AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2026-01-25 21:00:12 +03:00
Code Releases Activity

Compare commits

base: AMajor:3f9c3fe2a1874c56eb80565b07dde7a681bebc28
Branches Tags
AMajor:master AMajor:copilot/fix-false-positive-detection AMajor:dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/js-yaml-3.14.2
AMajor:5.2.5188 AMajor:5.02.5187 AMajor:5.02.5186 AMajor:5.02.5185 AMajor:5.02.5184 AMajor:5.02.5183 AMajor:5.02.5182 AMajor:5.02.5181 AMajor:5.02.5180 AMajor:5.02.0 AMajor:5.01.9674 AMajor:5.01.9673 AMajor:5.01.9672 AMajor:5.01.9671 AMajor:5.01.9670 AMajor:5.01.9669 AMajor:5.01.9668 AMajor:5.01.9667 AMajor:5.01.9666 AMajor:5.01.9665 AMajor:5.01.9664 AMajor:5.01.9663 AMajor:5.01.9662 AMajor:5.01.9661 AMajor:5.01.9660 AMajor:5.01.9659 AMajor:5.01.9658
..
compare: AMajor:copilot/fix-false-positive-detection
Branches Tags
AMajor:master AMajor:copilot/fix-false-positive-detection AMajor:dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/js-yaml-3.14.2
AMajor:5.2.5188 AMajor:5.02.5187 AMajor:5.02.5186 AMajor:5.02.5185 AMajor:5.02.5184 AMajor:5.02.5183 AMajor:5.02.5182 AMajor:5.02.5181 AMajor:5.02.5180 AMajor:5.02.0 AMajor:5.01.9674 AMajor:5.01.9673 AMajor:5.01.9672 AMajor:5.01.9671 AMajor:5.01.9670 AMajor:5.01.9669 AMajor:5.01.9668 AMajor:5.01.9667 AMajor:5.01.9666 AMajor:5.01.9665 AMajor:5.01.9664 AMajor:5.01.9663 AMajor:5.01.9662 AMajor:5.01.9661 AMajor:5.01.9660 AMajor:5.01.9659 AMajor:5.01.9658

38 Commits
3f9c3fe2a1 ... copilot/fi

Author SHA1 Message Date
copilot-swe-agent[bot]
1ec05c0cb6 Revert changes to common.manifest as requested 
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
 2025-12-06 17:27:51 +00:00
copilot-swe-agent[bot]
873ba87029 Improve PowerShell script with error handling and add manifest clarification 
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
 2025-12-05 18:20:32 +00:00
copilot-swe-agent[bot]
2e83cd5726 Address code review feedback: remove outdated date and add manifest comment 
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
 2025-12-05 18:18:04 +00:00
copilot-swe-agent[bot]
3bf7361dc1 Fix typo in PowerShell exclusion script 
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
 2025-12-05 18:15:21 +00:00
copilot-swe-agent[bot]
c26f89e441 Update issue templates and security documentation for antivirus false positives 
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
 2025-12-05 18:14:06 +00:00
copilot-swe-agent[bot]
3526387d5b Add comprehensive antivirus false positive documentation 
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
 2025-12-05 18:12:40 +00:00
copilot-swe-agent[bot]
9ad703731a Initial plan 2025-12-05 18:06:07 +00:00
Ilya Shipitsin
204ab85e51 Merge pull request #2182 from siddharth-narayan/pq-submodule-update 
Update liboqs and oqs-provider submodules
 2025-12-02 10:02:48 +01:00
Siddharth Narayan
2628c562be Disable unecessary liboqs algorithms 2025-12-02 02:57:15 -06:00
Siddharth Narayan
e9f7089c8b Update post quantum submodules 2025-12-02 02:05:27 -06:00
Ilya Shipitsin
9be944a9b2 Merge pull request #2180 from jgrasboeck/configurable_dhcp_discover_timout 
Config value for dhcp discover timeout
 2025-11-26 16:27:59 +01:00
Julian Grasböck
137d7f551f Ensure DHCP resend interval is not to long 2025-11-26 14:57:58 +01:00
Julian Grasböck
d90e89bbbd Safety fallback to default behaviour 2025-11-26 14:57:23 +01:00
Julian Grasböck
173df872b8 Config value for dhcp discover timeout 2025-11-26 13:56:29 +01:00
Ilya Shipitsin
acbc514b87 Merge pull request #2170 from kanglongwei/branch2 
fix: #2166 L3KnownArp, delete entry from the incorrect list
 2025-10-28 21:44:25 +01:00
Ilya Shipitsin
d9d78a0b2c Merge pull request #2171 from chipitsine/master 
CI: modernize freebsd image
 2025-10-25 11:26:11 +02:00
Ilia Shipitsin
1373ed4c6c CI: modernize freebsd image 2025-10-25 10:08:15 +02:00
Ilya Shipitsin
ffe9ade675 Merge pull request #2169 from kanglongwei/branch1 
fix: #2165 memory leak
 2025-10-13 14:13:55 +02:00
w00485423
ab245552b1 fix: #2165 memory leak 2025-10-13 20:05:28 +08:00
w00485423
fdcb0a207b fix: #2166 L3KnownArp, delete entry from the incorrect list 2025-10-10 21:20:30 +08:00
Ilya Shipitsin
564d2f84b4 Merge pull request #2163 from martinetd/disable_oqs 
Mayaqua build: allow disabling OQS
 2025-10-01 11:27:06 +02:00
Dominique Martinet
4bb366572d Mayaqua build: allow disabling OQS 
SoftEtherVPN version 5.02.5186 enable post-quantum algorithms, but these
come at a large size increase (after strip, on x86_64, with default
options as of master):
- default options: 9.1M
- new -DOQS_ENABLE=OFF: 762K

Note it is also possible to disable all the algorithms individually by
passing the (243!) options to cmake -DOQS_ENABLE_KEM_BIKE=OFF
-DOQS_ENABLE_KEM_FRODOKEM=OFF -DOQS_ENABLE_KEM_NTRUPRIME=OFF ...,
in which case the binary goes back to a reasonable size of 830K

In the future, it might make sense to add a few settings picking
"sensible" algorithms, e.g. allow everything for a server build or only
allow the best algorithms for a lightweight client.

See: #2148
 2025-10-01 18:05:59 +09:00
Ilya Shipitsin
6c04825b46 Merge pull request #2157 from chipitsine/1ce88cea-29e8-466a-88f4-3713e94171d8 
docker: smoke test image during generating
 2025-09-06 16:31:04 +02:00
Ilia Shipitsin
0ec8a1ed54 docker: smoke test image during generating 
reference: https://github.com/SoftEtherVPN/SoftetherVPN-docker/issues/17
 2025-09-05 21:22:43 +02:00
Ilya Shipitsin
2acefef41e Merge pull request #2156 from metalefty/fix_cpu_features 
Proper fix for #2122 #2150
 2025-09-05 19:43:42 +02:00
Koichiro Iwao
efb04daa34 Proper fix for #2122 #2150 
Bundled cpu_features needs to be built with PIC but SHARED_LIBS should
be OFF.
 2025-09-05 22:40:18 +09:00
Ilya Shipitsin
c399ce6bbe Merge pull request #2152 from metalefty/cpu_features_pic 
Build bundled cpu_features with PIC
 2025-08-25 15:36:27 +02:00
Koichiro Iwao
2746e8dd19 Build bundled cpu_features with PIC 
After updating bundled cpu_features to 0.9.0, set_property() is not
effective. We need to use set() instead.

Resolves: #2122 #2150
 2025-08-25 21:52:15 +09:00
Ilya Shipitsin
10d6efcc5e Merge pull request #2140 from onetown/fix_parse_vlan_packet 
fix: Continue decapsulation to parse L3 data from VLAN-tagged packets
 2025-07-17 18:13:58 +02:00
onetown
0389bfd97a fix: Continue decapsulation to parse L3 data from VLAN-tagged packets 2025-07-17 10:51:52 -04:00
Ilya Shipitsin
12ed43f6eb Merge pull request #2126 from kiraware/fix-indonesian-translation 
Fix Indonesian translation with printf formatting
 2025-05-09 07:43:12 +02:00
Kira
d8bcb863f5 rephrase the string 2025-05-09 11:37:21 +07:00
Kira
7228de494d rephrase the string 2025-05-09 11:34:45 +07:00
Kira
afa848454a fix printf formatting 2025-05-09 10:34:53 +07:00
Ilya Shipitsin
6f76880767 Merge pull request #2124 from kiraware/add-id-translation 
Add id translation
 2025-05-08 18:25:54 +02:00
Ilya Shipitsin
cb9ccf41a5 Merge pull request #2125 from AhmadReza6610/master 
Add iOS client implementation with SoftEther protocol handshake support
 2025-05-08 18:22:14 +02:00
Ahmad Reza
62c71ebe5c Add iOS client implementation with SoftEther protocol handshake support 2025-05-04 14:02:44 +03:30
Kira
80bab0f7d7 fix errors 2025-05-01 10:43:45 +07:00
27 changed files with 1392 additions and 89 deletions
Expand all files Collapse all files

4
.cirrus.yml
View File

@ -4,14 +4,14 @@ FreeBSD_task:
SSL: openssl
OPENSSL_ROOT_DIR: /usr/local
env:
SSL: openssl32
SSL: openssl36
OPENSSL_ROOT_DIR: /usr/local
env:
# base openssl
SSL:
matrix:
freebsd_instance:
image_family: freebsd-14-2
image_family: freebsd-14-3
prepare_script:
- pkg install -y pkgconf cmake git libsodium cpu_features $SSL
- git submodule update --init --recursive

2
.github/ISSUE_TEMPLATE/bug_report_or_issue_report.yml vendored
View File

@ -7,6 +7,8 @@ body:
value: |
Thanks for taking the time to fill out this bug report!
We provide a template which is specifically made for bug reports, to be sure that the report includes enough details to be helpful.
**⚠️ Antivirus False Positive?** If you're reporting an antivirus detection issue, please see [ANTIVIRUS.md](https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/ANTIVIRUS.md) first. Antivirus false positives should be reported to the antivirus vendor, not as bugs in SoftEther VPN.
- type: checkboxes
attributes:

4
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@ -1,4 +1,8 @@
contact_links:
- name: Antivirus False Positive Detection
about: If antivirus software is flagging SoftEther VPN as malicious, this is a false positive. See our documentation for solutions and how to report to antivirus vendors.
url: https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/ANTIVIRUS.md
- name: Are you using SoftEther VPN 4.x?
about: This repository is for SoftEther VPN 5.x Developer Edition, developed independently from SoftEther VPN 4.x. Visit vpnusers.com if you would like to report issues or ask questions about version 4.x!
url: https://www.vpnusers.com/

