AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-12-06 02:01:34 +03:00
Code Releases Activity

Compare commits

base: AMajor:31fed5a28f6e821e18d2cdf51d1e046487545934
Branches Tags
AMajor:master AMajor:copilot/fix-false-positive-detection AMajor:dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/js-yaml-3.14.2
AMajor:5.2.5188 AMajor:5.02.5187 AMajor:5.02.5186 AMajor:5.02.5185 AMajor:5.02.5184 AMajor:5.02.5183 AMajor:5.02.5182 AMajor:5.02.5181 AMajor:5.02.5180 AMajor:5.02.0 AMajor:5.01.9674 AMajor:5.01.9673 AMajor:5.01.9672 AMajor:5.01.9671 AMajor:5.01.9670 AMajor:5.01.9669 AMajor:5.01.9668 AMajor:5.01.9667 AMajor:5.01.9666 AMajor:5.01.9665 AMajor:5.01.9664 AMajor:5.01.9663 AMajor:5.01.9662 AMajor:5.01.9661 AMajor:5.01.9660 AMajor:5.01.9659 AMajor:5.01.9658
...
compare: AMajor:copilot/fix-false-positive-detection
Branches Tags
AMajor:copilot/fix-false-positive-detection AMajor:master AMajor:dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/js-yaml-3.14.2
AMajor:5.2.5188 AMajor:5.02.5187 AMajor:5.02.5186 AMajor:5.02.5185 AMajor:5.02.5184 AMajor:5.02.5183 AMajor:5.02.5182 AMajor:5.02.5181 AMajor:5.02.5180 AMajor:5.02.0 AMajor:5.01.9674 AMajor:5.01.9673 AMajor:5.01.9672 AMajor:5.01.9671 AMajor:5.01.9670 AMajor:5.01.9669 AMajor:5.01.9668 AMajor:5.01.9667 AMajor:5.01.9666 AMajor:5.01.9665 AMajor:5.01.9664 AMajor:5.01.9663 AMajor:5.01.9662 AMajor:5.01.9661 AMajor:5.01.9660 AMajor:5.01.9659 AMajor:5.01.9658

85 Commits
31fed5a28f ... copilot/fi

Author SHA1 Message Date
copilot-swe-agent[bot]
873ba87029 Improve PowerShell script with error handling and add manifest clarification 
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
 2025-12-05 18:20:32 +00:00
copilot-swe-agent[bot]
2e83cd5726 Address code review feedback: remove outdated date and add manifest comment 
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
 2025-12-05 18:18:04 +00:00
copilot-swe-agent[bot]
3bf7361dc1 Fix typo in PowerShell exclusion script 
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
 2025-12-05 18:15:21 +00:00
copilot-swe-agent[bot]
c26f89e441 Update issue templates and security documentation for antivirus false positives 
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
 2025-12-05 18:14:06 +00:00
copilot-swe-agent[bot]
3526387d5b Add comprehensive antivirus false positive documentation 
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
 2025-12-05 18:12:40 +00:00
copilot-swe-agent[bot]
9ad703731a Initial plan 2025-12-05 18:06:07 +00:00
Ilya Shipitsin
204ab85e51 Merge pull request #2182 from siddharth-narayan/pq-submodule-update 
Update liboqs and oqs-provider submodules
 2025-12-02 10:02:48 +01:00
Siddharth Narayan
2628c562be Disable unecessary liboqs algorithms 2025-12-02 02:57:15 -06:00
Siddharth Narayan
e9f7089c8b Update post quantum submodules 2025-12-02 02:05:27 -06:00
Ilya Shipitsin
9be944a9b2 Merge pull request #2180 from jgrasboeck/configurable_dhcp_discover_timout 
Config value for dhcp discover timeout
 2025-11-26 16:27:59 +01:00
Julian Grasböck
137d7f551f Ensure DHCP resend interval is not to long 2025-11-26 14:57:58 +01:00
Julian Grasböck
d90e89bbbd Safety fallback to default behaviour 2025-11-26 14:57:23 +01:00
Julian Grasböck
173df872b8 Config value for dhcp discover timeout 2025-11-26 13:56:29 +01:00
Ilya Shipitsin
acbc514b87 Merge pull request #2170 from kanglongwei/branch2 
fix: #2166 L3KnownArp, delete entry from the incorrect list
 2025-10-28 21:44:25 +01:00
Ilya Shipitsin
d9d78a0b2c Merge pull request #2171 from chipitsine/master 
CI: modernize freebsd image
 2025-10-25 11:26:11 +02:00
Ilia Shipitsin
1373ed4c6c CI: modernize freebsd image 2025-10-25 10:08:15 +02:00
Ilya Shipitsin
ffe9ade675 Merge pull request #2169 from kanglongwei/branch1 
fix: #2165 memory leak
 2025-10-13 14:13:55 +02:00
w00485423
ab245552b1 fix: #2165 memory leak 2025-10-13 20:05:28 +08:00
w00485423
fdcb0a207b fix: #2166 L3KnownArp, delete entry from the incorrect list 2025-10-10 21:20:30 +08:00
Ilya Shipitsin
564d2f84b4 Merge pull request #2163 from martinetd/disable_oqs 
Mayaqua build: allow disabling OQS
 2025-10-01 11:27:06 +02:00
Dominique Martinet
4bb366572d Mayaqua build: allow disabling OQS 
SoftEtherVPN version 5.02.5186 enable post-quantum algorithms, but these
come at a large size increase (after strip, on x86_64, with default
options as of master):
- default options: 9.1M
- new -DOQS_ENABLE=OFF: 762K

Note it is also possible to disable all the algorithms individually by
passing the (243!) options to cmake -DOQS_ENABLE_KEM_BIKE=OFF
-DOQS_ENABLE_KEM_FRODOKEM=OFF -DOQS_ENABLE_KEM_NTRUPRIME=OFF ...,
in which case the binary goes back to a reasonable size of 830K

In the future, it might make sense to add a few settings picking
"sensible" algorithms, e.g. allow everything for a server build or only
allow the best algorithms for a lightweight client.

See: #2148
 2025-10-01 18:05:59 +09:00
Ilya Shipitsin
6c04825b46 Merge pull request #2157 from chipitsine/1ce88cea-29e8-466a-88f4-3713e94171d8 
docker: smoke test image during generating
 2025-09-06 16:31:04 +02:00
Ilia Shipitsin
0ec8a1ed54 docker: smoke test image during generating 
reference: https://github.com/SoftEtherVPN/SoftetherVPN-docker/issues/17
 2025-09-05 21:22:43 +02:00
Ilya Shipitsin
2acefef41e Merge pull request #2156 from metalefty/fix_cpu_features 
Proper fix for #2122 #2150
 2025-09-05 19:43:42 +02:00
Koichiro Iwao
efb04daa34 Proper fix for #2122 #2150 
Bundled cpu_features needs to be built with PIC but SHARED_LIBS should
be OFF.
 2025-09-05 22:40:18 +09:00
Ilya Shipitsin
c399ce6bbe Merge pull request #2152 from metalefty/cpu_features_pic 
Build bundled cpu_features with PIC
 2025-08-25 15:36:27 +02:00
Koichiro Iwao
2746e8dd19 Build bundled cpu_features with PIC 
After updating bundled cpu_features to 0.9.0, set_property() is not
effective. We need to use set() instead.

Resolves: #2122 #2150
 2025-08-25 21:52:15 +09:00
Ilya Shipitsin
10d6efcc5e Merge pull request #2140 from onetown/fix_parse_vlan_packet 
fix: Continue decapsulation to parse L3 data from VLAN-tagged packets
 2025-07-17 18:13:58 +02:00
onetown
0389bfd97a fix: Continue decapsulation to parse L3 data from VLAN-tagged packets 2025-07-17 10:51:52 -04:00
Ilya Shipitsin
12ed43f6eb Merge pull request #2126 from kiraware/fix-indonesian-translation 
Fix Indonesian translation with printf formatting
 2025-05-09 07:43:12 +02:00
Kira
d8bcb863f5 rephrase the string 2025-05-09 11:37:21 +07:00
Kira
7228de494d rephrase the string 2025-05-09 11:34:45 +07:00
Kira
afa848454a fix printf formatting 2025-05-09 10:34:53 +07:00
Ilya Shipitsin
6f76880767 Merge pull request #2124 from kiraware/add-id-translation 
Add id translation
 2025-05-08 18:25:54 +02:00
Ilya Shipitsin
cb9ccf41a5 Merge pull request #2125 from AhmadReza6610/master 
Add iOS client implementation with SoftEther protocol handshake support
 2025-05-08 18:22:14 +02:00
Ahmad Reza
62c71ebe5c Add iOS client implementation with SoftEther protocol handshake support 2025-05-04 14:02:44 +03:30
Kira
80bab0f7d7 fix errors 2025-05-01 10:43:45 +07:00
kiraware
c742f6c5cf Merge branch 'SoftEtherVPN:master' into add-id-translation 2025-04-30 10:53:52 +07:00
Kira
7a6a1e2ed0 add translation for strtable_id.stb 2025-04-30 10:50:27 +07:00
Ilya Shipitsin
e1ec3d42e5 Merge pull request #2072 from korokke2/master 
Update description
 2025-04-14 00:05:51 +02:00
Ilya Shipitsin
6e9247fff1 Merge pull request #2119 from weidi/patch-1 
set static hostname in docker-compose so ddns feature works cross restarts
 2025-04-13 21:58:38 +02:00
weidi
80179d5cc5 Update docker-compose.yaml 
Fixes SoftEtherVPN/SoftetherVPN-docker#15 by configuring static hostname
 2025-04-13 21:13:32 +02:00
Ilya Shipitsin
2265435d62 Merge pull request #2117 from chipitsine/master 
CI: use system cpu_features
 2025-04-08 23:17:32 +02:00
Ilia Shipitsin
b4916f20af CI: use system cpu_features 2025-04-08 23:00:13 +02:00
Ilya Shipitsin
260bc09276 Merge pull request #2092 from metalefty/cpu_features 
cpu_features improvements
 2025-04-08 22:56:47 +02:00
Kira
d01781d537 add indonesian translation file 2025-03-29 12:01:43 +07:00
Ilya Shipitsin
48042cfbc1 Merge pull request #2106 from chipitsine/master 
CI: docker: fix tags
 2025-02-17 16:40:43 +01:00
Ilia Shipitsin
a7a7eef82b CI: docker: fix tags 2025-02-17 16:02:24 +01:00
Ilya Shipitsin
a4c3713f4b Merge pull request #2104 from chipitsine/docker_ci_followup 
Docker ci followup
 2025-02-16 21:32:49 +01:00
Ilia Shipitsin
abc516757e CI: mention temporary qemu version pin 2025-02-16 20:58:30 +01:00
Ilia Shipitsin
3fee01e1cf CI: limit docker ci to SoftEtherVPN repo only 2025-02-16 20:56:47 +01:00
Ilya Shipitsin
b3dfdc2ad0 Merge pull request #2102 from weidi/docker-ci 
build arm and x86 as one tag
 2025-02-16 20:53:28 +01:00
Ilya Shipitsin
8d06ac3348 Merge pull request #2103 from chipitsine/modernize_freebsd 
CI: cirrus-ci: bump FreeBSD image to 14-2
 2025-02-16 18:32:08 +01:00
Ilia Shipitsin
9d1c3306e0 CI: cirrus-ci: bump FreeBSD image to 14-2 2025-02-16 17:41:05 +01:00
weidi
7729966c50 Add README and remove no longer required Actions 2025-02-16 16:49:25 +01:00
weidi
591cf0e9b9 run all build sequentially, should help with caching layers 2025-02-10 21:40:34 +01:00
weidi
39996ab0a2 build arm and x86 as one tag 2025-02-10 21:16:41 +01:00
Ilya Shipitsin
f525b4d660 Merge pull request #2101 from chipitsine/master 
CI: move docker build machinery to the main repo
 2025-02-10 19:59:22 +01:00
Ilia Shipitsin
a081fdd5c8 CI: move docker build machinery to the main repo 
more details: https://github.com/SoftEtherVPN/SoftetherVPN-docker/issues/4
 2025-02-09 23:32:26 +01:00
Koichiro Iwao
10a2806f12 CI: Use system's cpu_features in FreeBSD CI 2025-01-15 17:09:18 +09:00
Ilya Shipitsin
2628ac1884 Merge pull request #2091 from siddharth-narayan/oqs-submodule-update 
Update liboqs and oqs-provider submodules - Add X25519MLKEM768 NIST f…
 2025-01-15 07:22:50 +01:00
Siddharth
972256c578 Update liboqs and oqs-provider submodules - Add X25519MLKEM768 NIST finalized PQ Key exchange 2025-01-14 17:37:55 -06:00
Koichiro Iwao
e2e8193495 Improve the usage of cpu_features 
- Add USE_SYSTEM_CPU_FEATURES flag to use system's cpu_features
  instead of the bundled one
- Allow the use of cpu_features for more architectures on Linux [1]

[1] https://github.com/google/cpu_features/tree/v0.9.0?tab=readme-ov-file#whats-supported
 2025-01-14 22:58:20 +09:00
Koichiro Iwao
71b6aa7a8c Update cpu_features to 0.9.0 2025-01-14 18:09:18 +09:00
Ilya Shipitsin
8be6d756b8 Merge pull request #2089 from metalefty/drop_exec 
Drop unnecessary exec permission
 2025-01-14 07:36:11 +01:00
Koichiro Iwao
a6c5f0d135 Drop unnecessary exec permission 2025-01-14 14:35:34 +09:00
Ilya Shipitsin
c2487c6b2e Merge pull request #2086 from Mastemmah/ArtifactsPublising 
Adding artifact publishing for Linux
 2025-01-07 11:26:05 +01:00
Matt Rodak
817214da1f Adding artifact publishing for Linux 
Simple Workflow change to download deb packages created within the Linux workflow
 2025-01-07 00:13:06 +01:00
Ilya Shipitsin
015f93f7b7 Merge pull request #2082 from chipitsine/master 
stbchecker: modernize .net version
 2024-12-15 01:18:01 +01:00
Ilia Shipitsin
cdd3bddcc6 stbchecker: modernize .net version 2024-12-15 00:55:46 +01:00
Ilya Shipitsin
0a1f0913d9 Merge pull request #2081 from chipitsine/master 
CI: modernize macos versions
 2024-12-15 00:49:45 +01:00
Ilia Shipitsin
18cbd4627a CI: modernize macos versions 2024-12-15 00:25:35 +01:00
korokke2
a8bc827706 Update description 
Updated with the most recent and appropriate description.
 2024-11-12 12:06:06 +09:00
Ilya Shipitsin
e475d70c0b Merge pull request #2056 from nynauy/nynauy-systemd-patch 
Correct and simplify systemd service files
 2024-09-24 16:47:23 +02:00
Ilya Shipitsin
e94240d9a0 Merge pull request #2033 from siddharth-narayan/nt-fix 
Fix "Not on NT" error message and add uihelp to vpncmd
 2024-09-21 21:59:10 +02:00
nynauy
023eb3465d Correct and simplify systemd service files 
Remove unnecessary wrappers and change to start services directly. Also remove misused "EnvironmentFile" and unrecommended "KillMode=process".
 2024-09-17 07:03:19 +08:00
Ilya Shipitsin
5d1ce1a2cd Merge pull request #2051 from chipitsine/master 
bump version for upcoming 5187 release
 2024-09-09 21:57:51 +02:00
Ilia Shipitsin
d8569ad31a bump version for upcoming 5187 release 2024-09-09 21:12:38 +02:00
Ilya Shipitsin
e3e0c33e3b Merge pull request #2044 from Evengard/fix2043 
Incorrect variable used while iterating through sessions which makes the loop stuck
 2024-09-09 21:06:40 +02:00
Ilya Shipitsin
9f01143c83 Merge pull request #2045 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/webpack-5.94.0 
Bump webpack from 5.76.0 to 5.94.0 in /src/bin/hamcore/wwwroot/admin/default
 2024-08-30 15:54:45 +02:00
dependabot[bot]
93df1ee631 Bump webpack in /src/bin/hamcore/wwwroot/admin/default 
Bumps [webpack](https://github.com/webpack/webpack) from 5.76.0 to 5.94.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.76.0...v5.94.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-30 10:46:29 +00:00
Evengard
8f0deb576c Incorrect variable used while iterating through sessions which makes the loop stuck 2024-08-25 15:36:50 +03:00
siddharth-narayan
27d233a522 Merge branch 'SoftEtherVPN:master' into nt-fix 2024-08-15 04:28:13 -04:00
Siddharth
128fefc63e Add UI helper to vpncmd on Windows 2024-08-15 04:26:15 -04:00
Siddharth
3a25c6bf73 Fix incorrect "Not on NT" error messages 2024-07-17 15:16:11 -07:00
54 changed files with 9577 additions and 296 deletions
Expand all files Collapse all files

8
.cirrus.yml
View File

@ -4,19 +4,19 @@ FreeBSD_task:
SSL: openssl
OPENSSL_ROOT_DIR: /usr/local
env:
SSL: openssl32
SSL: openssl36
OPENSSL_ROOT_DIR: /usr/local
env:
# base openssl
SSL:
matrix:
freebsd_instance:
image_family: freebsd-14-0
image_family: freebsd-14-3
prepare_script:
- pkg install -y pkgconf cmake git libsodium $SSL
- pkg install -y pkgconf cmake git libsodium cpu_features $SSL
- git submodule update --init --recursive
configure_script:
- ./configure
- CMAKE_FLAGS="-DUSE_SYSTEM_CPU_FEATURES=1" CFLAGS="-I/usr/local/include/cpu_features" ./configure
build_script:
- make -j $(sysctl -n hw.ncpu || echo 4) -C build
test_script:

2
.github/ISSUE_TEMPLATE/bug_report_or_issue_report.yml vendored
View File

@ -8,6 +8,8 @@ body:
Thanks for taking the time to fill out this bug report!
We provide a template which is specifically made for bug reports, to be sure that the report includes enough details to be helpful.
**⚠️ Antivirus False Positive?** If you're reporting an antivirus detection issue, please see [ANTIVIRUS.md](https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/ANTIVIRUS.md) first. Antivirus false positives should be reported to the antivirus vendor, not as bugs in SoftEther VPN.
- type: checkboxes
attributes:
label: Are you using SoftEther VPN 5.x?

4
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@ -1,4 +1,8 @@
contact_links:
- name: Antivirus False Positive Detection
about: If antivirus software is flagging SoftEther VPN as malicious, this is a false positive. See our documentation for solutions and how to report to antivirus vendors.
url: https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/ANTIVIRUS.md
- name: Are you using SoftEther VPN 4.x?
about: This repository is for SoftEther VPN 5.x Developer Edition, developed independently from SoftEther VPN 4.x. Visit vpnusers.com if you would like to report issues or ask questions about version 4.x!
url: https://www.vpnusers.com/

98
.github/workflows/docker-aio.yml vendored Normal file
View File

@ -0,0 +1,98 @@
name: docker-aio
on:
push:
branches:
- 'master'
tags:
- '*'
pull_request:
workflow_dispatch:
jobs:
docker:
name: docker-aio
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'SoftEtherVPN' }}
steps:
-
name: Docker meta vpnserver
id: metavpnserver
uses: docker/metadata-action@v5
with:
images: ${{ github.repository_owner }}/vpnserver
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
-
name: Docker meta vpnclient
id: metavpnclient
uses: docker/metadata-action@v5
with:
images: ${{ github.repository_owner }}/vpnclient
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
-
name: Docker meta vpnbridge
id: metavpnbridge
uses: docker/metadata-action@v5
with:
images: ${{ github.repository_owner }}/vpnbridge
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
image: tonistiigi/binfmt:qemu-v9.2.0
#
# TODO: unpin qemu version after default is updated
#
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to DockerHub
if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push vpnserver
uses: docker/build-push-action@v6
with:
file: ./Dockerfile
target: vpnserver
push: ${{ github.event_name != 'pull_request' }}
platforms: linux/amd64,linux/arm64
tags: ${{ steps.metavpnserver.outputs.tags }}
labels: ${{ steps.metavpnserver.outputs.labels }}
-
name: Build and push vpnclient
uses: docker/build-push-action@v6
with:
file: ./Dockerfile
target: vpnclient
push: ${{ github.event_name != 'pull_request' }}
platforms: linux/amd64,linux/arm64
tags: ${{ steps.metavpnclient.outputs.tags }}
labels: ${{ steps.metavpnclient.outputs.labels }}
-
name: Build and push vpnbridge
uses: docker/build-push-action@v6
with:
file: ./Dockerfile
target: vpnbridge
push: ${{ github.event_name != 'pull_request' }}
platforms: linux/amd64,linux/arm64
tags: ${{ steps.metavpnbridge.outputs.tags }}
labels: ${{ steps.metavpnbridge.outputs.labels }}

4
.github/workflows/fedora-rawhide.yml vendored
View File

@ -25,10 +25,10 @@ jobs:
submodules: true
- name: Install dependencies
run: |
dnf -y install git cmake ncurses-devel openssl-devel-engine libsodium-devel readline-devel zlib-devel gcc-c++ clang
dnf -y install git cmake ncurses-devel openssl-devel-engine libsodium-devel readline-devel zlib-devel gcc-c++ clang google-cpu_features-devel
- name: Compile with ${{ matrix.cc }}
run: |
export CC=${{ matrix.cc }}
./configure
CMAKE_FLAGS="-DUSE_SYSTEM_CPU_FEATURES=1" CFLAGS="-I/usr/include/cpu_features" ./configure
make -C build

7
.github/workflows/linux.yml vendored
View File

@ -26,6 +26,13 @@ jobs:
cd build
cpack -C Release -G DEB
- name: Upload DEB packages as artifacts
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v4
with:
name: deb-packages
path: build/*.deb
- name: Test
run: |
.ci/appveyor-deb-install-test.sh

