Configuring High Availability and Load Balancing in SoftEther VPN Print

Hello there! I’m Corels from Emmanuel Corels Creatives, and today we’re exploring how to ensure your SoftEther VPN environment stays up and running even if one component fails. In this guide, we’ll walk through setting up high availability and load balancing for SoftEther VPN—so that remote users experience seamless connectivity and consistent performance.

Why High Availability and Load Balancing?

A robust VPN setup isn’t just about secure connections—it’s also about ensuring reliability. High availability means that if one VPN server or link goes down, another automatically takes over, minimizing downtime. Load balancing spreads client traffic across multiple servers or connections to optimize performance and prevent any single resource from becoming a bottleneck.

Step 1: Deploying Multiple SoftEther VPN Servers

To build a high availability (HA) solution, start by deploying at least two SoftEther VPN Servers in different locations or on separate VPS instances. Make sure each server is installed and running with a configured Virtual Hub (e.g., “MyVPNHub”).

• Tip: Ensure each server uses a static public IP or DDNS hostname so clients can reliably reach them.

Step 2: Configuring Cascade Connections for High Availability

SoftEther VPN Server offers a feature called Cascade Connections that can link multiple Virtual Hubs together, effectively creating a redundant VPN network.

1. On Server A (Primary):

   • Launch vpncmd and connect to your Virtual Hub:

     sudo /usr/local/softether/vpncmd
     

     Select 1 for VPN Server mode, then:

     Hub MyVPNHub
     

   • Create a cascade connection to Server B by typing:

     CascadeCreate ToServerB /SERVER:ServerB_Public_IP:Port /HUB:MyVPNHub
     

     Replace ServerB_Public_IP:Port with the public IP (or DDNS hostname) and port of your secondary server. This command tells Server A to connect to Server B’s Virtual Hub.

2. On Server B (Secondary):

   • In many cases, the cascade connection is bidirectional automatically. Verify on Server B by checking the Virtual Hub’s connection list:

     CascadeStatusGet ToServerB
     

   • Ensure both servers show an active cascade connection.

This setup allows VPN traffic to automatically route through Server B if Server A experiences issues.

Step 3: Load Balancing Client Connections

While high availability ensures redundancy, load balancing optimizes performance by distributing client sessions across multiple servers. There are a couple of approaches:

A. DNS Round-Robin

1. Configure DNS Entries:

   • In your DNS settings (or via a dynamic DNS service), create multiple A records for your VPN hostname that point to each server’s IP address. For example:
     • vpn.yourdomain.com → ServerA_IP
     • vpn.yourdomain.com → ServerB_IP

2. Client Connection:

   • When clients connect using vpn.yourdomain.com, DNS round-robin will distribute the connections between the two servers.

   Note: This method is simple and works well for many scenarios, though it doesn’t account for server load.

B. External Load Balancer

1. Deploy a Load Balancer:
   • Use a dedicated load balancing solution (hardware or software-based, such as HAProxy) in front of your SoftEther VPN Servers.
2. Configure the Load Balancer:
   • Set it up to distribute incoming VPN connections (using TCP or UDP on your chosen VPN port) across your servers.
3. Monitor and Adjust:
   • The load balancer can monitor server health and adjust traffic distribution automatically.

This approach provides more granular control over load distribution and health checks.

Step 4: Testing the High Availability and Load Balancing Setup

1. Simulate a Failure:
   • Disconnect one server (or simulate a network failure) and verify that clients can still connect via the other server.
2. Monitor Connections:
   • On each SoftEther VPN Server, run:

     UserList
     

     to view active sessions. Ensure that sessions are re-routed or spread between servers.
3. Performance Verification:
   • Test connectivity and speed from multiple client devices to ensure that load balancing is working as expected. Tools like ping and traceroute can help confirm that traffic follows the correct path.

Final Thoughts

By deploying multiple SoftEther VPN Servers and configuring cascade connections along with DNS round-robin or an external load balancer, you create a highly available and scalable VPN environment. This setup minimizes downtime and ensures that client connections are distributed efficiently, keeping your network resilient under varying loads.

Take your time to test each component, adjust settings to match your environment, and ensure that your monitoring tools are in place. If you have any questions or need further assistance, feel free to reach out. Happy networking, and here’s to a stable, high-performance VPN solution!

Explained with clarity by
Corels – Admin, Emmanuel Corels Creatives