Hello again, everyone! I’m Corels from Emmanuel Corels Creatives. In this guide, we’ll take your SoftEther VPN setup to the next level by diving into advanced configuration. Today, we’re focusing on setting up Virtual Hubs and bridging in SoftEther VPN—features that let you support multiple VPN protocols and seamlessly integrate different network segments. Whether you want to connect remote offices, link separate VLANs, or just create a more versatile VPN environment, this tutorial will guide you through every step.
Understanding Virtual Hubs and Bridging
Virtual Hubs in SoftEther VPN act as virtual switches. Each Virtual Hub can support a variety of VPN protocols simultaneously (such as SoftEther, OpenVPN, L2TP/IPsec, SSTP, and EtherIP), enabling you to create a flexible and multi-protocol VPN environment. By configuring multiple Virtual Hubs, you can separate user groups or services while still maintaining a central point for VPN management.
Bridging allows you to connect a Virtual Hub with a local physical network, effectively extending your Layer 2 domain across the VPN. This is especially useful if you want remote devices to appear as if they’re on the same local network—facilitating services like file sharing, printer access, or even seamless roaming between sites.
Step 1: Accessing the SoftEther VPN Server Management Console
-
Launch vpncmd:
On your SoftEther VPN Server, open the terminal and run:sudo /usr/local/softether/vpncmdWhen prompted, choose “1” for VPN Server mode.
-
Connect Locally:
At the prompt, simply press Enter when asked for a password (if none is set) and then immediately run:ServerPasswordSetFollow the prompts to set a strong administrator password.
Step 2: Creating and Configuring a Virtual Hub
-
Create a Virtual Hub:
At the vpncmd prompt, create a new Virtual Hub with a descriptive name:HubCreate MyVirtualHubYou will be asked whether to use Secure Password Authentication. For enhanced security, type “yes” and set a hub password when prompted.
-
Enter the Virtual Hub:
To manage your new hub, type:Hub MyVirtualHubNow you’re operating within the context of “MyVirtualHub.”
-
Configure Hub Settings:
Use the following commands to adjust basic settings:- Set a description (optional):
HubSet /DESCRIPTION:"My primary virtual hub for VPN clients" - Review settings:
HubInfoGet
This command displays information about your Virtual Hub, confirming that it’s active and configured.
- Set a description (optional):
Step 3: Bridging the Virtual Hub with a Local Network
Bridging lets you connect the Virtual Hub with a local (physical) network.
-
Create a Local Bridge:
Still within vpncmd (or via the SoftEther Management Console if you prefer the GUI), run:BridgeCreate MyBridgeThis command creates a virtual bridge inside the VPN Server.
-
Add the Virtual Hub to the Bridge:
Next, associate your Virtual Hub with the bridge:BridgeAddHub MyBridge MyVirtualHubNow, traffic within “MyVirtualHub” can be bridged to other network segments.
-
Optional – Bridge with a Physical Interface:
If you want to extend your VPN to a physical LAN, configure your SoftEther VPN Server to bridge with a physical interface. This step is typically done via the GUI in the SoftEther VPN Server Manager, where you select the physical NIC to be bridged with the Virtual Hub. This creates a transparent Layer 2 link between remote VPN clients and your local network.
Step 4: Enabling Multiple VPN Protocols on the Virtual Hub
One of the strengths of SoftEther VPN is its support for multiple protocols on a single Virtual Hub.
-
Enable OpenVPN:
From the vpncmd prompt within your hub, type:OpenVpnEnableYou’ll be prompted to enter the hub’s administrator password and choose whether to enable TCP or UDP (choose according to your network environment).
-
Enable L2TP/IPsec:
Similarly, enable L2TP/IPsec by typing:L2tpEnableFollow the on-screen prompts to set the IPsec shared secret (use a strong, unique value).
-
Enable SSTP (Optional):
If you require SSTP for compatibility with Windows clients:SstpEnableAgain, configure according to your needs.
These commands allow you to support different connection types simultaneously. Clients can choose the protocol that works best for them, and all will connect to the same Virtual Hub.
Step 5: Managing Users and Security
Now that your Virtual Hub is set up and bridged, you need to add users for VPN access.
-
Add a VPN User:
At the vpncmd prompt:UserCreate vpnuser1 /GROUP:none /REALNAME:"John Doe" /NOTE:"Standard VPN user" UserPasswordSet vpnuser1Follow the prompt to set a strong password.
-
Set User Policies:
Configure settings such as session timeout, maximum bandwidth, and access control. For example:UserPolicySet vpnuser1 /SessionTimeLimit:3600This limits the session to one hour. Adjust other parameters as necessary.
Step 6: Verifying the Configuration
After completing the setup, perform the following checks:
-
View Active Sessions:
In vpncmd, type:UserListThis command displays active VPN sessions. When a client connects, you’ll see an entry here.
-
Test Connectivity:
From a client device using one of the supported protocols (OpenVPN, L2TP/IPsec, or SSTP), connect to your VPN server. Verify that the client receives an IP address from the VPN pool and can access network resources as expected. -
Check Bridge Status:
Ensure that the Virtual Hub and any associated bridges are operational. In the management console, you can review bridge statistics and logs to confirm traffic flow.
Final Thoughts
By configuring Virtual Hubs and bridging in SoftEther VPN, you unlock a versatile, multi-protocol VPN environment that can adapt to various networking needs. This advanced setup not only allows remote users to connect using their preferred VPN protocol but also enables you to seamlessly integrate different network segments. With SoftEther, you get enterprise-grade flexibility, whether you’re connecting remote offices, linking VLANs, or simply offering secure access for remote workers.
Take your time to test each step, and once you’re comfortable, you can further refine your configuration by adjusting virtual hub policies, exploring advanced security settings, and fine-tuning bridge parameters. If you have any questions or need further assistance, feel free to reach out. Enjoy your new, flexible VPN environment!
Explained with clarity by
Corels – Admin, Emmanuel Corels Creatives
