If you’re here, we are assuming you are wanting to access a computer or a computer network from outside the confines of where the machine(s) are that you need to access. This solution, will work on both a MAC and a Windows based PC. Since our expertise is with the Microsoft Product line we will use Windows 10 as our demo system. This solution has been verified on Windows 7, and Server 2008 as well. The steps are basically the same on all the platforms mentioned. We will be using a free software package called “SoftEther”.
SoftEther has the benefits of being free to install, and no ongoing fees from SoftEther. Once properly configured, it can run as fast as your internet connection can handle, so for most people the software is very responsive. This software is as secure as any non-hardware-based VPN (Virtual Private Networking) is capable of being. Your data is encrypted in transit, there are no new ports opened on the firewall or router. This means that the RDP port normally natted through the firewall to the machine you want to access can be closed. Most ransomware that encrypts data on PC’s and networks enters via this port because lots of small businesses leave the port open for remote desktop. Remote Data Protocol (RDP) on Microsoft Windows runs on port 3389 and can be changed to whatever open port you like. Changing the port number does not hide RDP from those who want to do you harm. RDP will answer on whatever port you open on your router or firewall. The bad guys use port scanners, then look for listening clients using protocols such as RDP. Once they find a vulnerable system they aim computer applications at your machine until they gain access. Since the programs are automated hacking processes, they will keep working away until your machines give them the credentials they need to get access or slow down your equipment to where it becomes unusable. SoftEther stops this problem completely. You don’t need an IT person to come and configure your network, but if you are on a corporate network, you must inform the I.T. staff of the fact that you are using it. Installing it on corporate machines without permission, could get you in trouble with the boss. You connect to your machines using Microsoft’s Remote desktop. The major downside to this software, is it is hosted by server run in an educational facility in Japan, and should the university decide to stop hosting the solution, the software will no longer function, and it will likely happen without warning.
If you’re responsible for a small business network, this is a good solution if you have a good firewall in place with very good anti-virus, disaster prevention plus recovery procedures in place and don’t mind shopping for another remote desktop solution at a moment’s notice, SoftEther is perfect. If not sure what you have you’re looking for a solid performing remote desktop, VPN solution with antivirus, antimalware, intrusion prevention strategies, and don’t want to be involved in the details don’t install SoftEther. Instead call us, we can build and maintain a complete Unified Threat Management Strategy that includes disaster prevention and recovery strategies that complies with and exceed PCI, GDPR and HIPPA security standards. You can read about our Unified Threat Management system. SoftEther is a great product for businesses or individuals who have a good security system in place and are not requiring a mission critical remote access solution, but need more security than Microsoft Windows provides out of the box.
We are assuming you know how to enable RDP service, and run the remote desktop client on all machines you need to access. For the purposes of this article, we are going to refer to the SoftEther server as the computer you are trying to access and the SoftEther client as the software you install on the computer you are using remotely.
The chart below is a basic description of how the SoftEther product works.
If you install the software using the default settings, it will work, but most likely be slower than a mud sick turtle. In other words, practically impossible to use.
Now that the preliminaries are out of the way:
From the computer you want to gain access to from outside download the server software:
- Download SoftEther VPN Server
- All files distributed by SoftEther are digitally-signed by a certificate issued from VeriSign or GlobalSign, and countersigned by Symantec.
Install The VPN Server on your office PC
You can also install this on Linux, FreeBSD, Solaris, or Mac OS X. When the installer opens you should get screen like the one below,
Click next over and over again until you get a page that looks like the one below. On the next screen select “SoftEther VPN Server” in the component-selection dialogue. See Below:
SoftEther VPN Server Initial Configurations
After the install finishes, find and run VPN Server Manager, or you can run it in the last screen of the installer. From here, double-click the “localhost” item on the servers list.
The first time this opens it will ask for an admin password. Leave this blank and click next. This password is important as it allows you to login into the system in administrator mode on the VPN Server. When the time comes make a strong password! (We use password generators that we get from outside services to create passwords.)
The first time, the Easy Setup wizard appears. We recommend you read the entire description of the next screen then Check “Remote Access VPN Server” and press “Next”.
Make Your Unique Softether Hostname
The “Dynamic DNS Function” screen appears. You can set up your favorite hostname on the VPN Server. A hostname must 3 charectors or more, and 31 or less letters. Only alphabets and digits are accepted.
For example you specify “test1” , then your hostname on the VPN Azure Cloud will be “test1.vpnazure.net” .
