS - - - - ✓ -IIJ SEIL
Router OS ✓ ✓ - ✓ - -SoftEther
VPN ✓ ✓ ✓ ✓ ✓ ✓
Goal of the Research
15
LinuxWindows Mac
iPadAndroid TabWindows RT
iPhoneAndroid
Windows Phone Cisco VPN Routers
SoftEther VPN Server
SE-VPN OpenVPN L2TP EtherIP MS-SSTP L2TPv3
Supports various VPN client devices.
A high-performance VPN server which supports multiple VPN protocols.
"SoftEther" means Software Ethernet.
Difficulties of the Research
• 7 VPN protocols by one VPN server• Inter-VPN protocol packet exchange• Bridges between L2 (Ether) / L3 (IP)
• Management• User authentication• Dynamic IP address assignment to VPN clients
• Security• Security policy / Packet filter• Packet log• Isolation
16
How to Support 7 VPN Protocols?
• Strategy #1• Separate L2 VPN Ethernet / L3 VPN Router
• Layer-conversions between L2 / L3Problem: Duplication of Security Implementations, Complicated Codes
• Strategy #2 [adopted]• Treat all L3 VPN as L2 VPN
• All L3 packets will be descended to L2 Ether frames.Benefit: Single Security Implementations, Simple Codes
17
L2 VPN Protocols L3 VPN Protocols
SoftEther VPN
OpenVPN (L3)
EtherIP/IPsec
L2TPv3/IPsec
L2TP/IPsec
SSTP/IPsec
OpenVPN (L2)
Design #1
•Ethernet (L2) as Common Bus.•Virtual Ethernet Switching Hub.
• Layer conversion for IP-based VPN protocols (L2TP, SSTP, OpenVPN L3).
•Virtual DHCP Client.
18
Design #2
• Kernel-mode• Difficult to debug• Lack of portability
• Multiple User-mode Process• Easy to implement• Overhead Problem still occurs
• Single User-mode process [adopted]• Easy to implement• Reduce overhead
19
Virtual Ethernet Switching Hub
20
Virtual Hub
VPN
Sessio
n #
1
Ether User IP Pkt
Exchange FramesV
PN
Sessio
n #
2
Forwarding
Database
(FDB)
Ether User IP PktEther User IP Pkt
VPN Server Module #1 VPN Server Module #2
L3/L2 Transparent Conversion
21
L3 <-> L2
Protocol Converter
L3-V
PN
User IP Pkt
Ethernet Frame
User IP PktDest
MAC
Src
MAC
TP
ID
Virtual Hub
Sessio
nL2 (Ethernet)
L3 (IP)
Other Hosts
on Ethernet
Ethernet Frame
User IP PktDest
MAC
Src
MAC
TP
ID
VPN User IP Pkt
Insert an
Ethernet
Header
DHCP Server
IP Address Pool
DHCP Request
DHCP Response
ARP Request
ARP Response
22
All-in-One VPN Server
L2-VPN Protocol Module
(e.g. SE-VPN, L2TPv3, etc.)
L3-VPN Protocol Module
(e.g. L2TP, SSTP, etc.)
L2-VPN Client
L3-VPN Client
VPN Ether User IP Pkt
Ether User IP Pkt
VPN User IP Pkt
User IP Pkt
User IP Pkt
Ether User IP Pkt
Virtual Hub (Software Ethernet Switch) Module
VPN
Sessio
n
Ether User IP Pkt
Ether User IP Pkt
L2-V
PN
Tunnel
L3-V
PN
Tunnel
Pass "As-Is"
Ether Frame
Decapsulate
Encapsulate Encapsulate
Decapsulate
Convert to
Ethernet Frame
Pass Converted
Ether Frame
VPN
Sessio
n
User Authentication
23
Virtual Hub
Sessio
n #
1
Sessio
n #
2
User
Authentication
Database
SSTP Client
(e.g. Windows)
SSTP
Server Function
L2TP/IPsec
Server Function
L2TP/IPsec Client
(e.g. Mac OS X)
External
Radius Server
User 'A'
Pass '123'
Login as
User 'A'
Pass '123'
Login as
User 'B'
Pass '456'
Configured to
Use the
External Radius.
User 'B'
Pass '456'
User Auth
Response
User Auth
Request
Supports PAP (Password Authentication Protocol) and
MS-CHAPv2 (Microsoft Challenge-Handshake Authentication Protocol ver 2)
via Local User-auth DB and External Radius/Active Directory Server.
