SoftEther VPN — Multi-Protocol Open-Source VPN Server

Introduction

SoftEther VPN is an open-source, cross-platform VPN solution originally developed at the University of Tsukuba in Japan. It supports multiple VPN protocols in a single server, including its own high-performance SSL-VPN protocol, OpenVPN, L2TP/IPsec, and Microsoft SSTP. This multi-protocol design lets clients connect from virtually any device without installing extra software.

What SoftEther Does

• Runs SSL-VPN, OpenVPN, L2TP/IPsec, SSTP, and EtherIP protocols on one server simultaneously
• Creates virtual Ethernet switches with VLAN tagging and cascading between sites
• Tunnels Layer-2 Ethernet frames through HTTPS to bypass restrictive firewalls
• Supports site-to-site bridging and remote access VPN in one deployment
• Provides NAT traversal so servers behind firewalls can accept incoming connections

Architecture Overview

SoftEther operates as a user-space daemon built in C. At its core is a Virtual Hub, a software-defined Layer-2 switch that connects VPN sessions, local bridges, and cascaded links. Each protocol handler terminates its respective tunnel type and maps sessions onto the same Virtual Hub. The server uses an internal certificate authority for SSL and supports RADIUS and Active Directory authentication backends.

Self-Hosting & Configuration

• Compile from source on Linux, FreeBSD, macOS, or Windows; no kernel modules required
• Run vpncmd to configure Virtual Hubs, users, and access policies interactively
• Enable multiple protocol listeners on a single port (443) for firewall compatibility
• Bridge the Virtual Hub to a physical NIC for Layer-2 LAN extension
• Use the Server Manager GUI on Windows for visual configuration

Key Features

• Multi-protocol support eliminates the need for separate VPN stacks
• Operates over HTTPS (port 443) making it nearly impossible to block
• Built-in dynamic DNS service for servers without static IP addresses
• High throughput with kernel-mode packet forwarding on supported platforms
• VPN Azure cloud relay service for NAT traversal without port forwarding

Comparison with Similar Tools

• OpenVPN — single-protocol, well-established; SoftEther supports multiple protocols on one server
• WireGuard — faster kernel-level protocol; SoftEther offers Layer-2 bridging and multi-protocol flexibility
• StrongSwan — IPsec-only; SoftEther combines IPsec with SSL-VPN and OpenVPN compatibility
• Pritunl — OpenVPN management platform; SoftEther provides more protocol options out of the box

FAQ

Q: Can existing OpenVPN clients connect to SoftEther? A: Yes. SoftEther includes a built-in OpenVPN-compatible server mode that accepts standard OpenVPN clients.

Q: Does SoftEther work behind corporate firewalls? A: Yes. Its SSL-VPN protocol tunnels over HTTPS on port 443, which is rarely blocked.

Q: Is it production-ready? A: SoftEther has been deployed in universities and enterprises since 2014 and handles thousands of concurrent connections.

Q: What platforms are supported as clients? A: Native clients exist for Windows, Linux, and macOS. Mobile devices connect via L2TP/IPsec or OpenVPN without extra apps.

Sources

• https://github.com/SoftEtherVPN/SoftEtherVPN
• https://www.softether.org/4-docs