SoftEther on Tomato (ASUS WL-500g Deluxe, LINKSYS WRT54GS v3, LINKSYS E2000)

tomleehk

Successfully followed the below walkthrough to install and set up SoftEther on ASUS WL-500g Deluxe Router running on Tomato.

Proved default gateway re-direction working with SoftEther client connection and whereismyip.com

Hardware :  ASUS WL-500g Deluxe ( 4M Flash + 2 USB ports )
O/S         :  tomato-K26USB-1.28.9054MIPSR1-beta-Lite.trx  <= downloaded at www.tomatousb.org
                  Flashed with ASUS Firmware Recovery tools.

Original article :
http://www.right.com.cn/FORUM/thread-149729-1-1.html

㈠下載相關軟件：
①Tomato SoftEther VPN（服務器端軟件）：     http://files.lancethepants.com/Binaries/SoftEtherVPN/mipsel/
②SoftEther VPN Server Manager for Windows（遠程設置工具 ):    http://www.softether-download.com/cn.aspx?product=softether
③winscp:     http://winscp.net/eng/docs/lang:chs#%E4%B8%8B%E8%BD%BD
④putty:        http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
⑤SoftEther VPN Client（客户端）： http://www.vpngate.net/cn/download.aspx或者  http://www.softether-download.com/cn.aspx?product=softether

㈡安裝過程
⒈登錄路由器，格式化JFFS，選擇Enable，點擊Format/Erase按鈕，確認可用空間大於SoftEther VPN軟件的大小。也可以加載U盤安裝，請自行搜索相關方法
Remark: Enabled USB support instead of JFFS on Tomato GUI as my router does not have enough flash and therefore does not have enough JFFS

⒉打開winscp，用root用戶登錄路由器，文件協議scp
Remark: Need to turn on SSH at Tomato GUI first.

⒊在/jffs/新建vpnserver文件夾，把Tomato SoftEther VPN的5個文件上傳到/jffs/vpnserver/目錄下
Remark: Create same directory at USB drive instead.

⒋右鍵分別選擇vpnserver，vpncmd，八進製表填0700，【確定】

⒌關閉winscp，用putty登錄路由器，啟動vpnserver服務：

1. /jffs/vpnserver/vpnserver start

複製代碼

Remark : Use root to login and modify path accordingly for USB drive

⒍安裝softether-vpnserver_vpnbridge-v4.10-9505-beta-2014.10.03-windows-x86_x64-intel.exe，選擇softether vpn server管理工具（僅管理工具），安裝完成後啟動，點擊新設置

⒎ 填寫設置名，主機名，端口號，選擇服務端管理模式，確定

⒏ 點連接，設置新密碼，【確定】

⒐ 選擇VPN的其他高級設置，【關閉】。

⒑ 彈出的窗口選擇：【是】

⒒選擇啟用L2TP 服務器功能，虛擬HUB：DEFAULT，記住IPsec預共享密鑰，【確定】。

12.點擊管理虛擬HUB

13.點擊管理用戶

14.新建用戶

15.填寫用戶名，設置密碼，驗證類型：密碼驗證，【確定】

16.點擊【虛擬 NAT 和虛擬 DHCP 服務器】

17.點擊[啟用 SecureNAT]，【SecureNAT配置】

18.根據實際情況修改，【確定】

19.關閉日記（可選）

20.如果不需要Openvpn服務器和MS-SSTP服務器功能，可以關閉（可選）

21.修改加密算法【加密與網絡】---【加密算法名：AES128-SHA】,[確定】 （可選）

22. 設置路由器開機啟動vpnserver，登錄路由器添加腳本在Administration---Scripts---WANUP添加並保存：

1. sleep 5
   
2. /jffs/vpnserver/vpnserver start

複製代碼

Remark: Same script can be saved at Tomata's GUI USB menu instead of WANUP menu.

如果使用微軟/安卓的 L2TP/IPsec VPN 客戶端連接（注意填寫IPsec預共享密鑰），路由器必須開放500，4500，1701端口，在Administration---Scripts---Firewall添加並保存：

1. iptables -A INPUT -p udp -m udp --dport 500 -j ACCEPT
   
2. iptables -A INPUT -p udp -m udp --dport 4500 -j ACCEPT
   
3. iptables -A INPUT -p udp -m udp --dport 1701 -j ACCEPT

複製代碼

23. Setup DDNS (at either Tomato or SoftEther) and NTP (at Tomato) properly before WAN connection testing.

測試SoftEther VPN Client客戶端:
下圖，安裝客戶端，用鄰居家的網絡測試，順利連接
Remark: After successful connection, your PC will be assigned with virtual LAN IP address e.g. 192.168.30.x .. Default gateway redirection can also be verified via whereismyip.com etc.

