- Consider using Lanemu P2P VPN which is way easier to set up
- Use SoftEther VPN for retro PCs (Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4) or LAN games that don't work on any other VPNs
- Preparations
- SoftEther VPN Server (Host PC)
- SoftEther VPN Client (Host PC)
- SoftEther VPN Client (Client PC)
- Install dhclient
- Install Wine
- Install Winetricks
- Install DirectPlay
- Optional recommendations
- Visit PCGamingWiki for game patches / fixes
- Visit Linux Gaming Wiki
- Disable SSDP Discovery
- Open Control Panel
- Click System and Security
- Click Administrative Tools
- Open Services
- Right click SSDP Discovery and select Properties
- Click Stop
- Startup type: Disabled
- Click Apply and OK
- Enable DirectPlay and Media Features
- Open Control Panel
- Click Programs
- Click Turn Windows features on or off
- Expand Legacy Components
- Check DirectPlay
- Check Media Features
- Click OK
- Allow DirectPlay and game through Windows Firewall
- Open Control Panel
- Click System and Security
- Click Allow an app through Windows Firewall
- Click Change settings
- Click Allow another app
- Click Browse
- DirectPlay
- Go to C:\Windows\SysWOW64
- Select dplaysvr.exe and click Open
- DirectPlay 8 (x32)
- Go to C:\Windows\System32
- Select dpnsvr.exe and click Open
- DirectPlay 8 (x64)
- Go to C:\Windows\SysWOW64
- Select dpnsvr.exe and click Open
- Game
- Go to game directory
- Select game executable and click Open
- DirectPlay
- Click Network types
- Check Private and Public
- Click OK
- Click Add
- Click OK
- Optional recommendations
- Visit PCGamingWiki for game patches / fixes
- Use DXVK or DXVK-GPLAsync for DirectX 8/9 games
- Use dgVoodoo or WineD3D for older DirectX / DirectDraw games
- Use Special K or RTSS frame limiters to improve frame pacing and reduce inpug lag (check out Special K for even more features: Latent Sync, HDR retrofit, etc.)
- Download the latest version of SoftEther VPN Server
- Extract the archive
- Open the Terminal
- Change working directory to the extracted vpnserver folder
cd "<path>/vpnserver"- Example:
cd "${HOME}/Downloads/vpnserver"
- Example:
- Install SoftEther VPN Server
make
- Move the vpnserver folder to /usr/local
cd ..sudo mv vpnserver /usr/local
- Create a VPN Server startup script
- Download a vpnserver.service file to /lib/systemd/system
curl -s https://pastebin.com/raw/rc4aM1y7 | tr -d '\r' | sudo tee /lib/systemd/system/vpnserver.service > /dev/null
- Enable the VPN Server service
sudo systemctl enable --now vpnserver
- Download a vpnserver.service file to /lib/systemd/system
- Use Wine to install the Windows version of SoftEther VPN Server Manager
- Continue to SoftEther VPN Server (Host PC - Windows)
- Download the latest version of SoftEther VPN Server
- Run SoftEther VPN Server setup
- Click Next
- Select Software Components to Install
- Windows
- Select SoftEther VPN Server
- Click Next
- Linux (Wine)
- Select SoftEther VPN Server Manager (Admin Tools Only)
- Click Next
- Windows
- Agree to the End User License Agreement and click Next
- Click Next
- Specify the install directory and click Next
- Click Next
- Click Finish
- Open the SoftEther VPN Server Manager
- Click New Setting (if localhost setting already exists, click Edit Setting)
- Setting Name: localhost
- Connect to Localhost: Yes
- Port Number: 5555
- Proxy Type: Direct TCP/IP Connection (No Proxy)
- Administration Mode: Server Admin Mode
- Do not Save Admin's Password: No
- Password: Leave empty (will be changed later)
- Click OK
- Click Connect
- Enter new password and click OK
- Click OK
- Select Remote Access VPN Server and click Next
- Click Yes
- Specify the Virtual Hub Name and click OK
- Name could represent a game: HL1, CMR2, etc.