Security
24
Virtual Hub
Sessio
n #
1
Ether User IP Pkt
Exchange Frames
Sessio
n #
2
User
Authentication
Database
Security Functions
Packet
Filter
Rules
Packet Logs
to the Disk
Packet Filter Security Policy Enforcer Packet Logger
Isolation between Virtual Hubs
25
VPN Server Process
L2-VPN ClientL3-VPN Client
Virtual Hub #2
Ether User IP Pkt
L2-V
PN
Tunnel
L3-V
PN
Tunnel
L2-VPN ClientL3-VPN Client
Virtual Hub #1
Ether User IP Pkt
L2-V
PN
Tunnel
L3-V
PN
Tunnel
VPN Group #2
Isolated
VPN Group #1
Implementation
• SoftEther VPN ServerCurrent features
• Virtual Ethernet Switching Hub• Security Policy / Packet Filter Enforcement• Packet Logging• Internal and External User-authentication
Language• C / C++
IPsec Modules based on• BitVisor IPsec Client (Univ of Tsukuba)
26
SoftEther VPN Architecture
27SoftEther VPN Client
SoftEther VPN Server
SoftEther VPN Client
Virtual Hub #1
VPN
Sessio
n
#1
VPN
Sessio
n
#2
Ether User IP Pkt
Exchange Frames
Virtual Hub #2
VPN Ether User IP Pkt VPN Ether User IP Pkt
Packet Adapter Packet Adapter
Security Functions
Packet Filter Security Policy Enforcer Packet Logger
Packet Log
Lazy Writer
FDB
Physical
Network Adapter
Virtual
Layer-3
Switch
IP Routing
between Segments
Physical Local Area Network
Loca
l Brid
ge
Sessio
n
OS Abstraction Layer
28
User Mode
Kernel Mode
SoftEther VPN Functions
(Cedar Module)
Library Routines
(Mayaqua Module)
Abstraction Layer
Win32 UNIXLinux FreeBSD9x NT Solaris Darwin
Function Calls
NDIS Virtual
Network
Adapter Driver
NDIS
Local Bridge
Driver
tap Driver SOL_PACKET
Raw Sockets
OS
Independent
Parts
OS
Dependent
Parts
System Calls
7 Protocol Modules
29
SoftEther VPN Server
Virtual HubSE-VPN
Protocol Module
L2TP/IPsec
Protocol Module
SSTP
Protocol Module
OpenVPN (L3)
Protocol Module
OpenVPN (L2)
Protocol Module
L2TPv3/IPsec
Protocol Module
EtherIP/IPsec
Protocol Module
LinuxWindows Mac
iPadAndroid TabWindows RT
iPhoneAndroid
Windows Phone
Cisco VPN Routers
L2TPv3
Eth
erIP
OV
PN
L2
OV
PN
L3
SSTP
L2TP
SE-V
PN
Various Types of VPN Clients
L2 VPNs
L3 VPNs
Divide 7 VPN Protocolsinto Sub Modules
• Overlapped Parts of Processing VPN Protocols• “PPP stack” is used by L2TP and SSTP.• “IPsec stack” is used by L2TP, L2TPv3 and EtherIP.• “OpenVPN stack” is used by OpenVPN L2 and L3.• A portion of “L2TP stack” is used by L2TPv3.
• Divide into Sub Modules• Minimize Volumes of Codes• Reduce Bugs
• Connections between Sub Modules• “Tube”: A new fast in-process pipe
• for Single-thread and Multi-thread inter-module communication.
30
Sub Modules
31
SoftEther VPN Server
L3 / L2
Protocol Converter
A Virtual Hub
SE-VPN
Listener
L2TP/IPsec
Listener
SSTP
Listener
OpenVPN (L3)
Listener
OpenVPN (L2)
Listener
L2TPv3/IPsec
Listener
EtherIP/IPsec
Listener
L2TPv3
Eth
erIP
OV
PN
L2
OV
PN
L3
SSTP
L2TP
SE-V
PN
L2 VPNs
L3 VPNs
IPsec
Sub Module
OpenVPN
Sub Module
L2TP
Sub Module
PPP
Sub Module
EtherIP
Sub Module
L2TPv3
Sub Module
SSL
Sub Module
HTTP Parser
Sub Module
SE-VPN
Sub Module
“Tube”(fast lightweight pipe)
32
Tube for Single Thread
Queue Packet Packet Packet Packet・・・・
Module A
(on Thread 1)
Module B
(on Thread 1)Packet Packet
TubeSend()
Tube for Multi Threads
Queue Packet Packet Packet Packet・・・・
Module A
(on Thread 1)
Module B
(on Thread 2)Packet Packet
Synchronization
Object
TubeRecv()
TubeSend()
TubeFlush()
TubeRecv()
GetCancel(),
WaitSockEvent()
etc.