338
ANTIVIRUS.md Normal file
View File

@ -0,0 +1,338 @@
# Antivirus False Positive Detection
## Overview
Some antivirus software, including Microsoft Defender, may incorrectly flag SoftEther VPN executables as malicious software. This is a **false positive** detection. SoftEther VPN is legitimate, open-source software that has been developed and maintained since 2013 by researchers at the University of Tsukuba, Japan.
## Why Does This Happen?
Antivirus software uses heuristic analysis to detect potentially malicious behavior. VPN software like SoftEther VPN performs operations that can appear suspicious to antivirus programs, including:
- **Network tunneling and traffic interception**: VPN software creates virtual network adapters and intercepts network traffic to secure it
- **Low-level network operations**: Packet filtering, protocol handling, and kernel-mode operations
- **Service installation**: VPN clients install system services that run with elevated privileges
- **Registry modifications**: Required for Windows integration and auto-start functionality
- **Dynamic code execution**: Network protocol implementations may use techniques that appear similar to malicious software
These are **normal and necessary operations** for any VPN software, but they can trigger heuristic-based detection algorithms.
## Microsoft Defender Specific Issue
### Affected Components
Microsoft Defender may flag the following SoftEther VPN 5.x components as `Trojan:Win32/KepavII!rfn`:
- `vpnclient.exe` - VPN Client executable
- `vpnserver.exe` - VPN Server executable
- `vpnbridge.exe` - VPN Bridge executable
- `vpncmd.exe` - VPN Command-line utility
- Start menu shortcuts
- Registry entries
- Windows services (`SEVPNCLIENTDEV`, `SEVPNSERVERDEV`, etc.)
### Detection Details
```
Detected: Trojan:Win32/KepavII!rfn
Status: Quarantined
Description: "This program is dangerous and executes commands from an attacker."
```
**This is a false positive.** The detection is based on behavioral heuristics, not actual malicious code.
## Solutions and Workarounds
### Option 1: Add Exclusions (Recommended for Users)
The recommended approach is to add SoftEther VPN directories to Microsoft Defender's exclusion list:
#### Step-by-Step Instructions:
1. **Open Windows Security**
- Press `Windows Key + I` to open Settings
- Navigate to **Privacy & Security****Windows Security**
- Click **Virus & threat protection**
2. **Access Exclusion Settings**
- Scroll down to **Virus & threat protection settings**
- Click **Manage settings**
- Scroll down to **Exclusions**
- Click **Add or remove exclusions**
3. **Add SoftEther VPN Directories**
Click **Add an exclusion****Folder** and add these paths:
- `C:\Program Files\SoftEther VPN Client`
- `C:\Program Files\SoftEther VPN Client Developer Edition`
- `C:\Program Files\SoftEther VPN Server`
- `C:\Program Files\SoftEther VPN Server Manager`
- `C:\Program Files\SoftEther VPN Server Manager Developer Edition`
- `C:\Program Files\SoftEther VPN Server Developer Edition`
- `C:\ProgramData\SoftEther VPN Client`
- `C:\ProgramData\SoftEther VPN Server`
**Note**: Add only the directories that correspond to the SoftEther VPN components you have installed.
4. **Restore Quarantined Files** (if needed)
- Go back to **Virus & threat protection**
- Click **Protection history**
- Find the quarantined SoftEther VPN files
- Click **Actions****Restore**
5. **Reinstall if Necessary**
- If files were deleted, you may need to reinstall SoftEther VPN
- The exclusions will prevent future detections
### Option 2: Report False Positive to Microsoft
Help improve Microsoft Defender by reporting the false positive:
1. **Submit to Microsoft Defender Security Intelligence**
- Visit: https://www.microsoft.com/en-us/wdsi/filesubmission
- Select **File** submission type
- Choose **Software developer** as your role
- Submit the falsely detected SoftEther VPN executable files
- Provide details: "False positive detection of SoftEther VPN, open-source VPN software"
2. **Include Information**
- Product Name: SoftEther VPN
- Vendor: SoftEther Project at University of Tsukuba
- Official Website: https://www.softether.org/
- GitHub Repository: https://github.com/SoftEtherVPN/SoftEtherVPN
- License: Apache License 2.0
Microsoft typically reviews submissions within a few days and updates their definitions if confirmed as a false positive.
### Option 3: Use Alternative Antivirus Software
If Microsoft Defender continues to cause issues:
1. Consider using alternative antivirus software that doesn't flag SoftEther VPN
2. Some users report fewer false positives with third-party antivirus solutions
3. Ensure any alternative antivirus is from a reputable vendor
## For IT Administrators
### Group Policy Configuration
To deploy exclusions across an organization using Group Policy:
1. **Open Group Policy Management Console**
```
gpmc.msc
```
2. **Navigate to Windows Defender Antivirus Settings**
```
Computer Configuration → Policies → Administrative Templates
→ Windows Components → Microsoft Defender Antivirus → Exclusions
```
3. **Configure Path Exclusions**
- Enable **Path Exclusions**
- Add the SoftEther VPN installation directories
4. **Update Group Policy**
```powershell
gpupdate /force
```
### PowerShell Exclusion Script
For automated deployment, use this PowerShell script (requires Administrator privileges):
```powershell
# Add Windows Defender exclusions for SoftEther VPN
# Requires Administrator privileges
$exclusionPaths = @(
"C:\Program Files\SoftEther VPN Client",
"C:\Program Files\SoftEther VPN Client Developer Edition",
"C:\Program Files\SoftEther VPN Server",
"C:\Program Files\SoftEther VPN Server Manager",
"C:\Program Files\SoftEther VPN Server Manager Developer Edition",
"C:\Program Files\SoftEther VPN Server Developer Edition",
"C:\ProgramData\SoftEther VPN Client",
"C:\ProgramData\SoftEther VPN Server"
)
# Check if running as Administrator
$isAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if (-not $isAdmin) {
Write-Error "This script requires Administrator privileges. Please run PowerShell as Administrator."
exit 1
}
# Check if Windows Defender module is available
if (-not (Get-Module -ListAvailable -Name Defender)) {
Write-Error "Windows Defender PowerShell module is not available on this system."
exit 1
}
$successCount = 0
$errorCount = 0
foreach ($path in $exclusionPaths) {
if (Test-Path $path) {
try {
Add-MpPreference -ExclusionPath $path -ErrorAction Stop
Write-Host "✓ Added exclusion: $path" -ForegroundColor Green
$successCount++
}
catch {
Write-Warning "✗ Failed to add exclusion for: $path"
Write-Warning " Error: $($_.Exception.Message)"
$errorCount++
}
}
else {
Write-Host "- Skipped (not found): $path" -ForegroundColor Gray
}
}
Write-Host "`nSummary:" -ForegroundColor Cyan
Write-Host " Successfully added: $successCount exclusion(s)" -ForegroundColor Green
if ($errorCount -gt 0) {
Write-Host " Failed: $errorCount exclusion(s)" -ForegroundColor Red
}
Write-Host "`nSoftEther VPN exclusions configured." -ForegroundColor Cyan
```
Save as `Add-SoftEtherVPN-Exclusions.ps1` and run as Administrator.
## Verification of Software Authenticity
### Open Source Verification
SoftEther VPN is **fully open source** and can be verified:
1. **Source Code Review**
- Complete source code: https://github.com/SoftEtherVPN/SoftEtherVPN
- All commits are publicly visible
- Community peer-reviewed code
2. **Build from Source**
- You can compile SoftEther VPN yourself from source
- See: [BUILD_WINDOWS.md](src/BUILD_WINDOWS.md) and [BUILD_UNIX.md](src/BUILD_UNIX.md)
- Self-compiled builds may have fewer false positive issues
3. **Community Trust**
- Active development since 2013
- Over 11,000+ GitHub stars
- Used by organizations and individuals worldwide
- Peer-reviewed academic research project
### Official Distributions
Always download SoftEther VPN from official sources:
- **Official Website**: https://www.softether.org/
- **GitHub Releases**: https://github.com/SoftEtherVPN/SoftEtherVPN/releases
- **Official Download Site**: https://www.softether-download.com/
**Warning**: Do not download SoftEther VPN from third-party websites or unofficial sources.
## Technical Background
### Why VPN Software Triggers Detection
VPN software implements functionality that overlaps with techniques used by some malware:
1. **Kernel-mode drivers**: Required for creating virtual network adapters
2. **Network traffic interception**: Core VPN functionality to encrypt traffic
3. **Process injection**: Some VPN implementations inject into other processes
4. **Privilege escalation**: VPN services need administrative rights
5. **Persistent system changes**: Auto-start configuration, service installation
These are **legitimate techniques** when used by trusted VPN software.
### False Positive Rate
False positives are common in the VPN and security software industry. Other legitimate VPN and security tools have faced similar issues:
- OpenVPN has been flagged by various antivirus vendors
- WireGuard implementations have triggered false positives
- Many security research tools face similar challenges
## Code Signing Status
**Note**: The official SoftEther VPN releases may not include code signing certificates. Code signing certificates require:
- Annual fees (typically $300-500+ per year)
- Corporate entity for Extended Validation (EV) certificates
- Hardware security modules (HSM) for EV certificate storage
As an open-source project with limited funding, SoftEther VPN prioritizes development over expensive code signing infrastructure. However, this doesn't make the software any less safe - all source code is publicly auditable.
Users who require signed binaries can:
1. Build from source and sign with their own certificates
2. Work with their organization to sign the binaries
3. Use alternative verification methods (source code review, checksums, etc.)
## Best Practices
1. **Keep Antivirus Updated**: Ensure Microsoft Defender definitions are current
2. **Monitor Protection History**: Regularly check if SoftEther VPN is being flagged
3. **Subscribe to Updates**: Follow SoftEther VPN releases for security updates
4. **Report False Positives**: Help the community by reporting detections to Microsoft
5. **Use Official Builds**: Only download from official sources
## Additional Resources
- **SoftEther VPN Official Website**: https://www.softether.org/
- **GitHub Repository**: https://github.com/SoftEtherVPN/SoftEtherVPN
- **Security Policy**: [SECURITY.md](SECURITY.md)
- **Microsoft Defender Submission Portal**: https://www.microsoft.com/en-us/wdsi/filesubmission
- **Build Instructions**: [BUILD_WINDOWS.md](src/BUILD_WINDOWS.md)
## Frequently Asked Questions
### Q: Is SoftEther VPN safe to use?
**A**: Yes. SoftEther VPN is legitimate, open-source software developed by researchers at the University of Tsukuba, Japan. The detection is a false positive. All source code is publicly available for review at https://github.com/SoftEtherVPN/SoftEtherVPN
### Q: Why don't you just fix the code to not trigger antivirus?
**A**: The detection is based on legitimate VPN operations, not malicious code. Changing how VPN functionality works to avoid heuristic detection would compromise the software's core purpose. The correct solution is to report false positives to antivirus vendors and add exclusions.
### Q: Will adding exclusions make my computer less secure?
**A**: Exclusions for trusted software from official sources don't significantly reduce security. Only add exclusions for software you trust and have downloaded from official sources. SoftEther VPN is open-source and can be verified.
### Q: Can I use SoftEther VPN without adding exclusions?
**A**: Not reliably with Microsoft Defender. The antivirus will quarantine executables and prevent the VPN from functioning. Exclusions are necessary unless Microsoft updates their detection definitions.
### Q: How do I know my downloaded file is authentic?
**A**:
1. Only download from https://github.com/SoftEtherVPN/SoftEtherVPN/releases or https://www.softether.org/
2. Verify the file hash/checksum if provided
3. Review the source code on GitHub
4. Build from source yourself for maximum assurance
### Q: Is this issue specific to SoftEther VPN?
**A**: No. Many VPN applications and security tools face false positive detections. OpenVPN, WireGuard implementations, and other network security tools have similar issues with various antivirus vendors.
### Q: Will this be fixed in a future version?
**A**: The SoftEther VPN project continues to work on this issue. However, heuristic-based detection is challenging to avoid without compromising functionality. The best approach is to:
1. Report false positives to Microsoft
2. Use exclusions as needed
3. Build from source if your organization requires it
## Contributing
If you have additional solutions or workarounds that have worked for you, please contribute to this documentation:
1. Fork the repository: https://github.com/SoftEtherVPN/SoftEtherVPN
2. Edit this file: `ANTIVIRUS.md`
3. Submit a pull request with your improvements
---
**Applies to**: SoftEther VPN 5.x (Developer Edition)
**Related Issue**: False positive detection by Microsoft Defender as Trojan:Win32/KepavII!rfn

