Softpedia >Mac >Network/Admin >SoftEther VPN Bridge >  Changelog

SoftEther VPN Bridge Changelog

What's new in SoftEther VPN Bridge 4.21 Build 9613 Beta

Apr 25, 2016
  • Added SoftEther VPN Server Manager for Mac OS X:
  • Now you can manage your SoftEther VPN Server, running remotely, from your Mac in local.

New in SoftEther VPN Bridge 4.20 Build 9608 (Apr 18, 2016)

  • Fixed a minor English typo.

New in SoftEther VPN Bridge 4.19 Build 9599 Beta (Oct 19, 2015)

  • Fixed the problem that an unnecessary "Insert disk" dialog box appears when installing VPN Server or VPN Bridge on Windows 10.
  • Added the "/NOHUP" parameter in the "TrafficServer" command of vpncmd.
  • Added the "/REDIRECTURL" parameter in some access list commands of vpncmd.
  • Added the virtual address check routines in kernel-mode drivers to prevent blue screen or invalid memory access. Previous versions of kernel-mode drivers did not check the virtual addresses from the user-mode. (NOTE: All kernel-mode drivers are protected by ACL to avoid privilege escalation in all previous versions. Only users with Administrator privileges were able to cause blue screen or invalid memory access by passing invalid addresses from the user-mode. Therefore this was not a security flaw.) Appreciate Meysam Firozi's contribution to report the similar problem in the Win10Pcap driver.

New in SoftEther VPN Bridge 4.19 Build 9582 Beta (Oct 6, 2015)

  • Dramatically improvement of the performance of the Virtual NAT function of SecureNAT in Linux. In the previous versions of SoftEther VPN, the SecureNAT performance was very slow in the specific situation that the Linux Virtual Machine (VM) is running with virtual Ethernet interfaces which are prohibited to enable the promiscuous mode (this problem has been frequently appeared on cloud servers such like Amazon EC2/AWS or Windows Azure). In such a situation, SecureNAT must use the user-mode TCP/IP stack simulation and it was very slow and had high latency. This version of SoftEther VPN Server adds the new "RAW IP Mode" in the SecureNAT function. The RAW IP Mode is enabled by default, and is effective only if the VPN Server process is running in the root privileges. In the RAW IP Mode, the SecureNAT function realizes to transmit and receive TCP, UDP and ICMP packets which headers are modified. This behavior realizes drastically improved performance than legacy user-mode SecureNAT in the previous versions. In order to avoid the misunderstanding of receiving packets which are towards to the Virtual NAT function, some packet filter rules are automatically added to the iptables chain list. You can disable the RAW IP Mode by setting the "DisableIpRawModeSecureNAT" value to "1" on the Virtual Hub Extending Options.
  • Improved the performance of the Kernel-mode SecureNAT.
  • Improved the stability of the L2TP VPN sessions on the network with heavy packet-losses.
  • Added the compatibility with Cisco 800 series routers (e.g. Cisco 841M) on the L2TPv3 over IPsec protocol. These new Cisco routers have modified L2TPv3 header interpreter. Therefore SoftEther VPN Server needed to add new codes to support these new Cisco routers.
  • Added the support the compatibility to YAMAHA RTX series routers on the L2TPv3 over IPsec protocol.
  • Added the support for EAP and PEAP. SoftEther VPN Server can now speak RFC3579 (EAP) or Protected EAP (PEAP) to request user authentications to the RADIUS server with the MS-CHAPv2 mechanism. If this function is enabled, all requests from L2TP VPN clients which contain MS-CHAPv2 authentication data will be converted automatically to EAP or PEAP when it is transferred to the RADIUS server. You must enable this function manually for each of Virtual Hubs. To enable the function converting from MS-CHAPv2 to EAP, set the "RadiusConvertAllMsChapv2AuthRequestToEap" value to "true" in the vpn_server.config. To enable the functin converting from MS-CHAPv2 to PEAP, set both "RadiusConvertAllMsChapv2AuthRequestToEap" and "RadiusUsePeapInsteadOfEap" options to "true".

