What is SoftEther VPN Protocol & Is It Safe?
DataProt is supported by its audience. When you buy through links on our site, we may earn a commission. This, however, does not influence the evaluations in our reviews. Learn More.
It’s no secret that various government agencies are trying to weaken or completely unravel the unique privacy VPN tunneling can provide. In the past, those agencies have had some success with specific protocols. That is why it’s good to have more protocols on the market offering new security and speed solutions.
One of the newer VPN protocols showing plenty of promise is SoftEther. You might not have heard about it, as it’s not yet widely supported among VPN clients. We’ll explain everything you need to know to answer the most important question: what is SoftEther? You’ll learn how to use it and how it compares to other protocols.
About SoftEther
SoftEther is not just a protocol; it’s an entirely free and open-source software package. SoftEther is an open-source and free-to-use VPN protocol that provides quick and secure client-to-server and site-to-site communications. Another part of this software is the VPN bridge that supports the aforementioned types of communication.
The SoftEther project also includes a SoftEther VPN server that allows the usage of several VPN protocols such as OpenVPN, SSTP, IPSec, L2TP/IPSec, and SoftEther itself.
In essence, the SoftEther VPN project gives users the option to connect to a SoftEther VPN server with or without the SoftEther VPN client software. It also provides users with the ability to set up their servers. Users can move from one protocol to another in a few easy steps.
Here are the other main specifications for SoftEther:
- SoftEther runs deep-inspect package logging.
- The protocol avoids firewalls thanks to SSL-VPN tunneling through HTTPS.
- It uses the most sophisticated encryption methods, such as RSA-4096 and AES-256.
- SoftEther protocol’s throughput reaches around 1 Gbps-class high-speed.
- SoftEther doesn’t need fixed or static IP addresses; it has installed NAT-traversal and dynamic-DNS options.
- With its OpenVPN clone function, SoftEther supports legacy OpenVPN clients.
- It also supports IPv4/IPv6 dual stacking and RSA certificate authentication.
- You can set up all settings via the GUI.
The History of SoftEther
We can track the origins of this software back to January of 2014. Daiyuu Nobori, a student at the University of Tsukuba, developed this VPN software for his master’s thesis research. The idea for SoftEther came from the connection problem he experienced at the campus. He started working on SoftEther VPN to solve the issue that point-to-point tunneling Protocol (PPTP) caused as he was trying to connect his home device to the campus’s Wi-Fi network.
Right now, Daiyuu Nobori and the University of Tsukuba’s people are continuing to work on improving this software. Together with other willing participants, they are working on resolving NAD pull requests and various issues via GitHub.
As a result, SoftEther is an open-source and multi-protocol VPN client and server software solution that’s supported on a vast number of operating systems. SoftEther VPN bridge OS support includes Windows (as well as older versions such as Windows 98 and Windows XP), macOS X and OS 10.8, Linux, FreeBSD, and Solaris. Its VPN client works on Windows, Linux, and macOS.
How Does SoftEther Work?
SoftEther VPN protocol creates a secure connection between a user and a VPN server; it sets up hypertext transfer protocol secure (HTTPS) to establish the VPN encrypted tunnel. Thanks to the SoftEther bridge software, the protocol allows site-to-site and client-to-server communication.
This protocol uses the TCP port 443 that HTTPS also employs for traffic, making it almost impossible to block and helping it evade firewalls easily. Once you’re finished with the SoftEther VPN download, the protocol allows your VPN to work across most networks, including both home and public Wi-Fi networks.
If users rely on the SSL-VPN protocol, they can also use SoftEther VPN client and server features like parallel transmission for rapid and optimized throughput. Users can choose which VPN protocol they’ll use, including the HTTPS protocol.
Similarly, clients can employ many operating systems to access the SoftEther VPN server setup and features, which is very handy. The only prerequisite is that these machines must use one of the compatible protocols. This is why this VPN is available on so many operating systems we’ve mentioned, along with Android and iOS.