3
Dockerfile
View File

@ -37,15 +37,18 @@ COPY --from=builder /usr/local/src/SoftEtherVPN/build/libcedar.so /usr/local/src
FROM base AS vpnserver
COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnserver ./
RUN ./vpnserver --help
EXPOSE 443/tcp 992/tcp 1194/tcp 1194/udp 5555/tcp 500/udp 4500/udp
CMD ["/usr/local/bin/vpnserver", "execsvc"]
FROM base AS vpnclient
COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnclient ./
RUN ./vpnclient --help
CMD ["/usr/local/bin/vpnclient", "execsvc"]
FROM base AS vpnbridge
COPY --from=builder /usr/local/src/SoftEtherVPN/build/vpnbridge ./
RUN ./vpnbridge --help
CMD ["/usr/local/bin/vpnbridge", "execsvc"]

3
README.md
View File

@ -14,6 +14,7 @@
* [For Windows](#for-windows)
* [From binary installers (stable channel)](#from-binary-installers-stable-channel)
* [Build from Source code](#build-from-source-code)
- [Antivirus False Positive Detection](ANTIVIRUS.md)
- [About HTML5-based Modern Admin Console and JSON-RPC API Suite](#about-html5-based-modern-admin-console-and-json-rpc-api-suite)
* [Built-in SoftEther VPN Server HTML5 Ajax-based Web Administration Console](#built-in-softether-vpn-server-html5-ajax-based-web-administration-console)
* [Built-in SoftEther Server VPN JSON-RPC API Suite](#built-in-softether-server-vpn-json-rpc-api-suite)
@ -206,6 +207,8 @@ Also SoftEther VPN [Stable Edition](https://www.freshports.org/security/softethe
[Nightly builds](https://github.com/SoftEtherVPN/SoftEtherVPN/actions/workflows/windows.yml)
(choose appropriate platform, then find binaries or installers as artifacts)
**⚠️ Important for Windows Users**: Some antivirus software (including Microsoft Defender) may incorrectly flag SoftEther VPN as malicious. This is a **false positive**. See [ANTIVIRUS.md](ANTIVIRUS.md) for detailed information and solutions.
## From binary installers (stable channel)
Those can be found under https://www.softether-download.com/

13
SECURITY.md
View File

@ -12,4 +12,15 @@ currently being supported with security updates.
## Reporting a Vulnerability
Please use [github security reporting](https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/new)
Please use [github security reporting](https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/new)
## Antivirus False Positive Detection
Some antivirus software may incorrectly flag SoftEther VPN executables as malicious. This is a **false positive** and not a security vulnerability.
**If you encounter antivirus warnings:**
- See [ANTIVIRUS.md](ANTIVIRUS.md) for detailed information and solutions
- Report false positives to your antivirus vendor
- Verify downloads are from official sources only
**SoftEther VPN is safe**: All source code is publicly available and can be reviewed at https://github.com/SoftEtherVPN/SoftEtherVPN

118
SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SecureConnection.swift Normal file
View File

@ -0,0 +1,118 @@
import Foundation
import Network
import Security
/// SecureConnection handles the TLS connection with the SoftEther VPN server
class SecureConnection {
// MARK: - Properties
private var connection: NWConnection?
private let host: String
private let port: UInt16
private let queue = DispatchQueue(label: "com.softether.connection", qos: .userInitiated)
// MARK: - Initialization
/// Initialize a secure connection
/// - Parameters:
/// - host: Server hostname or IP address
/// - port: Server port number
init(host: String, port: UInt16) {
self.host = host
self.port = port
}
// MARK: - Public Methods
/// Connect to the server using TLS
/// - Parameter completion: Callback with connection result
func connect(completion: @escaping (Bool, Error?) -> Void) {
let hostEndpoint = NWEndpoint.Host(host)
let portEndpoint = NWEndpoint.Port(rawValue: port)!
// Create TLS parameters
let tlsOptions = NWProtocolTLS.Options()
// Configure TLS for maximum compatibility with SoftEther
let securityOptions = tlsOptions.securityProtocolOptions
sec_protocol_options_set_tls_min_version(securityOptions, .TLSv12)
sec_protocol_options_set_tls_max_version(securityOptions, .TLSv13)
// Allow all cipher suites for compatibility
sec_protocol_options_set_cipher_suites(securityOptions, nil, 0)
// Disable certificate validation for initial development (ENABLE IN PRODUCTION)
sec_protocol_options_set_verify_block(securityOptions, { (_, _, trustResult, _) in
return true // Accept all certificates for testing
}, queue)
// Create TCP options with TLS
let tcpOptions = NWProtocolTCP.Options()
tcpOptions.enableKeepalive = true
tcpOptions.keepaliveIdle = 30
// Create connection parameters
let parameters = NWParameters(tls: tlsOptions, tcp: tcpOptions)
// Create the connection
connection = NWConnection(host: hostEndpoint, port: portEndpoint, using: parameters)
// Set up state handling
connection?.stateUpdateHandler = { [weak self] state in
switch state {
case .ready:
completion(true, nil)
case .failed(let error):
self?.disconnect()
completion(false, error)
case .cancelled:
completion(false, NSError(domain: "SoftEtherError", code: 1000, userInfo: [NSLocalizedDescriptionKey: "Connection cancelled"]))
default:
break
}
}
// Start the connection
connection?.start(queue: queue)
}
/// Disconnect from the server
func disconnect() {
connection?.cancel()
connection = nil
}
/// Send data to the server
/// - Parameters:
/// - data: Data to send
/// - completion: Callback with error if any
func send(data: Data, completion: @escaping (Error?) -> Void) {
guard let connection = connection, connection.state == .ready else {
completion(NSError(domain: "SoftEtherError", code: 1001, userInfo: [NSLocalizedDescriptionKey: "Connection not ready"]))
return
}
connection.send(content: data, completion: .contentProcessed { error in
completion(error)
})
}
/// Receive data from the server
/// - Parameter completion: Callback with received data and error if any
func receive(completion: @escaping (Data?, Error?) -> Void) {
guard let connection = connection, connection.state == .ready else {
completion(nil, NSError(domain: "SoftEtherError", code: 1001, userInfo: [NSLocalizedDescriptionKey: "Connection not ready"]))
return
}
connection.receive(minimumIncompleteLength: 1, maximumLength: 65536) { data, _, isComplete, error in
completion(data, error)
if isComplete {
// Connection was closed by the peer
self.disconnect()
}
}
}
}

90
SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherClientSignature.swift Normal file
View File

@ -0,0 +1,90 @@
import Foundation
/// Handles the specific client signature format that SoftEther expects
class SoftEtherClientSignature {
// MARK: - Constants
private enum Constants {
static let clientBuildNumber: UInt32 = 5187
static let clientVersion: UInt32 = 5_02_0000 + clientBuildNumber
static let clientString = "SoftEther VPN Client"
static let softEtherMagic: [UInt8] = [0x5E, 0x68] // 'Se' in hex
// Protocol identification constants from SoftEther source
static let cedar = "CEDAR"
static let sessionKey = "sessionkey"
static let protocol1 = "PROTOCOL"
static let protocol2 = "PROTOCOL2"
}
// MARK: - Public Methods
/// Generate the client signature packet that identifies this client as a legitimate SoftEther VPN client
/// - Returns: Data containing the formatted client signature
static func generateSignature() -> Data {
var data = Data()
// 1. Add SoftEther magic bytes
data.append(contentsOf: Constants.softEtherMagic)
// 2. Add client version in network byte order (big endian)
data.appendUInt32(Constants.clientVersion)
// 3. Add client build number in network byte order
data.appendUInt32(Constants.clientBuildNumber)
// 4. Add cedar protocol identifier
if let cedarData = Constants.cedar.data(using: .ascii) {
data.append(cedarData)
data.append(0) // null terminator
}
// 5. Add client string with null terminator
if let clientString = (Constants.clientString + "\0").data(using: .ascii) {
data.append(clientString)
}
// 6. Add protocol identifiers
if let protocolData = (Constants.protocol1 + "\0").data(using: .ascii) {
data.append(protocolData)
}
if let protocol2Data = (Constants.protocol2 + "\0").data(using: .ascii) {
data.append(protocol2Data)
}
// 7. Add session key marker
if let sessionKeyData = (Constants.sessionKey + "\0").data(using: .ascii) {
data.append(sessionKeyData)
}
// 8. Add random data for session key (typically 20 bytes)
let randomSessionKey = SoftEtherCrypto.randomBytes(count: 20)
data.append(randomSessionKey)
// 9. Calculate and append SHA-1 hash of the entire data for integrity verification
let hash = SoftEtherCrypto.sha1(data)
data.append(hash)
return data
}
/// Verify a server response to the client signature
/// - Parameter data: Response data from server
/// - Returns: True if valid response, false otherwise
static func verifyServerResponse(_ data: Data) -> Bool {
// Basic validation - a real implementation would parse and validate the server response format
// This is a minimal check to see if we have enough data and it starts with the magic bytes
guard data.count >= 8 else {
return false
}
// Check if response starts with SoftEther magic bytes
if data[0] == Constants.softEtherMagic[0] && data[1] == Constants.softEtherMagic[1] {
return true
}
return false
}
}

