English | 日本語

VPN Azure Service - Build VPN from Home to Office without Firewall Permission

VPN Azure is a free-of-charge cloud VPN service provided by SoftEther Project at University of Tsukuba, Japan. It is currently operated at University of Tsukuba as an academic-purpose experiment.

VPN Azure cloud is intended to continue a free-of-charge use for now and in future continuously.

What is VPN Azure?

VPN Azure is a cloud service for power-user in the company who wants to build a VPN between his office PC and his home PC. If your company doesn't have a VPN infrastructure, you can make your own VPN Server in your office PC by just your power. VPN traffics are relayed by the VPN Azure Cloud Servers, so you need not to ask your network administrator to open a TCP or UDP port on the firewall or NAT. You can install the VPN Server, by yourself, on your home PC without Administrators privilege. No need to trouble your administrator to install the software. No specific VPN client software is required. VPN Azure can be used from Windows built-in SSTP VPN Client. VPN Azure Service makes it possible for any employees in the company to have their own and specific VPN Server in each work PC. From now on, let's build your own VPN to your office and make yourself enable to access file servers and groupware in your company from anywhere.

 

Why VPN Azure?

Make your office PC a dedicated VPN server for yourself.

Conventional VPN server products needs to be installed and configured by network administrators. NAT or firewall must be set up to open a TCP/UDP port. At least one fixed and global IP address necessary.

VPN Azure deregulates that limitation. If you use VPN Azure, you can connect from your home or mobile PC into your office PC easily. Your office PC becomes your dedicated VPN server. The VPN server initiates the TCP tunnel from the office PC towards a VPN Azure Cloud relay server, by behaving a normal HTTPS connection. Once such a "from behind a firewall" connection established, you can now connect to that VPN Azure Cloud relay server from anywhere, and be able to access any shared folders, mail servers or groupware in your office as if you are sitting just in front of your desk in the office.

Easy to Install VPN Server. No System Administrator Privilege Required.

In your office PC, you can install SoftEther VPN Server. SoftEther VPN Server can be installed without any administrator privilege. You don't have to ask the network administrator to do it. This is a benefit for both you and the administrator to reduce a work. SoftEther VPN Server runs in user-mode space, thus it is so safe.

Use Windows Built-in VPN Client. No Need to Install VPN Client Software.

VPN Azure supports SSTP (Secure Socket Tunneling Protocol) which was developed by Microsoft Corporation. Windows Vista / 7 / 8 / RT has a built-in VPN Client for SSTP. Therefore you need not to install any additional VPN software in the client PC. It is very easy to try. You can also use the latest Windows RT tablets.

Of course, you can install SoftEther VPN Client in your older PC (Windows XP or earlier) to connect to VPN Azure.

High-level Security.

All VPN traffics over the Internet are encrypted by SSL (TLS 1.0). The user-authentication processing is performed in the VPN server's side, which is in your office PC. The VPN Azure cloud has no involvement to conduct the user authentication process. Only you and your trusted persons who knows a username and password registered on the VPN Server can access to the VPN server securely.

Works also on Windows RT (Windows 8 on ARM) Tablets.

VPN Azure service supports the Microsoft's latest operating system "Windows RT" (ARM-version Windows 8). You can make a VPN connection from your Windows RT tablet to your office PC and remote access to PCs in the corporate network. It improves your mobile performance.

 

Requirements

Your Office PC (Server-side)

 

Your Home PC (Client-side)

OS: One of the followings.

  • Windows 98, ME, NT 4.0, 2000, XP, Vista, 7, 8, 10
  • Windows Server 2003, 2008, 2012
  • Linux, FreeBSD, Mac OS X

Network Connection:

  • Internet connectivity.
  • Can work behind NAT or Firewall.
    (No need to open a TCP or UDP port on the firewall by admin.)
  • Private IP Address is okay.

User Privileges:

  • Normal Users can install the server.
    (No need to have the Administrator's password.)

Notice:

  • You need NO administrator's privileges to install. No need to open a port on the firewall.
  • However, you should obtain a permission from your system administrators by mouth if your company has a rule to require to do so. If your system administrator doesn't permit it, you should take a permission from his superior instead.
 

OS (VPN Clientless) :

  • Windows Vista, 7, 8, 10
  • Windows RT
  • Windows Server 2008, 2012

OS (Need to install SoftEther VPN Client) :

  • Windows 98 SE, ME, 2000, XP
  • Windows Server 2003
  • Linux

Network Connection:

  • Internet connectivity.
  • Can work behind NAT or Firewall.
    (No need to open a TCP or UDP port on the firewall by admin.)
  • Private IP Address is okay.