For encryption, authentication, and decryption, SoftEther relies on OpenSSL processes. It also employs powerful encryption protocols including AES, DES, RC4, SHA, MDS, and Triple DES. A couple of user authentication options also build the strength of the protocol’s security even further.
Some features are only available to users who run VPN services via the SoftEther client. And to use the SoftEther VPN protocol, users also have to download and install its VPN client. Even if you’re already subscribed to one of many VPN services, you’ll need to acquire this software. It offers additional features, such as:
- Voice guidance: a feature that uses a voice function that guides new users through the SoftEther processes.
- Simple and normal mode: Users can set the difficulty of the app’s interface via its normal and simple mode.
- Internet connection maintenance: SoftEther uses its client functions to maintain a VPN connection that matches the SoftEther Server connection.
- Translucent window: You can select the VPN client’s window’s transparency level; it cannot go lower than 20%.
Benefits of SoftEther
As a new and highly refined VPN protocol, SoftEther has plenty of benefits to offer, as it has evolved from the mistakes other older VPN protocols have made.
High Level of Security
SoftEther protocol excels at protecting users’ traffic and data since it allows people to select the VPN protocol they want to use and the security options they wish to enable. As we mentioned before, the HTTP protocol and SSL protocol are preinstalled with SoftEther. With these additions, the SoftEther VPN security feature conducts website authentication as the data moved through the network is checked for integrity and anti-tampering.
As if that is not enough, the security portion of this protocol uses the state-of-the-art AES 256-bit encryption tool. The RADIUS/NT Domain user authentication and RSA certificate authentication also come on top of the existing protection features.
This VPN protocol allows security policy options and packet filtering as additional private data security features. And with its programming, SoftEther stops man-in-the-middle attacks. With these attacks, an unauthorized source eavesdrops and decrypts communication among two users or entities, only to manipulate or monitor the leaked data.
Fast VPN Protocol
One of the main goals for the developers of SoftEther was to increase speed and throughput. Today, this protocol performs better than PPTP and OpenVPN, with a maximum of 1 Gbps throughput with minimal impact on the CPU and memory workload.
This is possible thanks to optimized VPN processing modules. Developers worked on lowering memory copies per each cycle of running VPN packets that would otherwise affect speed.
Another development trick that increases speed is using a parallel transmission mechanism that enhances the throughput of the SSL-VPN tunnel. With this mechanism, packets are added to the TCP connection to optimize modules’ calculations. In case of packet loss, SoftEther has a safe and active TCP connection that takes over a new packet, which allows for high throughput. As a result, SoftEther’s throughput was 13 times faster from OpenVPN and four times quicker from PPTP.
OS Compatibility Support
The software behind SoftEther is optimized so that it works well on most operating systems. Compared to other VPN protocols where the optimization on one OS beats the performance on all others, all supported operating systems have stable performance with SoftEther.
The SoftEther VPN client, bridge, and server features work well on Linux and Windows operating systems. macOS X, FreeBSD, and Solaris operating systems don’t have problems using SoftEther VPN bridge and server software.
As for smartphone coverage, iPhone and Android devices support SoftEther VPN client software. The connection via its VPN server is possible via OpenVPN protocol or L2TP/IPSec protocol. At the time of writing this article, support for the SoftEther client was not yet available on other mobile operating systems.
Excellent Results Bypassing Firewalls
Since SoftEther uses the TCP port 443 that HTTPS protocols rely upon, this VPN protocol has an easier time avoiding firewalls without getting blocked. In essence, this VPN employs a HTTPS protocol to make a VPN tunnel.
A VPN client like SoftEther has VPN over ICMP and VPN over DNS that go right through restricted firewalls. These firewalls ordinarily only allow DNS or SCMP packets to travel over. You can also use these features on public Wi-Fi networks that allow DNS or ICMP packets to go through. You can connect to protocol-free network communication.
An Open-Source Project
Microsoft developed the SSTP protocol in a closed-source manner. That would be okay if the company didn’t have a reputation of providing encrypted data and messages to the NSA and working with the FBI. That’s why open-source VPN projects, including SoftEther VPN and client manager, will always be more trustworthy to clients and VPN professionals.