97
SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherCrypto.swift Normal file
View File

@ -0,0 +1,97 @@
import Foundation
import CryptoKit
/// Handles encryption operations for SoftEther protocol
class SoftEtherCrypto {
// MARK: - Constants
private enum Constants {
static let sha1Size = 20
static let md5Size = 16
}
// MARK: - Public Methods
/// Generate secure random bytes
/// - Parameter count: Number of random bytes to generate
/// - Returns: Data containing random bytes
static func randomBytes(count: Int) -> Data {
var data = Data(count: count)
_ = data.withUnsafeMutableBytes {
SecRandomCopyBytes(kSecRandomDefault, count, $0.baseAddress!)
}
return data
}
/// Calculate SHA-1 hash
/// - Parameter data: Input data
/// - Returns: SHA-1 hash of the input data
static func sha1(_ data: Data) -> Data {
let digest = SHA1.hash(data: data)
return Data(digest)
}
/// Calculate MD5 hash
/// - Parameter data: Input data
/// - Returns: MD5 hash of the input data
static func md5(_ data: Data) -> Data {
let digest = Insecure.MD5.hash(data: data)
return Data(digest)
}
/// Encrypt data using RC4 algorithm (for SoftEther compatibility)
/// - Parameters:
/// - data: Data to encrypt
/// - key: Encryption key
/// - Returns: Encrypted data
static func rc4Encrypt(data: Data, key: Data) -> Data {
let rc4 = RC4(key: key)
return rc4.process(data)
}
/// Decrypt data using RC4 algorithm (for SoftEther compatibility)
/// - Parameters:
/// - data: Data to decrypt
/// - key: Decryption key
/// - Returns: Decrypted data
static func rc4Decrypt(data: Data, key: Data) -> Data {
// RC4 is symmetric, so encryption and decryption are the same operation
return rc4Encrypt(data: data, key: key)
}
}
/// Simple RC4 implementation for SoftEther compatibility
/// Note: RC4 is considered insecure, but SoftEther uses it in parts of its protocol
private class RC4 {
private var state: [UInt8]
init(key: Data) {
state = Array(0...255)
var j: Int = 0
// Key scheduling algorithm
for i in 0..<256 {
let keyByte = key[i % key.count]
j = (j + Int(state[i]) + Int(keyByte)) & 0xFF
state.swapAt(i, j)
}
}
func process(_ data: Data) -> Data {
var result = Data(count: data.count)
var i: Int = 0
var j: Int = 0
// Generate keystream and XOR with plaintext
for k in 0..<data.count {
i = (i + 1) & 0xFF
j = (j + Int(state[i])) & 0xFF
state.swapAt(i, j)
let keyStreamByte = state[(Int(state[i]) + Int(state[j])) & 0xFF]
result[k] = data[k] ^ keyStreamByte
}
return result
}
}

123
SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherPacket.swift Normal file
View File

@ -0,0 +1,123 @@
import Foundation
/// Handles the SoftEther packet structure for communication
class SoftEtherPacket {
// MARK: - Constants
private enum PacketType: UInt32 {
case clientSignature = 0x01
case serverResponse = 0x02
case sessionRequest = 0x03
case sessionResponse = 0x04
case data = 0x05
case keepAlive = 0x06
}
private enum Constants {
static let headerSize: UInt32 = 16
static let maxPacketSize: UInt32 = 1024 * 1024 // 1MB
}
// MARK: - Properties
private var packetType: PacketType
private var packetId: UInt32
private var packetData: Data
// MARK: - Initialization
/// Initialize a packet with type, ID and data
/// - Parameters:
/// - type: Packet type
/// - id: Packet ID
/// - data: Packet payload
init(type: UInt32, id: UInt32, data: Data) {
self.packetType = PacketType(rawValue: type) ?? .data
self.packetId = id
self.packetData = data
}
/// Initialize a packet from raw data
/// - Parameter data: Raw packet data
init?(fromData data: Data) {
guard data.count >= Int(Constants.headerSize) else {
return nil
}
// Parse header
let typeValue = data.readUInt32(at: 0)
self.packetId = data.readUInt32(at: 4)
let dataSize = data.readUInt32(at: 8)
// Validate packet
guard let type = PacketType(rawValue: typeValue),
dataSize <= Constants.maxPacketSize,
data.count >= Int(Constants.headerSize + dataSize) else {
return nil
}
self.packetType = type
// Extract payload
let startIndex = Int(Constants.headerSize)
let endIndex = startIndex + Int(dataSize)
self.packetData = data.subdata(in: startIndex..<endIndex)
}
// MARK: - Public Methods
/// Serialize the packet to binary data format
/// - Returns: Serialized packet data
func serialize() -> Data {
var result = Data(capacity: Int(Constants.headerSize) + packetData.count)
// Write header
result.appendUInt32(packetType.rawValue)
result.appendUInt32(packetId)
result.appendUInt32(UInt32(packetData.count))
result.appendUInt32(0) // Reserved
// Write payload
result.append(packetData)
return result
}
/// Get the packet type
/// - Returns: Packet type
func getType() -> UInt32 {
return packetType.rawValue
}
/// Get the packet ID
/// - Returns: Packet ID
func getId() -> UInt32 {
return packetId
}
/// Get the packet payload
/// - Returns: Packet payload data
func getData() -> Data {
return packetData
}
}
// MARK: - Extensions
extension Data {
/// Read a UInt32 value from the data at specified offset
/// - Parameter offset: Offset to read from
/// - Returns: UInt32 value in big-endian order
func readUInt32(at offset: Int) -> UInt32 {
let slice = self.subdata(in: offset..<(offset + 4))
return slice.withUnsafeBytes { $0.load(as: UInt32.self).bigEndian }
}
/// Append a UInt32 value to the data in big-endian order
/// - Parameter value: UInt32 value to append
mutating func appendUInt32(_ value: UInt32) {
var bigEndian = value.bigEndian
append(UnsafeBufferPointer(start: &bigEndian, count: 1))
}
}

184
SoftEtherVPN-iOS/SoftEtherVPN-iOS/Protocol/SoftEtherProtocol.swift Normal file
View File

@ -0,0 +1,184 @@
import Foundation
import Network
import Security
import CryptoKit
/// SoftEtherProtocol manages the communication between iOS client and SoftEther VPN server
class SoftEtherProtocol {
// MARK: - Properties
private var secureConnection: SecureConnection?
private var isConnected = false
private var host: String = ""
private var port: UInt16 = 443
private var nextPacketId: UInt32 = 1
// MARK: - Public Methods
/// Connect to a SoftEther VPN server
/// - Parameters:
/// - host: The server hostname or IP address
/// - port: The server port (default: 443)
/// - completion: Callback with connection result
public func connect(to host: String, port: UInt16 = 443, completion: @escaping (Bool, Error?) -> Void) {
self.host = host
self.port = port
// Create a secure connection
secureConnection = SecureConnection(host: host, port: port)
// Connect using TLS
secureConnection?.connect { [weak self] success, error in
guard let self = self, success else {
completion(false, error ?? NSError(domain: "SoftEtherError", code: 1, userInfo: [NSLocalizedDescriptionKey: "TLS connection failed"]))
return
}
// After successful TLS connection, send the client signature
self.sendClientSignature { success, error in
if success {
self.isConnected = true
}
completion(success, error)
}
}
}
/// Disconnect from the server
public func disconnect() {
secureConnection?.disconnect()
isConnected = false
}
// MARK: - Private Methods
/// Send the SoftEther client signature to identify as a legitimate client
/// - Parameter completion: Callback with result
private func sendClientSignature(completion: @escaping (Bool, Error?) -> Void) {
// Generate client signature using our specialized class
let signatureData = SoftEtherClientSignature.generateSignature()
// Create a packet with the signature data
let packetId = self.nextPacketId
self.nextPacketId += 1
let packet = SoftEtherPacket(type: 0x01, id: packetId, data: signatureData)
let packetData = packet.serialize()
print("Sending client signature packet: \(packetData.count) bytes")
// Send the packet
secureConnection?.send(data: packetData) { [weak self] error in
guard let self = self else { return }
if let error = error {
print("Error sending client signature: \(error)")
completion(false, error)
return
}
// After sending signature, wait for server response
self.receiveServerResponse { success, error in
completion(success, error)
}
}
}
/// Receive and process server response after sending signature
/// - Parameter completion: Callback with result
private func receiveServerResponse(completion: @escaping (Bool, Error?) -> Void) {
secureConnection?.receive { data, error in
if let error = error {
print("Error receiving server response: \(error)")
completion(false, error)
return
}
guard let data = data, data.count > 4 else {
let error = NSError(domain: "SoftEtherError", code: 2, userInfo: [NSLocalizedDescriptionKey: "Invalid server response"])
print("Invalid server response: insufficient data")
completion(false, error)
return
}
print("Received server response: \(data.count) bytes")
// Parse the response packet
guard let packet = SoftEtherPacket(fromData: data) else {
let error = NSError(domain: "SoftEtherError", code: 3, userInfo: [NSLocalizedDescriptionKey: "Invalid packet format"])
print("Could not parse server response packet")
completion(false, error)
return
}
// Verify the response
let packetData = packet.getData()
let isValid = SoftEtherClientSignature.verifyServerResponse(packetData)
if isValid {
print("Server accepted our client signature")
completion(true, nil)
} else {
print("Server rejected our client signature")
let error = NSError(domain: "SoftEtherError", code: 4, userInfo: [NSLocalizedDescriptionKey: "Server rejected client signature"])
completion(false, error)
}
}
}
/// Send a data packet to the server
/// - Parameters:
/// - data: Data to send
/// - completion: Callback with result
func sendData(data: Data, completion: @escaping (Bool, Error?) -> Void) {
guard isConnected else {
completion(false, NSError(domain: "SoftEtherError", code: 5, userInfo: [NSLocalizedDescriptionKey: "Not connected to server"]))
return
}
let packetId = self.nextPacketId
self.nextPacketId += 1
let packet = SoftEtherPacket(type: 0x05, id: packetId, data: data)
let packetData = packet.serialize()
secureConnection?.send(data: packetData) { error in
if let error = error {
completion(false, error)
return
}
completion(true, nil)
}
}
/// Receive data from the server
/// - Parameter completion: Callback with received data and result
func receiveData(completion: @escaping (Data?, Bool, Error?) -> Void) {
guard isConnected else {
completion(nil, false, NSError(domain: "SoftEtherError", code: 5, userInfo: [NSLocalizedDescriptionKey: "Not connected to server"]))
return
}
secureConnection?.receive { data, error in
if let error = error {
completion(nil, false, error)
return
}
guard let data = data, data.count > 4 else {
completion(nil, false, NSError(domain: "SoftEtherError", code: 2, userInfo: [NSLocalizedDescriptionKey: "Invalid server response"]))
return
}
// Parse the packet
guard let packet = SoftEtherPacket(fromData: data) else {
completion(nil, false, NSError(domain: "SoftEtherError", code: 3, userInfo: [NSLocalizedDescriptionKey: "Invalid packet format"]))
return
}
completion(packet.getData(), true, nil)
}
}
}

