SoftetherVPN is a free software developed by the University of Tsukuba in Japan. It supports multiple protocols of ssl, l2tp, SSTP, and openvpn. It has excellent firewall penetration performance and is known as the Swiss Army knife of VPNs. It supports Windows, Mac, smart phones (iPhone, Android), tablets (iPad, Windows RT) and Cisco or other VPN routers. OpenVPN and MS-SSTP VPN clients are also accepted.
This article introduces the installation and setup of SoftetherVPN server on Debian 10.1 and Ubuntu 18.04 systems. First use Bitvise SSH Client to log in the remote host and open the terminal.
apt-get update && apt-get upgradeThe above command is to check the update and update the software, and it will prompt "Do you want to continue? [Y/n]" during the process, then enter y and press Enter.
The update completed. Next, install the packages that softether will use:
apt-get install build-essential libreadline-dev libssl-dev libncurses-dev zlib1g-devIt will prompt "Do you want to continue? [Y/n] during the process, then enter y and press Enter:
Download the SoftetherVPN server source code:
git clone https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.git
Prompt:
-bash: git: command not found
Need to install git:
apt-get install git
Download the SoftetherVPN server source code again
git clone https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.git
Let's configure before compilation:
cd SoftEtherVPN_Stable ///Press Enter key
./configure
And now run “make” to compile SoftEther into an executable file:
make
To install the vpnserver:
make install
Start the VPN server:
vpnserver start
It has been successfully started.The next step is to use the built-in vpncmd tool to configure your server:
vpncmdPress 1 to select “Management of VPN Server or VPN Bridge”
Then press Enter without typing anything, and again press Enter without inputting anything to connect to server by server admin mode.
As shown above, it has entered the VPN server admin mode. Then use command below to set the admin password:
ServerPasswordSetYou will be prompted to enter the password twice, the output should be:
The command completed successfully.
Delete the default Hub:
HubDelete DEFAULT
Create a new Hub, name: MyVPN (here is an example, the name is set by yourself):
HubCreate MyVPNYou will be prompted to enter the password twice. It is recommended to set a blank password (setting a real password will affect the establishment of SSTP VPN) and press Enter directly. The output should be:
The command completed successfully.
Now select the Virtual Hub you created using this command:
Hub MyVPN
SecureNAT is a combination of Virtual NAT and DHCP Server function. You can enable SecureNAT using the command below:
SecureNATEnable
By using command UserCreate we create a user named “libai”:
UserCreate libai /// Enter three times wothout inputting anything
Set a password for user libai with this command:
UserPasswordSet libai ///Enter the password for this user and confirm it.
To enable L2TP/IPsec VPN server you can use the command below:
IPSecEnableOptions: yes, yes, yes ,vpn, MyVPN
In the above figure, the option "Enable Raw L2TP Server Function (yes / no)" refers to the support of the L2TP server function without IPsec encryption. If the encryption level is required, you can select no (input n); this option is "Pre Shared Key for IPsec (Recommended: 9 letters at maximum)" is for you to set a pre-shared key, the example in the figure is "vpn", you can set it yourself (up to 9 letters are allowed); this option is "Default Virtual HUB in a case of omitting the HUB on the Username" refers to the default HUB when the user connects to the server, here is the "MyVPN" established above, so that you don't need to select the HUB name when connecting.
Create OpenVPN/SSTP server:
Generate and deploy certificates:
ServerCertRegenerate IP ///IP (or domain name) of the remote server
ServerCertGet ~/cert.cer ///Extract the certificate to the root directory, SSTP VPN will use itEnable OpenVpn function:
OpenVpnEnable yes /PORTS:1194 ///You can set the other ports instead of 1194
OpenVpnMakeConfig ~/my_openvpn_config.zip ///Extract the OpenVpn configuration file
Enable SSTP function with this command:
SstpEnable yes
So far, SoftEtherVPN has been configured. Press Ctrl+C to exit the admin mode.
The addition:
1. To set up a firewall, you need to open several required ports:
nano /etc/iptables/rules.v4
As shown above, paste the following lines of settings:
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPTCtrl+X to save changes and exit.
Execute the following command to load the rules:
/etc/init.d/netfilter-persistent reload
2. Set vpnserver to start automatically after booting. We use rc-local service to achieve this.
systemctl status rc-local
It prompts "active: inactive (dead)", although this service is available, it needs to be activated.
nano /etc/rc.localPut the following code in:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
exit 0
Ctrl+X to save changes and exit.
Add execute permission to /etc/rc.local file.
chmod +x /etc/rc.local
Start the service:
systemctl start rc-localrc-local service status:
systemctl status rc-local
It has been activated. Enable the service on system boot:
systemctl enable rc-local
It is not successful. First we need to create a file:
nano /etc/systemd/system/rc-local.serviceThen add the following content to it:
[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
Ctrl+X to save changes and exit.
systemctl enable rc-local 
Done.
nano /etc/rc.localAdd /usr/bin/vpnserver start above exit 0:
/usr/bin/vpnserver start
The above picture shows the question "Save modified buffer" appears after pressing Ctrl+X, press "y" to save and exit. All previously edited with nano are saved like this.
Restart the Debian (or Ubuntu) system and it can be found that the VPN server can start automatically. Generally speaking, VPS rarely happens to restart the system, so the step of vpnserver self-startup can be done or not.
For the client connection to remote VPN, please read the follow-up webpages.
1、Softether Client Installation and Application