Programming
33
• C / C++ Source Codes• 396,867 Lines (11.5MB)
(including 31,686 comment lines)
• Compiler• Visual C++ 2008 for Windows Binaries
• gcc (any version) for UNIX and Linux Binaries
• Planning to be Open Source (GPL) in Mid 2013.• Now translating a lot of comments into English
before releasing the source.
Screen Shots
34
SoftEther VPN Client
Screen Shots
35
SoftEther VPN Server (GUI Config Tools)
Screen Shots
36
A lot of VPN Server Setting Screens (total 70+ dialogs)
Screen Shots
37
L2TP / L2TPv3 / EtherIP OpenVPN (L2 & L3) / SSTP
Screen Shots
38
Ethernet over DNS, Ethernet over ICMP
(Enjoy your Wi-Fi Life!)
Screen Shots
39
Beautiful Installer for SoftEther VPN
Screen Shots
40
User-Mode Install Option
(System Admins will be Surprised!)
Screen Shots
41
Multi-languages Support
Evaluation
1. Functional Tests• Self Test
• Beta Test
2. Performance Tests• Simple throughput test
• Comparison to existing methods
42
L2TP/IPsec
43
iOS Android Windows Mac OS X
SSTP
OpenVPN
44
L2TPv3/IPsec, EtherIP/IPsec
45
L2TPv3: Cisco IOS, IIJ SEIL
EtherIP: NEC IX
Results of Self Functional Tests
46
VPN Protocol VPN Client Software / Device Results
L2TP/IPsec
iPhone (iOS 4.x, 5.x, 6.x) ✓
iPad (iOS 4.x, 5.x, 6.x) ✓
Android (2.x, 3.x, 4.x) ✓
Windows XP, Vista, 7, 8, RT ✓
Mac OS X (10.6, 10.7, 10.8) ✓
SSTP Windows Vista, 7, 8, RT ✓
OpenVPN (L3) Windows, Linux, Mac, iPhone, Android ✓
L2TPv3/IPsecCisco 892J ✓
Cisco 1812J ✓
EtherIP/IPsec NEC IX2015 ✓
OpenVPN (L2) OpenVPN 2.2 for Windows, Linux ✓
Results of Beta Tests
47
4,007 Users on
Jan 09, 2013.
48
L2TP SSTP OpenVPN L2TPv3 EtherIP SoftEtherVPN
Microsoft
RRAS ✓ ✓ - - - -Mac OS X
Server ✓ - - - - -
OpenVPN - - ✓ - - -
Cisco IOS ✓ - - ✓ - -NEC IX
Router OS - - - - ✓ -IIJ SEIL
Router OS ✓ ✓ - ✓ - -SoftEther
VPN (Old) - - - - - ✓SoftEther
VPN (New) ✓ ✓ ✓ ✓ ✓ ✓
Achievement
Performance Tests
49
Computer Fujitsu PRIMERGY TX100 S3 (3 Pieces)
CPU Intel Xeon E3-1230 3.2GHz 8M
RAM 16GB (4GB 1333MHz DDR3 ECC CL9 DIMM x 4)
Chipset Intel C202
NIC #1, #2 Intel 10 Gigabit CX4 Dual Port Server Adapter
OS
Windows Server 2008 R2 x64
Windows Server 2003 R2 x64 (for OS abstraction-layer performance tests)
Linux 2.6.32 x64 (for OS abstraction-layer performance tests)
Target Protocols
•SoftEther VPN Protocol
•L2TP/IPsec
•SSTP
•OpenVPN (L3)
•OpenVPN (L2)
50
Test 1.Each Protocol (Solo)
51
Server PC (k1)
SoftEther VPN
Server 4.0
(SSTP)
Client PC #1 (k2) Client PC #2 (k3)
SSTP VPN
Client #1
SSTP VPN
Client #2
Server PC (k1)
Windows Server
2008 R2 RRAS
(SSTP)
Client PC #1 (k2) Client PC #2 (k3)
SSTP VPN
Client #1
SSTP VPN
Client #2
SSTP
Microsoft’s SSTP-VPN Implementation
SSTP SSTP SSTP
Our SSTP-VPN Implementation
Compare
Server PC (k1)
SoftEther VPN
Server 4.0
(SSTP)
Client PC #1 (k2)
SSTP VPN
Client #1
Server PC (k1)
Windows Server
2008 R2 RRAS
(SSTP)
Client PC #1 (k2)
PC (k3)
SSTP VPN
Client #1
SSTP
Microsoft’s SSTP-VPN Implementation
Physical LAN
SSTP
Our SSTP-VPN Implementation
Compare
PC (k3)
Physical LAN
Examples (for SSTP)
PC-to-PC VPN PC-to-LAN VPN
Our Implementation vs. Vendor’s Original Implementation
SoftEther VPNvs.