149
SoftEtherVPN-iOS/SoftEtherVPN-iOS/SoftEtherVPNClient.swift Normal file
View File

@ -0,0 +1,149 @@
import Foundation
import UIKit
/// SoftEtherVPNClient provides a simple interface for connecting to SoftEther VPN servers
public class SoftEtherVPNClient {
// MARK: - Properties
private let protocol: SoftEtherProtocol
private var connectionState: ConnectionState = .disconnected
// MARK: - Public Types
/// Connection states for the VPN client
public enum ConnectionState {
case disconnected
case connecting
case connected
case disconnecting
case error(Error)
}
/// Connection delegate to receive state updates
public protocol ConnectionDelegate: AnyObject {
func connectionStateDidChange(_ state: ConnectionState)
}
/// Weak reference to the delegate
public weak var delegate: ConnectionDelegate?
// MARK: - Initialization
public init() {
self.protocol = SoftEtherProtocol()
}
// MARK: - Public Methods
/// Connect to a SoftEther VPN server
/// - Parameters:
/// - host: Server hostname or IP address
/// - port: Server port (default: 443)
/// - completion: Optional completion handler
public func connect(to host: String, port: UInt16 = 443, completion: ((Bool, Error?) -> Void)? = nil) {
// Update state
connectionState = .connecting
delegate?.connectionStateDidChange(connectionState)
// Connect using the protocol implementation
protocol.connect(to: host, port: port) { [weak self] success, error in
guard let self = self else { return }
if success {
self.connectionState = .connected
} else if let error = error {
self.connectionState = .error(error)
} else {
self.connectionState = .disconnected
}
self.delegate?.connectionStateDidChange(self.connectionState)
completion?(success, error)
}
}
/// Disconnect from the server
/// - Parameter completion: Optional completion handler
public func disconnect(completion: (() -> Void)? = nil) {
// Update state
connectionState = .disconnecting
delegate?.connectionStateDidChange(connectionState)
// Disconnect
protocol.disconnect()
// Update state again
connectionState = .disconnected
delegate?.connectionStateDidChange(connectionState)
completion?()
}
/// Get the current connection state
/// - Returns: Current ConnectionState
public func getConnectionState() -> ConnectionState {
return connectionState
}
/// Check if currently connected
/// - Returns: True if connected, false otherwise
public func isConnected() -> Bool {
if case .connected = connectionState {
return true
}
return false
}
// MARK: - Example Usage
/// Example showing how to use this class in a view controller
public static func exampleUsage() -> String {
return """
// In your view controller:
private let vpnClient = SoftEtherVPNClient()
override func viewDidLoad() {
super.viewDidLoad()
// Set delegate
vpnClient.delegate = self
}
@IBAction func connectButtonTapped(_ sender: UIButton) {
if vpnClient.isConnected() {
vpnClient.disconnect()
} else {
vpnClient.connect(to: "vpn.example.com") { success, error in
if !success {
print("Failed to connect: \\(error?.localizedDescription ?? "Unknown error")")
}
}
}
}
// MARK: - ConnectionDelegate
extension YourViewController: SoftEtherVPNClient.ConnectionDelegate {
func connectionStateDidChange(_ state: SoftEtherVPNClient.ConnectionState) {
switch state {
case .connected:
connectButton.setTitle("Disconnect", for: .normal)
statusLabel.text = "Connected"
case .connecting:
statusLabel.text = "Connecting..."
case .disconnecting:
statusLabel.text = "Disconnecting..."
case .disconnected:
connectButton.setTitle("Connect", for: .normal)
statusLabel.text = "Disconnected"
case .error(let error):
statusLabel.text = "Error: \\(error.localizedDescription)"
connectButton.setTitle("Connect", for: .normal)
}
}
}
"""
}
}

116
WINDOWS_README.txt Normal file
View File

@ -0,0 +1,116 @@
================================================================================
SoftEther VPN - Windows Installation Notes
================================================================================
Thank you for installing SoftEther VPN!
SoftEther VPN is legitimate, open-source VPN software developed by researchers
at the University of Tsukuba, Japan. It has been in active development since
2013 and is used by organizations and individuals worldwide.
================================================================================
IMPORTANT: Antivirus False Positive Warning
================================================================================
Some antivirus software (including Microsoft Defender) may incorrectly flag
SoftEther VPN executables as malicious. This is a FALSE POSITIVE detection.
WHY THIS HAPPENS:
-----------------
VPN software performs operations that can appear suspicious to antivirus
programs:
- Network tunneling and traffic interception
- Low-level network operations
- Service installation with elevated privileges
- Registry modifications for Windows integration
These are NORMAL and NECESSARY operations for any VPN software.
IF MICROSOFT DEFENDER QUARANTINES SOFTETHER VPN:
------------------------------------------------
1. Add Exclusions to Microsoft Defender:
a) Open Windows Security (Windows Key + I -> Privacy & Security ->
Windows Security -> Virus & threat protection)
b) Click "Manage settings" under Virus & threat protection settings
c) Scroll down to "Exclusions" and click "Add or remove exclusions"
d) Click "Add an exclusion" -> "Folder" and add:
C:\Program Files\SoftEther VPN Client
C:\Program Files\SoftEther VPN Client Developer Edition
C:\Program Files\SoftEther VPN Server
C:\Program Files\SoftEther VPN Server Developer Edition
(Add only the folders that exist for your installation)
2. Restore Quarantined Files:
a) Go to "Virus & threat protection" -> "Protection history"
b) Find quarantined SoftEther VPN files
c) Click "Actions" -> "Restore"
3. Reinstall if Necessary:
If files were deleted, reinstall SoftEther VPN. The exclusions will
prevent future detections.
REPORT FALSE POSITIVE TO MICROSOFT:
------------------------------------
Help improve Microsoft Defender by reporting the false positive:
Visit: https://www.microsoft.com/en-us/wdsi/filesubmission
Submit the flagged file and indicate it's a false positive detection
of SoftEther VPN, open-source software from the University of Tsukuba.
MORE INFORMATION:
-----------------
For detailed documentation about this issue and additional solutions, see:
https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/ANTIVIRUS.md
VERIFY AUTHENTICITY:
--------------------
SoftEther VPN is open source. You can verify the software by:
- Reviewing source code: https://github.com/SoftEtherVPN/SoftEtherVPN
- Official website: https://www.softether.org/
- Only download from official sources
WARNING: Do not download SoftEther VPN from third-party websites.
================================================================================
Getting Started
================================================================================
After adding antivirus exclusions (if needed):
1. Launch "SoftEther VPN Client Manager" from the Start Menu
2. Configure your VPN connection settings
3. Connect to your VPN server
For detailed documentation, visit: https://www.softether.org/
================================================================================
Support
================================================================================
Official Website: https://www.softether.org/
GitHub Repository: https://github.com/SoftEtherVPN/SoftEtherVPN
Security Issues: https://github.com/SoftEtherVPN/SoftEtherVPN/security
================================================================================
SoftEther VPN is licensed under the Apache License 2.0
Copyright (c) SoftEther VPN Project at University of Tsukuba, Japan
Thank you for using SoftEther VPN!
================================================================================

2
src/Cedar/Hub.c
View File

@ -630,6 +630,7 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
GetHubAdminOptionDataAndSet(ao, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
GetHubAdminOptionDataAndSet(ao, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
GetHubAdminOptionDataAndSet(ao, "AllowEapMatchUserByCert", o->AllowEapMatchUserByCert);
GetHubAdminOptionDataAndSet(ao, "DhcpDiscoverTimeoutMs", o->DhcpDiscoverTimeoutMs);
}
// Convert the contents of the HUB_OPTION to data
@ -705,6 +706,7 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
Add(aol, NewAdminOption("UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption));
Add(aol, NewAdminOption("UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId));
Add(aol, NewAdminOption("AllowEapMatchUserByCert", o->AllowEapMatchUserByCert));
Add(aol, NewAdminOption("DhcpDiscoverTimeoutMs", o->DhcpDiscoverTimeoutMs));
Zero(ao, sizeof(RPC_ADMIN_OPTION));

4
src/Cedar/Hub.h
View File

@ -30,6 +30,9 @@
// Default flooding queue length
#define DEFAULT_FLOODING_QUEUE_LENGTH (32 * 1024 * 1024)
// Default DHCP Discover Timeout
#define DEFAULT_DHCP_DISCOVER_TIMEOUT (5 * 1000)
// SoftEther link control packet
struct SE_LINK
{
@ -183,6 +186,7 @@ struct HUB_OPTION
bool UseHubNameAsDhcpUserClassOption; // Add HubName to DHCP request as User-Class option
bool UseHubNameAsRadiusNasId; // Add HubName to Radius request as NAS-Identifier attrioption
bool AllowEapMatchUserByCert; // Allow matching EAP Identity with user certificate CNs
UINT DhcpDiscoverTimeoutMs; // Timeout to wait for DHCP server response on DISCOVER request
};
// MAC table entry

7
src/Cedar/IPC.c
View File

@ -493,12 +493,14 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char
{
UINTToIP(&ipc->DefaultGateway, hub->Option->DefaultGateway);
UINTToIP(&ipc->SubnetMask, hub->Option->DefaultSubnet);
ipc->DhcpDiscoverTimeoutMs = hub->Option->DhcpDiscoverTimeoutMs;
GetBroadcastAddress4(&ipc->BroadcastAddress, &ipc->DefaultGateway, &ipc->SubnetMask);
}
else
{
ZeroIP4(&ipc->DefaultGateway);
ZeroIP4(&ipc->SubnetMask);
ipc->DhcpDiscoverTimeoutMs = DEFAULT_DHCP_DISCOVER_TIMEOUT;
ZeroIP4(&ipc->BroadcastAddress);
}
@ -793,7 +795,8 @@ bool IPCDhcpAllocateIP(IPC *ipc, DHCP_OPTION_LIST *opt, TUBE *discon_poll_tube)
StrCpy(req.Hostname, sizeof(req.Hostname), ipc->ClientHostname);
IPCDhcpSetConditionalUserClass(ipc, &req);
d = IPCSendDhcpRequest(ipc, NULL, tran_id, &req, DHCP_OFFER, IPC_DHCP_TIMEOUT, discon_poll_tube);
UINT discoverTimeout = ipc->DhcpDiscoverTimeoutMs > 0 ? ipc->DhcpDiscoverTimeoutMs : DEFAULT_DHCP_DISCOVER_TIMEOUT;
d = IPCSendDhcpRequest(ipc, NULL, tran_id, &req, DHCP_OFFER, discoverTimeout, discon_poll_tube);
if (d == NULL)
{
return false;
@ -896,7 +899,7 @@ DHCPV4_DATA *IPCSendDhcpRequest(IPC *ipc, IP *dest_ip, UINT tran_id, DHCP_OPTION
}
// Retransmission interval
resend_interval = MAX(1, (timeout / 3) - 100);
resend_interval = MIN(IPC_DHCP_MAX_RESEND_INTERVAL, MAX(1, (timeout / 3) - 100));
// Time-out time
giveup_time = Tick64() + (UINT64)timeout;