The Dynamic DNS Function screen says your hostname will be appended by a suffix “.softether.net” . This “.softether.net” part will be replaced to “.vpnazure.net” when you use VPN Azure. After hostname sis specified press “Set to Above Hostname” button and click Exit.
Softether – IPsec Configuration (No need to set up)
The “IPsec / L2TP / EtherIP / L2TPv3 Server Settings” screen will appear. This screen is to enable the IPsec VPN function to support iPhone, iPad, Android. You need not to enable it if you want to use just VPN Azure. So go ahead by simply clicking OK.
Activate VPN Azure
The “VPN Azure Service Settings” screen will appear. “Enable VPN Azure” radio-button is located on the left-bottom side. Check it to activate VPN Azure function. (It is disabled by default.)
After you activate it, wait for a few seconds and the status will be changed to “Status: Connected”. In this status. Your VPN Server is connected to VPN Azure. Now the VPN Server is reachable from the Internet, anywhere via the VPN Azure Cloud Servers.
If the “Status: Connected” never comes, your computer might not be connected to the Internet. Make sure your web browser can access to any web sites. Some firewalls will prevent the software from working. In such a case, ask your network administrator to see if he is willing to accommodate this software network.
Create a SoftEther User
After pressing OK on the VPN Azure Settings screen, next you will see the “VPN Easy Setup Tasks” screen. You should click “Create Users” button to define a user at least one User.
The “Create New User” screen will appear. In this screen, you can make a lot of detailed configurations. However, we need to only create a user. Input your username and Password Authentication Settings” boxes. The Click “OK” only once, you have to create bridge on the next screen. If you miss this step we start the intsall over again.
Local Bridge Settings
At the bottom of the screen, in step three you will set the bridge up. If your network adapters are listed, select one network adapter from the list. You should select the network adapter which is now have a role to connect to your local private network. Do not choose a Wi-Fi adapter. Almost all Wi-Fi adapters are not capable for making Local Bridges. Use wired Ethernet adapters to connect the corporate network.
If you have just only a Wi-Fi adapter on the laptop PC, do not define a Local Bridge here, and instead try to activate Virtual NAT and Virtual DHCP Server function on the Virtual Hub setting screen.
If you are running the VPN Server in the normal-user privileges, you cannot make a Local Bridge. Instead, “Virtual NAT and Virtual DHCP Server function” are automatically activated. You need not to enable anything by manually.
At this point the softether server configuration has been completed. Write down the user name, the password, and the hostname. You will need these when you setup the client.
Let’s go home!
Softether configure client computer for remote desktop
From the client computer do the following:
Open chrome or firefox and go this link.
Once the link has opened you should see the following:
Once the software is downloaded, click through the screens and make them look like these. The hostname is what you wrote down earlier. Remember when we said write this down you will need it later? The user names and passwords are what you created at the office
Softether default Performance setting are slow lets fix that
Click OK, then we will configure the network parameters:
Under client manager, Tools, Run the Network Test tool with different Number of connections.
We found that 8 connections on some networks works very well. Sixteen connections are often another performance sweet spot. Any other number of connections make this application so slow it’s of no value. See the screen below
Turn on data compression and disable anything you don’t need. The less junk you have on the connection, the better performance you will get. Since we use RDP with this software we don’t need SSL, the data is secure enough for our uses. If you need SSL, you will have to go through that process on your own. If your dealing with other people’s personal information, turn it on! SSL will slow your connection and how much depends on the memory and processing power of the remote computer and your workstation/ server at work that you are attached to.
Open the connection manager and Right click on the connection to make a shortcut on your desktop for future use.
The names and connections above are fictitious, they are for demonstration purposes only. Your users should appear here. Right click you user and send that connection to the desktop. At this point test and tweak this software until you are satisfied that you have found the performance available in this software for your systems.
Let Small Biz PC setup, configure, and maintain your VPN connection.
This software is not to difficult to setup once you have done it a few times, but one can go wrong at many points along the way. Small Biz PC has the experience needed to setup this software. Small Biz PC can set this up for you for $100.00 per PC server pair. For an additional $15.00 per month, per pair, we will help troubleshoot the software when problems arise at no additional cost to you. If you’re not paying us a support fee, we will still be willing to troubleshoot the software at our current per hour billing rate. Remember, we don’t recommend this software as a long term, bullet proof, and secure VPN solution. We recommend businesses use our complete vendor supported standardized, and highly secure vpn remote desktop solution. See our -> UTM VPN / Remote desktop solution.
Give us a call, we can get you going today. 503-798-0422