User Privileges:

  • Normal Users can install the client.
    (No need to have the Administrator's password.)

 

1. How to Install VPN Server on Your Office

Do it in your office hours.

In this description, you install VPN Server on your office PC for example.

 

Download VPN Server

Click the link to download SoftEther VPN Server Beta.

All files distributed by SoftEther are digitally-signed by a certificate issued from VeriSign or GlobalSign, and countersigned by Symantec.

Install VPN Server

You have to install VPN Server. This document shows how to install on Windows. You can also install it on Linux, FreeBSD, Solaris or Mac OS X.

Start the downloaded installer.

 server01.jpg (119870 バイト)

 

In the installer, simple click Next button repeatedly. If you don't have Administrator account, you can install in user-mode by choosing User-Mode Install option. This option will enable you no need to ask your administrator. This will reduce both you and your administrator's costs.

You have to select "SoftEther VPN Server" in the component-selection seceen.

 server02.jpg (90453 バイト)

VPN Server Initial Configurations

After install finished, run VPN Server Manager. You can run it in the last screen of the installer. On the VPN Server Manager screen, double-click the "localhost" item on the servers list.

 server03.jpg (129142 バイト)

 

At the first time if your login, setting a password will be required. This password is important for make you exclusive to login the administrator mode of the VPN Server. Make strong password for only yourself.

server04.jpg (40777 バイト) 

At the first time, the Easy Setup wizard appears. We recommend you read the entire description roughly.
Check "Remote Access VPN Server" and press "Next" .

 server05.jpg (225256 バイト)

 

Make Your Unique Hostname

The "Dynamic DNS Function" screen appears. You can set up your favorite hostname on the VPN Server. A hostname must 3 or more, and 31 or less letters. Only alphabets and digits are accepted.

For example you specify "test1" , then your hostname on the VPN Azure Cloud will be "test1.vpnazure.net" .

The Dynamic DNS Function screen says your hostname will be appended by a suffix ".softether.net" . This ".softether.net" part will be replaced to ".vpnazure.net" when you use VPN Azure.

After hostname specifies, press "Set to Above Hostname" button and click Exit.

 server06.jpg (203468 バイト)

IPsec Configuration (No need to set up)

The "IPsec / L2TP / EtherIP / L2TPv3 Server Settings" screen will appear. This screen is to enable the IPsec VPN function to support iPhone, iPad, Android. You need not to enable it if you want to use just VPN Azure. So go ahead by simply clicking OK.

 server07.jpg (239304 バイト)

Activate VPN Azure

The "VPN Azure Service Settings" screen will appear. "Enable VPN Azure" radio-button is located on the left-bottom side. Check it to activate VPN Azure function. (It is disabled by default.)

After you activate it, wait for a few seconds and the status will be changed to "Status: Connected" . In this status. Your VPN Server is connected to VPN Azure. Now the VPN Server is reachable from the Internet, anywhere via the VPN Azure Cloud Servers.

If the "Status: Connected" never comes, your computer might not be connected to the Internet. Make sure your web browser can access to any web sites. If there is a "dirty firewall" to tap and modify your traffics, your connecting attempt to VPN Azure might fails. In such a case, ask your network administrator to remove such a dirty firewall on your company's network.

server08.jpg (244665 バイト) 

 

Create a User

After pressing OK on the VPN Azure Settings screen, next you will see the "VPN Easy Setup Tasks" screen. You should click "Create Users" button to define a user at least.

 server09.jpg (147694 バイト)

 

The "Create New User" screen will appear. In this screen, you can make a lot of detailed configuration. However, today we need to only create a simple user. So input your username and select "Password Authentication" . Enter the password twice. This username and password are needed to input after you go home and try to connect the VPN Server after your work hours.

server10.jpg (218416 バイト) 

 

Local Bridge Settings

After you create a user, in the "Easy Setup Tasks" screen you can see the physical network adapters on the computer, in the "Step 3." screen of the dialog.

If your network adapters are listed, select one network adapter from the list. You should select the network adapter which is now have a role to connect to your local private network. Do not choose Wi-Fi adapters. Almost all Wi-Fi adapters are not capable for making Local Bridges. Use wired Ethernet adapters to connect the corporate network.

If you have just only a Wi-Fi adapter on the laptop PC, do not define a Local Bridge here, and instead try to activate Virtual NAT and Virtual DHCP Server function on the Virtual Hub setting screen.