2
src/Cedar/IPC.h
View File

@ -19,6 +19,7 @@
#define IPC_DHCP_TIMEOUT (5 * 1000)
#define IPC_DHCP_MIN_LEASE 5
#define IPC_DHCP_DEFAULT_LEASE 3600
#define IPC_DHCP_MAX_RESEND_INTERVAL (3 * 1000)
#define IPC_MAX_PACKET_QUEUE_LEN 10000
@ -149,6 +150,7 @@ struct IPC
SHARED_BUFFER *IpcSessionSharedBuffer; // A shared buffer between IPC and Session
IPC_SESSION_SHARED_BUFFER_DATA *IpcSessionShared; // Shared data between IPC and Session
UINT Layer;
UINT DhcpDiscoverTimeoutMs; // Timeut to wait for DHCP server response on DISCOVER request
// IPv6 stuff
QUEUE *IPv6ReceivedQueue; // IPv6 reception queue

4
src/Cedar/Layer3.c
View File

@ -457,10 +457,10 @@ void L3KnownArp(L3IF *f, UINT ip, UCHAR *mac)
// Delete an ARP query entry to this IP address
Zero(&t, sizeof(t));
t.IpAddress = ip;
w = Search(f->IpWaitList, &t);
w = Search(f->ArpWaitTable, &t);
if (w != NULL)
{
Delete(f->IpWaitList, w);
Delete(f->ArpWaitTable, w);
Free(w);
}

4
src/Cedar/Protocol.c
View File

@ -5843,7 +5843,6 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
// Target is invalid
HttpSendNotFound(s, h->Target);
Free(data);
FreeHttpHeader(h);
*error_detail_str = "POST_Target_Wrong";
}
else
@ -5861,10 +5860,10 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
{
// WaterMark is incorrect
HttpSendForbidden(s, h->Target, NULL);
FreeHttpHeader(h);
*error_detail_str = "POST_WaterMark_Error";
}
}
FreeHttpHeader(h);
}
else if (StrCmpi(h->Method, "OPTIONS") == 0)
{
@ -5884,6 +5883,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
continue;
}
}
FreeHttpHeader(h);
}
else if (StrCmpi(h->Method, "SSTP_DUPLEX_POST") == 0 && (ProtoEnabled(server->Proto, "SSTP") || s->IsReverseAcceptedSocket) && GetServerCapsBool(server, "b_support_sstp"))
{

13
src/Cedar/Server.c
View File

@ -2337,6 +2337,7 @@ void SiSetDefaultHubOption(HUB_OPTION *o)
o->AccessListIncludeFileCacheLifetime = ACCESS_LIST_INCLUDE_FILE_CACHE_LIFETIME;
o->RemoveDefGwOnDhcpForLocalhost = true;
o->FloodingSendQueueBufferQuota = DEFAULT_FLOODING_QUEUE_LENGTH;
o->DhcpDiscoverTimeoutMs = DEFAULT_DHCP_DISCOVER_TIMEOUT;
}
// Create a default virtual HUB
@ -3942,6 +3943,11 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o)
o->UseHubNameAsDhcpUserClassOption = CfgGetBool(f, "UseHubNameAsDhcpUserClassOption");
o->UseHubNameAsRadiusNasId = CfgGetBool(f, "UseHubNameAsRadiusNasId");
o->AllowEapMatchUserByCert = CfgGetBool(f, "AllowEapMatchUserByCert");
o->DhcpDiscoverTimeoutMs = CfgGetInt(f, "DhcpDiscoverTimeoutMs");
if (o->DhcpDiscoverTimeoutMs == 0)
{
o->DhcpDiscoverTimeoutMs = DEFAULT_DHCP_DISCOVER_TIMEOUT;
}
// Enabled by default
if (CfgIsItem(f, "ManageOnlyPrivateIP"))
@ -4048,6 +4054,7 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o)
CfgAddBool(f, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
CfgAddBool(f, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
CfgAddBool(f, "AllowEapMatchUserByCert", o->AllowEapMatchUserByCert);
CfgAddInt(f, "DhcpDiscoverTimeoutMs", o->DhcpDiscoverTimeoutMs);
}
// Write the user
@ -7533,6 +7540,11 @@ void SiCalledUpdateHub(SERVER *s, PACK *p)
o.UseHubNameAsDhcpUserClassOption = PackGetBool(p, "UseHubNameAsDhcpUserClassOption");
o.UseHubNameAsRadiusNasId = PackGetBool(p, "UseHubNameAsRadiusNasId");
o.AllowEapMatchUserByCert = PackGetBool(p, "AllowEapMatchUserByCert");
o.DhcpDiscoverTimeoutMs = PackGetInt(p, "DhcpDiscoverTimeoutMs");
if (o.DhcpDiscoverTimeoutMs == 0)
{
o.DhcpDiscoverTimeoutMs = DEFAULT_DHCP_DISCOVER_TIMEOUT;
}
save_packet_log = PackGetInt(p, "SavePacketLog");
packet_log_switch_type = PackGetInt(p, "PacketLogSwitchType");
@ -9368,6 +9380,7 @@ void SiPackAddCreateHub(PACK *p, HUB *h)
PackAddBool(p, "UseHubNameAsDhcpUserClassOption", h->Option->UseHubNameAsDhcpUserClassOption);
PackAddBool(p, "UseHubNameAsRadiusNasId", h->Option->UseHubNameAsRadiusNasId);
PackAddBool(p, "AllowEapMatchUserByCert", h->Option->AllowEapMatchUserByCert);
PackAddInt(p, "DhcpDiscoverTimeoutMs", h->Option->DhcpDiscoverTimeoutMs);
SiAccessListToPack(p, h->AccessList);

2
src/Mayaqua/3rdparty/liboqs vendored

Submodule src/Mayaqua/3rdparty/liboqs updated: f4b96220e4...94b421ebb8

2
src/Mayaqua/3rdparty/oqs-provider vendored

Submodule src/Mayaqua/3rdparty/oqs-provider updated: ec1e8431f9...f076e91faa

34
src/Mayaqua/CMakeLists.txt
View File

@ -18,20 +18,46 @@ set_target_properties(mayaqua
find_package(OpenSSL REQUIRED)
if(OPENSSL_VERSION VERSION_LESS "3") # Disable oqsprovider when OpenSSL version < 3
add_definitions(-DSKIP_OQS_PROVIDER)
if(OPENSSL_VERSION VERSION_GREATER_EQUAL "3")
set(OQS_ENABLE ON CACHE BOOL "By setting this to OFF, Open Quantum Safe algorithms will not be built in")
else()
# Disable oqsprovider when OpenSSL version < 3
set(OQS_ENABLE OFF)
endif()
if(OQS_ENABLE)
set(OQS_BUILD_ONLY_LIB ON CACHE BOOL "Set liboqs to build only the library (no tests)")
set(BUILD_TESTING OFF CACHE BOOL "By setting this to OFF, no tests or examples will be compiled.")
set(OQS_PROVIDER_BUILD_STATIC ON CACHE BOOL "Build a static library instead of a shared library") # Build oqsprovider as a static library (defaults to shared)
list(PREPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/src/Mayaqua/3rdparty/")
# Disable all other KEM families
set(OQS_ENABLE_KEM_FRODOKEM OFF)
set(OQS_ENABLE_KEM_NTRUPRIME OFF)
set(OQS_ENABLE_KEM_NTRU OFF)
set(OQS_ENABLE_KEM_CLASSIC_MCELIECE OFF)
set(OQS_ENABLE_KEM_HQC OFF)
set(OQS_ENABLE_KEM_BIKE OFF)
# Disable all SIG families
set(OQS_ENABLE_SIG_ML_DSA OFF)
set(OQS_ENABLE_SIG_FALCON OFF)
set(OQS_ENABLE_SIG_DILITHIUM OFF)
set(OQS_ENABLE_SIG_SPHINCS OFF)
set(OQS_ENABLE_SIG_MAYO OFF)
set(OQS_ENABLE_SIG_CROSS OFF)
set(OQS_ENABLE_SIG_UOV OFF)
set(OQS_ENABLE_SIG_SNOVA OFF)
set(OQS_ENABLE_SIG_SLH_DSA OFF)
add_subdirectory(3rdparty/liboqs)
add_subdirectory(3rdparty/oqs-provider)
target_include_directories(oqsprovider PUBLIC ${CMAKE_CURRENT_BINARY_DIR}/3rdparty/liboqs/include)
set_property(TARGET oqsprovider PROPERTY POSITION_INDEPENDENT_CODE ON)
target_link_libraries(mayaqua PRIVATE oqsprovider)
else()
add_definitions(-DSKIP_OQS_PROVIDER)
endif()
include(CheckSymbolExists)
@ -125,8 +151,10 @@ if(UNIX)
message("-- Using system's cpu_features")
target_link_libraries(mayaqua PRIVATE cpu_features)
else()
message("-- Using bundled cpu_features")
set(BUILD_SHARED_LIBS OFF)
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
add_subdirectory(3rdparty/cpu_features)
set_property(TARGET cpu_features PROPERTY POSITION_INDEPENDENT_CODE ON)
target_link_libraries(mayaqua PRIVATE cpu_features)
endif()

89
src/Mayaqua/TcpIp.c
View File

@ -2057,43 +2057,15 @@ bool ParsePacketL2Ex(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_ex
if (type_id_16 > 1500)
{
// Ordinary Ethernet frame
switch (type_id_16)
if (type_id_16 == MAC_PROTO_TAGVLAN)
{
case MAC_PROTO_ARPV4: // ARPv4
if (no_l3 || no_l3_l4_except_icmpv6)
{
return true;
}
return ParsePacketARPv4(p, buf, size);
case MAC_PROTO_IPV4: // IPv4
if (no_l3 || no_l3_l4_except_icmpv6)
{
return true;
}
return ParsePacketIPv4(p, buf, size);
case MAC_PROTO_IPV6: // IPv6
if (no_l3)
{
return true;
}
return ParsePacketIPv6(p, buf, size, no_l3_l4_except_icmpv6);
default: // Unknown
if (type_id_16 == p->VlanTypeID)
{
// VLAN
return ParsePacketTAGVLAN(p, buf, size);
}
else
{
return true;
}
// Parse VLAN frame
return ParsePacketTAGVLAN(p, buf, size, no_l3, no_l3_l4_except_icmpv6);
}
else
{
// Parse Ordinary Ethernet frame
return ParsePacketL3(p, buf, size, type_id_16, no_l3, no_l3_l4_except_icmpv6);
}
}
else
@ -2128,10 +2100,44 @@ bool ParsePacketL2Ex(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_ex
}
}
bool ParsePacketL3(PKT *p, UCHAR *buf, UINT size, USHORT proto, bool no_l3, bool no_l3_l4_except_icmpv6)
{
switch (proto)
{
case MAC_PROTO_ARPV4: // ARPv4
if (no_l3 || no_l3_l4_except_icmpv6)
{
return true;
}
return ParsePacketARPv4(p, buf, size);
case MAC_PROTO_IPV4: // IPv4
if (no_l3 || no_l3_l4_except_icmpv6)
{
return true;
}
return ParsePacketIPv4(p, buf, size);
case MAC_PROTO_IPV6: // IPv6
if (no_l3)
{
return true;
}
return ParsePacketIPv6(p, buf, size, no_l3_l4_except_icmpv6);
default: // Unknown
return true;
}
}
// TAG VLAN parsing
bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size)
bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_except_icmpv6)
{
USHORT vlan_ushort;
USHORT proto_ushort;
// Validate arguments
if (p == NULL || buf == NULL)
{
@ -2151,12 +2157,17 @@ bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size)
buf += sizeof(TAGVLAN_HEADER);
size -= sizeof(TAGVLAN_HEADER);
vlan_ushort = READ_USHORT(p->L3.TagVlanHeader->Data);
vlan_ushort = READ_USHORT(p->L3.TagVlanHeader->TagID);
vlan_ushort = vlan_ushort & 0xFFF;
p->VlanId = vlan_ushort;
return true;
proto_ushort = READ_USHORT(p->L3.TagVlanHeader->Protocol);
proto_ushort = proto_ushort & 0xFFFF;
// Parse the L3 packet
return ParsePacketL3(p, buf, size, proto_ushort, no_l3, no_l3_l4_except_icmpv6);
}
// BPDU Parsing