- Dynamic DNS Function
- Click Exit
- IPsec / L2TP / EtherIP / L2TPv3 Settings
- Leave all disabled and click OK
- If your network is restricted (port forwarding is not possible)
- Enable VPN Azure and click OK
- If your network is not restricted (port forwarding is possible)
- Disable VPN Azure and click OK
- Forward TCP port 5555 on your router
- Click Create Users
- User Name: Client
- Set the Expiration Date for This Account: No
- Auth Type: Anonymous Authentication
- If you want, you can select Password Authentication
- Enter password in Password Authentication Settings
- If you want, you can select Password Authentication
- Set Security Policy: Yes
- Click Security Policy
- Select Unlimited Number of Broadcasts
- Current Value: Enable the Policy
- Click OK
- Click OK
- Click OK
- Click Exit
- Click Close
- Select your Virtual Hub
- Click Manage Virtual Hub
- Click Manage Access Lists
- If you want to add the rules via GUI (slower)
- Continue to [Rule 01]
- If you want to add the rules via configuration file (faster)
- Click New (IPv4)
- Memo: testrule
- Click OK
- Click Save
- Click Exit
- Click Edit Config
- Click Save to File
- Save the configuration file to another location (Downloads folder, etc.)
- Click OK
- Open the configuration file with a text editor (Notepad, etc.)
- Search (CTRL + F) "testrule"
- Replace the entire "declare AccessList" section
- Save and close the configuration file
- Click Import File and Apply
- Select the modified configuration file
- Click Yes
- Click OK
- Open the SoftEther VPN Server Manager
- Return to the Virtual Hub Management
- Skip [Rule 01-20] and continue to Log Save Setting
- Click New (IPv4)
-
- Memo: Outbound Port 25 Blocking
- Action: Discard
- Priority: 1
- Protocol Type: 6 (TCP/IP Protocol)
- Destination Port: 25 - 25
- Click OK
-
- Memo: Outbound MS-SMB Blocking #1
- Action: Discard
- Priority: 2
- Protocol Type: 6 (TCP/IP Protocol)
- Destination Port: 135 - 139
- Click OK
-
- Memo: Outbound MS-SMB Blocking #2
- Action: Discard
- Priority: 3
- Protocol Type: 6 (TCP/IP Protocol)
- Destination Port: 445 - 445
- Click OK
-
- Memo: Outbound MS-SMB Blocking #3
- Action: Discard
- Priority: 4
- Protocol Type: 17 (UDP/IP Protocol)
- Destination Port: 135 - 139
- Click OK
-
- Memo: Outbound MS-SMB Blocking #4
- Action: Discard
- Priority: 5
- Protocol Type: 17 (UDP/IP Protocol)
- Destination Port: 445 - 445
- Click OK
-
- Memo: Keep-alive Blocking for Saving Bandwidth
- Action: Discard
- Priority: 6
- Destination IP Address
- Applies to All Destination Addresses: No
- IPv4 Address: 130.158.6.56
- Subnet Mask: 255.255.255.255
- Click OK
- Select Rule/ID 6 and click Disable
-
- Memo: Permit DNS Packets (UDP)
- Action: Pass
- Priority: 7
- Protocol Type: 17 (UDP/IP Protocol)
- Destination Port: 53 - 53
- Click OK
-
- Memo: Permit DNS Packets (TCP)
- Action: Pass
- Priority: 8
- Protocol Type: 6 (TCP/IP Protocol)
- Destination Port: 53 - 53
- Click OK
-
- Memo: Permit DHCP Packets #1
- Action: Pass
- Priority: 9
- Protocol Type: 17 (UDP/IP Protocol)
- Destination Port: 67 - 68
- Click OK
-
- Memo: Permit DHCP Packets #2
- Action: Pass
- Priority: 10
- Protocol Type: 17 (UDP/IP Protocol)
- Source Port: 67 - 68
- Click OK
-
- Memo: Permit Packets to Private Gateway / DNS Server
- Action: Pass
- Priority: 11
- Destination IP Address
- Applies to All Destination Addresses: No
- IPv4 Address: 192.168.30.1
- Subnet Mask: 255.255.255.255
- Click OK
-
- Memo: Permit Packets from Private Gateway / DNS Server
- Action: Pass
- Priority: 12
- Source IP Address
- Applies to All Source Addresses: No
- IPv4 Address: 192.168.30.1
- Subnet Mask: 255.255.255.255
- Click OK
-