2
.github/workflows/macos.yml vendored
View File

@ -7,7 +7,7 @@ jobs:
build_and_test:
strategy:
matrix:
os: [macos-14, macos-13, macos-12]
os: [macos-15, macos-14, macos-13]
name: ${{ matrix.os }}
runs-on: ${{ matrix.os }}
steps:

338
ANTIVIRUS.md Normal file
View File

@ -0,0 +1,338 @@
# Antivirus False Positive Detection
## Overview
Some antivirus software, including Microsoft Defender, may incorrectly flag SoftEther VPN executables as malicious software. This is a **false positive** detection. SoftEther VPN is legitimate, open-source software that has been developed and maintained since 2013 by researchers at the University of Tsukuba, Japan.
## Why Does This Happen?
Antivirus software uses heuristic analysis to detect potentially malicious behavior. VPN software like SoftEther VPN performs operations that can appear suspicious to antivirus programs, including:
- **Network tunneling and traffic interception**: VPN software creates virtual network adapters and intercepts network traffic to secure it
- **Low-level network operations**: Packet filtering, protocol handling, and kernel-mode operations
- **Service installation**: VPN clients install system services that run with elevated privileges
- **Registry modifications**: Required for Windows integration and auto-start functionality
- **Dynamic code execution**: Network protocol implementations may use techniques that appear similar to malicious software
These are **normal and necessary operations** for any VPN software, but they can trigger heuristic-based detection algorithms.
## Microsoft Defender Specific Issue
### Affected Components
Microsoft Defender may flag the following SoftEther VPN 5.x components as `Trojan:Win32/KepavII!rfn`:
- `vpnclient.exe` - VPN Client executable
- `vpnserver.exe` - VPN Server executable
- `vpnbridge.exe` - VPN Bridge executable
- `vpncmd.exe` - VPN Command-line utility
- Start menu shortcuts
- Registry entries
- Windows services (`SEVPNCLIENTDEV`, `SEVPNSERVERDEV`, etc.)
### Detection Details
```
Detected: Trojan:Win32/KepavII!rfn
Status: Quarantined
Description: "This program is dangerous and executes commands from an attacker."
```
**This is a false positive.** The detection is based on behavioral heuristics, not actual malicious code.
## Solutions and Workarounds
### Option 1: Add Exclusions (Recommended for Users)
The recommended approach is to add SoftEther VPN directories to Microsoft Defender's exclusion list:
#### Step-by-Step Instructions:
1. **Open Windows Security**
- Press `Windows Key + I` to open Settings
- Navigate to **Privacy & Security****Windows Security**
- Click **Virus & threat protection**
2. **Access Exclusion Settings**
- Scroll down to **Virus & threat protection settings**
- Click **Manage settings**
- Scroll down to **Exclusions**
- Click **Add or remove exclusions**
3. **Add SoftEther VPN Directories**
Click **Add an exclusion****Folder** and add these paths:
- `C:\Program Files\SoftEther VPN Client`
- `C:\Program Files\SoftEther VPN Client Developer Edition`
- `C:\Program Files\SoftEther VPN Server`
- `C:\Program Files\SoftEther VPN Server Manager`
- `C:\Program Files\SoftEther VPN Server Manager Developer Edition`
- `C:\Program Files\SoftEther VPN Server Developer Edition`
- `C:\ProgramData\SoftEther VPN Client`
- `C:\ProgramData\SoftEther VPN Server`
**Note**: Add only the directories that correspond to the SoftEther VPN components you have installed.
4. **Restore Quarantined Files** (if needed)
- Go back to **Virus & threat protection**
- Click **Protection history**
- Find the quarantined SoftEther VPN files
- Click **Actions****Restore**
5. **Reinstall if Necessary**
- If files were deleted, you may need to reinstall SoftEther VPN
- The exclusions will prevent future detections
### Option 2: Report False Positive to Microsoft
Help improve Microsoft Defender by reporting the false positive:
1. **Submit to Microsoft Defender Security Intelligence**
- Visit: https://www.microsoft.com/en-us/wdsi/filesubmission
- Select **File** submission type
- Choose **Software developer** as your role
- Submit the falsely detected SoftEther VPN executable files
- Provide details: "False positive detection of SoftEther VPN, open-source VPN software"
2. **Include Information**
- Product Name: SoftEther VPN
- Vendor: SoftEther Project at University of Tsukuba
- Official Website: https://www.softether.org/
- GitHub Repository: https://github.com/SoftEtherVPN/SoftEtherVPN
- License: Apache License 2.0
Microsoft typically reviews submissions within a few days and updates their definitions if confirmed as a false positive.
### Option 3: Use Alternative Antivirus Software
If Microsoft Defender continues to cause issues:
1. Consider using alternative antivirus software that doesn't flag SoftEther VPN
2. Some users report fewer false positives with third-party antivirus solutions
3. Ensure any alternative antivirus is from a reputable vendor
## For IT Administrators
### Group Policy Configuration
To deploy exclusions across an organization using Group Policy:
1. **Open Group Policy Management Console**
```
gpmc.msc
```
2. **Navigate to Windows Defender Antivirus Settings**
```
Computer Configuration → Policies → Administrative Templates
→ Windows Components → Microsoft Defender Antivirus → Exclusions
```
3. **Configure Path Exclusions**
- Enable **Path Exclusions**
- Add the SoftEther VPN installation directories
4. **Update Group Policy**
```powershell
gpupdate /force
```
### PowerShell Exclusion Script
For automated deployment, use this PowerShell script (requires Administrator privileges):
```powershell
# Add Windows Defender exclusions for SoftEther VPN
# Requires Administrator privileges
$exclusionPaths = @(
"C:\Program Files\SoftEther VPN Client",
"C:\Program Files\SoftEther VPN Client Developer Edition",
"C:\Program Files\SoftEther VPN Server",
"C:\Program Files\SoftEther VPN Server Manager",
"C:\Program Files\SoftEther VPN Server Manager Developer Edition",
"C:\Program Files\SoftEther VPN Server Developer Edition",
"C:\ProgramData\SoftEther VPN Client",
"C:\ProgramData\SoftEther VPN Server"
)
# Check if running as Administrator
$isAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if (-not $isAdmin) {
Write-Error "This script requires Administrator privileges. Please run PowerShell as Administrator."
exit 1
}
# Check if Windows Defender module is available
if (-not (Get-Module -ListAvailable -Name Defender)) {
Write-Error "Windows Defender PowerShell module is not available on this system."
exit 1
}
$successCount = 0
$errorCount = 0
foreach ($path in $exclusionPaths) {
if (Test-Path $path) {
try {
Add-MpPreference -ExclusionPath $path -ErrorAction Stop
Write-Host "✓ Added exclusion: $path" -ForegroundColor Green
$successCount++
}
catch {
Write-Warning "✗ Failed to add exclusion for: $path"
Write-Warning " Error: $($_.Exception.Message)"
$errorCount++
}
}
else {
Write-Host "- Skipped (not found): $path" -ForegroundColor Gray
}
}
Write-Host "`nSummary:" -ForegroundColor Cyan
Write-Host " Successfully added: $successCount exclusion(s)" -ForegroundColor Green
if ($errorCount -gt 0) {
Write-Host " Failed: $errorCount exclusion(s)" -ForegroundColor Red
}
Write-Host "`nSoftEther VPN exclusions configured." -ForegroundColor Cyan
```
Save as `Add-SoftEtherVPN-Exclusions.ps1` and run as Administrator.
## Verification of Software Authenticity
### Open Source Verification
SoftEther VPN is **fully open source** and can be verified:
1. **Source Code Review**
- Complete source code: https://github.com/SoftEtherVPN/SoftEtherVPN
- All commits are publicly visible
- Community peer-reviewed code
2. **Build from Source**
- You can compile SoftEther VPN yourself from source
- See: [BUILD_WINDOWS.md](src/BUILD_WINDOWS.md) and [BUILD_UNIX.md](src/BUILD_UNIX.md)
- Self-compiled builds may have fewer false positive issues
3. **Community Trust**
- Active development since 2013
- Over 11,000+ GitHub stars
- Used by organizations and individuals worldwide
- Peer-reviewed academic research project
### Official Distributions
Always download SoftEther VPN from official sources:
- **Official Website**: https://www.softether.org/
- **GitHub Releases**: https://github.com/SoftEtherVPN/SoftEtherVPN/releases
- **Official Download Site**: https://www.softether-download.com/
**Warning**: Do not download SoftEther VPN from third-party websites or unofficial sources.
## Technical Background
### Why VPN Software Triggers Detection
VPN software implements functionality that overlaps with techniques used by some malware:
1. **Kernel-mode drivers**: Required for creating virtual network adapters
2. **Network traffic interception**: Core VPN functionality to encrypt traffic
3. **Process injection**: Some VPN implementations inject into other processes
4. **Privilege escalation**: VPN services need administrative rights
5. **Persistent system changes**: Auto-start configuration, service installation
These are **legitimate techniques** when used by trusted VPN software.
### False Positive Rate
False positives are common in the VPN and security software industry. Other legitimate VPN and security tools have faced similar issues:
- OpenVPN has been flagged by various antivirus vendors
- WireGuard implementations have triggered false positives
- Many security research tools face similar challenges
## Code Signing Status
**Note**: The official SoftEther VPN releases may not include code signing certificates. Code signing certificates require:
- Annual fees (typically $300-500+ per year)
- Corporate entity for Extended Validation (EV) certificates
- Hardware security modules (HSM) for EV certificate storage
As an open-source project with limited funding, SoftEther VPN prioritizes development over expensive code signing infrastructure. However, this doesn't make the software any less safe - all source code is publicly auditable.
Users who require signed binaries can:
1. Build from source and sign with their own certificates
2. Work with their organization to sign the binaries
3. Use alternative verification methods (source code review, checksums, etc.)
## Best Practices
1. **Keep Antivirus Updated**: Ensure Microsoft Defender definitions are current
2. **Monitor Protection History**: Regularly check if SoftEther VPN is being flagged
3. **Subscribe to Updates**: Follow SoftEther VPN releases for security updates
4. **Report False Positives**: Help the community by reporting detections to Microsoft
5. **Use Official Builds**: Only download from official sources
## Additional Resources
- **SoftEther VPN Official Website**: https://www.softether.org/
- **GitHub Repository**: https://github.com/SoftEtherVPN/SoftEtherVPN
- **Security Policy**: [SECURITY.md](SECURITY.md)
- **Microsoft Defender Submission Portal**: https://www.microsoft.com/en-us/wdsi/filesubmission
- **Build Instructions**: [BUILD_WINDOWS.md](src/BUILD_WINDOWS.md)
## Frequently Asked Questions
### Q: Is SoftEther VPN safe to use?
**A**: Yes. SoftEther VPN is legitimate, open-source software developed by researchers at the University of Tsukuba, Japan. The detection is a false positive. All source code is publicly available for review at https://github.com/SoftEtherVPN/SoftEtherVPN
### Q: Why don't you just fix the code to not trigger antivirus?
**A**: The detection is based on legitimate VPN operations, not malicious code. Changing how VPN functionality works to avoid heuristic detection would compromise the software's core purpose. The correct solution is to report false positives to antivirus vendors and add exclusions.
### Q: Will adding exclusions make my computer less secure?
**A**: Exclusions for trusted software from official sources don't significantly reduce security. Only add exclusions for software you trust and have downloaded from official sources. SoftEther VPN is open-source and can be verified.
### Q: Can I use SoftEther VPN without adding exclusions?
**A**: Not reliably with Microsoft Defender. The antivirus will quarantine executables and prevent the VPN from functioning. Exclusions are necessary unless Microsoft updates their detection definitions.
### Q: How do I know my downloaded file is authentic?
**A**:
1. Only download from https://github.com/SoftEtherVPN/SoftEtherVPN/releases or https://www.softether.org/
2. Verify the file hash/checksum if provided
3. Review the source code on GitHub
4. Build from source yourself for maximum assurance
### Q: Is this issue specific to SoftEther VPN?
**A**: No. Many VPN applications and security tools face false positive detections. OpenVPN, WireGuard implementations, and other network security tools have similar issues with various antivirus vendors.
### Q: Will this be fixed in a future version?
**A**: The SoftEther VPN project continues to work on this issue. However, heuristic-based detection is challenging to avoid without compromising functionality. The best approach is to:
1. Report false positives to Microsoft
2. Use exclusions as needed
3. Build from source if your organization requires it
## Contributing
If you have additional solutions or workarounds that have worked for you, please contribute to this documentation:
1. Fork the repository: https://github.com/SoftEtherVPN/SoftEtherVPN
2. Edit this file: `ANTIVIRUS.md`
3. Submit a pull request with your improvements
---
**Applies to**: SoftEther VPN 5.x (Developer Edition)
**Related Issue**: False positive detection by Microsoft Defender as Trojan:Win32/KepavII!rfn

2
CMakeLists.txt
View File

@ -3,7 +3,7 @@ cmake_minimum_required(VERSION 3.15)
set(BUILD_NUMBER CACHE STRING "The number of the current build.")
if ("${BUILD_NUMBER}" STREQUAL "")
set(BUILD_NUMBER "5186")
set(BUILD_NUMBER "5187")
endif()
if (BUILD_NUMBER LESS 5180)

2
CMakeSettings.json
View File

@ -1,5 +1,5 @@
{
"environments": [ { "BuildNumber": "5186" } ],
"environments": [ { "BuildNumber": "5187" } ],
"configurations": [
{
"name": "x64-native",

104
ContainerREADME.md Normal file
View File

@ -0,0 +1,104 @@
# SoftetherVPN Container images
This container is designed to be as small as possible and host a SoftEther VPN Server, Bridge or Client.
It´s based on Alpine so resulting Image is kept as small as 15MB!
## Not working
* bridging to a physical Ethernet adapter
## working
* OpenVPN
* L2tp
* SSL
* SecureNAT
* Wireguard (not with the "stable" tag)
## Available Tags
|Image|Description|
|---|---|
|softethervpn/vpnserver:stable|Latest stable release from https://github.com/SoftEtherVPN/SoftEtherVPN_Stable|
|softethervpn/vpnserver:v4.39-9772-beta|Tagged build|
|softethervpn/vpnserver:latest|Latest commits from https://github.com/SoftEtherVPN/SoftEtherVPN|
You should always specify your wanted version like `softethervpn/vpnserver:5.02.5180`
## Usage docker run
This will keep your config and Logfiles in the docker volume `softetherdata`
`docker run -d --rm --name softether-vpn-server -v softetherdata:/var/lib/softether -v softetherlogs:/var/log/softether -p 443:443/tcp -p 992:992/tcp -p 1194:1194/udp -p 5555:5555/tcp -p 500:500/udp -p 4500:4500/udp -p 1701:1701/udp --cap-add NET_ADMIN softethervpn/vpnserver:stable`
## Port requirements
As there are different operating modes for SoftetherVPN there is a variety of ports that might or might not be needed.
For operation with Softether Clients at least 443, 992 or 5555 is needed.
See https://www.softether.org/4-docs/1-manual/1/1.6 for reference on the Softether ports.
Others are commented out in the docker-compose example.
## Usage docker-compose
The same command can be achieved by docker-compose, the docker compose file is in the repository.
You can specify the respective docker-compose.yaml like so:
`docker-compose -f docker-compose.vpnclient.yaml up -d`
By default the docker-compose.yaml is used:
```
version: '3'
services:
softether:
image: softethervpn/vpnserver:latest
cap_add:
- NET_ADMIN
restart: always
ports:
#- 53:53 #DNS tunneling
- 443:443 #Management and HTTPS tunneling
#- 992:992 #HTTPS tunneling
#- 1194:1194/udp #OpenVPN
#- 5555:5555 #HTTPS tunneling
#- 500:500/udp #IPsec/L2TP
#- 4500:4500/udp #IPsec/L2TP
#- 1701:1701/udp #IPsec/L2TP
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
- "./softether_data:/var/lib/softether"
- "./softether_log:/var/log/softether"
# - "./adminip.txt:/var/lib/softether/adminip.txt:ro"
```
### Use vpncmd
With newer releases vpncmd is directly in the container so you can use it to configure vpn. You can can run it once the container is running :
`docker exec -it softether-vpn-server vpncmd localhost`
example to configure a vpnclient
```
docker exec -it softether-vpn-server vpncmd localhost /client
VPN Client> AccountSet homevpn /SERVER:192.168.1.1:443 /HUB:VPN
VPN Client> AccountPasswordSet homevpn /PASSWORD:verysecurepassword /TYPE:standard
VPN Client> AccountConnect homevpn
#Automatically connect once container starts
VPN Client> AccountStartupSet homevpn
#Checking State
VPN Client> AccountStatusGet homevpn
```
## Building
` docker build --target vpnclient -t softethevpn:latest .`

54
Dockerfile Normal file
View File

@ -0,0 +1,54 @@
FROM alpine AS builder
RUN mkdir /usr/local/src && apk add binutils --no-cache\
linux-headers \
build-base \
readline-dev \
openssl-dev \
ncurses-dev \
git \
cmake \
zlib-dev \
libsodium-dev \
gnu-libiconv
ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
ADD ./ /usr/local/src/SoftEtherVPN/
WORKDIR /usr/local/src
ENV USE_MUSL=YES
ENV CMAKE_FLAGS="-DSE_PIDDIR=/run/softether -DSE_LOGDIR=/var/log/softether -DSE_DBDIR=/var/lib/softether"
RUN cd SoftEtherVPN &&\
./configure &&\
make -j $(getconf _NPROCESSORS_ONLN) -C build
FROM alpine AS base
RUN apk add --no-cache readline \
openssl \
libsodium \
gnu-libiconv \
iptables
ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
WORKDIR /usr/local/bin
VOLUME /var/log/softether
VOLUME /var/lib/softether
VOLUME /run/softether
COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpncmd /usr/local/src/SoftEtherVPN/build/hamcore.se2 ./
COPY --from=builder /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src/SoftEtherVPN/build/libmayaqua.so /usr/local/lib/
FROM base AS vpnserver
COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnserver ./
RUN ./vpnserver --help
EXPOSE 443/tcp 992/tcp 1194/tcp 1194/udp 5555/tcp 500/udp 4500/udp
CMD ["/usr/local/bin/vpnserver", "execsvc"]
FROM base AS vpnclient
COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnclient ./
RUN ./vpnclient --help
CMD ["/usr/local/bin/vpnclient", "execsvc"]
FROM base AS vpnbridge
COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnbridge ./
RUN ./vpnbridge --help
CMD ["/usr/local/bin/vpnbridge", "execsvc"]

7
README.md
View File

@ -14,6 +14,7 @@
* [For Windows](#for-windows)
* [From binary installers (stable channel)](#from-binary-installers-stable-channel)
* [Build from Source code](#build-from-source-code)
- [Antivirus False Positive Detection](ANTIVIRUS.md)
- [About HTML5-based Modern Admin Console and JSON-RPC API Suite](#about-html5-based-modern-admin-console-and-json-rpc-api-suite)
* [Built-in SoftEther VPN Server HTML5 Ajax-based Web Administration Console](#built-in-softether-vpn-server-html5-ajax-based-web-administration-console)
* [Built-in SoftEther Server VPN JSON-RPC API Suite](#built-in-softether-server-vpn-json-rpc-api-suite)
@ -206,11 +207,17 @@ Also SoftEther VPN [Stable Edition](https://www.freshports.org/security/softethe
[Nightly builds](https://github.com/SoftEtherVPN/SoftEtherVPN/actions/workflows/windows.yml)
(choose appropriate platform, then find binaries or installers as artifacts)
**⚠️ Important for Windows Users**: Some antivirus software (including Microsoft Defender) may incorrectly flag SoftEther VPN as malicious. This is a **false positive**. See [ANTIVIRUS.md](ANTIVIRUS.md) for detailed information and solutions.
## From binary installers (stable channel)
Those can be found under https://www.softether-download.com/
There you can also find SoftEtherVPN source code in zip and tar formats.
## Docker Container Image
Please look at the [ContainerREADME.md](ContainerREADME.md)
## Build from Source code
see [BUILD_UNIX](src/BUILD_UNIX.md) or [BUILD_WINDOWS](src/BUILD_WINDOWS.md)

11
SECURITY.md
View File

@ -13,3 +13,14 @@ currently being supported with security updates.
## Reporting a Vulnerability
Please use [github security reporting](https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/new)
## Antivirus False Positive Detection
Some antivirus software may incorrectly flag SoftEther VPN executables as malicious. This is a **false positive** and not a security vulnerability.
**If you encounter antivirus warnings:**
- See [ANTIVIRUS.md](ANTIVIRUS.md) for detailed information and solutions
- Report false positives to your antivirus vendor
- Verify downloads are from official sources only
**SoftEther VPN is safe**: All source code is publicly available and can be reviewed at https://github.com/SoftEtherVPN/SoftEtherVPN

