How to Set up a VPN Server Using SoftEther

By Abdulaziz Gebril, Alibaba Cloud Community Blog author.

SoftEther VPN (“SoftEther” stands for “Software Ethernet”) is one of the world’s most powerful and easy-to-use multi-protocol VPN programs. It can run on nearly any platform, including Windows, Linux, MacOS, and even FreeBSD and Solaris.

SoftEther VPN is open source and works on multiple platforms. You can use it for personal or commercial use for free charge. It is compatibility with today’s most popular VPN products among the world and has the interoperability with OpenVPN, L2TP, IPsec, EtherIP, L2TPv3, Cisco VPN Routers, and MS-SSTP VPN Clients. SoftEther VPN is also the world’s only VPN software which supports SSL-VPN, OpenVPN, L2TP, EtherIP, L2TPv3 and IPsec, as a single VPN software program.

If interested, you can read more information about the features and specifications of SoftEther VPN on their official website. In this tutorial, we will show you how you can take advantage of all the features of SoftEther VPN by showing you how to set up a VPN serving using it.

Setup SoftEther VPN Server

Preparing Your Server

yum -y update

Next, we will install CentOS Development Tools, Wget package (which we will use to download the installation archive of SoftEther VPN server) and nano package as a text editor. Use the following command:

yum -y groupinstall "Development Tools" && yum -y install wget nano

Configuring Firewall Rules

If your hosting provider asks you to configure the firewall rules of your traffic (Skip if not), you have to configure your firewall rules to allow your traffic though their network. Here is a list of mostly used default ports on servers:

20 – FTP
21 – FTP
22 – SSH
25 – SMTP/EMAIL
26 – SMTP
53 – BIND/DNS
80 – HTTP / Apache Web server
110 – POP3/EMAIL
143 – IMAP
443 – HTTPS / Apache Web server SSL
465 – SMTP/EMAIL SSL/TLS
873 – RSYNC
993 – IMAP/EMAIL SSL
995 – POP3/EMAIL SSL
3306 – MYSQL

Ports used by SoftEther VPN:

ProtocolPortDescriptionTCP1194SoftEther OpenVPNTCP5555SoftEther ManagementUDP1194SoftEther OpenVPNUDP500SoftEther SoftEther L2TP/IPSecUDP1701SoftEther SoftEther L2TP/IPSecUDP4500SoftEther SoftEther L2TP/IPSec

Additionally, you have to add any other ports that you use for the VPN server to that list.

Download and Install the SoftEther VPN Server

lscpu

As of this writing, the latest version for Intel x64 / AMD64 (64bit) distribution is (Ver 4.29, Build 9680, rtm) and the download link is:

http://www.softether-download.com/files/softether/v4.29-9680-rtm-2019.02.28-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz

Ok, let’s navigate to the /usr/local directory to download SoftEther VPN there.

cd /usr/local

We can proceed with downloading the installation archive of SoftEther VPN server from their website using Wget:

wget "YOUR_DOWNLOAD_LINK" -O softether-vpnserver-linux.tar.gz

Extract the archive we’ve just downloaded:

tar -xvf softether-vpnserver-linux.tar.gz

Remove the compressed file:

rm -f softether-vpnserver-linux.tar.gz

Navigate to the /usr/local/vpnserver directory:

cd /usr/local/vpnserver

Run make command to compile and install SoftEther VPN server:

make

During the installation process, you will have to type 1 to read the License Agreement, type 1 again to confirm that you have read the License Agreement and finally type 1 to agree with the License Agreement.

During the process, the installer will make a quick check to ensure that your VPN server can operate normally. You should see something like this as part of the output:

In order to start the VPN server, you have to configure your system to operate the vpnserver program as a service mode by registering the vpnserver program as a daemon process that continues to run in the background.

To do that, we need to create a startup script, as shown below, with a file named vpnserver in /etc/init.ddirectory by using the following command:

nano /etc/init.d/vpnserver

Then put the following into the file:

#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

Save the file and exit, then change the permissions for the startup script like this:

chmod 755 /etc/init.d/vpnserver

Now, we can start the vpnserver service using the command below:

/etc/init.d/vpnserver start

Also, we will use the chkconfig command to allow the above startup script to start automatically in the background on boot.

chkconfig --add vpnserver

If you need to stop the VPN Server service at any time, you can type the following to stop it.

/etc/init.d/vpnserver stop

Configuring SoftEther VPN Server

Anytime if you want to check if your VPN server is working and operating normally, you can check by running the vpncmd command and type 3 to select “Use of the check VPN tools”

/usr/local/vpnserver/vpncmd

Then type the command below on the VPN Server> prompt:

check

At the time VPN Server is installed, but the admin password for the VPN Server is not set. We have to manage the VPN server in Admin Mode and set the admin password by running the vpncmd command and select 1 for “Management of VPN Server or VPN Bridge”

/usr/local/vpnserver/vpncmd

Then press the *enter key for next questions without giving any input values until you get VPN Server>* prompt.

Then type the command below on the VPN Server> prompt to set the admin password.

ServerPasswordSet

There are two ways to configure SoftEther VPN server, you can use the Windows or Mac based server manager or use the built-in vpncmd tool to configure your server.

What is VPN Server Manager for Windows and MacOS

You can download SoftEther Server Manager for Windows or MacOS from SoftEther Download Center and do the configuration using the GUI that it provides, or you can continue reading this section, if you prefer to use the vpncmd tool to configure your VPN server.

Creating a Virtual Hub

HubCreate testVHub

Controlling the Virtual Hub

Hub testVHub

Connect the Virtual Hub to the Network

SecureNatEnable

Create and Manage Users

UserCreate testuser

Now we need to set a password for our user, this can be done by using UserPasswordSet command:

UserPasswordSet testuser

Activating the VPN Protocols

You need to manage the VPN server in Admin Mode using the vpncmd command and select 1 for “Management of VPN Server or VPN Bridge” until you reach VPN Server> prompt like we did before (this time, you will be asked for your admin password).

Activating L2TP Over IPSec

IPsecEnable

Then type “yes” as shown below and create a Pre Shared Key to connect your VPN with.

Default Virtual HUB in a case of omitting the HUB on the Username

When a VPN user wants to establish a VPN connection to the SoftEther VPN Server with IPsec/L2TP VPN Protocol, user have to specify the destination Virtual Hub in the username field by specifying the destination Virtual Hub Name after the username with appending ‘@’ character, such like “testuser@testVHub” in our case.

However, you can specify the “Default Virtual Hub”. If the destination Virtual Hub Name in the login-attempting username is omitted, then the default Virtual Hub is to be assumed to be designated by the user.
In our case, our Virtual Hub is “testVHub” , the user “testuser” on the testVHub can be logged on by just “testuser” . “@testVHub” can be omitted.

Activating SSTP and OpenVPN

ServerCertRegenerate <YOUR SERVER IP or FQDN>

We have created the certificate and we need to save the server certificate into a file named cert.cer:

ServerCertGet ~/cert.cer

We can now enable SSTP for our VPN server:

SstpEnable yes

And to enable OpenVPN. The default OpenVPN port is 1194, but you can change it to any port you want.

OpenVpnEnable yes /PORTS:1194

You can download the configuration file for OpenVPN users by using the command below to create a sample OpenVPN configuration file and save it to openvpn-config.zip:

OpenVpnMakeConfig ~/openvpn-config.zip

Original Source

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.