If you are running the VPN Server in the normal-user privileges, you cannot make a Local Bridge. Instead, "Virtual NAT and Virtual DHCP Server function" are automatically activated. You need not to enable anything by manual.

 server11.jpg (164663 バイト)

 

Configuration Completed !

Congratulations! Your VPN Server is ready to be connected from anywhere, if the "VPN Azure Hostname:" status and current hostname is printed on the main screen of VPN Server Manager. Right now, let's go home and try to connect to your VPN Server from your home PC, by referring to the right-side description of this site.

By the way, you can use VPN Server Manager to change any settings about all tasks which you did recently in the previous steps. You can review and modify the settings of VPN Azure by clicking the "VPN Azure Setting" button. You can add, remove or view user objects after double-clicking the Virtual Hub icon.

 server12.jpg (218832 バイト)

 

Trouble Shooting (If any troubles)

You should investigate your log file of VPN Server if any of the above steps was failed.

The log files of VPN Server are stored on the "server_log" directory which is located in the installed directory of SoftEther VPN Server. Logs can be read by Norepad or other text editor.

 

You need a help?

  • Ask at SoftEther Forum.

 

 

   

2. How to Install VPN Client in Your Home PC

Connect from Your Home PC to Your Office.

In the following descriptions, you are going to make your home PC to connect your office PC via VPN Azure for example.

 

Using Windows XP, 2000, ME, 98

If your home PC is Windows XP or earlier, you need to install SofEther VPN Client. You can download it here.
On Windows Vista, 7, 8 or RT, you need not to install anything. These Windows versions have a built-in SSTP-VPN client function. You can use it. No need to install VPN Client.

 

Windows Vista, 7, 8 Step by Step

The following screenshots are taken on Windows 8. Windows Vista and 7 have similar screens.

 

At first right-click the network icon on the bottom-right side of the screen, and click "Open network and Sharing Center" from the menu.

 

 

Click the "Set up a new connecting or network" link on the "Network and Sharing Center" .

 client02.jpg (110406 バイト)

 

Select "Connect to a workplace" .

 client03.jpg (70329 バイト)

 

Click "Use my Internet Connection (VPN)" .

 client04.jpg (78504 バイト)

 

Input your hostname on VPN Azure. It is your specified hostname in the VPN Server initial configuration. You must append ".vpnazure.net" suffix after your hostname.

Do not input the ".softether.net" domain name. Make sure to specify ".vpnazure.net" domain suffix with your hostname.

 client05.jpg (75938 バイト)

 

In Windows Vista or 7, the next screen will require the username and password. You should input them correctly. You should check "Save the Password" checkbox in the screen. In Windows Vista or 7, connecting attempts will be started after the wizard finishes. At the first time, 10 - 30 seconds will take to connect because the wizard try PPTP, L2TP and SSTP sequentially.

 

In Windows 8 / RT, the following screen will appeared after the wizard. Click "VPN Connection" .

 

 

The "Network Authentication" screen as following will appear. Input your username and password registered on the VPN Server correctly, and press OK.

 

 

If a VPN is established successfully, the status will be "Connected" as following.

 

 

Verity Your VPN Connection Works Fine

Let's make sure that your home PC is now connected to your office PC.

 

You can see the VPN status as the following screen. Click the "Details" button.

 

 

Then "Network Connection Details" list will appear. Confirm that the "IPv4 Address" field shows an IP address assigned in your office network. If your corporate network has a DNS server, the "Connection-specific DNS Suffix" should be your network's DNS suffix.

 

 

Start Windows Command Prompt and run "ping" command to check the reachability to a PC which is located in your office network physically. If ping results OK, the VPN connection is fine. Note that recent operating systems on the network sometimes ignore ping echo. Find some nodes which replies to ping.

 client11.jpg (75461 バイト)

 

You can access to the Internet via your office while the VPN is connected. For example, use "tracert" command to find a path to "www.google.com" . As the example of the following screen, the home PC is now a part of the office network clients, and accessing to the Internet via the company network infrastructure.

client12.jpg (86740 バイト) 

 

Let's Access to File Server in Workplace

The method to access a file server via VPN is exactly same to the method to access a file server in the physically-connected local area network.

 

However, if your VPN Server in the office is running under User-Mode, sometimes you cannot browse the enumerated list of running file servers in the office network. In such circumstances, press "Win + R" key to open the "Run" tool, and input as "\\server_name" , which is the UNC-Path format. It can open the target server directly even if the computer-list enumeration doesn't work well.

 

 

In unusual case you might face to the trouble that you cannot access to the server which is specified by "\\server_name" format. In such a case, you can specify as "\\IPAddress" (e.g. "\\192.168.0.1" ) instead of the server name. You should learn and note the server's IP address during your work hour in office.