118
SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SecureConnection.swift Normal file
View File

@ -0,0 +1,118 @@
import Foundation
import Network
import Security
/// SecureConnection handles the TLS connection with the SoftEther VPN server
class SecureConnection {
// MARK: - Properties
private var connection: NWConnection?
private let host: String
private let port: UInt16
private let queue = DispatchQueue(label: "com.softether.connection", qos: .userInitiated)
// MARK: - Initialization
/// Initialize a secure connection
/// - Parameters:
/// - host: Server hostname or IP address
/// - port: Server port number
init(host: String, port: UInt16) {
self.host = host
self.port = port
}
// MARK: - Public Methods
/// Connect to the server using TLS
/// - Parameter completion: Callback with connection result
func connect(completion: @escaping (Bool, Error?) -> Void) {
let hostEndpoint = NWEndpoint.Host(host)
let portEndpoint = NWEndpoint.Port(rawValue: port)!
// Create TLS parameters
let tlsOptions = NWProtocolTLS.Options()
// Configure TLS for maximum compatibility with SoftEther
let securityOptions = tlsOptions.securityProtocolOptions
sec_protocol_options_set_tls_min_version(securityOptions, .TLSv12)
sec_protocol_options_set_tls_max_version(securityOptions, .TLSv13)
// Allow all cipher suites for compatibility
sec_protocol_options_set_cipher_suites(securityOptions, nil, 0)
// Disable certificate validation for initial development (ENABLE IN PRODUCTION)
sec_protocol_options_set_verify_block(securityOptions, { (_, _, trustResult, _) in
return true // Accept all certificates for testing
}, queue)
// Create TCP options with TLS
let tcpOptions = NWProtocolTCP.Options()
tcpOptions.enableKeepalive = true
tcpOptions.keepaliveIdle = 30
// Create connection parameters
let parameters = NWParameters(tls: tlsOptions, tcp: tcpOptions)
// Create the connection
connection = NWConnection(host: hostEndpoint, port: portEndpoint, using: parameters)
// Set up state handling
connection?.stateUpdateHandler = { [weak self] state in
switch state {
case .ready:
completion(true, nil)
case .failed(let error):
self?.disconnect()
completion(false, error)
case .cancelled:
completion(false, NSError(domain: "SoftEtherError", code: 1000, userInfo: [NSLocalizedDescriptionKey: "Connection cancelled"]))
default:
break
}
}
// Start the connection
connection?.start(queue: queue)
}
/// Disconnect from the server
func disconnect() {
connection?.cancel()
connection = nil
}
/// Send data to the server
/// - Parameters:
/// - data: Data to send
/// - completion: Callback with error if any
func send(data: Data, completion: @escaping (Error?) -> Void) {
guard let connection = connection, connection.state == .ready else {
completion(NSError(domain: "SoftEtherError", code: 1001, userInfo: [NSLocalizedDescriptionKey: "Connection not ready"]))
return
}
connection.send(content: data, completion: .contentProcessed { error in
completion(error)
})
}
/// Receive data from the server
/// - Parameter completion: Callback with received data and error if any
func receive(completion: @escaping (Data?, Error?) -> Void) {
guard let connection = connection, connection.state == .ready else {
completion(nil, NSError(domain: "SoftEtherError", code: 1001, userInfo: [NSLocalizedDescriptionKey: "Connection not ready"]))
return
}
connection.receive(minimumIncompleteLength: 1, maximumLength: 65536) { data, _, isComplete, error in
completion(data, error)
if isComplete {
// Connection was closed by the peer
self.disconnect()
}
}
}
}

90
SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherClientSignature.swift Normal file
View File

@ -0,0 +1,90 @@
import Foundation
/// Handles the specific client signature format that SoftEther expects
class SoftEtherClientSignature {
// MARK: - Constants
private enum Constants {
static let clientBuildNumber: UInt32 = 5187
static let clientVersion: UInt32 = 5_02_0000 + clientBuildNumber
static let clientString = "SoftEther VPN Client"
static let softEtherMagic: [UInt8] = [0x5E, 0x68] // 'Se' in hex
// Protocol identification constants from SoftEther source
static let cedar = "CEDAR"
static let sessionKey = "sessionkey"
static let protocol1 = "PROTOCOL"
static let protocol2 = "PROTOCOL2"
}
// MARK: - Public Methods
/// Generate the client signature packet that identifies this client as a legitimate SoftEther VPN client
/// - Returns: Data containing the formatted client signature
static func generateSignature() -> Data {
var data = Data()
// 1. Add SoftEther magic bytes
data.append(contentsOf: Constants.softEtherMagic)
// 2. Add client version in network byte order (big endian)
data.appendUInt32(Constants.clientVersion)
// 3. Add client build number in network byte order
data.appendUInt32(Constants.clientBuildNumber)
// 4. Add cedar protocol identifier
if let cedarData = Constants.cedar.data(using: .ascii) {
data.append(cedarData)
data.append(0) // null terminator
}
// 5. Add client string with null terminator
if let clientString = (Constants.clientString + "\0").data(using: .ascii) {
data.append(clientString)
}
// 6. Add protocol identifiers
if let protocolData = (Constants.protocol1 + "\0").data(using: .ascii) {
data.append(protocolData)
}
if let protocol2Data = (Constants.protocol2 + "\0").data(using: .ascii) {
data.append(protocol2Data)
}
// 7. Add session key marker
if let sessionKeyData = (Constants.sessionKey + "\0").data(using: .ascii) {
data.append(sessionKeyData)
}
// 8. Add random data for session key (typically 20 bytes)
let randomSessionKey = SoftEtherCrypto.randomBytes(count: 20)
data.append(randomSessionKey)
// 9. Calculate and append SHA-1 hash of the entire data for integrity verification
let hash = SoftEtherCrypto.sha1(data)
data.append(hash)
return data
}
/// Verify a server response to the client signature
/// - Parameter data: Response data from server
/// - Returns: True if valid response, false otherwise
static func verifyServerResponse(_ data: Data) -> Bool {
// Basic validation - a real implementation would parse and validate the server response format
// This is a minimal check to see if we have enough data and it starts with the magic bytes
guard data.count >= 8 else {
return false
}
// Check if response starts with SoftEther magic bytes
if data[0] == Constants.softEtherMagic[0] && data[1] == Constants.softEtherMagic[1] {
return true
}
return false
}
}

97
SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherCrypto.swift Normal file
View File

@ -0,0 +1,97 @@
import Foundation
import CryptoKit
/// Handles encryption operations for SoftEther protocol
class SoftEtherCrypto {
// MARK: - Constants
private enum Constants {
static let sha1Size = 20
static let md5Size = 16
}
// MARK: - Public Methods
/// Generate secure random bytes
/// - Parameter count: Number of random bytes to generate
/// - Returns: Data containing random bytes
static func randomBytes(count: Int) -> Data {
var data = Data(count: count)
_ = data.withUnsafeMutableBytes {
SecRandomCopyBytes(kSecRandomDefault, count, $0.baseAddress!)
}
return data
}
/// Calculate SHA-1 hash
/// - Parameter data: Input data
/// - Returns: SHA-1 hash of the input data
static func sha1(_ data: Data) -> Data {
let digest = SHA1.hash(data: data)
return Data(digest)
}
/// Calculate MD5 hash
/// - Parameter data: Input data
/// - Returns: MD5 hash of the input data
static func md5(_ data: Data) -> Data {
let digest = Insecure.MD5.hash(data: data)
return Data(digest)
}
/// Encrypt data using RC4 algorithm (for SoftEther compatibility)
/// - Parameters:
/// - data: Data to encrypt
/// - key: Encryption key
/// - Returns: Encrypted data
static func rc4Encrypt(data: Data, key: Data) -> Data {
let rc4 = RC4(key: key)
return rc4.process(data)
}
/// Decrypt data using RC4 algorithm (for SoftEther compatibility)
/// - Parameters:
/// - data: Data to decrypt
/// - key: Decryption key
/// - Returns: Decrypted data
static func rc4Decrypt(data: Data, key: Data) -> Data {
// RC4 is symmetric, so encryption and decryption are the same operation
return rc4Encrypt(data: data, key: key)
}
}
/// Simple RC4 implementation for SoftEther compatibility
/// Note: RC4 is considered insecure, but SoftEther uses it in parts of its protocol
private class RC4 {
private var state: [UInt8]
init(key: Data) {
state = Array(0...255)
var j: Int = 0
// Key scheduling algorithm
for i in 0..<256 {
let keyByte = key[i % key.count]
j = (j + Int(state[i]) + Int(keyByte)) & 0xFF
state.swapAt(i, j)
}
}
func process(_ data: Data) -> Data {
var result = Data(count: data.count)
var i: Int = 0
var j: Int = 0
// Generate keystream and XOR with plaintext
for k in 0..<data.count {
i = (i + 1) & 0xFF
j = (j + Int(state[i])) & 0xFF
state.swapAt(i, j)
let keyStreamByte = state[(Int(state[i]) + Int(state[j])) & 0xFF]
result[k] = data[k] ^ keyStreamByte
}
return result
}
}

123
SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherPacket.swift Normal file
View File

@ -0,0 +1,123 @@
import Foundation
/// Handles the SoftEther packet structure for communication
class SoftEtherPacket {
// MARK: - Constants
private enum PacketType: UInt32 {
case clientSignature = 0x01
case serverResponse = 0x02
case sessionRequest = 0x03
case sessionResponse = 0x04
case data = 0x05
case keepAlive = 0x06
}
private enum Constants {
static let headerSize: UInt32 = 16
static let maxPacketSize: UInt32 = 1024 * 1024 // 1MB
}
// MARK: - Properties
private var packetType: PacketType
private var packetId: UInt32
private var packetData: Data
// MARK: - Initialization
/// Initialize a packet with type, ID and data
/// - Parameters:
/// - type: Packet type
/// - id: Packet ID
/// - data: Packet payload
init(type: UInt32, id: UInt32, data: Data) {
self.packetType = PacketType(rawValue: type) ?? .data
self.packetId = id
self.packetData = data
}
/// Initialize a packet from raw data
/// - Parameter data: Raw packet data
init?(fromData data: Data) {
guard data.count >= Int(Constants.headerSize) else {
return nil
}
// Parse header
let typeValue = data.readUInt32(at: 0)
self.packetId = data.readUInt32(at: 4)
let dataSize = data.readUInt32(at: 8)
// Validate packet
guard let type = PacketType(rawValue: typeValue),
dataSize <= Constants.maxPacketSize,
data.count >= Int(Constants.headerSize + dataSize) else {
return nil
}
self.packetType = type
// Extract payload
let startIndex = Int(Constants.headerSize)
let endIndex = startIndex + Int(dataSize)
self.packetData = data.subdata(in: startIndex..<endIndex)
}
// MARK: - Public Methods
/// Serialize the packet to binary data format
/// - Returns: Serialized packet data
func serialize() -> Data {
var result = Data(capacity: Int(Constants.headerSize) + packetData.count)
// Write header
result.appendUInt32(packetType.rawValue)
result.appendUInt32(packetId)
result.appendUInt32(UInt32(packetData.count))
result.appendUInt32(0) // Reserved
// Write payload
result.append(packetData)
return result
}
/// Get the packet type
/// - Returns: Packet type
func getType() -> UInt32 {
return packetType.rawValue
}
/// Get the packet ID
/// - Returns: Packet ID
func getId() -> UInt32 {
return packetId
}
/// Get the packet payload
/// - Returns: Packet payload data
func getData() -> Data {
return packetData
}
}
// MARK: - Extensions
extension Data {
/// Read a UInt32 value from the data at specified offset
/// - Parameter offset: Offset to read from
/// - Returns: UInt32 value in big-endian order
func readUInt32(at offset: Int) -> UInt32 {
let slice = self.subdata(in: offset..<(offset + 4))
return slice.withUnsafeBytes { $0.load(as: UInt32.self).bigEndian }
}
/// Append a UInt32 value to the data in big-endian order
/// - Parameter value: UInt32 value to append
mutating func appendUInt32(_ value: UInt32) {
var bigEndian = value.bigEndian
append(UnsafeBufferPointer(start: &bigEndian, count: 1))
}
}

184
SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherProtocol.swift Normal file
View File

@ -0,0 +1,184 @@
import Foundation
import Network
import Security
import CryptoKit
/// SoftEtherProtocol manages the communication between iOS client and SoftEther VPN server
class SoftEtherProtocol {
// MARK: - Properties
private var secureConnection: SecureConnection?
private var isConnected = false
private var host: String = ""
private var port: UInt16 = 443
private var nextPacketId: UInt32 = 1
// MARK: - Public Methods
/// Connect to a SoftEther VPN server
/// - Parameters:
/// - host: The server hostname or IP address
/// - port: The server port (default: 443)
/// - completion: Callback with connection result
public func connect(to host: String, port: UInt16 = 443, completion: @escaping (Bool, Error?) -> Void) {
self.host = host
self.port = port
// Create a secure connection
secureConnection = SecureConnection(host: host, port: port)
// Connect using TLS
secureConnection?.connect { [weak self] success, error in
guard let self = self, success else {
completion(false, error ?? NSError(domain: "SoftEtherError", code: 1, userInfo: [NSLocalizedDescriptionKey: "TLS connection failed"]))
return
}
// After successful TLS connection, send the client signature
self.sendClientSignature { success, error in
if success {
self.isConnected = true
}
completion(success, error)
}
}
}
/// Disconnect from the server
public func disconnect() {
secureConnection?.disconnect()
isConnected = false
}
// MARK: - Private Methods
/// Send the SoftEther client signature to identify as a legitimate client
/// - Parameter completion: Callback with result
private func sendClientSignature(completion: @escaping (Bool, Error?) -> Void) {
// Generate client signature using our specialized class
let signatureData = SoftEtherClientSignature.generateSignature()
// Create a packet with the signature data
let packetId = self.nextPacketId
self.nextPacketId += 1
let packet = SoftEtherPacket(type: 0x01, id: packetId, data: signatureData)
let packetData = packet.serialize()
print("Sending client signature packet: \(packetData.count) bytes")
// Send the packet
secureConnection?.send(data: packetData) { [weak self] error in
guard let self = self else { return }
if let error = error {
print("Error sending client signature: \(error)")
completion(false, error)
return
}
// After sending signature, wait for server response
self.receiveServerResponse { success, error in
completion(success, error)
}
}
}
/// Receive and process server response after sending signature
/// - Parameter completion: Callback with result
private func receiveServerResponse(completion: @escaping (Bool, Error?) -> Void) {
secureConnection?.receive { data, error in
if let error = error {
print("Error receiving server response: \(error)")
completion(false, error)
return
}
guard let data = data, data.count > 4 else {
let error = NSError(domain: "SoftEtherError", code: 2, userInfo: [NSLocalizedDescriptionKey: "Invalid server response"])
print("Invalid server response: insufficient data")
completion(false, error)
return
}
print("Received server response: \(data.count) bytes")
// Parse the response packet
guard let packet = SoftEtherPacket(fromData: data) else {
let error = NSError(domain: "SoftEtherError", code: 3, userInfo: [NSLocalizedDescriptionKey: "Invalid packet format"])
print("Could not parse server response packet")
completion(false, error)
return
}
// Verify the response
let packetData = packet.getData()
let isValid = SoftEtherClientSignature.verifyServerResponse(packetData)
if isValid {
print("Server accepted our client signature")
completion(true, nil)
} else {
print("Server rejected our client signature")
let error = NSError(domain: "SoftEtherError", code: 4, userInfo: [NSLocalizedDescriptionKey: "Server rejected client signature"])
completion(false, error)
}
}
}
/// Send a data packet to the server
/// - Parameters:
/// - data: Data to send
/// - completion: Callback with result
func sendData(data: Data, completion: @escaping (Bool, Error?) -> Void) {
guard isConnected else {
completion(false, NSError(domain: "SoftEtherError", code: 5, userInfo: [NSLocalizedDescriptionKey: "Not connected to server"]))
return
}
let packetId = self.nextPacketId
self.nextPacketId += 1
let packet = SoftEtherPacket(type: 0x05, id: packetId, data: data)
let packetData = packet.serialize()
secureConnection?.send(data: packetData) { error in
if let error = error {
completion(false, error)
return
}
completion(true, nil)
}
}
/// Receive data from the server
/// - Parameter completion: Callback with received data and result
func receiveData(completion: @escaping (Data?, Bool, Error?) -> Void) {
guard isConnected else {
completion(nil, false, NSError(domain: "SoftEtherError", code: 5, userInfo: [NSLocalizedDescriptionKey: "Not connected to server"]))
return
}
secureConnection?.receive { data, error in
if let error = error {
completion(nil, false, error)
return
}
guard let data = data, data.count > 4 else {
completion(nil, false, NSError(domain: "SoftEtherError", code: 2, userInfo: [NSLocalizedDescriptionKey: "Invalid server response"]))
return
}
// Parse the packet
guard let packet = SoftEtherPacket(fromData: data) else {
completion(nil, false, NSError(domain: "SoftEtherError", code: 3, userInfo: [NSLocalizedDescriptionKey: "Invalid packet format"]))
return
}
completion(packet.getData(), true, nil)
}
}
}

149
SoftEtherVPN-iOS/SoftEtherVPN-iOS/SoftEtherVPNClient.swift Normal file
View File

@ -0,0 +1,149 @@
import Foundation
import UIKit
/// SoftEtherVPNClient provides a simple interface for connecting to SoftEther VPN servers
public class SoftEtherVPNClient {
// MARK: - Properties
private let protocol: SoftEtherProtocol
private var connectionState: ConnectionState = .disconnected
// MARK: - Public Types
/// Connection states for the VPN client
public enum ConnectionState {
case disconnected
case connecting
case connected
case disconnecting
case error(Error)
}
/// Connection delegate to receive state updates
public protocol ConnectionDelegate: AnyObject {
func connectionStateDidChange(_ state: ConnectionState)
}
/// Weak reference to the delegate
public weak var delegate: ConnectionDelegate?
// MARK: - Initialization
public init() {
self.protocol = SoftEtherProtocol()
}
// MARK: - Public Methods
/// Connect to a SoftEther VPN server
/// - Parameters:
/// - host: Server hostname or IP address
/// - port: Server port (default: 443)
/// - completion: Optional completion handler
public func connect(to host: String, port: UInt16 = 443, completion: ((Bool, Error?) -> Void)? = nil) {
// Update state
connectionState = .connecting
delegate?.connectionStateDidChange(connectionState)
// Connect using the protocol implementation
protocol.connect(to: host, port: port) { [weak self] success, error in
guard let self = self else { return }
if success {
self.connectionState = .connected
} else if let error = error {
self.connectionState = .error(error)
} else {
self.connectionState = .disconnected
}
self.delegate?.connectionStateDidChange(self.connectionState)
completion?(success, error)
}
}
/// Disconnect from the server
/// - Parameter completion: Optional completion handler
public func disconnect(completion: (() -> Void)? = nil) {
// Update state
connectionState = .disconnecting
delegate?.connectionStateDidChange(connectionState)
// Disconnect
protocol.disconnect()
// Update state again
connectionState = .disconnected
delegate?.connectionStateDidChange(connectionState)
completion?()
}
/// Get the current connection state
/// - Returns: Current ConnectionState
public func getConnectionState() -> ConnectionState {
return connectionState
}
/// Check if currently connected
/// - Returns: True if connected, false otherwise
public func isConnected() -> Bool {
if case .connected = connectionState {
return true
}
return false
}
// MARK: - Example Usage
/// Example showing how to use this class in a view controller
public static func exampleUsage() -> String {
return """
// In your view controller:
private let vpnClient = SoftEtherVPNClient()
override func viewDidLoad() {
super.viewDidLoad()
// Set delegate
vpnClient.delegate = self
}
@IBAction func connectButtonTapped(_ sender: UIButton) {
if vpnClient.isConnected() {
vpnClient.disconnect()
} else {
vpnClient.connect(to: "vpn.example.com") { success, error in
if !success {
print("Failed to connect: \\(error?.localizedDescription ?? "Unknown error")")
}
}
}
}
// MARK: - ConnectionDelegate
extension YourViewController: SoftEtherVPNClient.ConnectionDelegate {
func connectionStateDidChange(_ state: SoftEtherVPNClient.ConnectionState) {
switch state {
case .connected:
connectButton.setTitle("Disconnect", for: .normal)
statusLabel.text = "Connected"
case .connecting:
statusLabel.text = "Connecting..."
case .disconnecting:
statusLabel.text = "Disconnecting..."
case .disconnected:
connectButton.setTitle("Connect", for: .normal)
statusLabel.text = "Disconnected"
case .error(let error):
statusLabel.text = "Error: \\(error.localizedDescription)"
connectButton.setTitle("Connect", for: .normal)
}
}
}
"""
}
}

116
WINDOWS_README.txt Normal file
View File

@ -0,0 +1,116 @@
================================================================================
SoftEther VPN - Windows Installation Notes
================================================================================
Thank you for installing SoftEther VPN!
SoftEther VPN is legitimate, open-source VPN software developed by researchers
at the University of Tsukuba, Japan. It has been in active development since
2013 and is used by organizations and individuals worldwide.
================================================================================
IMPORTANT: Antivirus False Positive Warning
================================================================================
Some antivirus software (including Microsoft Defender) may incorrectly flag
SoftEther VPN executables as malicious. This is a FALSE POSITIVE detection.
WHY THIS HAPPENS:
-----------------
VPN software performs operations that can appear suspicious to antivirus
programs:
- Network tunneling and traffic interception
- Low-level network operations
- Service installation with elevated privileges
- Registry modifications for Windows integration
These are NORMAL and NECESSARY operations for any VPN software.
IF MICROSOFT DEFENDER QUARANTINES SOFTETHER VPN:
------------------------------------------------
1. Add Exclusions to Microsoft Defender:
a) Open Windows Security (Windows Key + I -> Privacy & Security ->
Windows Security -> Virus & threat protection)
b) Click "Manage settings" under Virus & threat protection settings
c) Scroll down to "Exclusions" and click "Add or remove exclusions"
d) Click "Add an exclusion" -> "Folder" and add:
C:\Program Files\SoftEther VPN Client
C:\Program Files\SoftEther VPN Client Developer Edition
C:\Program Files\SoftEther VPN Server
C:\Program Files\SoftEther VPN Server Developer Edition
(Add only the folders that exist for your installation)
2. Restore Quarantined Files:
a) Go to "Virus & threat protection" -> "Protection history"
b) Find quarantined SoftEther VPN files
c) Click "Actions" -> "Restore"
3. Reinstall if Necessary:
If files were deleted, reinstall SoftEther VPN. The exclusions will
prevent future detections.
REPORT FALSE POSITIVE TO MICROSOFT:
------------------------------------
Help improve Microsoft Defender by reporting the false positive:
Visit: https://www.microsoft.com/en-us/wdsi/filesubmission
Submit the flagged file and indicate it's a false positive detection
of SoftEther VPN, open-source software from the University of Tsukuba.
MORE INFORMATION:
-----------------
For detailed documentation about this issue and additional solutions, see:
https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/ANTIVIRUS.md
VERIFY AUTHENTICITY:
--------------------
SoftEther VPN is open source. You can verify the software by:
- Reviewing source code: https://github.com/SoftEtherVPN/SoftEtherVPN
- Official website: https://www.softether.org/
- Only download from official sources
WARNING: Do not download SoftEther VPN from third-party websites.
================================================================================
Getting Started
================================================================================
After adding antivirus exclusions (if needed):
1. Launch "SoftEther VPN Client Manager" from the Start Menu
2. Configure your VPN connection settings
3. Connect to your VPN server
For detailed documentation, visit: https://www.softether.org/
================================================================================
Support
================================================================================
Official Website: https://www.softether.org/
GitHub Repository: https://github.com/SoftEtherVPN/SoftEtherVPN
Security Issues: https://github.com/SoftEtherVPN/SoftEtherVPN/security
================================================================================
SoftEther VPN is licensed under the Apache License 2.0
Copyright (c) SoftEther VPN Project at University of Tsukuba, Japan
Thank you for using SoftEther VPN!
================================================================================

2
description
View File

@ -2,4 +2,4 @@ SoftEther VPN ("SoftEther" means "Software Ethernet") is an open-source cross-pl
Its protocol is very fast and it can be used in very restricted environments, as it's able to transfer packets over DNS and ICMP.
The server includes a free Dynamic DNS service, which can be used to access the server even if the public IP address changes.
A NAT-Traversal function is also available, very useful in case the required ports cannot be opened on the firewall.
The supported third party protocols are OpenVPN, L2TP/IPSec and SSTP.
The supported third party protocols are OpenVPN, L2TP/IPSec, SSTP and WireGuard.

