1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-01-12 18:30:33 +03:00
Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.
Go to file
Daiyuu Nobori c49e462ed1 Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-09-28 18:26:17 +09:00
.ci CI: drop AppVeyor source release creation in favour of GH Actions 2023-04-21 22:26:30 +02:00
.github CI: add stb check 2023-08-25 22:06:09 +02:00
3rdparty Cedar: Add "BLAKE2" submodule 2021-03-01 02:49:57 +01:00
developer_tools stbchecker: retarget against net7.0 2023-08-25 22:05:08 +02:00
resources README.md: Mention Icons8's support 2018-12-07 08:50:34 +00:00
src Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736 2023-09-28 18:26:17 +09:00
systemd Fix invalid systemd TasksMax 2022-05-11 18:23:48 +08:00
.appveyor.yml CI: drop AppVeyor source release creation in favour of GH Actions 2023-04-21 22:26:30 +02:00
.azure-pipelines.yml Move Azure Pipelines configurations into dedicated directory 2021-02-19 21:17:05 +01:00
.cirrus.yml CI: cirrus-ci: switch to freebsd-13.2 2023-04-16 22:58:03 +02:00
.gitattributes change line endings to LF 2018-07-25 22:57:30 +05:00
.gitignore .gitignore: do not count Visual Studio user settings 2023-03-11 21:48:31 +01:00
.gitlab-ci.yml CI: gitlab: remove broken tasks, leave only Illumos 2021-09-08 21:15:13 +05:00
.gitmodules hamcorebuilder: Use libhamcore to build archive 2021-03-10 02:13:00 +01:00
.travis.yml CI: travis: cleanup stb check 2023-08-25 22:07:07 +02:00
AUTHORS.TXT Update AUTHORS.TXT 2021-09-28 22:24:48 +08:00
CMakeLists.txt build: windows: link MSVC runtime statically 2023-03-11 21:52:11 +01:00
CMakeSettings.json build: windows: link MSVC runtime statically 2023-03-11 21:52:11 +01:00
CODE_OF_CONDUCT.md Add (No) Code of Conduct 2021-04-06 19:43:00 +02:00
configure CMake: don't hardcode build directories 2020-07-20 18:31:41 +02:00
configure.cmd CMake: don't hardcode build directories 2020-07-20 18:31:41 +02:00
Declaration_Switch_License_from_GPL_to_Apache.pdf Date change of Declaration_Switch_License_from_GPL_to_Apache.pdf 2019-01-21 09:34:14 +09:00
description Add project description in a dedicated file 2018-08-09 23:03:32 +02:00
DISCLAIMER.md documentation cleanup: (#502) 2018-05-24 10:33:42 +02:00
FUNDING.yml FUNDING.yml: Remove Bountysource link 2022-01-03 03:17:56 +01:00
LICENSE Documents: Switching license from GPLv2 to Apache License 2.0. 2018-12-02 09:37:24 +09:00
README.md add github security reporting to README.md 2023-05-14 21:21:03 +02:00
SECURITY.md introduce security policy 2023-05-14 21:13:42 +02:00
vcpkg.json Remove vcpkg baseline as openssl build has been fixed upstream 2022-05-28 15:26:23 +09:00
version.py Revert "version.py: Fix CI failure on macOS by avoiding inline if statement" 2021-02-20 17:27:02 +01:00

SoftEther VPN

Badges
AppVeyor AppVeyor build status
GitLab CI GitLab CI build status
Coverity Scan Coverity Scan build status
Azure Pipelines Azure Pipelines build status for Nightly
Cirrus CI Cirrus CI build status

SoftEther VPN (Developer Edition Master Repository)

This repository has experimental codes. Pull requests are welcome.

Stable Edition is available on https://github.com/SoftEtherVPN/SoftEtherVPN_Stable which the non-developer user can stable use.

Please note that some features are not available in Stable Edition.

Source code packages (.zip and .tar.gz) and binary files of Stable Edition are also available:
https://www.softether-download.com/

Copyright (c) all contributors on SoftEther VPN project in GitHub. Copyright (c) Daiyuu Nobori, SoftEther Project at University of Tsukuba, and SoftEther Corporation.