 

 

After you could make an access to the corporate file server, you can perform any tasks using the file server, Open shared folders, printers, FAXs and scanners which are on the office servers from your home.

 client15.jpg (89218 バイト)

 

Access to Intranet Web Site

In many companies, for security reason, groupware (SharePoint or Notes) are limited to access from only intranet (private network). These web servers are isolated from the Internet. While you are connecting to your office VPN Server from home, your home PC is a member of the intranet. You can visit intranet web sites as if you are in the company physically.

You can access to web-based mail servers, POP3 or IMAP4 based mail servers, Exchange Servers and Active Directory controllers. If you are an expert Windows geeks, you can make your home PC join to the Active Directory domain of your company. It is very convenient.

 client16.jpg (74411 バイト)

 

Remote Desktop to Office PC

If your office PC or other person's PC is enabled the Remote Desktop feature of Windows XP or later (Needs Pro versions), you can access to any Remote Desktop enabled workstation or server on the company network via VPN.

If Remote Desktop is disabled, or Remote Desktop is unsupported due to that the PC is Windows Home Edition, you can still use VNC to remote control the office PC from your home. It is very convenient.

client17.jpg (86014 バイト) 

 

Troubleshooting of VPN Connection

If you fails to establish a VPN Connection, open the Windows Network Adapters setting screen and right-click the VPN connection setting icon. You will see the property screen.

In the property, check that the "Type of VPN" is set to "SSTP (Secure Socket Tunneling Protocol)" .

 client18.jpg (83228 バイト)

 




Frequently Asked Questions

Any method to improve the speed dramatically?

Yes. Install SoftEther VPN Client software on the home PC (client-side PC) instead of using MS-SSTP VPN built-in client.

A pair of SoftEther VPN Client and SoftEther VPN Server will try to make a fast UDP-based VPN link between them, even if both or any parties are behind the NAT or firewall. In order to make a fast UDP-based VPN link, SoftEther VPN exploits the UDP Hole Punching (NAT-Traversal) technique.

If your SSTP-VPN is very slow, install SoftEther VPN Client in the client-side PC. It will surprise you at high-throughput and low-latency.

 

What is the purpose why do you provide VPN Azure to make network administrators unnecessary to open TCP/UDP ports on the firewall? And what is the reason why there is the strong "User-Mode Installation" method on the VPN Server?

Traditional legacy VPN servers are needed to be placed by network administrators in a corporate network. Such a VPN Server is concentrates all user's VPN traffics at one point.

However, today's companies are required to change to eliminate the costs for IT. There are a few network administrators in the company, but there are a lot of demands and a lot of varieties to prepare VPN servers in the company. Legacy VPNs need the administrator to manage the opening-port management on the firewall or NAT. If every employees set up their own VPN servers in each desktop PCs in the office, the administrator will be exhausted, and the TCO will be increased unlimitedly.

SoftEther Developers has philosophy that "Every corporate computer users should gain a power and ability to host their each own VPN server by self-help" . We believe that every computer users in the company should learn the concepts and essentials of VPN, and be smarter than their network administrators. As the results, network administrators are no longer necessary to perform a lot of jobs for trivial requests from employees. Then network administrators will be able to concentrate more essential and important works in such ideal future.

In order to realize such future, we are attempting to introduce the "User-Mode Installation" option for SoftEther VPN Server. It can be installed by user himself. No longer need to ask his system administrators. By using SoftEther VPN Server and VPN Azure, each employee of the company can host "dedicated-only-for-him" VPN Server in each PCs. Using VPN Azure also no longer need to ask the firewall administrator to open any TCP/UDP port on the FW or NAT. This is a solution to reduce the requirements of efforts by system administrators, and benefits the entire company in the long-term viewpoint.

 

Do I have to obtain a permission from system administrator before install it?

You need no administrator's privileges to install. However, you should obtain a permission from your system administrators by mouth if your company has a rule to require to do so. If your system administrator doesn't permit it, you should take a permission from his superior instead.

 

Can I use Windows RT (e.g. Microsoft Surface) as a VPN Client?

Yes, you can. Windows RT has a built-in Microsoft SSTP VPN Client by default.

 

You need a help?

 


VPN Azure Cloud Service by SoftEther Project at University of Tsukuba, Japan.

Copyright © 2012-2016 SoftEther Project at University of Tsukuba. All Rights Reserved.

VPN Azure Service is hosted at Academic Computing & Communications Center, University of Tsukuba, Japan.

English | 日本語