2
developer_tools/stbchecker/stbchecker.csproj
View File

@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net7.0</TargetFramework>
<TargetFramework>net8.0</TargetFramework>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">

16
docker-compose.vpnclient.yaml Normal file
View File

@ -0,0 +1,16 @@
version: '3'
services:
softether:
image: softethervpn/vpnclient:latest
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- NET_ADMIN
restart: always
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
- "./softether_data:/var/lib/softether"
- "./softether_log:/var/log/softether"
# - "./adminip.txt:/var/lib/softether/adminip.txt:ro"

22
docker-compose.yaml Normal file
View File

@ -0,0 +1,22 @@
services:
softether:
image: softethervpn/vpnserver:latest
hostname: softethervpnserver
cap_add:
- NET_ADMIN
restart: always
ports:
#- 53:53 #DNS tunneling
- 443:443 #Management and HTTPS tunneling
- 992:992 #HTTPS tunneling
#- 1194:1194/udp #OpenVPN
#- 5555:5555 #HTTPS tunneling
#- 500:500/udp #IPsec/L2TP
#- 4500:4500/udp #IPsec/L2TP
#- 1701:1701/udp #IPsec/L2TP
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
- "./softether_data:/var/lib/softether"
- "./softether_log:/var/log/softether"
# - "./adminip.txt:/var/lib/softether/adminip.txt:ro"

23
src/BuildFiles/Manifests/common.manifest
View File

@ -1,5 +1,28 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
<!-- Assembly identity with major version. This is separate from the product version. -->
<assemblyIdentity
type="win32"
name="SoftEtherVPN.Application"
version="5.0.0.0"
processorArchitecture="*"
/>
<description>SoftEther VPN - Open Source Multi-protocol VPN Software</description>
<!--
trustInfo: Uses 'asInvoker' level which is correct for VPN client applications.
VPN services are installed as Windows services with appropriate privileges.
Client executables request elevation via UAC only when needed for specific operations.
-->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity

3
src/CMakeLists.txt
View File

@ -127,6 +127,9 @@ if(UNIX)
if(SE_PIDDIR)
add_definitions(-DSE_PIDDIR="${SE_PIDDIR}")
endif()
# Use system libraries instead of bundled
set(USE_SYSTEM_CPU_FEATURES false CACHE BOOL "Use system cpu_features")
endif()
# Cedar communication module

2
src/Cedar/Hub.c
View File

@ -630,6 +630,7 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
GetHubAdminOptionDataAndSet(ao, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
GetHubAdminOptionDataAndSet(ao, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
GetHubAdminOptionDataAndSet(ao, "AllowEapMatchUserByCert", o->AllowEapMatchUserByCert);
GetHubAdminOptionDataAndSet(ao, "DhcpDiscoverTimeoutMs", o->DhcpDiscoverTimeoutMs);
}
// Convert the contents of the HUB_OPTION to data
@ -705,6 +706,7 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
Add(aol, NewAdminOption("UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption));
Add(aol, NewAdminOption("UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId));
Add(aol, NewAdminOption("AllowEapMatchUserByCert", o->AllowEapMatchUserByCert));
Add(aol, NewAdminOption("DhcpDiscoverTimeoutMs", o->DhcpDiscoverTimeoutMs));
Zero(ao, sizeof(RPC_ADMIN_OPTION));

4
src/Cedar/Hub.h
View File

@ -30,6 +30,9 @@
// Default flooding queue length
#define DEFAULT_FLOODING_QUEUE_LENGTH (32 * 1024 * 1024)
// Default DHCP Discover Timeout
#define DEFAULT_DHCP_DISCOVER_TIMEOUT (5 * 1000)
// SoftEther link control packet
struct SE_LINK
{
@ -183,6 +186,7 @@ struct HUB_OPTION
bool UseHubNameAsDhcpUserClassOption; // Add HubName to DHCP request as User-Class option
bool UseHubNameAsRadiusNasId; // Add HubName to Radius request as NAS-Identifier attrioption
bool AllowEapMatchUserByCert; // Allow matching EAP Identity with user certificate CNs
UINT DhcpDiscoverTimeoutMs; // Timeout to wait for DHCP server response on DISCOVER request
};
// MAC table entry

7
src/Cedar/IPC.c
View File

@ -493,12 +493,14 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
{
UINTToIP(&ipc->DefaultGateway, hub->Option->DefaultGateway);
UINTToIP(&ipc->SubnetMask, hub->Option->DefaultSubnet);
ipc->DhcpDiscoverTimeoutMs = hub->Option->DhcpDiscoverTimeoutMs;
GetBroadcastAddress4(&ipc->BroadcastAddress, &ipc->DefaultGateway, &ipc->SubnetMask);
}
else
{
ZeroIP4(&ipc->DefaultGateway);
ZeroIP4(&ipc->SubnetMask);
ipc->DhcpDiscoverTimeoutMs = DEFAULT_DHCP_DISCOVER_TIMEOUT;
ZeroIP4(&ipc->BroadcastAddress);
}
@ -793,7 +795,8 @@ bool IPCDhcpAllocateIP(IPC *ipc, DHCP_OPTION_LIST *opt, TUBE *discon_poll_tube)
StrCpy(req.Hostname, sizeof(req.Hostname), ipc->ClientHostname);
IPCDhcpSetConditionalUserClass(ipc, &req);
d = IPCSendDhcpRequest(ipc, NULL, tran_id, &req, DHCP_OFFER, IPC_DHCP_TIMEOUT, discon_poll_tube);
UINT discoverTimeout = ipc->DhcpDiscoverTimeoutMs > 0 ? ipc->DhcpDiscoverTimeoutMs : DEFAULT_DHCP_DISCOVER_TIMEOUT;
d = IPCSendDhcpRequest(ipc, NULL, tran_id, &req, DHCP_OFFER, discoverTimeout, discon_poll_tube);
if (d == NULL)
{
return false;
@ -896,7 +899,7 @@ DHCPV4_DATA *IPCSendDhcpRequest(IPC *ipc, IP *dest_ip, UINT tran_id, DHCP_OPTION
}
// Retransmission interval
resend_interval = MAX(1, (timeout / 3) - 100);
resend_interval = MIN(IPC_DHCP_MAX_RESEND_INTERVAL, MAX(1, (timeout / 3) - 100));
// Time-out time
giveup_time = Tick64() + (UINT64)timeout;

2
src/Cedar/IPC.h
View File

@ -19,6 +19,7 @@
#define IPC_DHCP_TIMEOUT (5 * 1000)
#define IPC_DHCP_MIN_LEASE 5
#define IPC_DHCP_DEFAULT_LEASE 3600
#define IPC_DHCP_MAX_RESEND_INTERVAL (3 * 1000)
#define IPC_MAX_PACKET_QUEUE_LEN 10000
@ -149,6 +150,7 @@ struct IPC
SHARED_BUFFER *IpcSessionSharedBuffer; // A shared buffer between IPC and Session
IPC_SESSION_SHARED_BUFFER_DATA *IpcSessionShared; // Shared data between IPC and Session
UINT Layer;
UINT DhcpDiscoverTimeoutMs; // Timeut to wait for DHCP server response on DISCOVER request
// IPv6 stuff
QUEUE *IPv6ReceivedQueue; // IPv6 reception queue

4
src/Cedar/Layer3.c
View File

@ -457,10 +457,10 @@ void L3KnownArp(L3IF *f, UINT ip, UCHAR *mac)
// Delete an ARP query entry to this IP address
Zero(&t, sizeof(t));
t.IpAddress = ip;
w = Search(f->IpWaitList, &t);
w = Search(f->ArpWaitTable, &t);
if (w != NULL)
{
Delete(f->IpWaitList, w);
Delete(f->ArpWaitTable, w);
Free(w);
}

4
src/Cedar/Proto_L2TP.c
View File

@ -2138,9 +2138,9 @@ void L2TPProcessInterrupts(L2TP_SERVER *l2tp)
UINT64 l2tpTimeout = L2TP_TUNNEL_TIMEOUT;
// If we got on ANY session a higher timeout than the default L2TP tunnel timeout, increase it
for (i = 0; i < LIST_NUM(t->SessionList); i++)
for (j = 0; j < LIST_NUM(t->SessionList); j++)
{
L2TP_SESSION* s = LIST_DATA(t->SessionList, i);
L2TP_SESSION* s = LIST_DATA(t->SessionList, j);
if (s->TubeRecv != NULL && s->TubeRecv->DataTimeout > l2tpTimeout)
{

4
src/Cedar/Protocol.c
View File

@ -5843,7 +5843,6 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
// Target is invalid
HttpSendNotFound(s, h->Target);
Free(data);
FreeHttpHeader(h);
*error_detail_str = "POST_Target_Wrong";
}
else
@ -5861,10 +5860,10 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
{
// WaterMark is incorrect
HttpSendForbidden(s, h->Target, NULL);
FreeHttpHeader(h);
*error_detail_str = "POST_WaterMark_Error";
}
}
FreeHttpHeader(h);
}
else if (StrCmpi(h->Method, "OPTIONS") == 0)
{
@ -5884,6 +5883,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
continue;
}
}
FreeHttpHeader(h);
}
else if (StrCmpi(h->Method, "SSTP_DUPLEX_POST") == 0 && (ProtoEnabled(server->Proto, "SSTP") || s->IsReverseAcceptedSocket) && GetServerCapsBool(server, "b_support_sstp"))
{

13
src/Cedar/Server.c
View File

@ -2337,6 +2337,7 @@ void SiSetDefaultHubOption(HUB_OPTION *o)
o->AccessListIncludeFileCacheLifetime = ACCESS_LIST_INCLUDE_FILE_CACHE_LIFETIME;
o->RemoveDefGwOnDhcpForLocalhost = true;
o->FloodingSendQueueBufferQuota = DEFAULT_FLOODING_QUEUE_LENGTH;
o->DhcpDiscoverTimeoutMs = DEFAULT_DHCP_DISCOVER_TIMEOUT;
}
// Create a default virtual HUB
@ -3942,6 +3943,11 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o)
o->UseHubNameAsDhcpUserClassOption = CfgGetBool(f, "UseHubNameAsDhcpUserClassOption");
o->UseHubNameAsRadiusNasId = CfgGetBool(f, "UseHubNameAsRadiusNasId");
o->AllowEapMatchUserByCert = CfgGetBool(f, "AllowEapMatchUserByCert");
o->DhcpDiscoverTimeoutMs = CfgGetInt(f, "DhcpDiscoverTimeoutMs");
if (o->DhcpDiscoverTimeoutMs == 0)
{
o->DhcpDiscoverTimeoutMs = DEFAULT_DHCP_DISCOVER_TIMEOUT;
}
// Enabled by default
if (CfgIsItem(f, "ManageOnlyPrivateIP"))
@ -4048,6 +4054,7 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o)
CfgAddBool(f, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
CfgAddBool(f, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
CfgAddBool(f, "AllowEapMatchUserByCert", o->AllowEapMatchUserByCert);
CfgAddInt(f, "DhcpDiscoverTimeoutMs", o->DhcpDiscoverTimeoutMs);
}
// Write the user
@ -7533,6 +7540,11 @@ void SiCalledUpdateHub(SERVER *s, PACK *p)
o.UseHubNameAsDhcpUserClassOption = PackGetBool(p, "UseHubNameAsDhcpUserClassOption");
o.UseHubNameAsRadiusNasId = PackGetBool(p, "UseHubNameAsRadiusNasId");
o.AllowEapMatchUserByCert = PackGetBool(p, "AllowEapMatchUserByCert");
o.DhcpDiscoverTimeoutMs = PackGetInt(p, "DhcpDiscoverTimeoutMs");
if (o.DhcpDiscoverTimeoutMs == 0)
{
o.DhcpDiscoverTimeoutMs = DEFAULT_DHCP_DISCOVER_TIMEOUT;
}
save_packet_log = PackGetInt(p, "SavePacketLog");
packet_log_switch_type = PackGetInt(p, "PacketLogSwitchType");
@ -9368,6 +9380,7 @@ void SiPackAddCreateHub(PACK *p, HUB *h)
PackAddBool(p, "UseHubNameAsDhcpUserClassOption", h->Option->UseHubNameAsDhcpUserClassOption);
PackAddBool(p, "UseHubNameAsRadiusNasId", h->Option->UseHubNameAsRadiusNasId);
PackAddBool(p, "AllowEapMatchUserByCert", h->Option->AllowEapMatchUserByCert);
PackAddInt(p, "DhcpDiscoverTimeoutMs", h->Option->DhcpDiscoverTimeoutMs);
SiAccessListToPack(p, h->AccessList);

2
src/Mayaqua/3rdparty/cpu_features vendored

Submodule src/Mayaqua/3rdparty/cpu_features updated: 26133d3b62...ba4bffa86c

2
src/Mayaqua/3rdparty/liboqs vendored

Submodule src/Mayaqua/3rdparty/liboqs updated: 51ddd33cc0...94b421ebb8

2
src/Mayaqua/3rdparty/oqs-provider vendored

Submodule src/Mayaqua/3rdparty/oqs-provider updated: 8f37521d5e...f076e91faa

49
src/Mayaqua/CMakeLists.txt
View File

@ -18,20 +18,46 @@ set_target_properties(mayaqua
find_package(OpenSSL REQUIRED)
if(OPENSSL_VERSION VERSION_LESS "3") # Disable oqsprovider when OpenSSL version < 3
add_definitions(-DSKIP_OQS_PROVIDER)
if(OPENSSL_VERSION VERSION_GREATER_EQUAL "3")
set(OQS_ENABLE ON CACHE BOOL "By setting this to OFF, Open Quantum Safe algorithms will not be built in")
else()
# Disable oqsprovider when OpenSSL version < 3
set(OQS_ENABLE OFF)
endif()
if(OQS_ENABLE)
set(OQS_BUILD_ONLY_LIB ON CACHE BOOL "Set liboqs to build only the library (no tests)")
set(BUILD_TESTING OFF CACHE BOOL "By setting this to OFF, no tests or examples will be compiled.")
set(OQS_PROVIDER_BUILD_STATIC ON CACHE BOOL "Build a static library instead of a shared library") # Build oqsprovider as a static library (defaults to shared)
list(PREPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/src/Mayaqua/3rdparty/")
# Disable all other KEM families
set(OQS_ENABLE_KEM_FRODOKEM OFF)
set(OQS_ENABLE_KEM_NTRUPRIME OFF)
set(OQS_ENABLE_KEM_NTRU OFF)
set(OQS_ENABLE_KEM_CLASSIC_MCELIECE OFF)
set(OQS_ENABLE_KEM_HQC OFF)
set(OQS_ENABLE_KEM_BIKE OFF)
# Disable all SIG families
set(OQS_ENABLE_SIG_ML_DSA OFF)
set(OQS_ENABLE_SIG_FALCON OFF)
set(OQS_ENABLE_SIG_DILITHIUM OFF)
set(OQS_ENABLE_SIG_SPHINCS OFF)
set(OQS_ENABLE_SIG_MAYO OFF)
set(OQS_ENABLE_SIG_CROSS OFF)
set(OQS_ENABLE_SIG_UOV OFF)
set(OQS_ENABLE_SIG_SNOVA OFF)
set(OQS_ENABLE_SIG_SLH_DSA OFF)
add_subdirectory(3rdparty/liboqs)
add_subdirectory(3rdparty/oqs-provider)
target_include_directories(oqsprovider PUBLIC ${CMAKE_CURRENT_BINARY_DIR}/3rdparty/liboqs/include)
set_property(TARGET oqsprovider PROPERTY POSITION_INDEPENDENT_CODE ON)
target_link_libraries(mayaqua PRIVATE oqsprovider)
else()
add_definitions(-DSKIP_OQS_PROVIDER)
endif()
include(CheckSymbolExists)
@ -109,11 +135,26 @@ if(UNIX)
$<$<BOOL:${LIB_RT}>:${LIB_RT}>
)
if (CMAKE_SYSTEM_PROCESSOR MATCHES "^(armv7l|aarch64|s390x)$" OR NOT HAVE_SYS_AUXV OR SKIP_CPU_FEATURES)
if (NOT HAVE_SYS_AUXV OR SKIP_CPU_FEATURES)
add_definitions(-DSKIP_CPU_FEATURES)
elseif(${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD" AND NOT CMAKE_SYSTEM_PROCESSOR MATCHES "^(amd64|i386)")
message("cpu_features is not available on FreeBSD/${CMAKE_SYSTEM_PROCESSOR}")
add_definitions(-DSKIP_CPU_FEATURES)
elseif(${CMAKE_SYSTEM_NAME} STREQUAL "Darwin" AND NOT CMAKE_SYSTEM_NAME MATCHES "^(arm64|x86_64)")
# macOS runs only on Intel or ARM architecrues, should not reach here
add_definitions(-DSKIP_CPU_FEATURES)
elseif(${CMAKE_SYSTEM_NAME} STREQUAL "SunOS" OR ${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD")
message("cpu_features is not available on ${CMAKE_SYSTEM_NAME}")
add_definitions(-DSKIP_CPU_FEATURES)
elseif(USE_SYSTEM_CPU_FEATURES)
CHECK_INCLUDE_FILE(cpu_features_macros.h HAVE_CPU_FEATURES)
message("-- Using system's cpu_features")
target_link_libraries(mayaqua PRIVATE cpu_features)
else()
message("-- Using bundled cpu_features")
set(BUILD_SHARED_LIBS OFF)
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
add_subdirectory(3rdparty/cpu_features)
set_property(TARGET cpu_features PROPERTY POSITION_INDEPENDENT_CODE ON)
target_link_libraries(mayaqua PRIVATE cpu_features)
endif()

2
src/Mayaqua/Microsoft.c
View File

@ -4259,7 +4259,7 @@ UINT MsService(char *name, SERVICE_FUNCTION *start, SERVICE_FUNCTION *stop, UINT
if ((mode == SVC_MODE_INSTALL || mode == SVC_MODE_UNINSTALL || mode == SVC_MODE_START ||
mode == SVC_MODE_STOP || mode == SVC_MODE_SERVICE) &&
(ms->IsNt == false))
(IsNt() == false))
{
// Tried to use the command for the NT in non-WindowsNT system
MsgBox(NULL, MB_ICONSTOP, _UU("SVC_NT_ONLY"));

1
src/Mayaqua/Microsoft.h
View File

@ -170,7 +170,6 @@ typedef struct MS
{
HINSTANCE hInst;
HINSTANCE hKernel32;
bool IsNt;
bool IsAdmin;
HANDLE hCurrentProcess;
UINT CurrentProcessId;

2
src/Mayaqua/Network.h
View File

@ -60,7 +60,7 @@ struct DYN_VALUE
#define DEFAULT_CIPHER_LIST "ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:ECDHE+AES256:DHE+AES256:RSA+AES"
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#define PQ_GROUP_LIST "p521_kyber1024:x25519_kyber768:P-521:X25519:P-256"
#define PQ_GROUP_LIST "X25519MLKEM768:p521_kyber1024:x25519_kyber768:P-521:X25519:P-256"
#endif
// SSL logging function