The development of SoftEther VPN was supported by the MITOH Project, a research and development project by Japanese Government, subsidized by Ministry of Economy, Trade and Industry of Japan, administrated by Information Promotion Agency. https://www.ipa.go.jp/english/humandev/


https://icons8.com

Icons8 kindly supported the project by gifting a license which allows to edit and redistribute their icons.

Please note that you are not allowed to redistribute those icons outside of this repository.

The developers of SoftEther VPN love Icons8's work and kindly ask the users to support them as much as possible.


Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

SoftEther VPN ("SoftEther" means "Software Ethernet") is one of the world's most powerful and easy-to-use multi-protocol VPN software.

SoftEther VPN runs on Windows, Linux, Mac, FreeBSD and Solaris.

SoftEther VPN supports most of widely-used VPN protocols including SSL-VPN, WireGuard, OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3 and EtherIP by the single SoftEther VPN Server program.

More details on https://www.softether.org/.

BOARD MEMBERS OF THIS REPOSITORY

Daiyuu Nobori (Since Jan 2, 2014) https://github.com/dnobori

Moataz Elmasry (Since Nov 6, 2017) https://github.com/moatazelmasry2

Zulyandri Zardi (Since Nov 6, 2017) https://github.com/zulzardi

Alex Maslakov (Since Nov 6, 2017) https://github.com/GildedHonour

Davide Beatrici (Since Jul 21, 2018) https://github.com/davidebeatrici

Ilya Shipitsin (Since Jul 21, 2018) https://github.com/chipitsine

Yihong Wu (Since Jul 16, 2021) https://github.com/domosekai

SOFTETHER VPN ADVANTAGES

  • Supporting all popular VPN protocols by the single VPN server: SSL-VPN (HTTPS) WireGuard OpenVPN IPsec L2TP MS-SSTP L2TPv3 EtherIP
  • Free and open-source software.
  • Easy to establish both remote-access and site-to-site VPN.
  • SSL-VPN Tunneling on HTTPS to pass through NATs and firewalls.
  • Revolutionary VPN over ICMP and VPN over DNS features.
  • Resistance to highly-restricted firewall.
  • Ethernet-bridging (L2) and IP-routing (L3) over VPN.
  • Embedded dynamic-DNS and NAT-traversal so that no static nor fixed IP address is required.
  • AES 256-bit and RSA 4096-bit encryptions.
  • Sufficient security features such as logging and firewall inner VPN tunnel.
  • User authentication with RADIUS and NT domain controllers.
  • User authentication with X.509 client certificate.
  • Packet logging.
  • 1Gbps-class high-speed throughput performance with low memory and CPU usage.
  • Windows, Linux, Mac, Android, iPhone, iPad and Windows Phone are supported.
  • The OpenVPN clone function supports legacy OpenVPN clients.
  • IPv4 / IPv6 dual-stack.
  • The VPN server runs on Windows, Linux, FreeBSD, Solaris and Mac OS X.
  • Configure All settings on GUI.
  • Multi-languages (English, Japanese and Simplified-Chinese).
  • No memory leaks. High quality stable codes, intended for long-term runs. We always verify that there are no memory or resource leaks before releasing the build.
  • More details at https://www.softether.org/.

Comparison with Stable Edition

Protocol Stable Edition (SE) Developer Edition (DE) Comment
SSL-VPN
OpenVPN AEAD mode is supported in DE only.
IPsec
L2TP
MS-SSTP
L2TPv3
EtherIP
WireGuard
IKEv2
Feature Stable Edition (SE) Developer Edition (DE) Comment
Password Authentication
RADIUS / NT Authentication
Certificate Authentication ⚠️ SE supports the feature in SSL-VPN only.
IPv6-capable VPN Tunnel ⚠️ SE supports IPv6 in L2 VPN tunnels only.
IPv4 Route Management Windows clients only
IPv6 Route Management Windows clients only
TLS Server Verification ⚠️ In SE you need to specify the exact certificate or CA to verify. DE can perform standard TLS verification and use the system CA store.
Dual-stack Name Resolution ⚠️ SE attempts in IPv6 only after IPv4 has failed.
ECDSA Certificates Import
Runs on Windows XP and Earlier
Compatible with SoftEther VPN 1.0
AES-NI Hardware Acceleration ⚠️ SE requires intel_aes_lib to enable AES-NI, so x86 only. In DE, enabled by default as long as processor supports it (at least x86 and ARM).

