Wednesday, July 9, 2014

Use Certificate-based Authentication with the Open Source Version of SoftEtherVPN

First of all, to whom that do not know what is SoftEtherVPN: It is "An Open-Source Free ​Cross-platform Multi-protocol VPN Program" released by the University of Tsukuba, Japan. The servers and clients can work on multiple platforms such as Linux, Mac OS X, FreeBSD, Windows... as well as allow you to use OS's native VPN client such as Windows' PPTP, OpenVPN, IPSec, and so on.

One of the very useful features of SoftEtherVPN Server is that it allows clients to be authenticated using certificates or active directories. However, such features are disabled in the open-source version of SoftEtherVPN Server.

In practical usages, while I am using SoftEtherVPN at several sites, I have found that I can use certificate-based at some sites and cannot at others with the same binary version of SoftEtherVPN Server downloaded from its website. Therefore, I've decided to investigate in its source code.

After a while, I have found the following function which disables the advanced features.

// Update the global server flags
void UpdateGlobalServerFlags(SERVER *s, CAPSLIST *t)
{
bool is_restricted = false;
// Validate arguments
if (s == NULL || t == NULL)
{
return;
}

is_restricted = SiIsEnterpriseFunctionsRestrictedOnOpenSource(s->Cedar);

SetGlobalServerFlag(GSF_DISABLE_PUSH_ROUTE, is_restricted);
SetGlobalServerFlag(GSF_DISABLE_RADIUS_AUTH, is_restricted);
SetGlobalServerFlag(GSF_DISABLE_CERT_AUTH, is_restricted);
SetGlobalServerFlag(GSF_DISABLE_DEEP_LOGGING, is_restricted);
SetGlobalServerFlag(GSF_DISABLE_AC, is_restricted);
SetGlobalServerFlag(GSF_DISABLE_SYSLOG, is_restricted);
}


The above code means the key here is the function "SiIsEnterpriseFunctionsRestrictedOnOpenSource", which is used to identify that whether or not to restrict advanced features.

Go up to the definition of above function, I have found the following comment.

// Check whether some enterprise functions are restricted
//
// ** Hints by Daiyuu Nobori, written on March 19, 2014 **
//
// The following 'enterprise functions' are implemented on SoftEther VPN Server
// since March 19, 2014. However, these functions are disabled on
// SoftEther VPN Servers which run in Japan and China.
//
// - RADIUS / NT Domain user authentication
// - RSA certificate authentication
// - Deep-inspect packet logging
// - Source IP address control list
// - syslog transfer
//
// The SoftEther VPN Project intentionally disables these functions for users
// in Japan and China. The reason is: Daiyuu Nobori, the chief author of
// SoftEther VPN, has been liable to observe the existing agreements and
// restrictions between him and some companies. The agreements have regulated
// the region-limited restriction to implement and distribute the above
// enterprise functions on the SoftEther VPN open-source program.
//
// Therefore, the SoftEther VPN Project distributes the binary program and
// the source code with the "SiIsEnterpriseFunctionsRestrictedOnOpenSource"
// function. This function identifies whether the SoftEther VPN Server
// program is running in either Japan or China. If the restricted region is
// detected, then the above enterprise functions will be disabled.
//
// Please note that the above restriction has been imposed only on the
// original binaries and source codes from the SoftEther VPN Project.
// Anyone, except Daiyuu Nobori, who understands and writes the C language
// program can remove this restriction at his own risk.


Wow, you are a great man with a kind hints, Daiyuu Nobori. We can disable the restrictions with our own risks.

All other steps are now based on you. If you plan to use SoftEtherVPN Server outside of Japan and China, just download the compiled version from its website. Otherwise, go on to disable the above function with your own knowledge on C programming language.

Have a nice day!

40 comments:

Thanh, Vo Minh said...

Hi Cường,

Mình cũng đã test softether vpn server trên (AWS) amazon web service hosting với Region: Singapore. Đúng là chức năng chứng thực trên Radius server & 1 số tính năng khác ko hoạt động. Sau khi comment các đoạn code trên & install thì ko bị báo lỗi khi nhập các thông số radius server & tạo user nữa nhưng user vẫn ko đăng nhập được. Không biết Cường test thành công chưa?

Ethical Hacking Course said...

Great article with top quality information, found very helpful thanks for sharing waiting for next blog update.
Ethical Hacking Course in Bangalore 360DigiTMG

Data Science Training said...

Really nice and interesting article information shared was valuable, enjoyed reading this one. Thanks you.
Data Science Training in Hyderabad

Data Science Training said...

I will very much appreciate the writer's choice for choosing this excellent article suitable for my topic. Here is a detailed description of the topic of the article that helped me the most. PMP Training in Hyderabad

360DigiTMG said...

As always your articles do inspire me. Every single detail you have posted was great.
data science course

360DigiTMG said...

Happy to visit your blog, I am by all accounts forward to more solid articles and I figure we as a whole wish to thank such huge numbers of good articles, blog to impart to us.
data scientist course

360digiTMG Training said...


I am sure that this is going to help a lot of individuals. Keep up the good work. It is highly convincing and I enjoyed going through the entire blog.
Best Institute for Data Science in Hyderabad

Huongkv said...