Comment :
1) Credit goes to the original developer.. (Not me!)
2) This setup has one advantage that the DDNS service can use the list provided by Tomato  : e.g. dyndns, no-ip instead of SoftEther

tomleehk

Succesfully installed and set up SoftEther on LINKSYS WRT54GS v3 Router running on Tomato.
Hardware :  LINKSYS WRT54GS : 8M Flash (4M for Tomato,  4M JFFS for SoftEther)
O/S         :  tomato-K26-1.28.9054MIPSR1-beta-Std.trx  <== downloaded at www.tomatousb.org
                  tomato-K26-1.28.7821MIPSR1-Toastman-ND-MiniIPv6 (2).trx  <== downloaded at http://toastmanfirmware.yolasite.com/
                  tomato-K26-1.28.RT-MIPSR1-123-Mini.trx <== downloaded at http://tomato.groov.pl/


Supplementary Note :
1) Better use the K26 MIPSR1 Tomato firmwares at tomatousb.org or its mod than the Tomato firmwares at Polarcloud.com. It appeared that the Tomato firmwares at Polarcloud have some compatibility problem when running SoftEther.

2) It appeared that the minimum SoftEther files needed are simply 2 files : hamcore.se2 and vpnserver for VPN server. Therefore, the minimum hardware requirement I believe is 4MB Flash + USB or 8 MB Flash for the router.

3) If the vpnsever is found unable to launch properly at putty, changing the access right for both files hamcore.se2 and vpnserver to 777 may help.

4) Certain delay (say 5 minute ) was found for the SoftEther configuration to be saved properly to softether\vpn_server.config. Wait and verify the corresponding file (text file) with editor or time-stamp eye-ball checking and ensure the configuration change is properly saved. DO NOT reboot the router immediately after SoftEther configuration change, or else your configuration change done will disappear after reboot. It appeared that the saving/update is run on schedule basis (e.g. every 5 minutes).

5) To improve stability, better disable all logs on router O/S and SoftEther after completion of testing.

6) Set maximum VPN sessions to 2 to 3 may also help improving the performance.

7) Additional configuration on local bridging mode:
https://www.softether.org/4-docs ... l/3.6_Local_Bridges
* Must disable SecureNAT when using local bridging
* Configure local bridging to vlan1 so that the VPN client can retrieve IP address from DHCP server connecting to WAN port
* At the file vpn_server.config, open the [LocalBridgeList] node in the VPN Server Configuration file after defining the local bridge, then open the local bridge definition entry designating the intended network adapter defined by the name [LocalBridge0] or so on, and overwrite [NoPromiscuousMode] to true. Otherwise, VPN client CANNOT retrieve IP address via WAN port during VPN connection since the WAN port device does not support Promiscuous Mode.


8) Tomata by Shibby 各版本對應功能




Screen shots can also be found below :
http://tomearp.blogspot.hk/2013/ ... with-softether.html

Very helpful configuration guide as well :
1) SoftEther on VPS
http://blog.lincoln.hk/blog/2013/03/19/softether-on-vps/
2) Softether on VPS Using Local Bridge
http://blog.lincoln.hk/blog/2013 ... using-local-bridge/

I believe the binary originates from here
http://www.linksysinfo.org/index ... compiling-it.68611/

tomleehk

Succesfully installed and set up SoftEther on LINKSYS E2000 Router running on Tomato.

Hardware :  LINKSYS E2000 : 8M Flash (~4M for Tomato,  ~4M JFFS for SoftEther)
O/S         :  tomato-E2000-NVRAM60K-1.28.7506.3MIPSR2Toastman-RT-VLAN-VPN.bin <== downloaded at http://toastmanfirmware.yolasite.com/

tomleehk

Without Softether VPN connection



With Softether VPN connection (SecureNAT,LINKSYS WRT54GS v3 Router running on Tomato)



With Softether VPN connection (Local bridge,LINKSYS WRT54GS v3 Router running on Tomato)

ttmuskie

The speed dropped significantly.