- Memo: Deny Packets to Neighbor VPN Clients
- Action: Discard
- Priority: 13
- Source IP Address
- Applies to All Source Addresses: No
- IPv4 Address: 192.168.30.0
- Subnet Mask: 255.255.255.0
- Destination IP Address
- Applies to All Destination Addresses: No
- IPv4 Address: 192.168.30.0
- Subnet Mask: 255.255.255.0
- Click OK
- Select Rule/ID 13 and click Disable
-
- Memo: Permit Any Packets to VPN Segment
- Action: Pass
- Priority: 14
- Destination IP Address
- Applies to All Destination Addresses: No
- IPv4 Address: 192.168.30.0
- Subnet Mask: 255.255.255.0
- Click OK
-
- Memo: Block Any Packets to LAN (192.168.0.0/16)
- Action: Discard
- Priority: 15
- Destination IP Address
- Applies to All Destination Addresses: No
- IPv4 Address: 192.168.0.0
- Subnet Mask: 255.255.0.0
- Click OK
-
- Memo: Block Any Packets to LAN (172.16.0.0/12)
- Action: Discard
- Priority: 16
- Destination IP Address
- Applies to All Destination Addresses: No
- IPv4 Address: 172.16.0.0
- Subnet Mask: 255.240.0.0
- Click OK
-
- Memo: Block Any Packets to LAN (10.0.0.0/8)
- Action: Discard
- Priority: 17
- Destination IP Address
- Applies to All Destination Addresses: No
- IPv4 Address: 10.0.0.0
- Subnet Mask: 255.0.0.0
- Click OK
-
- Memo: Block Any Packets to APIPA (169.254.0.0/16)
- Action: Discard
- Priority: 18
- Destination IP Address
- Applies to All Destination Addresses: No
- IPv4 Address: 169.254.0.0
- Subnet Mask: 255.255.0.0
- Click OK
-
- Memo: Block Any Packets to Multicast (224.0.0.0/4)
- Action: Discard
- Priority: 19
- Destination IP Address
- Applies to All Destination Addresses: No
- IPv4 Address: 224.0.0.0
- Subnet Mask: 240.0.0.0
- Click OK
- Select Rule/ID 19 and click Disable
-
- Memo: Block Any Packets to CGN Shared Address Space (100.64.0.0/10)
- Action: Discard
- Priority: 20
- Destination IP Address
- Applies to All Destination Addresses: No
- IPv4 Address: 100.64.0.0
- Subnet Mask: 255.192.0.0
- Click OK
- Click Save
- If you want to add the rules via GUI (slower)
- Click Log Save Setting
- Save Security Log: No
- Save Packet Log: No
- Click OK
- Click Virtual NAT and Virtual DHCP Server (SecureNAT)
- Click SecureNAT Configuration
- Virtual Host's Network Interface Settings
- MAC Address: Leave default
- IP Address: 192.168.30.1
- Subnet Mask: 255.255.255.0
- Use Virtual NAT Function: No
- Save NAT or DHCP Server Operations to Log File: No
- Virtual DHCP Server Settings
- Use Virtual DHCP Server Functions: Yes
- Distributes IP Address: 192.168.30.10 to 192.168.30.200
- Subnet Mask: 255.255.255.0
- Lease Limit: Leave default
- Options Applied to Clients
- Default Gateway Address: Empty
- DNS Server Address 1: Empty
- DNS Server Address 2: Empty
- Domain Name: Empty
- Use Virtual DHCP Server Functions: Yes
- Click OK
- Virtual Host's Network Interface Settings
- Click Enable SecureNAT, OK and Exit
- Click SecureNAT Configuration
- Click Exit
- Make sure your Virtual Hub is Online
- Backup your server configuration file (useful during reinstall, especially the DDnsClient Key)
- Click Edit Config
- Click Save to File
- Click Close
- Click Exit
- Close the SoftEther VPN Server Manager
- Download the latest version of SoftEther VPN Client
- Extract the archive
- Open the Terminal
- Change working directory to the extracted vpnclient folder
cd "<path>/vpnclient"- Example:
cd "${HOME}/Downloads/vpnclient"
- Example:
- Install SoftEther VPN Client
make
- Move the vpnclient folder to /usr/local
cd ..sudo mv vpnclient /usr/local
- Create a VPN Client startup script
- Download a vpnclient.service file to /lib/systemd/system
curl -s https://pastebin.com/raw/6syxBcdG | tr -d '\r' | sudo tee /lib/systemd/system/vpnclient.service > /dev/null
