Privately hosted VPN Azure solution for SoftEther VPN
VPN Azure is a VPN relay service provided by SoftEther Corporation for free to users of SoftEther VPN. It saves the need for VPN servers to sit on public IP addresses.
This is an open-sourced implementation of the VPN Azure function in Go that works with custom domain names.
It's NOT an official product of SoftEther Corporation.
The support for custom VPN Azure service has not been incorporated to SoftEther VPN. See SoftEtherVPN/SoftEtherVPN#1739. You can try the feature with our fork at https://github.com/domosekai/SoftEtherVPN.
-
Custom DNS suffix
You can use any domain that you have control, such as
myazure.net.Multiple suffixes are also supported.
-
No need for DDNS
Handle DNS records on your own. Usually a wildcard record like
*.myazure.networks best.The real destinations are sniffed from TLS Server Name Indication (SNI).
-
Authentication
The original VPN Azure does not require authentication to connect.
As a privately hosted solution, both password and certificate-based authentication is supported.
-
Security
All control and data sessions speak standard TLS.
-
Flexibility
Handle configuration changes on the fly. Send program a SIGHUP signal to reload all config files.
Perfect for altering authentication info or updating server certificates, without interrupting VPN sessions.
Not available on Windows.
vpnazure-go version unknown (build unknown) usage:
-auth string
File that contains server credentials
-b string
Listening address and port
-log string
Path to the log file
-suffix string
File that contains DNS suffixes of the service
Connect to vpn123.myazure.net Connect to cloud.myazure.net
VPN Client ------------------------------> vpnazure-go <---------------------------- VPN Server
Azure hostname: vpn123.myazure.net
Password: somepassword
Let's suppose you own .myazure.net and have decided to host VPN Azure service on it.
Azure clients (i.e. VPN servers) will use hostnames in the form vpn*.myazure.net.
The control server will be cloud.myazure.net.
First, setup wildcard DNS record to resolve *.myazure.net to the actual server address.
Compile vpnazure-go on the server and create the following configuration files.
Let's say fullchain.pem and privkey.pem contain the server certificate and its key.
suffix.txt
// Format: DNS suffix | server address | certificate chain file | private key file
// Fields must be separated by a single TAB.
.myazure.net cloud.myazure.net fullchain.pem privkey.pem
auth.txt
// Format: hostname | suffix | method | secret
// Fields must be separated by a single TAB.
vpn* .myazure.net password somepassword
Start the Azure server:
./vpnazure-go -b 0.0.0.0:443 -auth auth.txt -suffix suffix.txt
Setup the custom Azure service on a SoftEther VPN server with these information:
- Server address:
cloud.myazure.net:443 - Hostname:
vpn123.myazure.net - Password:
somepassword
Clients can connect to the server by using vpn123.myazure.net.
Released under Apache License 2.0, the same as SoftEther VPN.