Mua vé máy bay tại Aivivu, tham khảo

vé máy bay đi Mỹ giá rẻ 2021

bay từ california về việt nam mất bao lâu

vé khứ hồi hà nội phú quốc

vé bay hà nội nha trang

Vé máy bay giá rẻ hà Nội đi Sài Gòn

Aishwariya said...

wonderful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. This article resolved my all queries. Primavera course in Chennai | Primavera p6 training online

360digiTMG Training said...

I just got to this amazing site not long ago. I was actually captured with the piece of resources you have got here. Big thumbs up for making such wonderful blog page!
best data science institute in hyderabad

360DigiTMG-Pune said...

Thanks for the information.
Data Science Certification

360DigiTMG-Pune said...

great article!! sharing these type of articles is the nice one and i hope you will share an article on data science.By giving a institute like 360DigiTMG.it is one the best institute for doing certified courses
best data science course online

360DigiTMG said...

great article!! sharing these type of articles is the nice one and i hope you will share an article on data science.By giving a institute like 360DigiTMG.it is one the best institute for doing certified courses
data science malaysia

360DigiTMGAurangabad said...

Amazing blog.Thanks for sharing such excellent information with us. keep sharing...
machine learning course in aurangabad

Machine Learning Course in Bangalore said...

The Extraordinary blog went amazed with the content that they have developed in a very descriptive manner. This type of content surely ensures the participants explore themselves. Hope you deliver the same near the future as well. Gratitude to the blogger for the efforts.

Machine Learning Course in Bangalore


Data Scientist said...

https://360digitmg.com/india/data-science-using-python-and-r-programming-bangalore
Excellent Blog! I would like to thank for the efforts you have made in writing this post. I am hoping the same best work from you in the future as well. I wanted to thank you for this websites! Thanks for sharing. Great websites!
Data Science Training in Bangalore

traininginstitute said...

I see some amazingly important and kept up to length of your strength searching for in your on the site
business analytics course

Pallavi reddy said...

I am glad to discover this page. I have to thank you for the time I spent on this especially great reading !! I really liked each part and also bookmarked you for new information on your site.
artificial intellingence training in chennai

traininginstitute said...

Impressive. Your story always brings hope and new energy. Keep up the good work.
best data science institute in hyderabad

data scientist course said...

I would also motivate just about every person to save this web page for any favorite assistance to assist posted the appearance.
data scientist training and placement


Priya Rathod said...

Thank you for this list, I found a lot of interesting things.
AWS Training in Hyderabad
AWS Course in Hyderabad

training institute said...

I am impressed by the information that you have on this blog. It shows how well you understand this subject.
data science course


360DigiTMGAurangabad said...

Thank you for excellent article.You made an article that is interesting.
ai courses in aurangabad

training institute said...

Well we really like to visit this site, many useful information we can get here.
data science training

traininginstitute said...

Glad to chat your blog, I seem to be forward to more reliable articles and I think we all wish to thank so many good articles, blog to share with us.
data science course

salome said...

very interesting to read. Thanks for sharing. keep up the good work AWS Training in Chennai

traininginstitute said...

You completely match our expectation and the variety of our information.
data science course

Maneesha said...

I really enjoyed reading this post, big fan. Keep up the good work and please tell me when can you publish more articles or where can I read more on the subject?
data science training in hyderabad

Nathan said...

I read your excellent blog post. It's a great job. I enjoyed reading your post for the first time, thank you.
Data Science Institutes in Bangalore

Sunil said...

There is obviously a lot to know about this. I think you made some good points in Features also. Great job
Mlops Course

Ramesh Sampangi said...

Informative blog, nice content. Thanks for writing this blog.
Data Science Training in Hyderabad

traininginstitute said...

Well we really like to visit this site, many useful information we can get here.
full stack developer course

traininginstitute said...

First You got a great blog .I will be interested in more similar topics. i see you got really very useful topics, i will be always checking your blog thanks.
data scientist training in malaysia

Career Academic institute said...

Are you looking for a Data Science course that will introduce you to all the fundamental concepts with a practical approach. 360DigiTMG is the right place for you. for more details click the link below.

Business Analytics Course in Jodhpur

Professional Academic Institute said...

Enroll in the Data Science course near me to learn the handling of huge amounts of data by analyzing it with the help of analytical tools. This field offers ample job profiles to work as a Data Architect, Data Administrator, Data Analyst, Business Analyst, Data Manager, and BI Manager. Step into an exciting career in the field of Data Science and achieve great heights by acquiring the right knowledge and skills to formulate solutions to business problems.


Data Science Course in Bangalore

data science course in gorakhpur said...

The first and foremost thing when learning data science is the discovery of data insight. In this aspect, the raw data is analyzed to gather information from raw data.
data science course in gorakhpur

The Blogger Worlds said...

WhatsApp Plus Crack application that is messaging for Android system only. This application works on your phones that are different. Whatsapp Plus Crack

Silent Girl said...

It is a strong and collective item which is established on and utilized by loads of people in the world. that asks for can move all Microsoft items easily utilizing a single tick for essentially life use. https://cyberspc.com/re-loader-activator-crack/

Hi Every One said...

This holiday is filled with love, cheer, and happiness. You are the reason for making it merrier. Happy Holiday Birthday! Merry Christma Christmas Wishes For Love

get4pc said...

Fx Sound Crack enhances sound quality, loudness, clarity, and thunderous bass on your PC. This application offers you a wide variety of audio content, including stunning music, films, Internet radio, websites, games, and video chats