6
src/Mayaqua/TcpIp.h
View File

@ -87,7 +87,8 @@ struct ARPV4_HEADER
// Tagged VLAN header
struct TAGVLAN_HEADER
{
UCHAR Data[2]; // Data
UCHAR TagID[2]; // TagID
UCHAR Protocol[2]; // Protocol
} GCC_PACKED;
// IPv4 header
@ -762,10 +763,11 @@ void FreePacketTCPv4(PKT *p);
void FreePacketICMPv4(PKT *p);
void FreePacketDHCPv4(PKT *p);
bool ParsePacketL2Ex(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_except_icmpv6);
bool ParsePacketL3(PKT *p, UCHAR *buf, UINT size, USHORT proto, bool no_l3, bool no_l3_l4_except_icmpv6);
bool ParsePacketARPv4(PKT *p, UCHAR *buf, UINT size);
bool ParsePacketIPv4(PKT *p, UCHAR *buf, UINT size);
bool ParsePacketBPDU(PKT *p, UCHAR *buf, UINT size);
bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size);
bool ParsePacketTAGVLAN(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_except_icmpv6);
bool ParseICMPv4(PKT *p, UCHAR *buf, UINT size);
bool ParseICMPv6(PKT *p, UCHAR *buf, UINT size);
bool ParseTCP(PKT *p, UCHAR *buf, UINT size);

