Is Perfect Forward Secrecy (PFS) available?
Yes, if you use the "Softether" VPN client, the pre-configured clients and config files we offer in our Download area, together with our servers, are all configured to automatically generate new encryption keys every 30 minutes.
If an someone was able to crack the encryption key, they would only be able to decrypt the traffic captures since the last key rotation.
All servers are using AES-256 or higher encryption. To put in perspective how high encrytion that it, it would take 1000 supercomputers many billion years to go through all key combinations available for ONE key - and it's changed every 30 minutes.
At the moment, the "Softether" client is available for Windows and Linux.