for L2TP,
for SSTP
for OpenVPN
for L2TP,
for SSTP,
for OpenVPN
Test 1 Results (PC-to-PC)
52
478.0 664.3
89.8 80.0
974.8
383.8
779.8
86.4 85.8
0 Mbps
200 Mbps
400 Mbps
600 Mbps
800 Mbps
1,000 Mbps
1,200 Mbps
SEVPN L2TP SSTP OpenVPN (L3) OpenVPN (L2)
Original VPN Software v.s. SoftEther VPN Server 4.0 (1 VPN Protocol, PC to PC)
By Original VPN Software By SoftEther VPN Server 4.0
593.7 715.1
76.6 83.8
980.0
614.0 737.8
89.8 90.1
0 Mbps
200 Mbps
400 Mbps
600 Mbps
800 Mbps
1,000 Mbps
1,200 Mbps
SEVPN L2TP SSTP OpenVPN (L3) OpenVPN (L2)
Original VPN Software v.s. SoftEther VPN Server 4.0 (1 VPN Protocol, PC to LAN)
By Original VPN Software By SoftEther VPN Server 4.0
Test 1 Results (PC-to-LAN)
53
Test 2.Combination of 2 Protocols
54
Example (for SSTP+OpenVPN L3)
Our Implementation (New) vs. Mixture of 2 VPN Programs (Traditional)
SoftEther VPNvs.
VPN Server PC (k1)
SoftEther VPN Server
VPN Client PC #1 (k2) VPN Client PC #2 (k3)
SSTP VPN ClientOpenVPN Client
(L3 Mode)
Traffic
NIC #1 NIC #2
VPN Server PC (k1)
OpenVPN2.2.2
(L3 Mode)
VPN Client PC #1 (k2) VPN Client PC #2 (k3)
SSTP VPN ClientOpenVPN Client
(L3 Mode)
Traffic
NIC #1 NIC #2
SSTP VPN
Protocol Tunnel
OpenVPN (L3)
Protocol Tunnel
SSTP VPN
Protocol Tunnel
OpenVPN (L3)
Protocol Tunnel
Compare
MS Win2008 R2
SSTP Server
IP Routing
SoftEther VPN
+ +Mixture
Mixture
Solo
Combination Matrix
55
No. Protocol 1 Protocol 2 Bridge / Routing
1 SEVPN L2TP/IPsec IP Routing
2 SEVPN SSTP IP Routing
3 SEVPN OpenVPN_L3 IP Routing
4 SEVPN OpenVPN_L2 Ethernet Bridging
5 L2TP/IPsec SSTP IP Routing
6 L2TP/IPsec OpenVPN_L3 IP Routing
7 L2TP/IPsec OpenVPN_L2 IP Routing
8 SSTP OpenVPN_L3 IP Routing
9 SSTP OpenVPN_L2 IP Routing
10 OpenVPN_L3 OpenVPN_L2 IP Routing
Total 10 Tests
Test2 Results (Throughput)
56
546.8
662.5
83.4 83.6
557.6
80.2 82.9 83.8 82.7 86.0
608.0
716.0
86.6 86.6
612.9
84.1 86.6 87.9 87.3 88.0
0 Mbps
200 Mbps
400 Mbps
600 Mbps
800 Mbps
1,000 Mbps
1,200 Mbps
SEVPN+L2TP SEVPN+SSTP SEVPN+OVPNL3 SEVPN+OVPNL2 L2TP+SSTP L2TP+OVPNL3 L2TP+OVPNL2 SSTP+OVPNL3 SSTP+OVPNL2 OVPNL3+OVPNL2
Original VPN Software v.s. SoftEther VPN Server 4.0 (2 VPN Protocols)
By Combination of Two Original VPN Software By SoftEther VPN Server 4.0 Standalone
Test2 Results(Percentage of Improvement)
57
111.2% 108.1%103.8% 103.5%
109.9%104.9% 104.4% 104.9% 105.5% 102.3%
0%
20%
40%
60%
80%
100%
120%
SEVPN+L2TP SEVPN+SSTP SEVPN+OVPNL3 SEVPN+OVPNL2 L2TP+SSTP L2TP+OVPNL3 L2TP+OVPNL2 SSTP+OVPNL3 SSTP+OVPNL2 OVPNL3+OVPNL2
Percentage of Improvement
SEVPN+L2TP SEVPN+SSTP SEVPN+OVPNL3 SEVPN+OVPNL2 L2TP+SSTP
L2TP+OVPNL3 L2TP+OVPNL2 SSTP+OVPNL3 SSTP+OVPNL2 OVPNL3+OVPNL2
Test 3. Evaluation of OS-Abstraction Layer
58