83
src/Mayaqua/TcpIp.c
View File

@ -2057,43 +2057,15 @@ bool ParsePacketL2Ex(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_ex
if (type_id_16 > 1500)
{
// Ordinary Ethernet frame
switch (type_id_16)
if (type_id_16 == MAC_PROTO_TAGVLAN)
{
case MAC_PROTO_ARPV4: // ARPv4
if (no_l3 || no_l3_l4_except_icmpv6)
{
return true;
}
return ParsePacketARPv4(p, buf, size);
case MAC_PROTO_IPV4: // IPv4
if (no_l3 || no_l3_l4_except_icmpv6)
{
return true;
}
return ParsePacketIPv4(p, buf, size);
case MAC_PROTO_IPV6: // IPv6
if (no_l3)
{
return true;
}
return ParsePacketIPv6(p, buf, size, no_l3_l4_except_icmpv6);
default: // Unknown
if (type_id_16 == p->VlanTypeID)
{
// VLAN
return ParsePacketTAGVLAN(p, buf, size);
// Parse VLAN frame
return ParsePacketTAGVLAN(p, buf, size, no_l3, no_l3_l4_except_icmpv6);
}
else
{
return true;
}
// Parse Ordinary Ethernet frame
return ParsePacketL3(p, buf, size, type_id_16, no_l3, no_l3_l4_except_icmpv6);
}
}
else
@ -2128,10 +2100,44 @@ bool ParsePacketL2Ex(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_ex
}
}
bool ParsePacketL3(PKT *p, UCHAR *buf, UINT size, USHORT proto, bool no_l3, bool no_l3_l4_except_icmpv6)
{
switch (proto)
{
case MAC_PROTO_ARPV4: // ARPv4
if (no_l3 || no_l3_l4_except_icmpv6)
{
return true;
}
return ParsePacketARPv4(p, buf, size);
case MAC_PROTO_IPV4: // IPv4
if (no_l3 || no_l3_l4_except_icmpv6)
{
return true;
}
return ParsePacketIPv4(p, buf, size);
case MAC_PROTO_IPV6: // IPv6
if (no_l3)
{
return true;
}
return ParsePacketIPv6(p, buf, size, no_l3_l4_except_icmpv6);
default: // Unknown
return true;
}
}
// TAG VLAN parsing
bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size)
bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_except_icmpv6)
{
USHORT vlan_ushort;
USHORT proto_ushort;
// Validate arguments
if (p == NULL || buf == NULL)
{
@ -2151,12 +2157,17 @@ bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size)
buf += sizeof(TAGVLAN_HEADER);
size -= sizeof(TAGVLAN_HEADER);
vlan_ushort = READ_USHORT(p->L3.TagVlanHeader->Data);
vlan_ushort = READ_USHORT(p->L3.TagVlanHeader->TagID);
vlan_ushort = vlan_ushort & 0xFFF;
p->VlanId = vlan_ushort;
return true;
proto_ushort = READ_USHORT(p->L3.TagVlanHeader->Protocol);
proto_ushort = proto_ushort & 0xFFFF;
// Parse the L3 packet
return ParsePacketL3(p, buf, size, proto_ushort, no_l3, no_l3_l4_except_icmpv6);
}
// BPDU Parsing

6
src/Mayaqua/TcpIp.h
View File

@ -87,7 +87,8 @@ struct ARPV4_HEADER
// Tagged VLAN header
struct TAGVLAN_HEADER
{
UCHAR Data[2]; // Data
UCHAR TagID[2]; // TagID
UCHAR Protocol[2]; // Protocol
} GCC_PACKED;
// IPv4 header
@ -762,10 +763,11 @@ void FreePacketTCPv4(PKT *p);
void FreePacketICMPv4(PKT *p);
void FreePacketDHCPv4(PKT *p);
bool ParsePacketL2Ex(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_except_icmpv6);
bool ParsePacketL3(PKT *p, UCHAR *buf, UINT size, USHORT proto, bool no_l3, bool no_l3_l4_except_icmpv6);
bool ParsePacketARPv4(PKT *p, UCHAR *buf, UINT size);
bool ParsePacketIPv4(PKT *p, UCHAR *buf, UINT size);
bool ParsePacketBPDU(PKT *p, UCHAR *buf, UINT size);
bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size);
bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_except_icmpv6);
bool ParseICMPv4(PKT *p, UCHAR *buf, UINT size);
bool ParseICMPv6(PKT *p, UCHAR *buf, UINT size);
bool ParseTCP(PKT *p, UCHAR *buf, UINT size);

0
src/Mayaqua/Unix.c Executable file → Normal file
View File

1
src/bin/hamcore/languages.txt
View File

@ -9,3 +9,4 @@
4 ko Korean 한국어 949 ko,kr,euc_kr,cp949,euckr
5 ru Russian Русский 1049 ru
6 pt_br Portuguese-Brazil Português-Brasil 1046 pt_br
7 id Indonesian Bahasa 1057 id

7424
src/bin/hamcore/strtable_id.stb Normal file
View File

File diff suppressed because it is too large Load Diff

71
src/bin/hamcore/vpnweb_sample_id.htm Normal file
View File

@ -0,0 +1,71 @@
<HTML>
<HEAD>
<TITLE>Halaman Penyebaran Web Installer VPN Client</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<META http-equiv="Content-Language" content="id">
<style type="text/css">
<!--
BODY, TABLE, TR, TABLE, TD, H1, H2, H3, H4, P, LI, DIV
{
font-family: "Arial", "Geneva", "Helvetica", "sans-serif", "MS PGothic", "MS UI Gothic", "Osaka";
font-size:small;
line-height:1.2em;
}
-->
</style>
</HEAD>
<BODY>
<h3>Contoh File HTML Halaman Penyebaran Web Installer VPN Client</h3>
<p>File HTML ini adalah contoh.<br>
Untuk membuat Web Installer menggunakan "SoftEther VPN Client Web Installer", silakan merujuk pada penjelasan berikut dan kode sumber HTML dari file ini.</p>
<table border="1" cellspacing="0" cellpadding="4" style="border-collapse: collapse" bordercolor="#008000" id="table1">
<tr>
<td style="font-family: Consolas, Courier New, MS Gothic; font-size: 10pt">&lt;OBJECT ID=&quot;VpnWebInstaller&quot;<br>
&nbsp;&nbsp;&nbsp; CLASSID=&quot;CLSID:64F1A16B-C3EE-484C-B551-35338A9BB6D2&quot;<br>
&nbsp;&nbsp;&nbsp; CODEBASE=&quot;vpnweb.cab#Version=$VER_MAJOR$,$VER_MINOR$,0,$VER_BUILD$&quot;&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;PARAM NAME=&quot;InstallerExeUrl&quot; VALUE=&quot;<b><font color="#008000">http://example.com/any_folder/vpninstall.exe</font></b>&quot;&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;PARAM NAME=&quot;InstallerInfUrl&quot; VALUE=&quot;<b><font color="#008000">http://example.com/any_folder/vpninstall.inf</font></b>&quot;&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;PARAM NAME=&quot;SettingUrl&quot; VALUE=&quot;<b><font color="#008000">http://example.com/any_folder/auto_setting.vpn</font></b>&quot;&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;PARAM NAME=&quot;LanguageID&quot; VALUE=&quot;<b><font color="#008000">ID</font></b>&quot;&gt;<br>
&lt;/OBJECT&gt;</td>
</tr>
</table>
<p>Untuk membuat halaman web yang memulai Web Installer VPN Client, masukkan kode HTML seperti di atas. Kode HTML tersebut merujuk pada path kontrol ActiveX, dan parameter yang akan diteruskan ke ActiveX.</p>
<p>Anda harus memodifikasi string yang ditebalkan dengan font hijau di atas sesuai dengan lingkungan server web tempat Anda menyebarkan.<br>
(Peringatan, contoh di atas tidak akan berfungsi jika tetap menggunakan kode asli, karena contoh asli menyebutkan URL contoh.)<br>
<br>
Untuk detail lebih lanjut, silakan merujuk pada manual online atau <b> <a target="_blank" href="http://www.softether.org/">http://www.softether.org/</a></b>.<br>
<br>
<b><font color="#808000">Catatan: parameter &quot;SettingUrl&quot; dan &quot;LanguageID&quot; adalah opsional.</font></b></p>
<p> </p>
<!-- Kode di bawah adalah contoh untuk menyematkan kontrol ActiveX. -->
<h3>Kode di bawah ini adalah contoh untuk menyematkan kontrol ActiveX.</h3>
<p>Peringatan: File HTML ini adalah contoh. Parameter untuk kontrol vpnweb.cab adalah dummy.<BR> Oleh karena itu, setelah Anda mengklik tombol Mulai Koneksi VPN, Anda akan mendapatkan pesan kesalahan.</p>
<table border="1" cellspacing="1" cellpadding="6" style="border-collapse: collapse" width="450" bordercolor="#808000" id="table2">
<tr>
<td align="center" valign="top">
<OBJECT ID="VpnWebInstaller"
CLASSID="CLSID:64F1A16B-C3EE-484C-B551-35338A9BB6D2"
CODEBASE="vpnweb.cab#Version=$VER_MAJOR$,$VER_MINOR$,0,$VER_BUILD$">
<PARAM NAME="InstallerExeUrl" VALUE="http://example.com/any_folder/vpninstall.exe">
<PARAM NAME="InstallerInfUrl" VALUE="http://example.com/any_folder/vpninstall.inf">
<PARAM NAME="SettingUrl" VALUE="http://example.com/any_folder/auto_setting.vpn">
<PARAM NAME="LanguageID" VALUE="ID">
</OBJECT>
</td>
</tr>
</table>
 <p>Jika Kontrol ActiveX Web Installer VPN Client tidak ditampilkan pada persegi panjang coklat di atas, periksa persyaratan, dan pastikan bahwa browser web Anda mengizinkan kontrol ActiveX.</p>
<p> </p>
<p align="right"><i>Copyright (c) SoftEther Project di Universitas Tsukuba, Jepang. Semua Hak Dilindungi.</i></p>
</BODY>
</HTML>

