SoftetherVPN Server

SoftetherVPN is a free software developed by the University of Tsukuba in Japan. It supports multiple protocols of ssl, l2tp, SSTP, and openvpn. It has excellent firewall penetration performance and is known as the Swiss Army knife of VPNs. It supports Windows, Mac, smart phones (iPhone, Android), tablets (iPad, Windows RT) and Cisco or other VPN routers. OpenVPN and MS-SSTP VPN clients are also accepted.

This article introduces the installation and setup of SoftetherVPN server on Debian 10.1 and Ubuntu 18.04 systems. First use Bitvise SSH Client to log in the remote host and open the terminal.

apt-get update && apt-get upgrade

The above command is to check the update and update the software, and it will prompt "Do you want to continue? [Y/n]" during the process, then enter y and press Enter.

The update completed. Next, install the packages that softether will use:

apt-get install build-essential libreadline-dev libssl-dev libncurses-dev zlib1g-dev

It will prompt "Do you want to continue? [Y/n] during the process, then enter y and press Enter:

Download the SoftetherVPN server source code:

git clone https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.git

Prompt:
-bash: git: command not found
Need to install git:

apt-get install git

Download the SoftetherVPN server source code again

git clone https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.git

Let's configure before compilation:

cd SoftEtherVPN_Stable      ///Press Enter key
./configure

And now run “make” to compile SoftEther into an executable file:

make

To install the vpnserver:

make install

Start the VPN server:

vpnserver start

It has been successfully started.The next step is to use the built-in vpncmd tool to configure your server:

vpncmd

Press 1 to select “Management of VPN Server or VPN Bridge”
Then press Enter without typing anything, and again press Enter without inputting anything to connect to server by server admin mode.

As shown above, it has entered the VPN server admin mode. Then use command below to set the admin password:

ServerPasswordSet

You will be prompted to enter the password twice, the output should be:
The command completed successfully.

Delete the default Hub:

HubDelete DEFAULT

Create a new Hub, name: MyVPN (here is an example, the name is set by yourself):

HubCreate MyVPN

You will be prompted to enter the password twice. It is recommended to set a blank password (setting a real password will affect the establishment of SSTP VPN) and press Enter directly. The output should be:
The command completed successfully.

Now select the Virtual Hub you created using this command:

Hub MyVPN

SecureNAT is a combination of Virtual NAT and DHCP Server function. You can enable SecureNAT using the command below:

SecureNATEnable

By using command UserCreate we create a user named “libai”:

UserCreate libai    /// Enter three times wothout inputting anything

Set a password for user libai with this command:

UserPasswordSet libai    ///Enter the password for this user and confirm it.

To enable L2TP/IPsec VPN server you can use the command below:

IPSecEnable

Options: yes, yes, yes ,vpn, MyVPN

In the above figure, the option "Enable Raw L2TP Server Function (yes / no)" refers to the support of the L2TP server function without IPsec encryption. If the encryption level is required, you can select no (input n); this option is "Pre Shared Key for IPsec (Recommended: 9 letters at maximum)" is for you to set a pre-shared key, the example in the figure is "vpn", you can set it yourself (up to 9 letters are allowed); this option is "Default Virtual HUB in a case of omitting the HUB on the Username" refers to the default HUB when the user connects to the server, here is the "MyVPN" established above, so that you don't need to select the HUB name when connecting.

Create OpenVPN/SSTP server:
Generate and deploy certificates:

ServerCertRegenerate IP        ///IP (or domain name) of the remote server
ServerCertGet ~/cert.cer       ///Extract the certificate to the root directory, SSTP VPN will use it

Enable OpenVpn function:

OpenVpnEnable yes /PORTS:1194      ///You can set the other ports instead of 1194
OpenVpnMakeConfig ~/my_openvpn_config.zip   ///Extract the OpenVpn configuration file

Enable SSTP function with this command:

SstpEnable yes

So far, SoftEtherVPN has been configured. Press Ctrl+C to exit the admin mode.

The addition
1. To set up a firewall, you need to open several required ports:

nano /etc/iptables/rules.v4

As shown above, paste the following lines of settings:

-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT

Ctrl+X to save changes and exit.

Execute the following command to load the rules:

/etc/init.d/netfilter-persistent reload

2. Set vpnserver to start automatically after booting. We use rc-local service to achieve this.

systemctl status rc-local

It prompts "active: inactive (dead)", although this service is available, it needs to be activated.

nano /etc/rc.local

Put the following code in:

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
 
exit 0

Ctrl+X to save changes and exit.

Add execute permission to /etc/rc.local file.

chmod +x /etc/rc.local

Start the service:

systemctl start rc-local

rc-local service status:

systemctl status rc-local

It has been activated. Enable the service on system boot:

systemctl enable rc-local

It is not successful. First we need to create a file:

nano /etc/systemd/system/rc-local.service

Then add the following content to it:

[Unit]
 Description=/etc/rc.local Compatibility
 ConditionPathExists=/etc/rc.local

[Service]
 Type=forking
 ExecStart=/etc/rc.local start
 TimeoutSec=0
 StandardOutput=tty
 RemainAfterExit=yes
 SysVStartPriority=99

[Install]
 WantedBy=multi-user.target

Ctrl+X to save changes and exit.

systemctl enable rc-local 

Done.

nano /etc/rc.local

Add /usr/bin/vpnserver start above exit 0:

/usr/bin/vpnserver start

The above picture shows the question "Save modified buffer" appears after pressing Ctrl+X, press "y" to save and exit. All previously edited with nano are saved like this.

Restart the Debian (or Ubuntu) system and it can be found that the VPN server can start automatically. Generally speaking, VPS rarely happens to restart the system, so the step of vpnserver self-startup can be done or not.

For the client connection to remote VPN, please read the follow-up webpages.

1、Softether Client Installation and Application

2、OpenVPN Client Installation and Application

3、L2TP/IPsec VPN Client

4、MS-SSTP-VPN