×
Community Blog How to Set up a VPN Server Using SoftEther

How to Set up a VPN Server Using SoftEther

In this tutorial, we will show you how you can take advantage of all the great features of SoftEther VPN by showing you how you can set up a VPN on it.

By Abdulaziz Gebril, Alibaba Cloud Community Blog author.

SoftEther VPN ("SoftEther" stands for "Software Ethernet") is one of the world's most powerful and easy-to-use multi-protocol VPN programs. It can run on nearly any platform, including Windows, Linux, MacOS, and even FreeBSD and Solaris.

SoftEther VPN is open source and works on multiple platforms. You can use it for personal or commercial use for free charge. It is compatibility with today's most popular VPN products among the world and has the interoperability with OpenVPN, L2TP, IPsec, EtherIP, L2TPv3, Cisco VPN Routers, and MS-SSTP VPN Clients. SoftEther VPN is also the world's only VPN software which supports SSL-VPN, OpenVPN, L2TP, EtherIP, L2TPv3 and IPsec, as a single VPN software program.

If interested, you can read more information about the features and specifications of SoftEther VPN on their official website. In this tutorial, we will show you how you can take advantage of all the features of SoftEther VPN by showing you how to set up a VPN serving using it.

Don't have Alibaba Cloud account yet? Sign up to get $300 - $1200 Worth of Free Trial for your new Alibaba Cloud account.

Setup SoftEther VPN Server

In this tutorial, you will specifically need to install a server with CentOS 7 with a minimum of 512 MB RAM, and configure inbound/outbound firewall rules.

Preparing Your Server

We need to ensure that your server is up to date by using the following command:

yum -y update

Next, we will install CentOS Development Tools, Wget package (which we will use to download the installation archive of SoftEther VPN server) and nano package as a text editor. Use the following command:

yum -y groupinstall "Development Tools" && yum -y install wget nano

Configuring Firewall Rules

Firewall rules define what kind of Internet traffic is allowed or blocked. You can think of it as an additional protection layer provided by your hosting provider to take control of your traffic.

If your hosting provider asks you to configure the firewall rules of your traffic (Skip if not), you have to configure your firewall rules to allow your traffic though their network. Here is a list of mostly used default ports on servers:

20 – FTP
21 – FTP
22 – SSH
25 – SMTP/EMAIL
26 – SMTP
53 – BIND/DNS
80 – HTTP / Apache Web server
110 – POP3/EMAIL
143 – IMAP
443 – HTTPS / Apache Web server SSL
465 – SMTP/EMAIL SSL/TLS
873 – RSYNC
993 – IMAP/EMAIL SSL
995 – POP3/EMAIL SSL
3306 – MYSQL

Ports used by SoftEther VPN:

Protocol Port Description
TCP 1194 SoftEther OpenVPN
TCP 5555 SoftEther Management
UDP 1194 SoftEther OpenVPN
UDP 500 SoftEther SoftEther L2TP/IPSec
UDP 1701 SoftEther SoftEther L2TP/IPSec
UDP 4500 SoftEther SoftEther L2TP/IPSec

Additionally, you have to add any other ports that you use for the VPN server to that list.

For Alibaba Cloud customers, you can do that by Creating a security group and Adding security group rules to allow connections on these ports.

Download and Install the SoftEther VPN Server

You have to get the link of the latest stable package (rtm) of SoftEther VPN Server for Linux Platform from SoftEther Download Center. You will be asked to select the the CPU architecture of your server. Currently, Intel x64 / AMD64 (64bit) is the most popular CPU architecture for servers, but if you are not sure about the CPU architecture of your server, you can use the command below to find it out.

lscpu

As of this writing, the latest version for Intel x64 / AMD64 (64bit) distribution is (Ver 4.29, Build 9680, rtm) and the download link is:

http://www.softether-download.com/files/softether/v4.29-9680-rtm-2019.02.28-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz

Ok, let’s navigate to the /usr/local directory to download SoftEther VPN there.

cd /usr/local

We can proceed with downloading the installation archive of SoftEther VPN server from their website using Wget:

wget "YOUR_DOWNLOAD_LINK" -O softether-vpnserver-linux.tar.gz

Extract the archive we’ve just downloaded:

tar -xvf softether-vpnserver-linux.tar.gz

Remove the compressed file:

rm -f softether-vpnserver-linux.tar.gz

Navigate to the /usr/local/vpnserver directory:

cd /usr/local/vpnserver

Run make command to compile and install SoftEther VPN server:

make

During the installation process, you will have to type 1 to read the License Agreement, type 1 again to confirm that you have read the License Agreement and finally type 1 to agree with the License Agreement.

During the process, the installer will make a quick check to ensure that your VPN server can operate normally. You should see something like this as part of the output:

In order to start the VPN server, you have to configure your system to operate the vpnserver program as a service mode by registering the vpnserver program as a daemon process that continues to run in the background.