- Enable the VPN Client service
sudo systemctl enable --now vpnclient
- Download a vpnclient.service file to /lib/systemd/system
- Create a VPN Client connection / disconnection script
- Download a client.sh file to /usr/local/vpnclient
curl -s https://pastebin.com/raw/LwHX4Zd3 | tr -d '\r' | sudo tee /usr/local/vpnclient/client.sh > /dev/null
- Assign execute permission to the client.sh file
sudo chmod +x /usr/local/vpnclient/client.sh
- Download a client.sh file to /usr/local/vpnclient
- Use Wine to install the Windows version of SoftEther VPN Client Manager
- Continue to SoftEther VPN Client (Host PC - Windows)
- Download the latest version of SoftEther VPN Client
- Run SoftEther VPN Client setup
- Click Next
- Select Software Components to Install
- Windows
- Select SoftEther VPN Client
- Click Next
- Linux (Wine)
- Select SoftEther VPN Client Manager (Admin Tools Only)
- Click Next
- Windows
- Agree to the End User License Agreement and click Next
- Click Next
- Specify the install directory and click Next
- Click Next
- Click Finish
- Open the Client Manager
- Windows
- Open the SoftEther VPN Client Manager
- Linux (Wine)
- Open the SoftEther VPN Client Remote Manager
- Connect to Local Computer: Yes
- Click OK
- Windows
- Click Virtual Adapter -> New Virtual Network Adapter
- Specify the Virtual Network Adapter Name and click OK
- Wait until adapter is created
- Click Connect -> New VPN Connection Setting
- Setting Name: localhost <Virtual Hub>
- Example: localhost HL1
- Host Name: localhost
- Port Number: 5555
- Disable NAT-T: Yes ("/tcp" will be added to Host Name)
- Virtual Hub Name: Select your Virtual Hub from dropdown
- Proxy Type: Direct TCP/IP Connection (No Proxy)
- Always Verify Server Certificate: No
- User Authentication Setting: User info from your server setup
- SoftEther VPN Server -> Manage Virtual Hub -> Manage Users
- Reconnects Automatically After Disconnected: Yes
- Reconnect Interval: Leave default
- Infinite Reconnects (Keep VPN Always Online): Yes
- Use SSL 3.0: No
- Click Advanced Settings
- Number of TCP Connections: 1
- Establishing Interval: Leave default
- Set Connection Lifetime of Each TCP Connection: No
- Use Half-Duplex Mode: No
- Disable VoIP / QoS Functions: Yes
- Encrypt VPN Session with SSL: No
- Use Data Compression: No
- Disable UDP Acceleration: Yes
- Bridge / Router Mode: No
- Monitoring Mode: No
- No Adjustments of Routing Table: No
- Click OK
- Click OK
- Setting Name: localhost <Virtual Hub>
- Right click your localhost connection setting and select Copy
- Right click the copied connection setting and select Rename
- Example: EU Server HL1
- Right click the copied connection setting and select Properties
- Host Name: Replace localhost with Assigned Dynamic DNS Hostname
- Open the SoftEther VPN Server Manager
- Select your localhost setting and click Connect
- Click Dynamic DNS Setting
- Copy the Assigned Dynamic DNS Hostname and click Exit
- Close the SoftEther VPN Server Manager
- Paste the Assigned Dynamic DNS Hostname to replace localhost
- Example: vpn149908733.softether.net/tcp
- Open the SoftEther VPN Server Manager
- Click Advanced Settings
- Number of TCP Connections: 8
- Click OK
- If VPN Azure is enabled
- Host Name: Replace softether.net with vpnazure.net
- Example: vpn149908733.vpnazure.net/tcp
- Port Number: 443
- Click Advanced Settings
- Use Data Compression: Yes
- Click OK
- Host Name: Replace softether.net with vpnazure.net
- Click OK
- Host Name: Replace localhost with Assigned Dynamic DNS Hostname
- Right click the copied connection setting and select Export VPN Connection Setting
- Save the connection setting file and keep it in Google Drive, MEGA, etc.