New in SoftEther VPN Bridge 4.19 Build 9578 Beta (Sep 16, 2015)

  • Solved the problem that kernel mode drivers do not pass the general tests of "Driver Verifier Manager" in Windows 10.

New in SoftEther VPN Bridge 4.18 Build 9570 (Aug 21, 2015)

  • Solved the problem that the customized language setting on the "lang.config" file.
  • config sometimes corrupts in the rare condition.

New in SoftEther VPN Bridge 4.14 Build 9529 Beta (Feb 2, 2015)

  • The previous version 4.13 (beta) has a problem to accept L2TP connections due to the session-state quota-limitation code by the minor change between Build 9514 and 9524. The problem is fixed on this build. Please update to this build if you are facing to the L2TP problem on version 4.13.
  • Added the function to record physical source IP addresses of VPN clients on every packet log lines. This function can be disabled by set the "NoPhysicalIPOnPacketLog" flag in the Virtual Hub Extended Option to "1".

New in SoftEther VPN Bridge 4.13 Build 9524 Beta (Jan 31, 2015)

  • Modified the behavior of the Local Bridge function in the VPN Server on Linux. In the previous versions, if several Local Bridge creation operations will be made, then the operations to disable the offloading function on the target Ethernet devices will be conducted as many as same. After this version, the operation to disabling the offloading function will be called only once if several Local Bridge creation operations will be made on the same Ethernet device.
  • Added the "SecureNAT_RandomizeAssignIp" Virtual Hub Extending Option. If you set this option to non-zero value, then the Virtual DHCP Server of the SecureNAT function will choose an unused IP address randomly from the DHCP pool while the default behavior is to choose the first unused IP address.
  • Added the "DetectDormantSessionInterval" Virtual Hub Extending Option. If you set this option to non-zero value, then the Virtual Hub will treat the VPN sessions, which have transmitted no packets for the last specified intervals (in seconds), as Dormant Sessions. The Virtual Hub will not flood packets, which should be flood, to any Dormant Sessions.
  • Added the implementation of the SHA () function in the source code. This made the building process easier on the low-memory embedded hardware which has its OpenSSL implementation without the SHA () function.

New in SoftEther VPN Bridge 4.13 Build 9522 Beta (Jan 30, 2015)

  • Modified the behavior of the Local Bridge function in the VPN Server on Linux. In the previous versions, if several Local Bridge creation operations will be made, then the operations to disable the offloading function on the target Ethernet devices will be conducted as many as same. After this version, the operation to disabling the offloading function will be called only once if several Local Bridge creation operations will be made on the same Ethernet device.
  • Added the "SecureNAT_RandomizeAssignIp" Virtual Hub Extending Option. If you set this option to non-zero value, then the Virtual DHCP Server of the SecureNAT function will choose an unused IP address randomly from the DHCP pool while the default behavior is to choose the first unused IP address.
  • Added the "DetectDormantSessionInterval" Virtual Hub Extending Option. If you set this option to non-zero value, then the Virtual Hub will treat the VPN sessions, which have transmitted no packets for the last specified intervals (in seconds), as Dormant Sessions. The Virtual Hub will not flood packets, which should be flood, to any Dormant Sessions.
  • Added the implementation of the SHA () function in the source code. This made the building process easier on the low-memory embedded hardware which has its OpenSSL implementation without the SHA () function.

New in SoftEther VPN Bridge 4.09 Build 9451 Beta (Jun 9, 2014)

  • Improves User-mode SecureNAT performance by modifying the processing of TCP_FIN packets. It should improve the performance of the FTP protocol.