To do that, we need to create a startup script, as shown below, with a file named vpnserver in /etc/init.d directory by using the following command:

nano /etc/init.d/vpnserver

Then put the following into the file:

#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

Save the file and exit, then change the permissions for the startup script like this:

chmod 755 /etc/init.d/vpnserver

Now, we can start the vpnserver service using the command below:

/etc/init.d/vpnserver start

Also, we will use the chkconfig command to allow the above startup script to start automatically in the background on boot.

chkconfig --add vpnserver

If you need to stop the VPN Server service at any time, you can type the following to stop it.

/etc/init.d/vpnserver stop

Configuring SoftEther VPN Server

SoftEther VPN comes with a command line based administration tool called "vpncmd" to perform management operations. You can read more about the general usage of vpncmd by clicking here.

Anytime if you want to check if your VPN server is working and operating normally, you can check by running the vpncmd command and type 3 to select “Use of the check VPN tools”

/usr/local/vpnserver/vpncmd

Then type the command below on the VPN Server> prompt:

check

At the time VPN Server is installed, but the admin password for the VPN Server is not set. We have to manage the VPN server in Admin Mode and set the admin password by running the vpncmd command and select 1 for “Management of VPN Server or VPN Bridge”

/usr/local/vpnserver/vpncmd

Then press the *enter key for next questions without giving any input values until you get VPN Server>* prompt.

Then type the command below on the VPN Server> prompt to set the admin password.

ServerPasswordSet

There are two ways to configure SoftEther VPN server, you can use the Windows or Mac based server manager or use the built-in vpncmd tool to configure your server.

What is VPN Server Manager for Windows and MacOS

SoftEther VPN Server Manager is an administration utility that supports GUI for administering SoftEther VPN Server by local or remote computer. Using VPN Server Manager enables you to connect to and administer SoftEther VPN Server without learning complicated commands or operation methods. You can also administer SoftEther VPN Server operating on a UNIX operating system from a familiar Windows terminal.

You can download SoftEther Server Manager for Windows or MacOS from SoftEther Download Center and do the configuration using the GUI that it provides, or you can continue reading this section, if you prefer to use the vpncmd tool to configure your VPN server.

Creating a Virtual Hub

We need to create a virtual hub for our VPN server by using HubCreate command on the VPN Server> prompt. For example we will create a Virtual Hub called "testVHub". You will be prompted to set the password which you will use to administer the hub.

HubCreate testVHub

Controlling the Virtual Hub

Now we have to control the Virtual Hub by using the Hub command on the VPN Server> prompt.

Hub testVHub

Connect the Virtual Hub to the Network

We need to link the Virtual Hub to the server network by using the command below:

SecureNatEnable

Create and Manage Users

We can create users for our Virtual Hub to use the VPN by using the command UserCreate and view the list of current users by UserList. For example we will create a user named "testuser". You can skip the group, name and description prompts by hitting enter a few times.

UserCreate testuser

Now we need to set a password for our user, this can be done by using UserPasswordSet command:

UserPasswordSet testuser

Activating the VPN Protocols

In this tutorial, we will focus on activating the connection of L2TP over IPSec, SSTP and OpenVPN protocols for the VPN server.

You need to manage the VPN server in Admin Mode using the vpncmd command and select 1 for “Management of VPN Server or VPN Bridge” until you reach VPN Server> prompt like we did before (this time, you will be asked for your admin password).

Activating L2TP Over IPSec

To enable L2TP over IPsec for your VPN server, you can use the following command on the VPN Server> prompt.

IPsecEnable

Then type “yes” as shown below and create a Pre Shared Key to connect your VPN with.

Default Virtual HUB in a case of omitting the HUB on the Username

When a VPN user wants to establish a VPN connection to the SoftEther VPN Server with IPsec/L2TP VPN Protocol, user have to specify the destination Virtual Hub in the username field by specifying the destination Virtual Hub Name after the username with appending '@' character, such like "testuser@testVHub" in our case.

However, you can specify the "Default Virtual Hub". If the destination Virtual Hub Name in the login-attempting username is omitted, then the default Virtual Hub is to be assumed to be designated by the user.
In our case, our Virtual Hub is "testVHub" , the user "testuser" on the testVHub can be logged on by just "testuser" . "@testVHub" can be omitted.

Activating SSTP and OpenVPN

First, we need to use ServerCertRegenerate command to generate a self-signed SSL certificate for the server to use it for the SSTP and OpenVPN.

ServerCertRegenerate <YOUR SERVER IP or FQDN>

We have created the certificate and we need to save the server certificate into a file named cert.cer:

ServerCertGet ~/cert.cer

We can now enable SSTP for our VPN server:

SstpEnable yes

And to enable OpenVPN. The default OpenVPN port is 1194, but you can change it to any port you want.

OpenVpnEnable yes /PORTS:1194

You can download the configuration file for OpenVPN users by using the command below to create a sample OpenVPN configuration file and save it to openvpn-config.zip:

OpenVpnMakeConfig ~/openvpn-config.zip

0 0 0
Share on

Alibaba Clouder

1,937 posts | 433 followers

You may also like

Comments