68
src/bin/hamcore/strtable_id.stb
View File

@ -1336,7 +1336,7 @@ SM_FMINFO_HUB Virtual Hub #%u
SM_FMINFO_HUB_TAG_1 %S (Dinamis)
SM_FMINFO_HUB_TAG_2 %S (Statis)
SM_FMINFO_NUM_SESSION Jumlah Sesi
SM_FMINFO_NUM_CONNECTION Jumlah Koneksi TCP
SM_FMINFO_NUN_CONNECTION Jumlah Koneksi TCP
SM_FMINFO_CAPTION Status Anggota Cluster Server
SM_FC_STATUS_CAPTION Status Koneksi ke Pengendali Cluster
SM_FC_IP Alamat IP Pengendali
@ -1890,7 +1890,7 @@ LE_RECONNECT Pengaturan EtherIP / L2TPv3 telah diubah. Pipa internal sekarang
# (PPP Log)
LP_PREFIX Sesi PPP %S[%S:%u]:
LP_PREFIX %S%SSesi PPP [%S:%u]:
LP_CONNECTED Sesi PPP baru dimulai (Protokol atas: %S). Alamat IP Klien PPP: %S (Nama Host: "%S"), Nomor Port Klien PPP: %u, Alamat IP Server PPP: %S, Nomor Port Server PPP: %u, Nama Perangkat Lunak Klien: "%S", Ukuran Segmen Maksimum TCP IPv4 (MSS): %u byte
LP_DISCONNECTED Sesi PPP terputus.
LP_PAP_REJECTED Klien menolak untuk menerima protokol otentikasi "PAP" (Protokol Otentikasi Kata Sandi, protokol otentikasi kata sandi teks jelas). Aktifkan PAP di sisi klien dan coba lagi.
@ -4588,8 +4588,8 @@ CMD_ListenerDisable_PortPrompt Nomor port dari Listener TCP/IP yang akan dihenti
# PortsUDPSet command
CMD_PortsUDPSet Mengatur Port UDP yang Harus Didengarkan oleh Server
CMD_PortsUDPSet_Help Perintah ini dapat digunakan untuk menentukan satu atau beberapa port UDP yang harus didengarkan oleh server. \nAnda dapat menentukan port yang sedang digunakan oleh proses lain, namun server tidak akan dapat menggunakannya sampai port tersebut menjadi bebas. \nTentukan nomor port yang berada dalam rentang 1 hingga 65535. \nAnda dapat melihat port yang saat ini telah disetel dengan perintah PortsUDPGet. \nUntuk menjalankan perintah ini, Anda harus memiliki hak akses administrator VPN Server.
CMD_PortsUDPSet_Args PortsUDPSet [port]
CMD_PortsUDPSet_[port] Beberapa port UDP dapat ditentukan dengan memisahkannya menggunakan spasi atau koma, misalnya: "443, 992, 1194, 5555". \nTentukan "0" untuk menonaktifkan pendengar UDP. \n\nPort:
CMD_PortsUDPSet_Args PortsUDPSet [ports]
CMD_PortsUDPSet_[ports] Beberapa port UDP dapat ditentukan dengan memisahkannya menggunakan spasi atau koma, misalnya: "443, 992, 1194, 5555". \nTentukan "0" untuk menonaktifkan pendengar UDP. \n\nPort:
# PortsUDPGet command
@ -4602,11 +4602,11 @@ CMD_PortsUDPGet_Ports Port UDP
# ProtoOptionsSet command
CMD_ProtoOptionsSet Mengatur nilai opsi untuk protokol yang ditentukan
CMD_ProtoOptionsSet_Help Perintah ini dapat digunakan untuk mengubah nilai opsi untuk protokol tertentu. \nAnda dapat mengambil opsi menggunakan perintah ProtoOptionsGet. \nUntuk menjalankan perintah ini, Anda harus memiliki hak istimewa administrator VPN Server.
CMD_ProtoOptionsSet_Args ProtoOptionsSet [protokol] [/NAME:nama_opsi] [/VALUE:string/true/false]
CMD_ProtoOptionsSet_[protokol] Nama protokol.
CMD_ProtoOptionsSet_Args ProtoOptionsSet [protocol] [/NAME:option_name] [/VALUE:string/true/false]
CMD_ProtoOptionsSet_[protocol] Nama protokol.
CMD_ProtoOptionsSet_NAME Nama opsi.
CMD_ProtoOptionsSet_VALUE Nilai opsi. Pastikan untuk menulis nilai yang diterima oleh protokol yang ditentukan!
CMD_ProtoOptionsSet_Prompt_[protokol] Protokol:
CMD_ProtoOptionsSet_Prompt_[protocol] Protokol:
CMD_ProtoOptionsSet_Prompt_NAME Opsi:
CMD_ProtoOptionsSet_Prompt_VALUE Nilai:
@ -4614,9 +4614,9 @@ CMD_ProtoOptionsSet_Prompt_VALUE Nilai:
# ProtoOptionsGet command
CMD_ProtoOptionsGet Menampilkan opsi untuk protokol yang ditentukan
CMD_ProtoOptionsGet_Help Perintah ini dapat digunakan untuk mengambil opsi untuk protokol tertentu. \nInformasi detail (misalnya tipe nilai) akan ditampilkan. \nAnda dapat mengubah nilai opsi dengan perintah ProtoOptionsSet.
CMD_ProtoOptionsGet_Args ProtoOptionsGet [protokol]
CMD_ProtoOptionsGet_[protokol] Nama protokol.
CMD_ProtoOptionsGet_Prompt_[protokol] Protokol:
CMD_ProtoOptionsGet_Args ProtoOptionsGet [protocol]
CMD_ProtoOptionsGet_[protocol] Nama protokol.
CMD_ProtoOptionsGet_Prompt_[protocol] Protokol:
CMD_ProtoOptionsGet_Column_Name Nama
CMD_ProtoOptionsGet_Column_Type Tipe
CMD_ProtoOptionsGet_Column_Value Nilai
@ -4633,8 +4633,8 @@ CMD_ProtoOptions_Description_OpenVPN_Timeout Waktu dalam milidetik setelah
# ServerPasswordSet command
CMD_ServerPasswordSet Setel Kata Sandi Administrator VPN Server
CMD_ServerPasswordSet_Help Ini mengatur kata sandi administrator VPN Server. Anda dapat menentukan kata sandi sebagai parameter. Jika kata sandi tidak ditentukan, prompt akan ditampilkan untuk memasukkan kata sandi dan konfirmasi kata sandi. Jika Anda menyertakan kata sandi sebagai parameter, kata sandi ini akan ditampilkan sesaat di layar, yang dapat menimbulkan risiko. Kami menyarankan agar sebisa mungkin, hindari menentukan parameter ini dan masukkan kata sandi menggunakan prompt kata sandi. \nUntuk mengeksekusi perintah ini, Anda harus memiliki hak istimewa administrator VPN Server.
CMD_ServerPasswordSet_Args ServerPasswordSet [kata_sandi]
CMD_ServerPasswordSet_[kata_sandi] Ini menentukan pengaturan kata sandi baru.
CMD_ServerPasswordSet_Args ServerPasswordSet [password]
CMD_ServerPasswordSet_[password] Ini menentukan pengaturan kata sandi baru.
# ClusterSettingGet command
@ -5232,25 +5232,25 @@ CMD_StatusGet_Args StatusGet
# LogGet command
CMD_LogGet Dapatkan Pengaturan Penyimpanan Log dari Hub Virtual
CMD_LogGet_Help Gunakan ini untuk mendapatkan pengaturan penyimpanan log dari Hub Virtual yang sedang dikelola. Anda dapat memperoleh informasi pengaturan seperti pengaturan penyimpanan terkait log keamanan dan log paket serta informasi tentang apa yang telah disimpan.
CMD_LogGet_Args LogGet
CMD_Log_Security Log Simpan Log Keamanan
CMD_Log_PacketLog Simpan Log Paket
CMD_Log_SwitchType Siklus Pergantian File Log
CMD_Log_0 Log Koneksi TCP
CMD_Log_1 Log Paket TCP
CMD_Log_2 Log DHCP
CMD_Log_3 Log UDP
CMD_Log_4 Log ICMP
CMD_Log_5 Log IP
CMD_Log_6 Log ARP
CMD_Log_7 Log Ethernet
CMD_LogGet Dapatkan Pengaturan Penyimpanan Log dari Hub Virtual
CMD_LogGet_Help Gunakan ini untuk mendapatkan pengaturan penyimpanan log dari Hub Virtual yang sedang dikelola. Anda dapat memperoleh informasi pengaturan seperti pengaturan penyimpanan terkait log keamanan dan log paket serta informasi tentang apa yang telah disimpan.
CMD_LogGet_Args LogGet
CMD_Log_SecurityLog Simpan Log Keamanan
CMD_Log_PacketLog Simpan Log Paket
CMD_Log_SwitchType Siklus Pergantian File Log
CMD_Log_0 Log Koneksi TCP
CMD_Log_1 Log Paket TCP
CMD_Log_2 Log DHCP
CMD_Log_3 Log UDP
CMD_Log_4 Log ICMP
CMD_Log_5 Log IP
CMD_Log_6 Log ARP
CMD_Log_7 Log Ethernet
# LogEnable command
CMD_LogEnable Mengaktifkan Log Keamanan atau Log Paket
CMD_LogEnable_Help Gunakan ini untuk mengaktifkan log keamanan atau log paket dari Hub Virtual yang sedang dikelola. \nUntuk mendapatkan pengaturan saat ini, Anda dapat menggunakan perintah LogGet.
CMD_LogEnable Mengaktifkan Log Keamanan atau Log Paket
CMD_LogEnable_Help Gunakan ini untuk mengaktifkan log keamanan atau log paket dari Hub Virtual yang sedang dikelola. \nUntuk mendapatkan pengaturan saat ini, Anda dapat menggunakan perintah LogGet.
CMD_LogEnable_Args LogEnable [security|packet]
CMD_LogEnable_[security|packet] Pilih jenis log untuk diaktifkan. Tentukan "keamanan" atau "paket".
CMD_LogEnable_Prompt Pilih Keamanan atau Paket:
@ -5421,7 +5421,7 @@ CMD_CascadeEncryptDisable_[name] Tentukan nama Koneksi Cascade yang pengaturanny
# CascadeCompressEnable command
CMD_CascadeCompressEnable Aktifkan Kompresi Data saat Berkomunikasi melalui Koneksi Cascade
CMD_CascadeCompressEnable_Help Ketika Koneksi Cascade yang terdaftar pada Virtual Hub yang saat ini dikelola ditentukan dan Koneksi Cascade tersebut digunakan untuk komunikasi antara Server VPN melalui koneksi VPN, gunakan ini untuk mengatur agar isi komunikasi antara Server VPN dikompresi. \nMungkin mencapai kompresi maksimal hingga 80%. Namun, kompresi memberikan beban yang lebih tinggi pada CPU baik pada mesin klien maupun server. Ketika kecepatan garis sekitar 10 Mbps atau lebih, kompresi dapat menurunkan throughput, tetapi terkadang dapat memiliki efek sebaliknya. \nAnda tidak dapat menjalankan perintah ini untuk Virtual Hub pada Server VPN yang beroperasi sebagai cluster.
CMD_CascadeCompressEnable_Help Ketika Koneksi Cascade yang terdaftar pada Virtual Hub yang saat ini dikelola ditentukan dan Koneksi Cascade tersebut digunakan untuk komunikasi antara Server VPN melalui koneksi VPN, gunakan ini untuk mengatur agar isi komunikasi antara Server VPN dikompresi. \nKompresi dapat mencapai hingga 80% efisiensi dalam mengurangi ukuran data. Namun, kompresi memberikan beban yang lebih tinggi pada CPU baik pada mesin klien maupun server. Ketika kecepatan garis sekitar 10 Mbps atau lebih, kompresi dapat menurunkan throughput, tetapi terkadang dapat memiliki efek sebaliknya. \nAnda tidak dapat menjalankan perintah ini untuk Virtual Hub pada Server VPN yang beroperasi sebagai cluster.
CMD_CascadeCompressEnable_Args CascadeCompressEnable [name]
CMD_CascadeCompressEnable_[name] Tentukan nama Koneksi Cascade yang pengaturannya ingin Anda ubah.
@ -5685,8 +5685,8 @@ CMD_AccessAddEx_SRCMAC Tentukan alamat MAC sumber sebagai aturan. Tentukan alam
CMD_AccessAddEx_DESTMAC Tentukan alamat MAC tujuan sebagai aturan. Gunakan metode yang sama seperti untuk parameter /SRCMAC.
CMD_AccessAddEx_TCPSTATE Tentukan status koneksi TCP sebagai aturan. Gunakan Established atau Unestablished.
CMD_AccessAddEx_DELAY Tentukan nilai ini untuk menghasilkan keterlambatan ketika paket melewati. Tentukan periode keterlambatan dalam milidetik. Menentukan 0 berarti tidak ada keterlambatan yang dihasilkan. Keterlambatan maksimal adalah 10000 milidetik.
CMD_AccessAddEx_JITTER Tentukan nilai ini untuk menghasilkan jitter ketika paket melewati. Tentukan rasio fluktuasi jitter dalam kisaran 0% hingga 100%. Menentukan 0 berarti tidak ada jitter yang dihasilkan.
CMD_AccessAddEx_LOSS Tentukan nilai ini untuk menghasilkan kehilangan paket ketika paket melewati. Tentukan rasio kehilangan paket dalam kisaran 0% hingga 100%. Menentukan 0 berarti tidak ada kehilangan paket yang dihasilkan.
CMD_AccessAddEx_JITTER Tentukan nilai ini untuk menghasilkan jitter ketika paket melewati. Rasio fluktuasi jitter dapat ditentukan dalam kisaran dari 0% hingga 100% sesuai kebutuhan. Menentukan 0 berarti tidak ada jitter yang dihasilkan.
CMD_AccessAddEx_LOSS Tentukan nilai ini untuk menghasilkan kehilangan paket ketika paket melewati. Rasio kehilangan paket dapat ditentukan dalam kisaran dari 0% hingga 100% sesuai kebutuhan. Menentukan 0 berarti tidak ada kehilangan paket yang dihasilkan.
CMD_AccessAddEx_REDIRECTURL URL yang ditentukan akan dijawab wajib kepada klien sebagai respons untuk paket permintaan koneksi TCP yang cocok dengan kondisi entri daftar akses ini melalui Virtual Hub ini. Untuk menggunakan pengaturan ini, kamu dapat memaksa browser web di komputer VPN Client untuk menunjukkan situs web yang ditentukan ketika browser tersebut mencoba mengakses alamat IP tertentu.
CMD_AccessAddEx_Prompt_DELAY Keterlambatan yang Akan Dihasilkan (dalam milidetik: 0 - 10000):
CMD_AccessAddEx_Prompt_JITTER Fluktuasi Jitter yang Akan Dihasilkan (Persen: 0 - 100):
@ -5747,8 +5747,8 @@ CMD_AccessAddEx6_SRCMAC Tentukan alamat MAC sumber sebagai aturan. Tentukan ala
CMD_AccessAddEx6_DESTMAC Tentukan alamat MAC tujuan sebagai aturan. Gunakan metode yang sama seperti untuk parameter /SRCMAC.
CMD_AccessAddEx6_TCPSTATE Tentukan status koneksi TCP sebagai aturan. Gunakan Established atau Unestablished.
CMD_AccessAddEx6_DELAY Tentukan nilai ini untuk menghasilkan keterlambatan saat paket melewati. Tentukan periode keterlambatan dalam milidetik. Tentukan 0 berarti tidak ada keterlambatan yang dihasilkan. Keterlambatan maksimal yang dapat dihasilkan adalah 10000 milidetik.
CMD_AccessAddEx6_JITTER Tentukan nilai ini untuk menghasilkan jitter saat paket melewati. Tentukan rasio fluktuasi jitter dalam rentang 0% hingga 100%. Tentukan 0 berarti tidak ada jitter yang dihasilkan.
CMD_AccessAddEx6_LOSS Tentukan nilai ini untuk menghasilkan kehilangan paket saat paket melewati. Tentukan rasio kehilangan paket dalam rentang 0% hingga 100%. Tentukan 0 berarti tidak ada kehilangan paket yang dihasilkan.
CMD_AccessAddEx6_JITTER Tentukan nilai ini untuk menghasilkan jitter ketika paket melewati. Rasio fluktuasi jitter dapat ditentukan dalam kisaran dari 0% hingga 100% sesuai kebutuhan. Menentukan 0 berarti tidak ada jitter yang dihasilkan.
CMD_AccessAddEx6_LOSS Tentukan nilai ini untuk menghasilkan kehilangan paket ketika paket melewati. Rasio kehilangan paket dapat ditentukan dalam kisaran dari 0% hingga 100% sesuai kebutuhan. Menentukan 0 berarti tidak ada kehilangan paket yang dihasilkan.
CMD_AccessAddEx6_REDIRECTURL URL yang ditentukan akan dijawab secara wajib kepada klien sebagai respons untuk paket permintaan koneksi TCP yang cocok dengan kondisi entri daftar akses ini melalui Virtual Hub ini. Untuk menggunakan pengaturan ini, kamu dapat memaksa peramban web pada komputer VPN Client untuk menampilkan situs web yang ditentukan ketika peramban web tersebut mencoba mengakses alamat IP tertentu.
CMD_AccessAddEx6_Prompt_DELAY Keterlambatan untuk Dihasilkan (dalam milidetik: 0 - 10000):
CMD_AccessAddEx6_Prompt_JITTER Fluktuasi Jitter untuk Dihasilkan (Persen: 0 - 100):
@ -6728,7 +6728,7 @@ CMD_AccountEncryptDisable_[name] Tentukan nama Pengaturan Koneksi VPN yang penga
# AccountCompressEnable command
CMD_AccountCompressEnable Aktifkan Kompresi Data saat Berkomunikasi melalui Pengaturan Koneksi VPN
CMD_AccountCompressEnable_Help Ketika Pengaturan Koneksi VPN yang terdaftar di VPN Client ditentukan dan Pengaturan Koneksi VPN tersebut digunakan untuk komunikasi antara VPN Server melalui koneksi VPN, gunakan ini untuk mengatur konten komunikasi antara VPN Server agar dikompresi. \nKompresi dapat mencapai hingga 80%. Namun, kompresi memberikan beban yang lebih tinggi pada CPU baik di mesin klien maupun server. Ketika kecepatan jalur sekitar 10 Mbps atau lebih, kompresi dapat menurunkan throughput, tetapi kadang-kadang dapat memiliki efek sebaliknya.
CMD_AccountCompressEnable_Help Ketika Pengaturan Koneksi VPN yang terdaftar di VPN Client ditentukan dan Pengaturan Koneksi VPN tersebut digunakan untuk komunikasi antara VPN Server melalui koneksi VPN, gunakan ini untuk mengatur konten komunikasi antara VPN Server agar dikompresi. \nKompresi dapat mencapai hingga 80% efisiensi dalam mengurangi ukuran data. Namun, kompresi memberikan beban yang lebih tinggi pada CPU baik di mesin klien maupun server. Ketika kecepatan jalur sekitar 10 Mbps atau lebih, kompresi dapat menurunkan throughput, tetapi kadang-kadang dapat memiliki efek sebaliknya.
CMD_AccountCompressEnable_Args AccountCompressEnable [name]
CMD_AccountCompressEnable_[name] Tentukan nama Pengaturan Koneksi VPN yang pengaturannya ingin Anda ubah.