New in SoftEther VPN Bridge 4.08 Build 9449 (Jun 9, 2014)

  • Add a new command to generate a RSA 2048 bit certificate:
  • The vpncmd command-line utility has MakeCert command to generate a 1024 bit self-signed RSA certificate. However, in recent years it is recommended to use 2048 bit RSA certificates. Therefore, on this version a new command MakeCert2048 has been added. Use this command to generate a 2048 bit self-signed RSA certificate.
  • Workaround for the NAT traversal problem:
  • Adjusted the priority between TCP/IP Direct Connection and UDP-based NAT-Traversal. On this version (Ver 4.08), NAT-Traversal will always be used if the client program detects that the specified TCP destination port on the destination server is occupied by non-SoftEther VPN Server. Anyone who faces to the connection problem on the VPN Server which is behind the NAT-box should install this update.
  • In the previous version (Ver 4.07), when the VPN Client attempts to connect to the VPN Server, the client firstly establish the connection via the TCP/IP direct protocol. If the TCP connection establishes successfully (in the layer-3) but the TCP port returns non-VPN protocol data (in the layer-7), the protocol error occurs immediately even if the NAT-Traversal connection attempt is still pending. This phenomenon often occurs when the VPN Server is behind the NAT-box, and the NAT-box has a listening TCP-443 port by itself. In that condition, the VPN Client attempts to connect to that TCP-443 port firstly, and the protocol error occurs immediately NAT-box returns non-VPN protocol (e.g. HTML-based administration page).
  • In order to work around that, this version (Ver 4.08) of VPN Client changed the behavior. On this version, if the VPN Client detects that the destination TCP Port is occupied by a non-VPN program, then the client will always use NAT-Traversal socket. This minor change will fix the connection problem to VPN servers behind the NATs.
  • Note: The built-in NAT-Traversal function on SoftEther VPN is for temporary use only. It is not recommended to keep using UDP-based NAT-Traversal connection to beyond the NAT-box when the VPN Server is behind the NAT-box, for long-term use. It is reported that some cheap NAT-boxes disconnect UDP session in regular period (a few minutes) after NAT-Traversal connection has been made. The strongly recommended method to run VPN Server behind the NAT is to make a TCP port mapping on the NAT-box to transfer incoming VPN connection packets (e.g. TCP port 443) to the private IP address of the VPN Server.

New in SoftEther VPN Bridge 4.06 Build 9435 Beta (Mar 28, 2014)

  • Previous versions of VPN Client have a port-confliction problem of the TCP port (TCP 9930) for RPC (Remote Procedure Call) on the VPN Client service for Windows, if the same port is occupied by another service. This version has solved the confliction problem.

New in SoftEther VPN Bridge 4.05 Build 9423 Beta (Mar 7, 2014)

  • Set the "VPN over DNS" and "VPN over ICMP" functions disabled by default on VPN Server / VPN Bridge.

New in SoftEther VPN Bridge 4.04 Build 9412 (Mar 7, 2014)

  • Whole English UI texts are checked and corrected by a native speaker of English. Fixed typos.

New in SoftEther VPN Bridge 2.00 Build 9387 (Oct 26, 2013)

  • This build realizes the compatibility with Microsoft Windows 8.1 and Windows Server 2012 R2 (RTM). This build supports Windows 8.1 and Windows Server 2012 R2 officially. This build fixes the former problem when the user upgrades from Windows 8 to Windows 8.1 by upgrade installation.
  • The major version number of SoftEther VPN was incremented on this build.

New in SoftEther VPN Bridge 1.01 Build 9379 RTM (Aug 20, 2013)

  • This security update is to strengthen the security of SoftEther VPN 1.0 (Server and Bridge):
  • There is a remote administration function on SoftEther VPN 1.0. The function is to allow administrators to connect to the VPN server remotely to manage the server. In older versions, a third person can login to the VPN Server in the Virtual Hub Administration Mode if the administrator has forgot to set the administrator's password on a Virtual Hub. Older versions are also safe if any strong password is set on the Virtual Hub. However we suppose that there are some administrators who have forgot to set passwords for Virtual Hubs. In order to protect such potential vulnerable servers, this security update strengthens the VPN server program to deny all empty (not set) passwords on the Virtual Hub Administration Mode. Your VPN server has been safe also in older versions if you set any passwords for Virtual Hubs. However, we strongly recommend to apply this update program to all VPN server administrators who might have potential empty passwords on Virtual Hubs.

New in SoftEther VPN Bridge 1.00 Build 9377 RTM (Aug 5, 2013)

  • Improvement Stability of NAT Traversal.
  • Add HTTP User-Agent Indication Behavior when using VPN Gate Client.