139
src/bin/hamcore/warning_id.txt Normal file
View File

@ -0,0 +1,139 @@
PENGUMUMAN PENTING TENTANG SOFTETHER VPN
FUNGSI KOMUNIKASI VPN YANG TERTANAM DALAM PERANGKAT LUNAK INI LEBIH KUAT DARI SEBELUMNYA. KEMAMPUAN VPN YANG KUAT INI AKAN MEMBERIKAN ANDA MANFAAT BESAR. NAMUN, JIKA ANDA MENYALAHGUNAKAN PERANGKAT LUNAK INI, HAL INI DAPAT MERUGIKAN ANDA SENDIRI. UNTUK MENGHINDARI RISIKO TERSEBUT, DOKUMEN INI BERISI PENGUMUMAN PENTING UNTUK PELANGGAN YANG INGIN MENGGUNAKAN PERANGKAT LUNAK INI. PETUNJUK BERIKUT SANGAT PENTING. BACA DAN PAHAMI DENGAN SEKSAMA.SELAIN ITU, JIKA ANDA BERENCANA MENGGUNAKAN FUNGSI DYNAMIC DNS, NAT TRAVERSAL, ATAU VPN AZURE, BACA BAGIAN 3.5 DENGAN SEKSAMA. FUNGSI-FUNGSI INI ADALAH LAYANAN GRATIS YANG DISEDIAKAN MELALUI INTERNET, TIDAK DIJAMIN, DAN TIDAK DIMAKSUDKAN UNTUK DIGUNAKAN DALAM BISNIS ATAU PENGGUNAAN KOMERSIAL. JANGAN GUNAKAN LAYANAN INI UNTUK BISNIS ATAU KEGIATAN KOMERSIAL ANDA.
1. Protokol Komunikasi VPN
1.1. Protokol SoftEther VPN
SoftEther VPN dapat melakukan komunikasi VPN. Berbeda dengan protokol VPN tradisional, SoftEther VPN memiliki implementasi dari "Protokol SoftEther VPN (SE-VPN Protocol)" yang dirancang baru. Protokol SE-VPN mengenkapsulasi paket Ethernet apa pun ke dalam koneksi HTTPS (HTTP over SSL). Oleh karena itu, protokol SE-VPN dapat berkomunikasi melewati firewall bahkan jika firewall dikonfigurasi untuk memblokir paket VPN tradisional oleh administrator jaringan. Protokol SE-VPN dirancang dan diimplementasikan untuk mematuhi TLS 1.0 (RFC 5246) dan HTTPS (RFC 2818). Namun, terkadang memiliki perilaku yang berbeda dari RFC. Jika Anda adalah seorang administrator jaringan dan ingin memblokir protokol SE-VPN pada firewall, Anda dapat menerapkan kebijakan "daftar putih" pada firewall untuk memfilter semua paket TCP atau UDP di perbatasan kecuali paket yang secara eksplisit diizinkan menuju situs web dan server tertentu.
1.2. Fungsi NAT Traversal
Secara umum, jika Anda menggunakan sistem VPN tradisional, Anda harus meminta administrator jaringan untuk membuat NAT atau firewall agar "membuka" atau "meneruskan" port TCP atau UDP tertentu. Namun, ada permintaan untuk menghilangkan beban kerja tersebut bagi administrator jaringan. Untuk memenuhi permintaan tersebut, SoftEther VPN memiliki fungsi "NAT Traversal" yang baru diimplementasikan. NAT Traversal diaktifkan secara default. Server SoftEther VPN yang berjalan di komputer di balik NAT atau firewall dapat menerima koneksi VPN dari Internet tanpa konfigurasi khusus pada firewall atau NAT. Jika Anda ingin menonaktifkan fungsi NAT Traversal, ubah "DisableNatTraversal" menjadi "true" pada file konfigurasi SoftEther VPN Server. Untuk menonaktifkannya di sisi klien, tambahkan sufiks "/tcp" pada nama host tujuan.
1.3. Fungsi Dynamic DNS
Sistem VPN tradisional membutuhkan alamat IP global statis pada server VPN. Mengingat keterbatasan alamat IP global, SoftEther Corporation mengimplementasikan "Fungsi Dynamic DNS" pada SoftEther VPN Server. Dynamic DNS diaktifkan secara default. Fungsi Dynamic DNS memberi tahu alamat IP global saat ini dari PC ke Server Dynamic DNS yang dioperasikan oleh SoftEther Corporation. Nama host unik secara global (FQDN) seperti "abc.softether.net" ("abc" bervariasi dan unik untuk setiap pengguna) akan diberikan pada Server VPN. Jika Anda memberi tahu nama host unik ini kepada pengguna VPN, mereka dapat menggunakannya sebagai nama host tujuan VPN Server pada VPN Client dan dapat terhubung ke VPN Server tanpa perlu mengetahui alamat IP sebelumnya. Jika alamat IP VPN Server berubah, alamat IP yang terdaftar terkait dengan nama host layanan Dynamic DNS akan diperbarui secara otomatis. Dengan mekanisme ini, tidak diperlukan lagi alamat IP global statis yang biasanya memerlukan biaya bulanan dari ISP. Anda dapat menggunakan koneksi Internet berbiaya rendah dengan alamat IP dinamis untuk mengoperasikan sistem VPN tingkat perusahaan. Jika Anda ingin menonaktifkan Dynamic DNS, atur nilai "true" pada item "Disabled" dalam direktif "DDnsClient" pada file konfigurasi SoftEther VPN Server. * Catatan untuk penduduk Republik Rakyat Tiongkok: Jika VPN Server Anda berjalan di Republik Rakyat Tiongkok, sufiks DNS akan diganti menjadi domain "sedns.cn". Domain "sedns.cn" adalah layanan yang dimiliki dan dioperasikan oleh "Beijing Daiyuu SoftEther Technology Co., Ltd", sebuah perusahaan lokal Tiongkok.
1.4. Fungsi VPN melalui ICMP / VPN melalui DNS
Jika Anda ingin membuat koneksi VPN antara SoftEther VPN Client / Bridge dan SoftEther VPN Server, tetapi paket TCP dan UDP diblokir oleh firewall, maka Anda dapat mengenkripsi data ke dalam paket "ICMP" (juga dikenal sebagai Ping) atau "DNS". Fungsi ini memungkinkan koneksi VPN menggunakan ICMP atau DNS bahkan jika firewall atau router memblokir semua koneksi TCP atau UDP. Fungsi VPN melalui ICMP / VPN melalui DNS dirancang agar sesuai dengan spesifikasi standar ICMP dan DNS sebanyak mungkin, namun terkadang memiliki perilaku yang tidak sepenuhnya sesuai dengan standar tersebut. Oleh karena itu, beberapa router berkualitas rendah mungkin mengalami overflow memori atau masalah lainnya saat terlalu banyak paket ICMP atau DNS yang dilewatkan, dan router semacam itu bisa mengalami freeze atau reboot. Hal ini dapat memengaruhi pengguna lain di jaringan yang sama. Untuk menghindari risiko tersebut, tambahkan sufiks "/tcp" pada nama host tujuan yang ditentukan di sisi VPN-klien untuk menonaktifkan fungsi VPN melalui ICMP / DNS.
1.5. Layanan Cloud VPN Azure
Jika SoftEther VPN Server Anda berada di belakang NAT atau firewall, dan karena suatu alasan Anda tidak dapat menggunakan fungsi NAT Traversal, Dynamic DNS, atau VPN melalui ICMP/DNS, maka Anda dapat menggunakan layanan cloud VPN Azure. SoftEther Corporation mengoperasikan VPN Azure Cloud di Internet. Setelah VPN Server terhubung ke VPN Azure Cloud, nama host "abc.vpnazure.net" ("abc" adalah nama host unik) dapat digunakan untuk menghubungkan ke VPN Server melalui VPN Azure Cloud. Secara praktis, nama host ini mengarah ke alamat IP global salah satu server cloud yang dioperasikan oleh SoftEther Corporation. Jika VPN Client terhubung ke host VPN Azure tersebut, maka host VPN Azure akan meneruskan semua lalu lintas antara VPN Client dan VPN Server. VPN Azure dinonaktifkan secara default. Anda dapat mengaktifkannya dengan mudah menggunakan VPN Server Configuration Tool.
1.6. Percepatan UDP
SoftEther VPN memiliki Fungsi Percepatan UDP. Jika VPN terdiri dari dua situs dan mendeteksi bahwa saluran UDP dapat dibuat, maka UDP akan digunakan secara otomatis. Dengan fungsi ini, throughput UDP meningkat. Jika saluran UDP langsung dapat dibuat, paket UDP langsung akan digunakan. Namun, jika ada hambatan seperti firewall atau NAT, maka teknologi "UDP Hole Punching" akan digunakan. "UDP Hole Punching" menggunakan server cloud yang dioperasikan oleh SoftEther Corporation di Internet. Percepatan UDP dapat dinonaktifkan kapan saja dengan mengaturnya di sisi VPN-klien.
2. Perangkat Lunak VPN
2.1. SoftEther VPN Client
Jika Anda menggunakan SoftEther VPN Client di Windows, driver perangkat Virtual Network Adapter akan diinstal pada Windows. Virtual Network Adapter diimplementasikan sebagai driver mode kernel untuk Windows. Driver ini ditandatangani secara digital oleh sertifikat yang diterbitkan oleh VeriSign, Inc. dan juga ditandatangani ulang oleh Symantec Corporation. Pesan yang meminta konfirmasi pemasangan driver mungkin akan muncul di layar. SoftEther VPN Client dapat merespons pesan tersebut jika memungkinkan. SoftEther VPN Client juga mengoptimalkan konfigurasi MMCSS (Multimedia Class Scheduler Service) di Windows. Anda dapat membatalkan optimasi MMCSS setelahnya.
2.2. SoftEther VPN Server / Bridge
Jika Anda menggunakan SoftEther VPN Server / Bridge di Windows dengan fungsi "Local Bridge", Anda harus menginstal driver pemrosesan paket Ethernet tingkat rendah pada komputer. Driver ini ditandatangani secara digital oleh sertifikat yang diterbitkan oleh VeriSign, Inc. dan juga ditandatangani ulang oleh Symantec Corporation. SoftEther VPN Server / Bridge dapat menonaktifkan fitur offloading TCP/IP pada adaptor jaringan fisik untuk fungsi Local Bridge. Di Windows Vista / 2008 atau versi lebih baru, VPN Server dapat menyuntikkan driver filter paket yang sesuai dengan spesifikasi Windows Filter Platform (WFP) ke dalam kernel untuk menyediakan fungsi IPsec. Driver filter paket ini hanya akan dimuat jika fungsi IPsec diaktifkan. Jika Anda mengaktifkan fungsi IPsec pada SoftEther VPN Server, maka fungsi IPsec bawaan Windows akan dinonaktifkan. Setelah Anda menonaktifkan fungsi IPsec SoftEther VPN Server, maka fungsi IPsec bawaan Windows akan aktif kembali. Untuk menyediakan fungsi Local Bridge, SoftEther VPN Server / Bridge menonaktifkan fungsi offloading TCP/IP pada sistem operasi.
2.3. Instalasi Mode Pengguna
Anda dapat menginstal SoftEther VPN Server dan SoftEther VPN Bridge sebagai "Mode Pengguna" di Windows. Dengan kata lain, meskipun Anda tidak memiliki hak administrator sistem Windows, Anda dapat menginstal SoftEther VPN sebagai pengguna biasa. Instalasi mode pengguna akan menonaktifkan beberapa fungsi, namun sebagian besar fungsi lainnya tetap berfungsi dengan baik. Oleh karena itu, misalnya, seorang karyawan dapat menginstal SoftEther VPN Server di komputer dalam jaringan kantor dan dapat terhubung ke server dari rumahnya. Untuk mewujudkan sistem seperti itu sendiri, tidak diperlukan hak administratif sistem dari sudut pandang teknis. Namun, melanggar peraturan perusahaan dengan menginstal perangkat lunak pada komputer tanpa izin dapat dianggap sebagai tindakan yang tidak diinginkan. Jika Anda seorang karyawan dan bekerja di sebuah perusahaan, dan kebijakan perusahaan melarang pemasangan perangkat lunak atau melakukan komunikasi ke Internet tanpa izin, Anda harus mendapatkan izin dari administrator jaringan atau pejabat eksekutif perusahaan sebelum menginstal SoftEther VPN. Jika Anda menginstal VPN Server / Bridge dalam Mode Pengguna, ikon akan muncul di task-tray Windows. Jika Anda merasa ikon tersebut mengganggu, Anda dapat menyembunyikannya. Namun, Anda tidak boleh menyalahgunakan fungsi penyembunyian ini untuk menginstal VPN Server di komputer orang lain sebagai spyware. Tindakan seperti itu dapat dianggap sebagai pelanggaran hukum pidana.
2.4. Fungsi Keep Alive
SoftEther VPN Server dan SoftEther VPN Bridge memiliki Fungsi Keep Alive secara default. Tujuan dari fungsi ini adalah untuk menjaga koneksi Internet tetap aktif. Fungsi ini secara berkala mengirimkan paket UDP dengan payload array-byte-acak. Fungsi ini berguna untuk menghindari pemutusan koneksi otomatis pada koneksi seluler atau dial-up. Anda dapat menonaktifkan Fungsi Keep Alive kapan saja.
2.5. Penghapusan Instalasi
Proses penghapusan instalasi perangkat lunak SoftEther VPN akan menghapus semua file program. Namun, file non-program (seperti file dan data yang dihasilkan selama penggunaan perangkat lunak) tidak akan dihapus. Secara teknis, file exe dan sumber daya dari uninstaller mungkin masih tersisa. File yang tersisa tersebut tidak akan mempengaruhi penggunaan komputer, tetapi Anda dapat menghapusnya secara manual. Driver mode kernel mungkin tidak akan dihapus, tetapi driver tersebut tidak akan dimuat setelah Windows di-boot ulang. Anda dapat menggunakan perintah "sc" di Windows untuk menghapus driver mode kernel secara manual.
2.6. Keamanan
Setelah instalasi, Anda harus mengatur kata sandi administrator pada SoftEther VPN Server / Bridge. Jika Anda mengabaikan hal ini, orang lain dapat mengakses SoftEther VPN Server / Bridge dan mengatur kata sandi tanpa izin Anda. Peringatan ini juga berlaku untuk SoftEther VPN Client di Linux.
2.7. Pemberitahuan Pembaruan Otomatis
Perangkat lunak SoftEther VPN untuk Windows memiliki fungsi pemberitahuan pembaruan otomatis. Perangkat lunak ini secara berkala mengakses server pembaruan SoftEther untuk memeriksa apakah ada versi terbaru yang dirilis. Jika ada versi terbaru, pesan pemberitahuan akan muncul di layar. Untuk mencapai tujuan ini, versi perangkat lunak, pengaturan bahasa, pengenal unik, alamat IP komputer Anda, dan hostname VPN Server yang terhubung akan dikirim ke server pembaruan SoftEther. Tidak ada informasi pribadi yang dikirim. Pemberitahuan pembaruan otomatis diaktifkan secara default, tetapi Anda dapat menonaktifkannya di layar konfigurasi. Pengaturan ini akan disimpan secara individual untuk setiap VPN Server tujuan melalui VPN Server Manager.
2.8. Fungsi NAT Virtual
Virtual Hub pada SoftEther VPN Server / Bridge memiliki "Fungsi NAT Virtual". Fungsi NAT Virtual memungkinkan berbagi satu alamat IP pada jaringan fisik dengan beberapa alamat IP pribadi dari VPN Client. Ada dua mode operasi Virtual NAT: Mode Pengguna (User-mode) dan Mode Kernel (Kernel-mode). Dalam mode pengguna, NAT Virtual berbagi alamat IP yang ditetapkan pada sistem operasi host. Berbeda dengan mode pengguna, mode kernel mencoba menemukan server DHCP di jaringan fisik. Jika ada dua atau lebih jaringan fisik, server DHCP akan dicari secara otomatis untuk setiap segmen secara berurutan. Jika server DHCP ditemukan dan alamat IP diperoleh, alamat IP tersebut akan digunakan oleh Virtual NAT. Dalam kasus ini, entri IP sebagai klien DHCP akan terdaftar di pool IP server DHCP fisik. Gateway default fisik dan server DNS akan digunakan oleh Virtual NAT untuk berkomunikasi dengan host di Internet. Dalam mode kernel, Virtual Hub memiliki alamat MAC virtual yang beroperasi di segmen Ethernet fisik. Untuk memeriksa konektivitas ke Internet, SoftEther VPN secara berkala mengirimkan paket kueri DNS untuk menyelesaikan alamat IP dari host "www.yahoo.com" atau "www.baidu.com", dan mencoba menghubungkan ke port TCP 80 dari alamat IP yang dihasilkan untuk pemeriksaan konektivitas.
2.9. Instalasi Tanpa Pengawasan untuk Komponen Mode Kernel
Ketika SoftEther VPN mendeteksi kebutuhan untuk menginstal komponen mode kernel di Windows, pesan konfirmasi akan muncul dari sistem Windows. Dalam situasi ini, perangkat lunak SoftEther VPN akan beralih ke mode Instalasi Tanpa Pengawasan untuk secara otomatis merespons "Ya" pada Windows. Hal ini bertujuan untuk mencegah terjadinya deadlock saat administrasi jarak jauh dilakukan.
2.10. Windows Firewall
Perangkat lunak SoftEther VPN akan mendaftarkan dirinya sebagai program aman. Entri ini akan tetap ada setelah penghapusan instalasi. Anda dapat menghapusnya secara manual melalui Control Panel Windows.
3. Layanan Internet
3.1. Layanan Internet yang Disediakan oleh SoftEther Corporation
SoftEther Corporation menyediakan layanan Dynamic DNS, NAT Traversal, dan server VPN Azure di Internet. Layanan ini tersedia secara gratis. Pelanggan dapat mengakses layanan ini menggunakan perangkat lunak SoftEther VPN melalui Internet. Layanan ini direncanakan akan tersedia dalam versi Open-Source dari "SoftEther VPN" yang akan dirilis di masa mendatang.
3.2. Informasi yang Dikirim dan Perlindungan Privasi
Perangkat lunak SoftEther VPN dapat mengirim alamat IP, nama host, dan versi perangkat lunak VPN pada komputer pelanggan ke layanan cloud yang dioperasikan oleh SoftEther Corporation untuk menggunakan layanan di atas. Pengiriman informasi ini merupakan kebutuhan minimal agar layanan dapat berfungsi. Tidak ada informasi pribadi yang dikirimkan. SoftEther Corporation mencatat log server cloud minimal selama 90 hari dengan informasi yang diterima. Log ini digunakan untuk pemecahan masalah dan aktivitas sah lainnya. SoftEther Corporation dapat memberikan log kepada pegawai pemerintah Jepang yang bekerja di pengadilan, kantor polisi, atau kejaksaan jika diperintahkan oleh otoritas terkait. (Setiap pegawai negeri Jepang secara hukum bertanggung jawab untuk menjaga kerahasiaan informasi tersebut.) Selain itu, alamat IP dan informasi lain akan diproses secara statistik dan disediakan untuk publik tanpa mengungkapkan alamat IP konkret, guna mendukung kegiatan penelitian.
3.3. Data Komunikasi melalui Layanan VPN Azure
Terlepas dari aturan pada poin 3.2, jika pelanggan mengirim atau menerima paket VPN menggunakan Layanan Cloud VPN Azure, payload aktual akan disimpan dan diteruskan melalui memori volatil server dalam waktu yang sangat singkat. Perilaku ini diperlukan secara teknis untuk menyediakan "layanan relai VPN". Tidak ada payload yang direkam pada penyimpanan tetap seperti hard drive. Namun, "Undang-Undang Penyadapan untuk Prosedur Kriminal" (Undang-Undang ke-137 yang disahkan pada 18 Agustus 1999 di Jepang) mewajibkan perusahaan telekomunikasi untuk mengizinkan otoritas pemerintah Jepang melakukan penyadapan. Server VPN Azure yang secara fisik berlokasi di Jepang tunduk pada hukum ini.
3.4. Kepatuhan terhadap Hukum Telekomunikasi Jepang
SoftEther Corporation mematuhi hukum telekomunikasi Jepang yang berlaku dalam menyediakan layanan daring melalui Internet.
3.5. Layanan Gratis dan Eksperimen Akademik
SoftEther menyediakan Dynamic DNS, NAT Traversal, dan VPN Azure sebagai layanan eksperimen akademik. Oleh karena itu, layanan ini dapat digunakan secara gratis. Layanan ini bukan bagian dari "Produk Perangkat Lunak SoftEther VPN". Layanan ini disediakan tanpa jaminan apa pun. Layanan dapat dihentikan atau dihentikan sementara karena alasan teknis atau operasional. Dalam situasi seperti itu, pengguna tidak akan dapat menggunakan layanan tersebut. Pengguna harus memahami dan menerima risiko ini secara mandiri. SoftEther tidak akan bertanggung jawab atas akibat atau kerugian yang timbul akibat penggunaan atau ketidakmampuan menggunakan layanan. Bahkan jika pengguna telah membayar biaya lisensi versi komersial SoftEther VPN, biaya tersebut tidak mencakup layanan ini. Oleh karena itu, jika layanan daring dihentikan, tidak ada pengembalian dana atau kompensasi yang akan diberikan oleh SoftEther Corporation.
3.6. Server Cloud Proxy DNS
Di beberapa wilayah, ketika pengguna mengakses Internet, permintaan DNS terkadang mengalami gangguan atau hilang saat melewati jalur ISP. Jika SoftEther VPN Server, Client, atau Bridge mendeteksi kemungkinan bahwa akses ke server VPN aktual mungkin tidak stabil, maka permintaan DNS juga akan dialihkan ke server cloud proxy DNS yang dioperasikan oleh SoftEther Corporation. Server cloud proxy DNS akan merespons permintaan DNS dengan memberikan alamat IP yang benar.
4. Peringatan Umum
4.1. Memerlukan Persetujuan dari Administrator Jaringan