Installation

For FreeBSD

SoftEther VPN in FreeBSD Ports Collection is maintained by Koichiro Iwao (@metalefty).

Binary package can be installed by pkg:

pkg install softether5

Alternatively, it can be built & installed by ports:

make install -C /usr/ports/security/softether5

To run SoftEther VPN Server:

service softether_server start

To configure SoftEther VPN Server startup on boot:

sysrc softether_server_enable=yes

Also SoftEther VPN Stable Edition and RTM version are available on FreeBSD.

For Windows

Nightly builds (choose appropriate platform, then find binaries or installers as artifacts)

From binary installers (stable channel)

Those can be found under https://www.softether-download.com/ There you can also find SoftEtherVPN source code in zip and tar formats.

Build from Source code

see BUILD_UNIX or BUILD_WINDOWS

There are two flavours of SoftEtherVPN source code:

  1. Unstable. Found under https://github.com/SoftEtherVPN/SoftEtherVPN
  2. Stable. Found under https://github.com/SoftEtherVPN/SoftEtherVPN_Stable

About HTML5-based Modern Admin Console and JSON-RPC API Suite

Built-in SoftEther VPN Server HTML5 Ajax-based Web Administration Console

We are developing the HTML5 Ajax-based Web Administration Console (currently very limited, under construction) in the embedded HTTPS server on the SoftEther VPN Server.

Access to the following URL from your favorite web browser.

https://<vpn_server_hostname>:<port>/admin/

For example if your VPN Server is running as the port 5555 on the host at 192.168.0.1, you can access to the web console by:

https://192.168.0.1:5555/admin/

Note: Your HTML5 development contribution is very appreciated. The current HTML5 pages are written by Daiyuu Nobori (the core developer of SoftEther VPN). He is obviously lack of HTML5 development ability. Please kindly consider to contribute for SoftEther VPN's development on GitHub. Your code will help every people running SoftEther VPN Server.

Built-in SoftEther Server VPN JSON-RPC API Suite

The API Suite allows you to easily develop your original SoftEther VPN Server management application to control the VPN Server (e.g. creating users, adding Virtual Hubs, disconnecting a specified VPN sessions).

You can access to the latest SoftEther VPN Server JSON-RPC Document on GitHub.

  • Almost all control APIs, which the VPN Server provides, are available as JSON-RPC API. You can write your own VPN Server management application in your favorite languages (JavaScript, TypeScript, Java, Python, Ruby, C#, ... etc.)
  • If you are planning to develop your own VPN cloud service, the JSON-RPC API is the best choice to realize the automated operations for the VPN Server.
  • No need to use any specific API client library since all APIs are provided on the JSON-RPC 2.0 Specification. You can use your favorite JSON and HTTPS client library to call any of all APIs in your pure runtime environment.
  • Also, the SoftEther VPN Project provides high-quality JSON-RPC client stub libraries which define all of the API client stub codes. These libraries are written in C#, JavaScript and TypeScript. The Node.js Client Library for VPN Server RPC (vpnrpc) package is also available.

TO CIRCUMVENT YOUR GOVERNMENT'S FIREWALL RESTRICTION

Because SoftEther VPN is overly strong tool to build a VPN tunnel, some censorship governments want to block your access to the source code of SoftEther VPN, by abusing their censorship firewalls.

To circumvent your censor's unjust restriction, SoftEther VPN Project distributes the up-to-date source code on all the following open-source repositories:

We hope that you can reach one of the above URLs at least!

SOURCE CODE CONTRIBUTION

Your contribution to SoftEther VPN Project is much appreciated. Please send patches to us through GitHub.

DEAR SECURITY EXPERTS

If you find a bug or a security vulnerability please kindly inform us about the problem immediately so that we can fix the security problem to protect a lot of users around the world as soon as possible.

Our e-mail address for security reports is: softether-vpn-security at softether.org

Please note that the above e-mail address is not a technical support inquiry address. If you need technical assistance, please visit https://www.softether.org/ and ask your question on the users forum.