New in SoftEther VPN Bridge 1.00 Build 9371 RTM (Jul 25, 2013)

  • This is the RTM version of SoftEther VPN 1.0. It is not a BETA version.
  • We have fixed a lot of bugs in former builds. This RTM build is a stable build for everyone.
  • We will continue to improve features and performances on SoftEther VPN hereafter.

New in SoftEther VPN Bridge 1.00 Build 9367 RC 4 (Jul 22, 2013)

  • This should be the final beta release before the RTM version of SoftEther VPN 1.0.

New in SoftEther VPN Bridge 1.00 Build 9091 RC 2 (May 20, 2013)

  • Fixed a crush bug which might occurred during the shutdown of vpnserver process with using L2TPv3 or EtherIP over IPsec.
  • The statistics of cumulative transferred-bytes and packets-counter are appended on the list of Visual Hubs and on the list of User Objects on each Virtual Hub, on VPN Server Manager and vpncmd.
  • On the list of User Objects enumeration in both VPN Server Manager and vpncmd, the expire-date of each User Object are appended on the displayed list.
  • Improvements of stability of Dynamic DNS Function and NAT-Traversal Function.

New in SoftEther VPN Bridge 1.00 Build 9079 RC 2 (May 7, 2013)

  • Fixed a typo. Fixed a wrong bitmap image on the installer.

New in SoftEther VPN Bridge 1.00 Build 9078 RC 2 (Apr 29, 2013)

  • A security fix. The previous versions have ignored the "deny_empty_password" option in the Virtual Hub Administration Options List. This build fixed this security bug.
  • Fixed some minor bugs.
  • Improvement of the respond-time on IPv6 DNS name resolver.

New in SoftEther VPN Bridge 1.00 Build 9074 RC 2 (Apr 24, 2013)

  • Minor improvement around the Dynamic DNS Client function.

New in SoftEther VPN Bridge 1.00 Build 9071 RC 2 (Apr 22, 2013)

  • Fixed a minor timeout bug.

New in SoftEther VPN Bridge 1.00 Build 9070 RC 2 (Apr 19, 2013)

  • Enabled advanced security check routines for butter overflow (Win32 binaries only.)
  • File sizes have been increased a little, but the performance wasn't affected.

New in SoftEther VPN Bridge 1.00 Build 9069 RC 2 (Apr 17, 2013)

  • Fixed a minor bug on SSL packet processing.
  • Fixed a miror bug on TCP listener. (very rare crash)

New in SoftEther VPN Bridge 1.00 Build 9053 RC 2 (Apr 9, 2013)

  • Fixed a minor bug on UDP packet processing.
  • Added a new feature: IKE and OpenVPN (in UDP packets) Packet Logging Function.

New in SoftEther VPN Bridge 1.00 Build 9043 RC 2 (Apr 1, 2013)

  • Fixed a critical bug was in the HTTP packet parser.
  • Improvement of the stability of UDP-based communication.
  • Fixed a problem: SecureNAT's connectivity polling packet interval was too short.

New in SoftEther VPN Bridge 1.00 Build 9035 RC 2 (Mar 25, 2013)

  • Fixed a crash bug: While you are changeing the X.509 server certificate, if a new SSL-VPN connection is being made, the new connection attempt will cause the crash because lack of critical section locking. However this bug was very rare. We found it in the heavy stress test.

New in SoftEther VPN Bridge 1.00 Build 9033 RC 2 (Mar 22, 2013)

  • Fixed a minor bug.

New in SoftEther VPN Bridge 1.00 Build 9030 RC 2 (Mar 21, 2013)

  • Fixed a bug: A logged error message around the L2TP/SSTP/OpenVPN user-authentication was incorrect.

New in SoftEther VPN Bridge 1.00 Build 9029 RC 2 (Mar 18, 2013)

  • Fixed a minor bug and typo.

New in SoftEther VPN Bridge 1.00 Build 9027 RC 2 (Mar 12, 2013)

  • Fixed a minor bug.