SoftEther VPN memiliki fungsi yang kuat yang tidak memerlukan pengaturan khusus oleh administrator jaringan. Misalnya, Anda tidak perlu meminta administrator untuk mengonfigurasi firewall yang ada agar "membuka" port TCP/UDP. Fitur ini bertujuan untuk mengurangi waktu kerja dan biaya administrator jaringan serta menghindari risiko kesalahan konfigurasi saat membuka port tertentu pada firewall. Namun, setiap karyawan yang bekerja di perusahaan harus mendapatkan persetujuan dari administrator jaringan sebelum menginstal SoftEther VPN. Jika administrator jaringan Anda menolak memberikan persetujuan, Anda dapat mempertimbangkan untuk meminta persetujuan dari otoritas yang lebih tinggi (misalnya, pejabat eksekutif perusahaan). Jika Anda menggunakan SoftEther VPN tanpa persetujuan dari otoritas perusahaan, Anda mungkin mengalami kerugian. SoftEther Corporation tidak akan bertanggung jawab atas hasil atau kerusakan yang ditimbulkan akibat penggunaan SoftEther VPN.
4.2. Patuhi Hukum di Negara Anda
Jika hukum di negara Anda melarang penggunaan enkripsi, Anda harus menonaktifkan fungsi enkripsi SoftEther VPN sendiri. Demikian pula, di beberapa negara atau wilayah, beberapa fungsi SoftEther VPN mungkin dilarang oleh undang-undang. Hukum negara lain bukan menjadi tanggung jawab SoftEther Corporation karena perusahaan ini terletak dan terdaftar secara fisik di Jepang. Sebagai contoh, ada kemungkinan bahwa sebagian dari SoftEther VPN melanggar paten yang hanya berlaku di wilayah tertentu. SoftEther Corporation tidak memiliki kepentingan di wilayah spesifik di luar Jepang. Oleh karena itu, jika Anda ingin menggunakan SoftEther VPN di luar Jepang, Anda harus berhati-hati agar tidak melanggar hak pihak ketiga. Anda harus memverifikasi legalitas penggunaan SoftEther VPN di wilayah tertentu sebelum menggunakannya. Secara alami, ada hampir 200 negara di dunia, dan setiap negara memiliki hukum yang berbeda. Secara praktis, tidak mungkin untuk memverifikasi hukum dan regulasi di setiap negara serta memastikan perangkat lunak mematuhi semua hukum sebelum dirilis. Oleh karena itu, SoftEther Corporation hanya memverifikasi legalitas SoftEther VPN berdasarkan hukum dan regulasi Jepang. Jika seorang pengguna menggunakan SoftEther VPN di negara tertentu dan mengalami kerugian akibat tindakan pegawai pemerintah setempat, SoftEther Corporation tidak akan bertanggung jawab untuk mengganti atau menanggung kerugian tersebut, termasuk tanggung jawab pidana.
5. Proyek Eksperimen Akademik VPN Gate
(Bab ini hanya berlaku pada paket perangkat lunak SoftEther VPN yang berisi plug-in ekstensi untuk Proyek Eksperimen Akademik VPN Gate.)
5.1. Tentang Proyek Eksperimen Akademik VPN Gate
Proyek Eksperimen Akademik VPN Gate adalah layanan online yang dioperasikan hanya untuk tujuan penelitian akademik di sekolah pascasarjana Universitas Tsukuba, Jepang. Tujuan penelitian ini adalah untuk memperluas pengetahuan tentang teknologi "Global Distributed Public VPN Relay Server" (GDPVRS). Untuk detail lebih lanjut, silakan kunjungi http://www.vpngate.net/.
5.2. Tentang Layanan VPN Gate
Perangkat lunak SoftEther VPN Server dan SoftEther VPN Client mungkin berisi program "VPN Gate Service". Namun, VPN Gate Service dinonaktifkan secara default.
VPN Gate Service harus diaktifkan secara sukarela oleh pemilik komputer tempat SoftEther VPN Server atau SoftEther VPN Client diinstal. Setelah VPN Gate Service diaktifkan, komputer tersebut akan mulai berfungsi sebagai bagian dari Global Distributed Public VPN Relay Servers. Alamat IP, nama host, dan informasi terkait komputer akan dikirim dan terdaftar ke server direktori Proyek Eksperimen Akademik VPN Gate, serta akan dipublikasikan ke publik. Mekanisme ini memungkinkan pengguna perangkat lunak VPN Gate Client untuk terhubung ke VPN Gate Service yang berjalan di komputer Anda. Selama sesi VPN antara pengguna VPN Gate Client dan VPN Gate Service berlangsung, pengguna VPN Gate Client dapat mengirim/menerima paket IP melalui layanan ini. Alamat IP global dari komputer yang menjalankan VPN Gate Service akan digunakan sebagai alamat IP sumber dari komunikasi yang dimulai oleh pengguna VPN Gate Client.
VPN Gate Service akan mengirim beberapa informasi ke Server Direktori Layanan Eksperimen Akademik VPN Gate. Informasi ini mencakup informasi operator yang dijelaskan di bagian 5.5, pengaturan log, waktu aktif, versi sistem operasi, jenis protokol, nomor port, informasi kualitas, informasi statistik, riwayat log VPN Gate Client (termasuk tanggal, alamat IP, nomor versi, dan ID), serta versi perangkat lunak. Informasi ini akan diekspos di direktori publik. VPN Gate Service juga menerima kunci untuk enkripsi yang dijelaskan di bagian 5.9 dari server direktori.
5.3. Rincian Perilaku VPN Gate Service
Jika Anda mengaktifkan VPN Gate Service secara manual (karena dinonaktifkan secara default), "VPNGATE" Virtual Hub akan dibuat di SoftEther VPN Server. Jika Anda menggunakan SoftEther VPN Client dan mencoba mengaktifkan VPN Gate Service, sebuah program setara dengan SoftEther VPN Server akan dijalankan dalam proses yang sama dengan SoftEther VPN Client, dan "VPNGATE" Virtual Hub akan dibuat. Secara default, "VPNGATE" Virtual Hub berisi pengguna bernama "VPN" yang memungkinkan siapa pun di Internet untuk membuat koneksi VPN ke Virtual Hub tersebut. Setelah VPN Client terhubung ke "VPNGATE" Virtual Hub, semua komunikasi antara pengguna dan Internet akan melewati Virtual Hub dan ditransmisikan/menerima melalui antarmuka jaringan fisik pada komputer yang menjalankan SoftEther VPN Server (atau SoftEther VPN Client). Akibatnya, host tujuan yang ditentukan oleh VPN Client akan mengidentifikasi bahwa sumber komunikasi berasal dari alamat IP komputer yang menjalankan VPN Gate Service. Namun, untuk alasan keamanan, paket yang ditujukan ke alamat dalam rentang 192.168.0.0/255.255.0.0, 172.16.0.0/255.240.0.0, atau 10.0.0.0/255.0.0.0 akan diblokir oleh "VPNGATE" Virtual Hub untuk melindungi jaringan lokal Anda. Oleh karena itu, jika Anda menjalankan VPN Gate Service dalam jaringan perusahaan atau jaringan pribadi, layanan ini tetap aman karena pengguna VPN Client anonim tidak akan diizinkan mengakses jaringan pribadi tersebut. VPN Gate Service juga berfungsi sebagai perantara untuk mengakses Server Direktori VPN Gate.
Agar VPN Gate Service dapat melewati firewall dan NAT, layanan ini membuka port UDP menggunakan fungsi NAT Traversal yang dijelaskan di bagian 1.2. Selain itu, layanan ini membuka dan mendengarkan beberapa port TCP, serta beberapa port TCP dan UDP akan ditentukan sebagai target port untuk entri Universal Plug and Play (UPnP) Port Transfer yang diminta ke router lokal Anda. Paket permintaan UPnP akan dikirim secara berkala. Beberapa router mungkin mempertahankan port TCP/UDP yang terbuka secara permanen pada perangkat. Jika Anda ingin menutupnya, Anda harus melakukannya secara manual.
VPN Gate Service juga menyediakan fungsi mirror-site untuk www.vpngate.net. Ini adalah mekanisme di mana salinan konten terbaru dari www.vpngate.net akan dihosting oleh server HTTP kecil yang berjalan di program VPN Gate Service. Layanan ini akan mendaftarkan dirinya ke daftar mirror-site di www.vpngate.net. Namun, layanan ini tidak akan meneruskan komunikasi lain yang tidak ditujukan ke www.vpngate.net.
5.4. Komunikasi antara Internet melalui VPN Gate Service
VPN Gate Service menyediakan perutean antara pengguna dan Internet dengan menggunakan Fungsi NAT Virtual yang dijelaskan di bagian 2.8. VPN Gate Service mengirimkan paket polling Ping ke server yang berlokasi di Universitas Tsukuba dan ke Google Public DNS Server dengan alamat 8.8.8.8 untuk memeriksa kualitas terbaru dari koneksi Internet Anda. VPN Gate Service juga mengirim dan menerima banyak paket acak dari/ke Speed Test Server di Universitas Tsukuba. Data kualitas ini akan dilaporkan ke VPN Gate Directory Server secara otomatis dan berkala. Hasilnya akan disimpan dan dipublikasikan ke publik. Meskipun komunikasi polling periodik ini disesuaikan agar tidak membebani koneksi Internet, dalam beberapa keadaan komunikasi ini mungkin akan memengaruhi bandwidth Anda.
5.5. Informasi Operator VPN Gate Service
Jika Anda mengaktifkan VPN Gate Service di komputer Anda, komputer tersebut akan menjadi bagian dari Global Distributed Public VPN Relay Servers. Oleh karena itu, informasi administratif operator dari VPN Gate Service Anda harus dilaporkan dan didaftarkan di VPN Gate Service Directory. Informasi operator mencakup nama operator dan alamat e-mail untuk pelaporan penyalahgunaan. Informasi ini dapat dimasukkan melalui layar konfigurasi VPN Gate. Informasi yang telah dimasukkan akan dikirimkan ke VPN Gate Directory Server, disimpan, dan dipublikasikan ke publik. Oleh karena itu, Anda harus berhati-hati dalam mengisi informasi ini. Jika Anda tidak mengisi informasi operator, nama host komputer Anda akan digunakan secara otomatis sebagai nama operator, dengan menambahkan string "'s owner" setelah nama host.
5.6. Kepatuhan terhadap Hukum dalam Mengoperasikan VPN Gate Service
Di beberapa negara atau wilayah, pengguna yang berencana untuk mengaktifkan dan mengoperasikan VPN Gate Service mungkin diwajibkan untuk mendapatkan lisensi atau mendaftarkan layanan ke pemerintah. Jika wilayah Anda memiliki peraturan semacam itu, Anda harus menyelesaikan proses perizinan yang diwajibkan sebelum mengaktifkan VPN Gate Service. Baik pengembang maupun operator Proyek Eksperimen Akademik VPN Gate tidak bertanggung jawab atas tanggung jawab hukum/pidana atau kerugian yang timbul akibat kegagalan mematuhi hukum setempat Anda.
5.7. Melindungi Privasi Komunikasi
Sebagian besar negara memiliki undang-undang yang mengharuskan operator layanan komunikasi, termasuk operator VPN Gate Service, untuk melindungi privasi komunikasi pihak ketiga. Saat Anda mengoperasikan VPN Gate Service, Anda harus selalu melindungi privasi pengguna.
5.8. Log Paket
Fungsi pencatatan paket (packet logging) diimplementasikan pada VPN Gate Service. Fitur ini merekam header utama dari paket TCP/IP yang dikirim melalui Virtual Hub. Fungsi ini berguna untuk menyelidiki "alamat IP asli" dari pengguna yang terhubung ke VPN Gate Service Anda dengan memeriksa log paket dan log koneksi. Log paket hanya dicatat untuk tujuan penyelidikan yang sah. Jangan mengintip atau membocorkan log paket kecuali untuk tujuan yang benar. Tindakan semacam itu akan melanggar ketentuan pada bagian 5.7.
5.9. Fungsi Pengarsipan dan Pengkodean Otomatis Log Paket
Layanan Eksperimen Akademik VPN Gate beroperasi di bawah konstitusi dan hukum Jepang. Konstitusi Jepang menuntut perlindungan ketat terhadap privasi komunikasi. Karena layanan ini berada di bawah aturan Jepang, program VPN Gate Service menerapkan mekanisme perlindungan "Pengkodean Otomatis File Log" dan fitur ini diaktifkan secara default.
Saat ini, VPN Gate Service dikonfigurasi untuk mengkodekan file log paket yang telah melewati dua minggu atau lebih secara otomatis. Untuk melindungi privasi komunikasi, setelah file log paket dikodekan, bahkan administrator komputer lokal tidak dapat mengakses isi file log tersebut. Mekanisme ini bertujuan untuk melindungi privasi pengguna akhir dari VPN Gate Service.
Anda dapat mengubah pengaturan VPN Gate Service untuk menonaktifkan fungsi pengkodean otomatis ini. Dalam konfigurasi ini, file log paket tidak akan dikodekan meskipun sudah melewati dua minggu. Semua log paket akan tetap tersimpan dalam bentuk teks biasa di disk. Oleh karena itu, Anda harus berhati-hati agar tidak melanggar privasi pengguna.
Jika Anda memiliki kewajiban untuk mendekode file log paket yang telah dikodekan (misalnya: pengguna VPN Gate Service menyalahgunakan layanan Anda secara ilegal dan Anda perlu mendekode log paket untuk mematuhi hukum), hubungi administrator Layanan Eksperimen Akademik VPN Gate di Sekolah Pascasarjana Universitas Tsukuba, Jepang. Anda dapat menemukan alamat kontak di http://www.vpngate.net/. Administrator VPN Gate Service akan merespons permintaan dekode log paket jika ada permintaan hukum yang sah dari pengadilan atau otoritas yudisial lainnya, sesuai dengan hukum yang berlaku.
5.10. Peringatan Jika Anda Mengoperasikan VPN Gate Service di Wilayah Jepang
Jika seorang pengguna mengoperasikan VPN Gate Service di wilayah Jepang, tindakan tersebut dapat diatur oleh Hukum Telekomunikasi Jepang jika memenuhi kriteria yang ditentukan oleh hukum. Namun, menurut "Manual Kompetisi Bisnis Telekomunikasi Jepang [versi tambahan]", operasi komunikasi yang tidak bersifat komersial tidak dikategorikan sebagai "bisnis telekomunikasi". Oleh karena itu, operator VPN Gate Service biasa tidak dianggap sebagai "operator bisnis telekomunikasi" dan tidak diwajibkan untuk mendaftar ke pemerintah. Meskipun demikian, kewajiban hukum untuk melindungi privasi komunikasi tetap berlaku. Sebagai kesimpulan, jika Anda mengoperasikan VPN Gate Service di wilayah Jepang, Anda dilarang membocorkan rahasia komunikasi yang dikirim melalui layanan VPN Gate yang Anda operasikan.
5.11. VPN Gate Client
Jika SoftEther VPN Client memiliki plug-in VPN Gate Client, Anda dapat menggunakannya untuk mendapatkan daftar server VPN Gate Service yang sedang beroperasi di Internet dan membuat koneksi VPN ke server tertentu dalam daftar tersebut.
VPN Gate Client secara berkala memperbarui daftar layanan VPN Gate terbaru. Harap berhati-hati jika Anda menggunakan jaringan Internet dengan sistem pembayaran per penggunaan.
Saat Anda memulai perangkat lunak VPN Gate Client, layar yang menanyakan apakah Anda ingin mengaktifkan atau tidak VPN Gate Service akan muncul. Untuk informasi lebih lanjut tentang VPN Gate Service, silakan baca bagian-bagian di atas.
5.12. Peringatan Sebelum Bergabung atau Mengeksploitasi Proyek Eksperimen Akademik VPN Gate
Layanan Eksperimen Akademik VPN Gate dioperasikan sebagai proyek penelitian di sekolah pascasarjana Universitas Tsukuba, Jepang. Layanan ini tunduk pada hukum Jepang. Hukum negara lain bukan merupakan perhatian atau tanggung jawab kami.
Secara alami, terdapat hampir 200 negara di dunia dengan hukum yang berbeda-beda. Tidak mungkin untuk memverifikasi hukum dan regulasi setiap negara serta memastikan bahwa perangkat lunak ini sesuai dengan semua hukum di seluruh dunia sebelum dirilis. Jika seorang pengguna menggunakan layanan VPN Gate di suatu negara tertentu dan mengalami kerugian akibat tindakan aparat berwenang di negara tersebut, pengembang layanan maupun perangkat lunak ini tidak akan bertanggung jawab untuk memulihkan atau memberikan kompensasi atas kerugian atau tanggung jawab pidana yang terjadi.
Dengan menggunakan perangkat lunak dan layanan ini, pengguna harus mematuhi semua hukum dan aturan yang berlaku atas tanggung jawabnya sendiri. Pengguna akan sepenuhnya bertanggung jawab atas segala kerugian dan tanggung jawab yang timbul akibat penggunaan perangkat lunak dan layanan ini, baik di dalam maupun di luar wilayah Jepang.
Jika Anda tidak setuju atau tidak memahami peringatan di atas, jangan gunakan fungsi apa pun dari Layanan Eksperimen Akademik VPN Gate.
VPN Gate adalah proyek penelitian yang hanya bertujuan akademik. VPN Gate dikembangkan sebagai plug-in untuk SoftEther VPN dan UT-VPN. Namun, semua bagian dari VPN Gate dikembangkan dalam proyek penelitian ini di Universitas Tsukuba. Tidak ada bagian dari VPN Gate yang dikembangkan oleh SoftEther Corporation. Proyek Penelitian VPN Gate tidak dipimpin, dioperasikan, dipromosikan, atau dijamin oleh SoftEther Corporation.
5.13. Fungsi Relay P2P dalam VPN Gate Client untuk Memperkuat Kemampuan Menghindari Firewall Sensor
VPN Gate Client yang diterbitkan sejak Januari 2015 menyertakan fungsi Relay P2P. Fungsi Relay P2P diterapkan untuk memperkuat kemampuan menghindari firewall sensor. Jika fungsi Relay P2P di VPN Gate Client Anda diaktifkan, maka fungsi ini akan menerima koneksi VPN masuk dari pengguna VPN Gate yang sebagian besar berada di wilayah yang sama dengan Anda, dan menyediakan fungsi relay ke server VPN Gate eksternal yang di-host oleh pihak ketiga di lingkungan Internet bebas. Fungsi Relay P2P ini tidak menyediakan fungsi NAT bersama maupun menggantikan alamat IP keluar pengguna VPN Gate dengan alamat IP Anda. Fungsi ini hanya menyediakan layanan "refleksi" (hair-pin relaying), yaitu meneruskan koneksi dari pengguna VPN Gate yang masuk ke server VPN Gate eksternal. Dalam situasi ini, terowongan VPN melalui fungsi Relay P2P Anda pada akhirnya akan berakhir di server VPN Gate eksternal, bukan di VPN Gate Client Anda. Namun, server VPN Gate yang menjadi tujuan akhir akan mencatat alamat IP Anda sebagai alamat IP sumber dari terowongan VPN yang dimulai oleh fungsi Relay P2P Anda. Selain itu, paket data pengguna yang dikirim melalui fungsi Relay P2P Anda akan dicatat di komputer Anda sebagai log paket, sebagaimana dijelaskan dalam bagian 5.8. Setelah Anda menginstal VPN Gate Client, dan jika fungsi Relay P2P diaktifkan secara otomatis, maka semua ketentuan dalam bagian 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 5.11, dan 5.12 akan berlaku bagi Anda dan komputer Anda, sama seperti ketika Anda mengaktifkan VPN Gate Service (fungsi server VPN Gate). Jika fungsi P2P diaktifkan, maka alamat IP komputer Anda dan nama operator default yang dijelaskan dalam bagian 5.5 akan terdaftar dalam daftar server VPN Gate yang disediakan oleh Proyek VPN Gate. Anda dapat mengubah informasi ini dengan mengedit file "vpn_gate_relay.config" secara manual. Perlu dicatat bahwa Anda harus menghentikan layanan VPN Client sebelum mengeditnya. VPN Gate Client akan secara otomatis mengaktifkan fungsi Relay P2P di komputer Anda jika VPN Gate Client mendeteksi bahwa komputer Anda mungkin berada di wilayah yang memiliki firewall sensor. Jika Anda ingin menonaktifkan fungsi Relay P2P, Anda harus mengatur flag "DisableRelayServer" menjadi "true" di file "vpn_client.config", yang merupakan file konfigurasi VPN Client. Perlu dicatat bahwa Anda harus menghentikan layanan VPN Client sebelum mengeditnya. VPN Gate Client tidak mengenali regulasi tertentu di negara atau wilayah Anda. VPN Gate Client akan mengaktifkan fungsi Relay P2P meskipun negara atau wilayah Anda memiliki undang-undang yang membatasi pengoperasian fungsi relay P2P. Oleh karena itu, dalam situasi seperti ini, Anda harus menonaktifkan fungsi Relay P2P di VPN Gate Client secara manual dengan mengatur flag "DisableRelayServer", jika Anda tinggal di wilayah yang memiliki pembatasan semacam itu, atas tanggung jawab Anda sendiri.

