How to Set up a VPN Server Using SoftEther

By Abdulaziz Gebril, Alibaba Cloud Community Blog author.

SoftEther VPN (“SoftEther” stands for “Software Ethernet”) is one of the world’s most powerful and easy-to-use multi-protocol VPN programs. It can run on nearly any platform, including Windows, Linux, MacOS, and even FreeBSD and Solaris.

SoftEther VPN is open source and works on multiple platforms. You can use it for personal or commercial use for free charge. It is compatibility with today’s most popular VPN products among the world and has the interoperability with OpenVPN, L2TP, IPsec, EtherIP, L2TPv3, Cisco VPN Routers, and MS-SSTP VPN Clients. SoftEther VPN is also the world’s only VPN software which supports SSL-VPN, OpenVPN, L2TP, EtherIP, L2TPv3 and IPsec, as a single VPN software program.

If interested, you can read more information about the features and specifications of SoftEther VPN on their official website. In this tutorial, we will show you how you can take advantage of all the features of SoftEther VPN by showing you how to set up a VPN serving using it.

Setup SoftEther VPN Server

In this tutorial, you will specifically need to install a server with CentOS 7 with a minimum of 512 MB RAM, and configure inbound/outbound firewall rules.

Preparing Your Server

We need to ensure that your server is up to date by using the following command:

Next, we will install CentOS Development Tools, Wget package (which we will use to download the installation archive of SoftEther VPN server) and nano package as a text editor. Use the following command:

Configuring Firewall Rules

Firewall rules define what kind of Internet traffic is allowed or blocked. You can think of it as an additional protection layer provided by your hosting provider to take control of your traffic.

If your hosting provider asks you to configure the firewall rules of your traffic (Skip if not), you have to configure your firewall rules to allow your traffic though their network. Here is a list of mostly used default ports on servers:

Ports used by SoftEther VPN:

ProtocolPortDescriptionTCP1194SoftEther OpenVPNTCP5555SoftEther ManagementUDP1194SoftEther OpenVPNUDP500SoftEther SoftEther L2TP/IPSecUDP1701SoftEther SoftEther L2TP/IPSecUDP4500SoftEther SoftEther L2TP/IPSec

Additionally, you have to add any other ports that you use for the VPN server to that list.

Download and Install the SoftEther VPN Server

You have to get the link of the latest stable package (rtm) of SoftEther VPN Server for Linux Platform from SoftEther Download Center. You will be asked to select the the CPU architecture of your server. Currently, Intel x64 / AMD64 (64bit) is the most popular CPU architecture for servers, but if you are not sure about the CPU architecture of your server, you can use the command below to find it out.

As of this writing, the latest version for Intel x64 / AMD64 (64bit) distribution is (Ver 4.29, Build 9680, rtm) and the download link is:

Ok, let’s navigate to the /usr/local directory to download SoftEther VPN there.

We can proceed with downloading the installation archive of SoftEther VPN server from their website using Wget:

Extract the archive we’ve just downloaded:

Remove the compressed file:

Navigate to the /usr/local/vpnserver directory:

Run make command to compile and install SoftEther VPN server:

During the installation process, you will have to type 1 to read the License Agreement, type 1 again to confirm that you have read the License Agreement and finally type 1 to agree with the License Agreement.

During the process, the installer will make a quick check to ensure that your VPN server can operate normally. You should see something like this as part of the output:

In order to start the VPN server, you have to configure your system to operate the vpnserver program as a service mode by registering the vpnserver program as a daemon process that continues to run in the background.

To do that, we need to create a startup script, as shown below, with a file named vpnserver in /etc/init.ddirectory by using the following command:

Then put the following into the file:

Save the file and exit, then change the permissions for the startup script like this:

Now, we can start the vpnserver service using the command below:

Also, we will use the chkconfig command to allow the above startup script to start automatically in the background on boot.

If you need to stop the VPN Server service at any time, you can type the following to stop it.