SoftEther is still being developed by its original creator and programmers from the University of Tsukuba. And since this is an open-source project, testers and participants from around the world can join the development efforts to improve this software transparently.
Drawbacks of SoftEther
SoftEther is an excellent VPN protocol that provides superior speed without sacrificing robust security options. However, there are a couple of areas in which this protocol falls short and needs more polishing.
More Independent Audits Needed
It’s hard to deny the efficiency and power of encryption and security features packed into the SoftEther web interface. You might think that this protocol is bulletproof, but at this stage we can’t know what its limits are. That is best found by running outside security audits and tests, then publishing findings publicly.
So far, only one company has commissioned an audit for SoftEther, the Max Planck Institute, in 2018. The audit revealed 11 remote security vulnerabilities, with issues revolving around the denial of service with fuzzers. This problem appeared due to memory corruption and memory leaks. More audits are needed to discover the full scope of potential security vulnerabilities of this VPN protocol.
VPN Service Availability
SoftEther is not the newest VPN protocol on the block; that title belongs to WireGuard software, with the first snippets of its code revealed in 2016. Still, when we look at SoftEther vs. WireGuard, WireGuard is relatively well-supported by VPN services. At the same time, SoftEther has minimal support at best.
Only two VPN providers work with SoftEther software: CactusVPN and HideIPVPN. That’s partly due to its age and continual development. More VPN services need to include this protocol for its fantastic performance across the board to be truly appreciated.
Built-In Support
We’ve written about SoftEther’s excellent optimization on the most popular operating systems. However, this software lacks built-in native support on devices and operating systems.
At the moment, you have to install additional software content for full SoftEther support. That includes the SoftEther VPN gate for access to free VPN servers, the VPN bridge, and more.
In-House VPN
Not many VPN providers have SoftEther support besides SoftEther with its VPN app. Still, the internally made VPN service offers plenty of highly recommended features. It has a virtual firewall, dynamic server, private connection network, VPN application integration, and the Bring Your Own Device (BYOD) option.
SoftEther VPN Protocol Vs. Other Protocols
With SoftEther offering so many abilities and benefits, it’s time we compare its performance and features to other VPN protocols.
SoftEther vs. OpenVPN
OpenVPN is known for its security features, which compare very well against SoftEther. Both VPN protocols use 256-bit encryption, OpenSSL, and SSL 3.0. Likewise, OpenVPN is open-source software like SoftEther, which makes its development and usage transparent and reliable.
The first significant difference comes from speed measurements, with SoftEther’s throughput reaching over 900 Mbps. On the other hand, OpenVPN’s throughput is a mere 100 Mbps. SoftEther is also packed with additional features that cannot be found with the OpenVPN protocol. Packet filtering, multi-tenant support, virtual DHCP, NAT traversal, and config file handwriting are features unique to SoftEther in this comparison.
OpenVPN has servers that its users can employ, and the same goes for SoftEther and its account base. SoftEther VPN servers have multiple protocol support for SSTP, IPSec, L2TP/IPSec, OpenVPN, and SoftEther. On the other hand, the OpenVPN server can only use the OpenVPN protocol.
SoftEther and OpenVPN protocols have the same platform support. The main difference is that SoftEther needs additional software, but in turn, it’s more manageable to set up than OpenVPN. Still, most VPN providers use OpenVPN, while the VPN offering with SoftEther is more modest in comparison. Both protocols are quick and secure, but SoftEther takes the edge with its rapid, more sophisticated, and highly protective protocol.
WireGuard vs. SoftEther
Both these protocols are open-source, stable, trustworthy, and very secure, but SoftEther can make use of TCP port 443. As a result, SoftEther is more immune to attempted blocks from network admins than WireGuard.
WireGuard and SoftEther are both impressive protocols when it comes to speed. However, WireGuard is far easier to use, hence it takes the lead in this protocol comparison.