424
src/bin/hamcore/wwwroot/admin/default/package-lock.json generated
View File

@ -31,78 +31,58 @@
"dev": true
},
"@jridgewell/gen-mapping": {
"version": "0.3.2",
"resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz",
"integrity": "sha512-mh65xKQAzI6iBcFzwv28KVWSmCkdRBWoOh+bYQGW3+6OZvbbN3TqMGo5hqYxQniRcH9F2VZIoJCm4pa3BPDK/A==",
"version": "0.3.5",
"resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz",
"integrity": "sha512-IzL8ZoEDIBRWEzlCcRhOaCupYyN5gdIK+Q6fbFdPDg6HqX6jpkItn7DFIpW9LQzXG6Df9sA7+OKnq0qlz/GaQg==",
"dev": true,
"requires": {
"@jridgewell/set-array": "^1.0.1",
"@jridgewell/set-array": "^1.2.1",
"@jridgewell/sourcemap-codec": "^1.4.10",
"@jridgewell/trace-mapping": "^0.3.9"
"@jridgewell/trace-mapping": "^0.3.24"
}
},
"@jridgewell/resolve-uri": {
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
"integrity": "sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==",
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
"integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==",
"dev": true
},
"@jridgewell/set-array": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz",
"integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==",
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz",
"integrity": "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==",
"dev": true
},
"@jridgewell/source-map": {
"version": "0.3.2",
"resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.2.tgz",
"integrity": "sha512-m7O9o2uR8k2ObDysZYzdfhb08VuEml5oWGiosa1VdaPZ/A6QyPkAJuwN0Q1lhULOf6B7MtQmHENS743hWtCrgw==",
"version": "0.3.6",
"resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.6.tgz",
"integrity": "sha512-1ZJTZebgqllO79ue2bm3rIGud/bOe0pP5BjSRCRxxYkEZS8STV7zN84UBbiYu7jy+eCKSnVIUgoWWE/tt+shMQ==",
"dev": true,
"requires": {
"@jridgewell/gen-mapping": "^0.3.0",
"@jridgewell/trace-mapping": "^0.3.9"
"@jridgewell/gen-mapping": "^0.3.5",
"@jridgewell/trace-mapping": "^0.3.25"
}
},
"@jridgewell/sourcemap-codec": {
"version": "1.4.14",
"resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
"integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==",
"version": "1.5.0",
"resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz",
"integrity": "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ==",
"dev": true
},
"@jridgewell/trace-mapping": {
"version": "0.3.17",
"resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.17.tgz",
"integrity": "sha512-MCNzAp77qzKca9+W/+I0+sEpaUnZoeasnghNeVc41VZCEKaCH73Vq3BZZ/SzWIgrqE4H4ceI+p+b6C0mHf9T4g==",
"version": "0.3.25",
"resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
"integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
"dev": true,
"requires": {
"@jridgewell/resolve-uri": "3.1.0",
"@jridgewell/sourcemap-codec": "1.4.14"
}
},
"@types/eslint": {
"version": "8.21.2",
"resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.21.2.tgz",
"integrity": "sha512-EMpxUyystd3uZVByZap1DACsMXvb82ypQnGn89e1Y0a+LYu3JJscUd/gqhRsVFDkaD2MIiWo0MT8EfXr3DGRKw==",
"dev": true,
"requires": {
"@types/estree": "*",
"@types/json-schema": "*"
}
},
"@types/eslint-scope": {
"version": "3.7.4",
"resolved": "https://registry.npmjs.org/@types/eslint-scope/-/eslint-scope-3.7.4.tgz",
"integrity": "sha512-9K4zoImiZc3HlIp6AVUDE4CWYx22a+lhSZMYNpbjW04+YF0KWj4pJXnEMjdnFTiQibFFmElcsasJXDbdI/EPhA==",
"dev": true,
"requires": {
"@types/eslint": "*",
"@types/estree": "*"
"@jridgewell/resolve-uri": "^3.1.0",
"@jridgewell/sourcemap-codec": "^1.4.14"
}
},
"@types/estree": {
"version": "0.0.51",
"resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.51.tgz",
"integrity": "sha512-CuPgU6f3eT/XgKKPqKd/gLZV1Xmvf1a2R5POBOGQa6uv82xpls89HU5zKeVoyR8XzHd1RGNOlQlvUe3CFkjWNQ==",
"version": "1.0.5",
"resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.5.tgz",
"integrity": "sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw==",
"dev": true
},
"@types/jquery": {
@ -115,16 +95,19 @@
}
},
"@types/json-schema": {
"version": "7.0.11",
"resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.11.tgz",
"integrity": "sha512-wOuvG1SN4Us4rez+tylwwwCV1psiNVOkJeM3AUWUNWg/jDQY2+HE/444y5gc+jBmRqASOm2Oeh5c1axHobwRKQ==",
"version": "7.0.15",
"resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz",
"integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==",
"dev": true
},
"@types/node": {
"version": "18.15.3",
"resolved": "https://registry.npmjs.org/@types/node/-/node-18.15.3.tgz",
"integrity": "sha512-p6ua9zBxz5otCmbpb5D3U4B5Nanw6Pk3PPyX05xnxbB/fRv71N7CPmORg7uAD5P70T0xmx1pzAx/FUfa5X+3cw==",
"dev": true
"version": "22.5.1",
"resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.1.tgz",
"integrity": "sha512-KkHsxej0j9IW1KKOOAA/XBA0z08UFSrRQHErzEfA3Vgq57eXIMYboIlHJuYIfd+lwCQjtKqUu3UnmKbtUc9yRw==",
"dev": true,
"requires": {
"undici-types": "~6.19.2"
}
},
"@types/sizzle": {
"version": "2.3.2",
@ -133,148 +116,148 @@
"dev": true
},
"@webassemblyjs/ast": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.11.1.tgz",
"integrity": "sha512-ukBh14qFLjxTQNTXocdyksN5QdM28S1CxHt2rdskFyL+xFV7VremuBLVbmCePj+URalXBENx/9Lm7lnhihtCSw==",
"version": "1.12.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.12.1.tgz",
"integrity": "sha512-EKfMUOPRRUTy5UII4qJDGPpqfwjOmZ5jeGFwid9mnoqIFK+e0vqoi1qH56JpmZSzEL53jKnNzScdmftJyG5xWg==",
"dev": true,
"requires": {
"@webassemblyjs/helper-numbers": "1.11.1",
"@webassemblyjs/helper-wasm-bytecode": "1.11.1"
"@webassemblyjs/helper-numbers": "1.11.6",
"@webassemblyjs/helper-wasm-bytecode": "1.11.6"
}
},
"@webassemblyjs/floating-point-hex-parser": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.1.tgz",
"integrity": "sha512-iGRfyc5Bq+NnNuX8b5hwBrRjzf0ocrJPI6GWFodBFzmFnyvrQ83SHKhmilCU/8Jv67i4GJZBMhEzltxzcNagtQ==",
"version": "1.11.6",
"resolved": "https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.6.tgz",
"integrity": "sha512-ejAj9hfRJ2XMsNHk/v6Fu2dGS+i4UaXBXGemOfQ/JfQ6mdQg/WXtwleQRLLS4OvfDhv8rYnVwH27YJLMyYsxhw==",
"dev": true
},
"@webassemblyjs/helper-api-error": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.1.tgz",
"integrity": "sha512-RlhS8CBCXfRUR/cwo2ho9bkheSXG0+NwooXcc3PAILALf2QLdFyj7KGsKRbVc95hZnhnERon4kW/D3SZpp6Tcg==",
"version": "1.11.6",
"resolved": "https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.6.tgz",
"integrity": "sha512-o0YkoP4pVu4rN8aTJgAyj9hC2Sv5UlkzCHhxqWj8butaLvnpdc2jOwh4ewE6CX0txSfLn/UYaV/pheS2Txg//Q==",
"dev": true
},
"@webassemblyjs/helper-buffer": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.1.tgz",
"integrity": "sha512-gwikF65aDNeeXa8JxXa2BAk+REjSyhrNC9ZwdT0f8jc4dQQeDQ7G4m0f2QCLPJiMTTO6wfDmRmj/pW0PsUvIcA==",
"version": "1.12.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.12.1.tgz",
"integrity": "sha512-nzJwQw99DNDKr9BVCOZcLuJJUlqkJh+kVzVl6Fmq/tI5ZtEyWT1KZMyOXltXLZJmDtvLCDgwsyrkohEtopTXCw==",
"dev": true
},
"@webassemblyjs/helper-numbers": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.1.tgz",
"integrity": "sha512-vDkbxiB8zfnPdNK9Rajcey5C0w+QJugEglN0of+kmO8l7lDb77AnlKYQF7aarZuCrv+l0UvqL+68gSDr3k9LPQ==",
"version": "1.11.6",
"resolved": "https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.6.tgz",
"integrity": "sha512-vUIhZ8LZoIWHBohiEObxVm6hwP034jwmc9kuq5GdHZH0wiLVLIPcMCdpJzG4C11cHoQ25TFIQj9kaVADVX7N3g==",
"dev": true,
"requires": {
"@webassemblyjs/floating-point-hex-parser": "1.11.1",
"@webassemblyjs/helper-api-error": "1.11.1",
"@webassemblyjs/floating-point-hex-parser": "1.11.6",
"@webassemblyjs/helper-api-error": "1.11.6",
"@xtuc/long": "4.2.2"
}
},
"@webassemblyjs/helper-wasm-bytecode": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.1.tgz",
"integrity": "sha512-PvpoOGiJwXeTrSf/qfudJhwlvDQxFgelbMqtq52WWiXC6Xgg1IREdngmPN3bs4RoO83PnL/nFrxucXj1+BX62Q==",
"version": "1.11.6",
"resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.6.tgz",
"integrity": "sha512-sFFHKwcmBprO9e7Icf0+gddyWYDViL8bpPjJJl0WHxCdETktXdmtWLGVzoHbqUcY4Be1LkNfwTmXOJUFZYSJdA==",
"dev": true
},
"@webassemblyjs/helper-wasm-section": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.1.tgz",
"integrity": "sha512-10P9No29rYX1j7F3EVPX3JvGPQPae+AomuSTPiF9eBQeChHI6iqjMIwR9JmOJXwpnn/oVGDk7I5IlskuMwU/pg==",
"version": "1.12.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.12.1.tgz",
"integrity": "sha512-Jif4vfB6FJlUlSbgEMHUyk1j234GTNG9dBJ4XJdOySoj518Xj0oGsNi59cUQF4RRMS9ouBUxDDdyBVfPTypa5g==",
"dev": true,
"requires": {
"@webassemblyjs/ast": "1.11.1",
"@webassemblyjs/helper-buffer": "1.11.1",
"@webassemblyjs/helper-wasm-bytecode": "1.11.1",
"@webassemblyjs/wasm-gen": "1.11.1"
"@webassemblyjs/ast": "1.12.1",
"@webassemblyjs/helper-buffer": "1.12.1",
"@webassemblyjs/helper-wasm-bytecode": "1.11.6",
"@webassemblyjs/wasm-gen": "1.12.1"
}
},
"@webassemblyjs/ieee754": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.11.1.tgz",
"integrity": "sha512-hJ87QIPtAMKbFq6CGTkZYJivEwZDbQUgYd3qKSadTNOhVY7p+gfP6Sr0lLRVTaG1JjFj+r3YchoqRYxNH3M0GQ==",
"version": "1.11.6",
"resolved": "https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.11.6.tgz",
"integrity": "sha512-LM4p2csPNvbij6U1f19v6WR56QZ8JcHg3QIJTlSwzFcmx6WSORicYj6I63f9yU1kEUtrpG+kjkiIAkevHpDXrg==",
"dev": true,
"requires": {
"@xtuc/ieee754": "^1.2.0"
}
},
"@webassemblyjs/leb128": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.11.1.tgz",
"integrity": "sha512-BJ2P0hNZ0u+Th1YZXJpzW6miwqQUGcIHT1G/sf72gLVD9DZ5AdYTqPNbHZh6K1M5VmKvFXwGSWZADz+qBWxeRw==",
"version": "1.11.6",
"resolved": "https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.11.6.tgz",
"integrity": "sha512-m7a0FhE67DQXgouf1tbN5XQcdWoNgaAuoULHIfGFIEVKA6tu/edls6XnIlkmS6FrXAquJRPni3ZZKjw6FSPjPQ==",
"dev": true,
"requires": {
"@xtuc/long": "4.2.2"
}
},
"@webassemblyjs/utf8": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.11.1.tgz",
"integrity": "sha512-9kqcxAEdMhiwQkHpkNiorZzqpGrodQQ2IGrHHxCy+Ozng0ofyMA0lTqiLkVs1uzTRejX+/O0EOT7KxqVPuXosQ==",
"version": "1.11.6",
"resolved": "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.11.6.tgz",
"integrity": "sha512-vtXf2wTQ3+up9Zsg8sa2yWiQpzSsMyXj0qViVP6xKGCUT8p8YJ6HqI7l5eCnWx1T/FYdsv07HQs2wTFbbof/RA==",
"dev": true
},
"@webassemblyjs/wasm-edit": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.1.tgz",
"integrity": "sha512-g+RsupUC1aTHfR8CDgnsVRVZFJqdkFHpsHMfJuWQzWU3tvnLC07UqHICfP+4XyL2tnr1amvl1Sdp06TnYCmVkA==",
"version": "1.12.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.12.1.tgz",
"integrity": "sha512-1DuwbVvADvS5mGnXbE+c9NfA8QRcZ6iKquqjjmR10k6o+zzsRVesil54DKexiowcFCPdr/Q0qaMgB01+SQ1u6g==",
"dev": true,
"requires": {
"@webassemblyjs/ast": "1.11.1",
"@webassemblyjs/helper-buffer": "1.11.1",
"@webassemblyjs/helper-wasm-bytecode": "1.11.1",
"@webassemblyjs/helper-wasm-section": "1.11.1",
"@webassemblyjs/wasm-gen": "1.11.1",
"@webassemblyjs/wasm-opt": "1.11.1",
"@webassemblyjs/wasm-parser": "1.11.1",
"@webassemblyjs/wast-printer": "1.11.1"
"@webassemblyjs/ast": "1.12.1",
"@webassemblyjs/helper-buffer": "1.12.1",
"@webassemblyjs/helper-wasm-bytecode": "1.11.6",
"@webassemblyjs/helper-wasm-section": "1.12.1",
"@webassemblyjs/wasm-gen": "1.12.1",
"@webassemblyjs/wasm-opt": "1.12.1",
"@webassemblyjs/wasm-parser": "1.12.1",
"@webassemblyjs/wast-printer": "1.12.1"
}
},
"@webassemblyjs/wasm-gen": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.1.tgz",
"integrity": "sha512-F7QqKXwwNlMmsulj6+O7r4mmtAlCWfO/0HdgOxSklZfQcDu0TpLiD1mRt/zF25Bk59FIjEuGAIyn5ei4yMfLhA==",
"version": "1.12.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.12.1.tgz",
"integrity": "sha512-TDq4Ojh9fcohAw6OIMXqiIcTq5KUXTGRkVxbSo1hQnSy6lAM5GSdfwWeSxpAo0YzgsgF182E/U0mDNhuA0tW7w==",
"dev": true,
"requires": {
"@webassemblyjs/ast": "1.11.1",
"@webassemblyjs/helper-wasm-bytecode": "1.11.1",
"@webassemblyjs/ieee754": "1.11.1",
"@webassemblyjs/leb128": "1.11.1",
"@webassemblyjs/utf8": "1.11.1"
"@webassemblyjs/ast": "1.12.1",
"@webassemblyjs/helper-wasm-bytecode": "1.11.6",
"@webassemblyjs/ieee754": "1.11.6",
"@webassemblyjs/leb128": "1.11.6",
"@webassemblyjs/utf8": "1.11.6"
}
},
"@webassemblyjs/wasm-opt": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.1.tgz",
"integrity": "sha512-VqnkNqnZlU5EB64pp1l7hdm3hmQw7Vgqa0KF/KCNO9sIpI6Fk6brDEiX+iCOYrvMuBWDws0NkTOxYEb85XQHHw==",
"version": "1.12.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.12.1.tgz",
"integrity": "sha512-Jg99j/2gG2iaz3hijw857AVYekZe2SAskcqlWIZXjji5WStnOpVoat3gQfT/Q5tb2djnCjBtMocY/Su1GfxPBg==",
"dev": true,
"requires": {
"@webassemblyjs/ast": "1.11.1",
"@webassemblyjs/helper-buffer": "1.11.1",
"@webassemblyjs/wasm-gen": "1.11.1",
"@webassemblyjs/wasm-parser": "1.11.1"
"@webassemblyjs/ast": "1.12.1",
"@webassemblyjs/helper-buffer": "1.12.1",
"@webassemblyjs/wasm-gen": "1.12.1",
"@webassemblyjs/wasm-parser": "1.12.1"
}
},
"@webassemblyjs/wasm-parser": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.1.tgz",
"integrity": "sha512-rrBujw+dJu32gYB7/Lup6UhdkPx9S9SnobZzRVL7VcBH9Bt9bCBLEuX/YXOOtBsOZ4NQrRykKhffRWHvigQvOA==",
"version": "1.12.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.12.1.tgz",
"integrity": "sha512-xikIi7c2FHXysxXe3COrVUPSheuBtpcfhbpFj4gmu7KRLYOzANztwUU0IbsqvMqzuNK2+glRGWCEqZo1WCLyAQ==",
"dev": true,
"requires": {
"@webassemblyjs/ast": "1.11.1",
"@webassemblyjs/helper-api-error": "1.11.1",
"@webassemblyjs/helper-wasm-bytecode": "1.11.1",
"@webassemblyjs/ieee754": "1.11.1",
"@webassemblyjs/leb128": "1.11.1",
"@webassemblyjs/utf8": "1.11.1"
"@webassemblyjs/ast": "1.12.1",
"@webassemblyjs/helper-api-error": "1.11.6",
"@webassemblyjs/helper-wasm-bytecode": "1.11.6",
"@webassemblyjs/ieee754": "1.11.6",
"@webassemblyjs/leb128": "1.11.6",
"@webassemblyjs/utf8": "1.11.6"
}
},
"@webassemblyjs/wast-printer": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.11.1.tgz",
"integrity": "sha512-IQboUWM4eKzWW+N/jij2sRatKMh99QEelo3Eb2q0qXkvPRISAj8Qxtmw5itwqK+TTkBuUIE45AxYPToqPtL5gg==",
"version": "1.12.1",
"resolved": "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.12.1.tgz",
"integrity": "sha512-+X4WAlOisVWQMikjbcvY2e0rwPsKQ9F688lksZhBcPycBBuii3O7m8FACbDMWDojpAqvjIncrG8J0XHKyQfVeA==",
"dev": true,
"requires": {
"@webassemblyjs/ast": "1.11.1",
"@webassemblyjs/ast": "1.12.1",
"@xtuc/long": "4.2.2"
}
},
@ -309,15 +292,15 @@
"dev": true
},
"acorn": {
"version": "8.8.2",
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.2.tgz",
"integrity": "sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==",
"version": "8.12.1",
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.12.1.tgz",
"integrity": "sha512-tcpGyI9zbizT9JbV6oYE477V6mTlXvvi0T0G3SNIYE2apm/G5huBa1+K89VGeovbg+jycCrfhl3ADxErOuO6Jg==",
"dev": true
},
"acorn-import-assertions": {
"version": "1.8.0",
"resolved": "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.8.0.tgz",
"integrity": "sha512-m7VZ3jwz4eK6A4Vtt8Ew1/mNbP24u0FhdyfA7fSvnJR6LMdfOYnmuIrrJAgrYfYJ10F/otaHTtrtrtmHdMNzEw==",
"acorn-import-attributes": {
"version": "1.9.5",
"resolved": "https://registry.npmjs.org/acorn-import-attributes/-/acorn-import-attributes-1.9.5.tgz",
"integrity": "sha512-n02Vykv5uA3eHGM/Z2dQrcD56kL8TyDb2p1+0P83PClMnC/nc+anbQRhIOWnSq4Ke/KvDPrY3C9hDtC/A3eHnQ==",
"dev": true
},
"ajv": {
@ -393,15 +376,15 @@
}
},
"browserslist": {
"version": "4.21.5",
"resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.5.tgz",
"integrity": "sha512-tUkiguQGW7S3IhB7N+c2MV/HZPSCPAAiYBZXLsBhFB/PCy6ZKKsZrmBayHV9fdGV/ARIfJ14NkxKzRDjvp7L6w==",
"version": "4.23.3",
"resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.3.tgz",
"integrity": "sha512-btwCFJVjI4YWDNfau8RhZ+B1Q/VLoUITrm3RlP6y1tYGWIOa+InuYiRGXUBXo8nA1qKmHMyLB/iVQg5TT4eFoA==",
"dev": true,
"requires": {
"caniuse-lite": "^1.0.30001449",
"electron-to-chromium": "^1.4.284",
"node-releases": "^2.0.8",
"update-browserslist-db": "^1.0.10"
"caniuse-lite": "^1.0.30001646",
"electron-to-chromium": "^1.5.4",
"node-releases": "^2.0.18",
"update-browserslist-db": "^1.1.0"
}
},
"buffer-from": {
@ -417,9 +400,9 @@
"dev": true
},
"caniuse-lite": {
"version": "1.0.30001466",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001466.tgz",
"integrity": "sha512-ewtFBSfWjEmxUgNBSZItFSmVtvk9zkwkl1OfRZlKA8slltRN+/C/tuGVrF9styXkN36Yu3+SeJ1qkXxDEyNZ5w==",
"version": "1.0.30001655",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001655.tgz",
"integrity": "sha512-jRGVy3iSGO5Uutn2owlb5gR6qsGngTw9ZTb4ali9f3glshcNmJ2noam4Mo9zia5P9Dk3jNNydy7vQjuE5dQmfg==",
"dev": true
},
"chalk": {
@ -434,9 +417,9 @@
}
},
"chrome-trace-event": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/chrome-trace-event/-/chrome-trace-event-1.0.3.tgz",
"integrity": "sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==",
"version": "1.0.4",
"resolved": "https://registry.npmjs.org/chrome-trace-event/-/chrome-trace-event-1.0.4.tgz",
"integrity": "sha512-rNjApaLzuwaOTjCiT8lSDdGN1APCiqkChLMJxJPWLunPAt5fy8xgU9/jNOchV84wfIxrA0lRQB7oCT8jrn/wrQ==",
"dev": true
},
"clone-deep": {
@ -506,9 +489,9 @@
"dev": true
},
"electron-to-chromium": {
"version": "1.4.330",
"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.330.tgz",
"integrity": "sha512-PqyefhybrVdjAJ45HaPLtuVaehiSw7C3ya0aad+rvmV53IVyXmYRk3pwIOb2TxTDTnmgQdn46NjMMaysx79/6Q==",
"version": "1.5.13",
"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.13.tgz",
"integrity": "sha512-lbBcvtIJ4J6sS4tb5TLp1b4LyfCdMkwStzXPyAgVgTRAsep4bvrAGaBOP7ZJtQMNJpSQ9SqG4brWOroNaQtm7Q==",
"dev": true
},
"enhanced-resolve": {
@ -528,15 +511,15 @@
"dev": true
},
"es-module-lexer": {
"version": "0.9.3",
"resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-0.9.3.tgz",
"integrity": "sha512-1HQ2M2sPtxwnvOvT1ZClHyQDiggdNjURWpY2we6aMKCQiUVxTmVs2UYPLIrD84sS+kMdUwfBSylbJPwNnBrnHQ==",
"version": "1.5.4",
"resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.5.4.tgz",
"integrity": "sha512-MVNK56NiMrOwitFB7cqDwq0CQutbw+0BvLshJSse0MUNU+y1FC3bUS/AQg7oUng+/wKrrki7JfmwtVHkVfPLlw==",
"dev": true
},
"escalade": {
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz",
"integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==",
"version": "3.2.0",
"resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz",
"integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==",
"dev": true
},
"escape-string-regexp": {
@ -901,9 +884,9 @@
"dev": true
},
"node-releases": {
"version": "2.0.10",
"resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.10.tgz",
"integrity": "sha512-5GFldHPXVG/YZmFzJvKK2zDSzPKhEp0+ZR5SVaoSag9fsL5YgHbUHDfnG5494ISANDcK4KwPXAx2xqVEydmd7w==",
"version": "2.0.18",
"resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.18.tgz",
"integrity": "sha512-d9VeXT4SJ7ZeOqGX6R5EM022wpL+eWPooLI+5UpWn2jCT1aosUQEhQP214x33Wkwx3JQMvIm+tIoVOdodFS40g==",
"dev": true
},
"once": {
@ -964,9 +947,9 @@
"dev": true
},
"picocolors": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz",
"integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==",
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.1.tgz",
"integrity": "sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew==",
"dev": true
},
"picomatch": {
@ -985,9 +968,9 @@
}
},
"punycode": {
"version": "2.3.0",
"resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.0.tgz",
"integrity": "sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA==",
"version": "2.3.1",
"resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
"integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
"dev": true
},
"randombytes": {
@ -1052,9 +1035,9 @@
"dev": true
},
"schema-utils": {
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.1.1.tgz",
"integrity": "sha512-Y5PQxS4ITlC+EahLuXaY86TXfR7Dc5lw294alXOq86JAHCihAIZfqv8nNCWvaEJvaC51uN9hbLGeV0cFBdH+Fw==",
"version": "3.3.0",
"resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz",
"integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==",
"dev": true,
"requires": {
"@types/json-schema": "^7.0.8",
@ -1069,9 +1052,9 @@
"dev": true
},
"serialize-javascript": {
"version": "6.0.1",
"resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.1.tgz",
"integrity": "sha512-owoXEFjWRllis8/M1Q+Cw5k8ZH40e3zhp/ovX+Xr/vi1qj6QesbyXXViFbpNvWvPNAD62SutwEXavefrLJWj7w==",
"version": "6.0.2",
"resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz",
"integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==",
"dev": true,
"requires": {
"randombytes": "^2.1.0"
@ -1145,28 +1128,28 @@
"dev": true
},
"terser": {
"version": "5.16.6",
"resolved": "https://registry.npmjs.org/terser/-/terser-5.16.6.tgz",
"integrity": "sha512-IBZ+ZQIA9sMaXmRZCUMDjNH0D5AQQfdn4WUjHL0+1lF4TP1IHRJbrhb6fNaXWikrYQTSkb7SLxkeXAiy1p7mbg==",
"version": "5.31.6",
"resolved": "https://registry.npmjs.org/terser/-/terser-5.31.6.tgz",
"integrity": "sha512-PQ4DAriWzKj+qgehQ7LK5bQqCFNMmlhjR2PFFLuqGCpuCAauxemVBWwWOxo3UIwWQx8+Pr61Df++r76wDmkQBg==",
"dev": true,
"requires": {
"@jridgewell/source-map": "^0.3.2",
"acorn": "^8.5.0",
"@jridgewell/source-map": "^0.3.3",
"acorn": "^8.8.2",
"commander": "^2.20.0",
"source-map-support": "~0.5.20"
}
},
"terser-webpack-plugin": {
"version": "5.3.7",
"resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.7.tgz",
"integrity": "sha512-AfKwIktyP7Cu50xNjXF/6Qb5lBNzYaWpU6YfoX3uZicTx0zTy0stDDCsvjDapKsSDvOeWo5MEq4TmdBy2cNoHw==",
"version": "5.3.10",
"resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.10.tgz",
"integrity": "sha512-BKFPWlPDndPs+NGGCr1U59t0XScL5317Y0UReNrHaw9/FwhPENlq6bfgs+4yPfyP51vqC1bQ4rp1EfXW5ZSH9w==",
"dev": true,
"requires": {
"@jridgewell/trace-mapping": "^0.3.17",
"@jridgewell/trace-mapping": "^0.3.20",
"jest-worker": "^27.4.5",
"schema-utils": "^3.1.1",
"serialize-javascript": "^6.0.1",
"terser": "^5.16.5"
"terser": "^5.26.0"
}
},
"to-regex-range": {
@ -1292,14 +1275,20 @@
"integrity": "sha512-YycBxUb49UUhdNMU5aJ7z5Ej2XGmaIBL0x34vZ82fn3hGvD+bgrMrVDpatgz2f7YxUMJxMkbWxJZeAvDxVe7Vw==",
"dev": true
},
"undici-types": {
"version": "6.19.8",
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz",
"integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==",
"dev": true
},
"update-browserslist-db": {
"version": "1.0.10",
"resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.10.tgz",
"integrity": "sha512-OztqDenkfFkbSG+tRxBeAnCVPckDBcvibKd35yDONx6OU8N7sqgwc7rCbkJ/WcYtVRZ4ba68d6byhC21GFh7sQ==",
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.0.tgz",
"integrity": "sha512-EdRAaAyk2cUE1wOf2DkEhzxqOQvFOoRJFNS6NeyJ01Gp2beMRpBAINjM2iDXE3KCuKhwnvHIQCJm6ThL2Z+HzQ==",
"dev": true,
"requires": {
"escalade": "^3.1.1",
"picocolors": "^1.0.0"
"escalade": "^3.1.2",
"picocolors": "^1.0.1"
}
},
"uri-js": {
@ -1318,9 +1307,9 @@
"dev": true
},
"watchpack": {
"version": "2.4.0",
"resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.0.tgz",
"integrity": "sha512-Lcvm7MGST/4fup+ifyKi2hjyIAwcdI4HRgtvTpIUxBRhB+RFtUh8XtDOxUfctVCnhVi+QQj49i91OyvzkJl6cg==",
"version": "2.4.2",
"resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.2.tgz",
"integrity": "sha512-TnbFSbcOCcDgjZ4piURLCbJ3nJhznVh9kw6F6iokjiFPl8ONxe9A6nMDVXDiNbrSfLILs6vB07F7wLBrwPYzJw==",
"dev": true,
"requires": {
"glob-to-regexp": "^0.4.1",
@ -1328,35 +1317,52 @@
}
},
"webpack": {
"version": "5.76.0",
"resolved": "https://registry.npmjs.org/webpack/-/webpack-5.76.0.tgz",
"integrity": "sha512-l5sOdYBDunyf72HW8dF23rFtWq/7Zgvt/9ftMof71E/yUb1YLOBmTgA2K4vQthB3kotMrSj609txVE0dnr2fjA==",
"version": "5.94.0",
"resolved": "https://registry.npmjs.org/webpack/-/webpack-5.94.0.tgz",
"integrity": "sha512-KcsGn50VT+06JH/iunZJedYGUJS5FGjow8wb9c0v5n1Om8O1g4L6LjtfxwlXIATopoQu+vOXXa7gYisWxCoPyg==",
"dev": true,
"requires": {
"@types/eslint-scope": "^3.7.3",
"@types/estree": "^0.0.51",
"@webassemblyjs/ast": "1.11.1",
"@webassemblyjs/wasm-edit": "1.11.1",
"@webassemblyjs/wasm-parser": "1.11.1",
"@types/estree": "^1.0.5",
"@webassemblyjs/ast": "^1.12.1",
"@webassemblyjs/wasm-edit": "^1.12.1",
"@webassemblyjs/wasm-parser": "^1.12.1",
"acorn": "^8.7.1",
"acorn-import-assertions": "^1.7.6",
"browserslist": "^4.14.5",
"acorn-import-attributes": "^1.9.5",
"browserslist": "^4.21.10",
"chrome-trace-event": "^1.0.2",
"enhanced-resolve": "^5.10.0",
"es-module-lexer": "^0.9.0",
"enhanced-resolve": "^5.17.1",
"es-module-lexer": "^1.2.1",
"eslint-scope": "5.1.1",
"events": "^3.2.0",
"glob-to-regexp": "^0.4.1",
"graceful-fs": "^4.2.9",
"graceful-fs": "^4.2.11",
"json-parse-even-better-errors": "^2.3.1",
"loader-runner": "^4.2.0",
"mime-types": "^2.1.27",
"neo-async": "^2.6.2",
"schema-utils": "^3.1.0",
"schema-utils": "^3.2.0",
"tapable": "^2.1.1",
"terser-webpack-plugin": "^5.1.3",
"watchpack": "^2.4.0",
"terser-webpack-plugin": "^5.3.10",
"watchpack": "^2.4.1",
"webpack-sources": "^3.2.3"
},
"dependencies": {
"enhanced-resolve": {
"version": "5.17.1",
"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.17.1.tgz",
"integrity": "sha512-LMHl3dXhTcfv8gM4kEzIUeTQ+7fpdA0l2tUf34BddXPkz2A5xJ5L/Pchd5BL6rdccM9QGvu0sWZzK1Z1t4wwyg==",
"dev": true,
"requires": {
"graceful-fs": "^4.2.4",
"tapable": "^2.2.0"
}
},
"graceful-fs": {
"version": "4.2.11",
"resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
"integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==",
"dev": true
}
}
},
"webpack-cli": {

8
src/vpncmd/vpncmd.c
View File

@ -6,7 +6,9 @@
// VPN Command Line Management Utility
#include "Cedar/Cedar.h"
#ifdef OS_WIN32
#include "Cedar/CMInner.h"
#endif
#include "Cedar/Command.h"
#include "Mayaqua/Internat.h"
@ -39,6 +41,10 @@ int main(int argc, char *argv[])
#endif
InitCedar();
#ifdef OS_WIN32
CmExecUiHelperMain();
#endif
s = GetCommandLineUniStr();
if (s == NULL)

7
systemd/softether-vpnbridge.service
View File

@ -4,11 +4,8 @@ After=network.target auditd.service
ConditionPathExists=!@DIR@/softether/vpnbridge/do_not_run
[Service]
Type=forking
EnvironmentFile=-@DIR@/softether/vpnbridge
ExecStart=@DIR@/softether/vpnbridge/vpnbridge start
ExecStop=@DIR@/softether/vpnbridge/vpnbridge stop
KillMode=process
Type=exec
ExecStart=@DIR@/softether/vpnbridge/vpnbridge execsvc
Restart=on-failure
# Hardening

7
systemd/softether-vpnclient.service
View File

@ -4,11 +4,8 @@ After=network.target auditd.service
ConditionPathExists=!@DIR@/softether/vpnclient/do_not_run
[Service]
Type=forking
EnvironmentFile=-@DIR@/softether/vpnclient
ExecStart=@DIR@/softether/vpnclient/vpnclient start
ExecStop=@DIR@/softether/vpnclient/vpnclient stop
KillMode=process
Type=exec
ExecStart=@DIR@/softether/vpnclient/vpnclient execsvc
Restart=on-failure
# Hardening

7
systemd/softether-vpnserver.service
View File

@ -4,12 +4,9 @@ After=network.target auditd.service
ConditionPathExists=!@DIR@/softether/vpnserver/do_not_run
[Service]
Type=forking
Type=exec
TasksMax=infinity
EnvironmentFile=-@DIR@/softether/vpnserver
ExecStart=@DIR@/softether/vpnserver/vpnserver start
ExecStop=@DIR@/softether/vpnserver/vpnserver stop
KillMode=process
ExecStart=@DIR@/softether/vpnserver/vpnserver execsvc
Restart=on-failure
# Hardening