Configuring SoftEther VPN Server

SoftEther VPN comes with a command line based administration tool called “vpncmd” to perform management operations. You can read more about the general usage of vpncmd by clicking here.

Anytime if you want to check if your VPN server is working and operating normally, you can check by running the vpncmd command and type 3 to select “Use of the check VPN tools”

Then type the command below on the VPN Server> prompt:

At the time VPN Server is installed, but the admin password for the VPN Server is not set. We have to manage the VPN server in Admin Mode and set the admin password by running the vpncmd command and select 1 for “Management of VPN Server or VPN Bridge”

Then press the *enter key for next questions without giving any input values until you get VPN Server>* prompt.

Then type the command below on the VPN Server> prompt to set the admin password.

There are two ways to configure SoftEther VPN server, you can use the Windows or Mac based server manager or use the built-in vpncmd tool to configure your server.

What is VPN Server Manager for Windows and MacOS

SoftEther VPN Server Manager is an administration utility that supports GUI for administering SoftEther VPN Server by local or remote computer. Using VPN Server Manager enables you to connect to and administer SoftEther VPN Server without learning complicated commands or operation methods. You can also administer SoftEther VPN Server operating on a UNIX operating system from a familiar Windows terminal.

You can download SoftEther Server Manager for Windows or MacOS from SoftEther Download Center and do the configuration using the GUI that it provides, or you can continue reading this section, if you prefer to use the vpncmd tool to configure your VPN server.

Creating a Virtual Hub

We need to create a virtual hub for our VPN server by using HubCreate command on the VPN Server> prompt. For example we will create a Virtual Hub called “testVHub”. You will be prompted to set the password which you will use to administer the hub.

Controlling the Virtual Hub

Now we have to control the Virtual Hub by using the Hub command on the VPN Server> prompt.

Connect the Virtual Hub to the Network

We need to link the Virtual Hub to the server network by using the command below:

Create and Manage Users

We can create users for our Virtual Hub to use the VPN by using the command UserCreate and view the list of current users by UserList. For example we will create a user named “testuser”. You can skip the group, name and description prompts by hitting enter a few times.

Now we need to set a password for our user, this can be done by using UserPasswordSet command:

Activating the VPN Protocols

In this tutorial, we will focus on activating the connection of L2TP over IPSec, SSTP and OpenVPN protocols for the VPN server.

You need to manage the VPN server in Admin Mode using the vpncmd command and select 1 for “Management of VPN Server or VPN Bridge” until you reach VPN Server> prompt like we did before (this time, you will be asked for your admin password).

Activating L2TP Over IPSec

To enable L2TP over IPsec for your VPN server, you can use the following command on the VPN Server>prompt.

Then type “yes” as shown below and create a Pre Shared Key to connect your VPN with.

Default Virtual HUB in a case of omitting the HUB on the Username

When a VPN user wants to establish a VPN connection to the SoftEther VPN Server with IPsec/L2TP VPN Protocol, user have to specify the destination Virtual Hub in the username field by specifying the destination Virtual Hub Name after the username with appending ‘@’ character, such like “testuser@testVHub” in our case.

However, you can specify the “Default Virtual Hub”. If the destination Virtual Hub Name in the login-attempting username is omitted, then the default Virtual Hub is to be assumed to be designated by the user.
In our case, our Virtual Hub is “testVHub” , the user “testuser” on the testVHub can be logged on by just “testuser” . “@testVHub” can be omitted.

Activating SSTP and OpenVPN

First, we need to use ServerCertRegenerate command to generate a self-signed SSL certificate for the server to use it for the SSTP and OpenVPN.

We have created the certificate and we need to save the server certificate into a file named cert.cer:

We can now enable SSTP for our VPN server:

And to enable OpenVPN. The default OpenVPN port is 1194, but you can change it to any port you want.

You can download the configuration file for OpenVPN users by using the command below to create a sample OpenVPN configuration file and save it to

Original Source

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store