- Share the connection setting file to all clients
- Right click the copied connection setting and select Delete -> Yes
- Connect to the VPN Server
- Windows
- Right click your localhost connection setting and select Connect
- Linux (Wine)
- Open the Terminal to establish localhost connection
sudo /usr/local/vpnclient/client.sh connect "<localhost_connection_name>"- Example:
sudo /usr/local/vpnclient/client.sh connect "localhost HL1"
- Example:
- Open the Terminal to establish localhost connection
- Windows
- Close the SoftEther VPN Client Manager
- Download the latest version of SoftEther VPN Client
- Extract the archive
- Open the Terminal
- Change working directory to the extracted vpnclient folder
cd "<path>/vpnclient"- Example:
cd "${HOME}/Downloads/vpnclient"
- Example:
- Install SoftEther VPN Client
make
- Move the vpnclient folder to /usr/local
cd ..sudo mv vpnclient /usr/local
- Create a VPN Client startup script
- Download a vpnclient.service file to /lib/systemd/system
curl -s https://pastebin.com/raw/6syxBcdG | tr -d '\r' | sudo tee /lib/systemd/system/vpnclient.service > /dev/null
- Enable the VPN Client service
sudo systemctl enable --now vpnclient
- Download a vpnclient.service file to /lib/systemd/system
- Create a VPN Client connection / disconnection script
- Download a client.sh file to /usr/local/vpnclient
curl -s https://pastebin.com/raw/LwHX4Zd3 | tr -d '\r' | sudo tee /usr/local/vpnclient/client.sh > /dev/null
- Assign execute permission to the client.sh file
sudo chmod +x /usr/local/vpnclient/client.sh
- Download a client.sh file to /usr/local/vpnclient
- Use Wine to install the Windows version of SoftEther VPN Client Manager
- Continue to SoftEther VPN Client (Client PC - Windows)
- Download the latest version of SoftEther VPN Client
- Run SoftEther VPN Client setup
- Click Next
- Select Software Components to Install
- Windows
- Select SoftEther VPN Client
- Click Next
- Linux (Wine)
- Select SoftEther VPN Client Manager (Admin Tools Only)
- Click Next
- Windows
- Agree to the End User License Agreement and click Next
- Click Next
- Specify the install directory and click Next
- Click Next
- Click Finish
- Open the Client Manager
- Windows
- Open the SoftEther VPN Client Manager
- Linux (Wine)
- Open the SoftEther VPN Client Remote Manager
- Connect to Local Computer: Yes
- Click OK
- Windows
- Click Virtual Adapter -> New Virtual Network Adapter
- Specify the Virtual Network Adapter Name and click OK
- Wait until adapter is created
- Click Connect -> Import VPN Connection Setting
- Select the connection setting file (contact server administrator to obtain it)
- Connect to the VPN Server
- Windows
- Right click your connection setting and select Connect
- Linux (Wine)
- Open the Terminal to establish connection
sudo /usr/local/vpnclient/client.sh connect "<connection_name>"- Example:
sudo /usr/local/vpnclient/client.sh connect "EU Server HL1"
- Example:
- Open the Terminal to establish connection
- Windows
- Close the SoftEther VPN Client Manager
Can you explain why we should set: Disable UDP Acceleration: Yes. as i know, packages over udp are faster than tcp (tls).