SoftEther vs. PPTP
SoftEther is primed with 256-bit encryption support and multiple ciphers, whereas PPTP’s encryption is significantly weaker with many security exploits. The latter protocol can also be blocked by a firewall effortlessly, especially if it’s a NAT firewall. SoftEther uses the HTTPS traffic port 443, making it highly challenging for firewalls to stop it. SoftEther can carry all sorts of packets; PPTP is stuck with IPv4 packets only.
But the area where SoftEther takes a clear lead is its open-source development. Conversely, PPTP is a closed-source software that some sources cite has been unraveled by the NSA.
In the past, one of the rare benefits of using the PPTP protocol was its superior performance. However, SoftEther now also wins in this department since it’s four times faster than PPTP with an unparalleled level of security.
The only true advantage of PPTP is its native support, as you can easily configure it in Windows 7. However, even that advantage is dwindling as more operating systems like macOS and iOS abandon PPTP’s native support. On the whole, SoftEther proves to be streets ahead of the PPTP protocol.
IPSec vs. SoftEther
When we talk about how to use SoftEther VPN, we always have to mention that you need to install additional SoftEther-related software. IPSec doesn’t have this problem; it’s elementary to configure without installing more software.
IPSec is a protective protocol that VPN services usually bundle with IKEv2 and L2TP protocols. Its problem lies in security flaws that might crop up if this protocol is not configured correctly. It also doesn’t help that firewalls can easily block IPSec. As such, SoftEther provides better security overall.
Both protocols are supported on many platforms. Where IPSec leads is with configuration simplicity. On the other hand, SoftEther works with more packets than IPSec, which only supports IPV4 packets. With that in mind, SoftEther takes another victory between these two protocols due to its security and performance.
SoftEther vs. L2TP/IPSec
Just like SoftEther, the L2TP/IPSec VPN protocol works with the most advanced 256-bit encryption available on the market. However, SoftEther has SSL 3.0 and open-source development, making this protocol more reliable. It doesn’t help L2TP/IPSec’s case that there are claims that the NSA has compromised the security of this protocol.
A protocol for VPN such as SoftEther uses TCP port 443, which makes it much easier to avoid firewall blocking attempts. L2TP/IPSec can get blocked by firewalls when port 500 and IP protocols 50 and 51 get jammed. The L2TP passthrough on the router has to be activated to avoid NAT problems.
SoftEther has superior speeds since L2TP/IPSec needs more time to establish a VPN tunnel. However, this widely used protocol kicks into high gear with an easy-to-use approach and better VPN service coverage.
SoftEther vs. IKEv2/IPSec
IKEv2/IPSec and SoftEther are both fast and secure protocols, but IKEv2 loses its steam when trying to avoid getting blocked by firewalls. This VPN protocol uses UDP port 500, which is a perfect blocking target for firewalls.
You can use SoftEther on Android, iOS, and various desktop operating systems. IKEv2/IPSec has slight leverage since it’s available on BlackBerry devices. Mobile-wise, IKEv2/IPSec wins again as this technology was created to resist network changes and prevent losing VPN connection when switching networks. With all these unique features, IKEv2/IPSec takes the crown from SoftEther.
SSTP vs. SoftEther
SSTP has nearly identical security abilities as SoftEther does, except that Microsoft owns this protocol, making it less trustworthy. Like SoftEther, SSTP uses port 443, but this protocol may cause a TCP meltdown issue and connectivity problems that stem from it. SSTP also doesn’t support authenticated web proxies. It allows the possibility of a network admin finding SSTP headers and terminating the connection in web proxies that are not authenticated.
As well as being faster than SSTP, SoftEther has another advantage when comparing operating system coverage. SSTP is strictly tied to the Windows platform (and Linux and Android in a lesser form). At the same time, SoftEther works on Windows, macOS, Solaris, and more.
Time To Adopt
SoftEther brings many technological improvements where other VPN protocols have stumbled. And with its active development, we can expect even more pleasantly surprising results from this protocol. However, its biggest hurdle is the adoption rate among VPN providers, which is extremely low. And since their influence extends far and wide, it’s no wonder many people continue asking: what is SoftEther.
