Installation of SoftEther

[e-wu]

Install SoftEther

1. Install SoftEther on Windows VM
2. Configure with user based authentication
3. Create self signed key for VPN server
4. Associate key to VPN server
5. Associate IP to domain [retracted] (Personal Domain Name)
6. Turn on L2TP over IPSEC with preshare password.
7. Turn on split tunnel.

[e-wu]

Done. However, normal split tunnel routes traffic through the default gateway which would be internet first. The VPN gateway would have static route all CIDRs that must go through VPN. This results in a very large and unmaintainable list.

To do youtube, it's 49 entries.

[e-wu]

What we wanted was inverse split tunnel which appears to not be supported by SoftEther. Unsure if Fortinet supports it as can't access the product. Cisco may.

[e-wu]

Change approach again (fail fast). Leverage the server as VPN and turn off split tunnel. Let's try client based routing as it has the ability to look at domain names instead. For example, youtube has many IPs due to what region of the world your in. So, f we can whitelist domains, it'll be easier.

The feature we'll use is Microsoft Always On VPN. It allows:

• Split tunnel based off domain and process ID which will allow us to sandbox apps. Some apps can use VPN, others won't.

[e-wu]

Flipping the product to OpenSwan as need IKEv2 support.