1,106 1,033 1,088 918 1,042 1,048
915 1,041 987
0 Mbps
500 Mbps
1,000 Mbps
1,500 Mbps
2,000 Mbps
2,500 Mbps
Download Upload Both
4.1.3. SEVPN RC4 PC-to-LAN OS Comparison (Throughput)
SEVPN RC4 (PC-to-LAN) by SoftEther VPN on WinServer2003 R2
SEVPN RC4 (PC-to-LAN) by SoftEther VPN on WinServer2008 R2
SEVPN RC4 (PC-to-LAN) by SoftEther VPN on Linux 2.6.32
951 1,037 1,094 929 1,021 1,104
941 979 1,011
0 Mbps
500 Mbps
1,000 Mbps
1,500 Mbps
2,000 Mbps
2,500 Mbps
Download Upload Both
4.1.1. SEVPN RC4 PC-to-PC OS Comparison (Throughput)
SEVPN RC4 (PC-to-PC) by SoftEther VPN on WinServer2003 R2
SEVPN RC4 (PC-to-PC) by SoftEther VPN on WinServer2008 R2
SEVPN RC4 (PC-to-PC) by SoftEther VPN on Linux 2.6.32
372 354 367 387 381 392 327 294 303
0 Mbps
500 Mbps
1,000 Mbps
1,500 Mbps
2,000 Mbps
2,500 Mbps
Download Upload Both
4.1.5. L2TP PC-to-PC OS Comparison (Throughput)
L2TP (PC-to-PC) by SoftEther VPN on WinServer2003 R2
L2TP (PC-to-PC) by SoftEther VPN on WinServer2008 R2
L2TP (PC-to-PC) by SoftEther VPN on Linux 2.6.32
630 620 706 645 583 673 482 581 518
0 Mbps
500 Mbps
1,000 Mbps
1,500 Mbps
2,000 Mbps
2,500 Mbps
Download Upload Both
4.1.6. L2TP PC-to-LAN OS Comparison (Throughput)
L2TP (PC-to-LAN) by SoftEther VPN on WinServer2003 R2
L2TP (PC-to-LAN) by SoftEther VPN on WinServer2008 R2
L2TP (PC-to-LAN) by SoftEther VPN on Linux 2.6.32
Conclusions #1
• This Research Designs and Implements a New VPN Server Program.• Supports 7 VPN Protocols.
• SoftEter VPN, L2TP over IPsec, SSTP, OpenVPN (L3, L2), EtherIP over IPsec and L2TPv3 over IPsec.
The World’s First VPN Server Program for Support All of Above VPN Protocols.
• Runs on Windows, Linux, Mac, FreeBSD and Solaris.
• Unified Management, Security, User-auth andIP Address Assignment.
59
Conclusions #2
• Results of Performance Tests show:• Generally better throughputs,
compare to Microsoft and OpenVPN’simplementations.
• Overheads of combination of different VPN protocols are reduced.(Performance Improvements: 102.3% - 111.2%)
• OS Abstraction Layer works well.
60
Future Works
• More Improvements of Performance.
• Additional VPN Protocols.• IKEv2, PPTP and IPsec Tunnel Mode
• Release as Open-Source Software (GPL license).• “SoftEther VPN”, http://www.softether.org/
Estimated release date: by end of March 2013.(First, close-source with binaries. Translate all Japanese comments to English and release it in middle 2013.)
• Enable third-Developers to Add More VPN Protocol Modules Easily.
61
Design and Implementationof SoftEther VPN
Daiyuu NoboriDepartment of Computer Science,
Graduate School of Systems and Information Engineering,University of Tsukuba, Japan.
Outline of Master Thesis,
January 16, 2013.