How to Set up a VPN Server Using SoftEther

Setup SoftEther VPN Server

In this tutorial, you will specifically need to install a server with CentOS 7 with a minimum of 512 MB RAM, and configure inbound/outbound firewall rules.

Preparing Your Server

We need to ensure that your server is up to date by using the following command:

yum -y update
yum -y groupinstall "Development Tools" && yum -y install wget nano

Configuring Firewall Rules

Firewall rules define what kind of Internet traffic is allowed or blocked. You can think of it as an additional protection layer provided by your hosting provider to take control of your traffic.

20 – FTP
21 – FTP
22 – SSH
25 – SMTP/EMAIL
26 – SMTP
53 – BIND/DNS
80 – HTTP / Apache Web server
110 – POP3/EMAIL
143 – IMAP
443 – HTTPS / Apache Web server SSL
465 – SMTP/EMAIL SSL/TLS
873 – RSYNC
993 – IMAP/EMAIL SSL
995 – POP3/EMAIL SSL
3306 – MYSQL

Download and Install the SoftEther VPN Server

You have to get the link of the latest stable package (rtm) of SoftEther VPN Server for Linux Platform from SoftEther Download Center. You will be asked to select the the CPU architecture of your server. Currently, Intel x64 / AMD64 (64bit) is the most popular CPU architecture for servers, but if you are not sure about the CPU architecture of your server, you can use the command below to find it out.

lscpu
http://www.softether-download.com/files/softether/v4.29-9680-rtm-2019.02.28-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz
cd /usr/local
wget "YOUR_DOWNLOAD_LINK" -O softether-vpnserver-linux.tar.gz
tar -xvf softether-vpnserver-linux.tar.gz
rm -f softether-vpnserver-linux.tar.gz
cd /usr/local/vpnserver
make
nano /etc/init.d/vpnserver
#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
chmod 755 /etc/init.d/vpnserver
/etc/init.d/vpnserver start
chkconfig --add vpnserver
/etc/init.d/vpnserver stop

Configuring SoftEther VPN Server

SoftEther VPN comes with a command line based administration tool called “vpncmd” to perform management operations. You can read more about the general usage of vpncmd by clicking here.

/usr/local/vpnserver/vpncmd
check
/usr/local/vpnserver/vpncmd
ServerPasswordSet

What is VPN Server Manager for Windows and MacOS

SoftEther VPN Server Manager is an administration utility that supports GUI for administering SoftEther VPN Server by local or remote computer. Using VPN Server Manager enables you to connect to and administer SoftEther VPN Server without learning complicated commands or operation methods. You can also administer SoftEther VPN Server operating on a UNIX operating system from a familiar Windows terminal.

Creating a Virtual Hub

We need to create a virtual hub for our VPN server by using HubCreate command on the VPN Server> prompt. For example we will create a Virtual Hub called “testVHub”. You will be prompted to set the password which you will use to administer the hub.

HubCreate testVHub

Controlling the Virtual Hub

Now we have to control the Virtual Hub by using the Hub command on the VPN Server> prompt.

Hub testVHub

Connect the Virtual Hub to the Network

We need to link the Virtual Hub to the server network by using the command below:

SecureNatEnable

Create and Manage Users

We can create users for our Virtual Hub to use the VPN by using the command UserCreate and view the list of current users by UserList. For example we will create a user named “testuser”. You can skip the group, name and description prompts by hitting enter a few times.

UserCreate testuser
UserPasswordSet testuser

Activating the VPN Protocols

In this tutorial, we will focus on activating the connection of L2TP over IPSec, SSTP and OpenVPN protocols for the VPN server.

Activating L2TP Over IPSec

To enable L2TP over IPsec for your VPN server, you can use the following command on the VPN Server>prompt.

IPsecEnable

Activating SSTP and OpenVPN

First, we need to use ServerCertRegenerate command to generate a self-signed SSL certificate for the server to use it for the SSTP and OpenVPN.

ServerCertRegenerate <YOUR SERVER IP or FQDN>
ServerCertGet ~/cert.cer
SstpEnable yes
OpenVpnEnable yes /PORTS:1194
OpenVpnMakeConfig ~/openvpn-config.zip

Original Source

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store