SoftEther VPN (Virtual Private Network) is open-source software developed by the SoftEther VPN Project. It is a versatile solution that supports various VPN protocols and features. SoftEther VPN can be installed on various operating systems, including Windows, Linux, macOS, FreeBSD, and Solaris.
SoftEther VPN on a VPS provides a versatile and secure VPN solution that enables users to protect their privacy, bypass restrictions, and securely access remote resources over the internet. Whether for personal or business use, SoftEther VPN offers a powerful tool for ensuring secure and private communication online.
This tutorial will show you how to install SoftEther VPN on Ubuntu 22.04.
Step 1 – Install SoftEther VPN
First, install the required packages using the following command:
apt-get install build-essential gnupg2 gcc make -y
Next, download the SoftEther VPN Server package from the official website. You can use wget to download the package directly from the command line:
wget http://www.softether-download.com/files/softether/v4.38-9760-rtm-2021.08.17-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz
Once the download is complete, extract the contents of the package using the following command:
tar -xvzf softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz
Change into the extracted directory:
cd vpnserver
Run the make command to build the SoftEther VPN Server:
make
Once the build process is complete, move the vpnserver directory to /usr/local/:
cd .. mv vpnserver /usr/local/
Set the correct permissions for the vpnserver directory:
cd /usr/local/vpnserver/ chmod 600 * chmod 700 vpnserver chmod 700 vpncmd
Step 2 – Create a Systemd File for SoftEther
Next, you will need to create a service file to start and stop SoftEther VPN.
You can create an init service file using the following command:
nano /etc/init.d/vpnserver
Add the following lines:
#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
Next, create a subsys directory and set execution permission to the service file.
mkdir /var/lock/subsys chmod 755 /etc/init.d/vpnserver
Finally, start SoftEther VPN using the following command:
/etc/init.d/vpnserver start
You will see the following output.
Let's get started by accessing to the following URL from your PC: https://69.28.85.145:5555/ or https://69.28.85.145/ Note: IP address may vary. Specify your server's IP address. A TLS certificate warning will appear because the server uses self signed certificate by default. That is natural. Continue with ignoring the TLS warning.
Next, add the SoftEther VPN service to start at the system reboot.
update-rc.d vpnserver defaults
Step 3 – Configure SoftEther VPN Server
Next, you will need to configure the SoftEther VPN Server using the vpncmd command line tool.
Change to the directory where the SoftEther VPN Server is installed. By default, it is located in /usr/local/vpnserver/:
cd /usr/local/vpnserver
Run the vpncmd utility to access the SoftEther VPN Server console:
./vpncmd
You will be asked to choose from the following options:
vpncmd command - SoftEther VPN Command Line Management Utility SoftEther VPN Command Line Management Utility (vpncmd command) Version 4.38 Build 9760 (English) Compiled 2021/08/17 22:32:49 by buildsan at crosswin Copyright (c) SoftEther VPN Project. All Rights Reserved. By using vpncmd program, the following can be achieved. 1. Management of VPN Server or VPN Bridge 2. Management of VPN Client 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool) Select 1, 2 or 3: 1
Type 1 and press the Enter key. You will be asked to specify the hostname or IP address of the VPN server.
Specify the host name or IP address of the computer that the destination VPN Server or VPN Bridge is operating on. By specifying according to the format 'host name:port number', you can also specify the port number. (When the port number is unspecified, 443 is used.) If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer). Hostname of IP Address of Destination: Just press the Enter key to connect to the VPN console. If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name. If connecting by server admin mode, please press Enter without inputting anything. Specify Virtual Hub Name: Connection has been established with VPN Server "localhost" (port 443). You have administrator privileges for the entire VPN Server. VPN Server>
Next, set a password for the VPN.
ServerPasswordSet
Define your password as shown below:
Password: ****** Confirm input: ****** The command completed successfully.
Next, create a hub and set a password:
HubCreate myhub
Set your hub password as shown below.
HubCreate command - Create New Virtual Hub Please enter the password. To cancel press the Ctrl+D key. Password: ****** Confirm input: ****** The command completed successfully.
Next, change to your hub.
Hub myhub
Next, allow the hub to work as a virtual LAN.
SecureNatEnable
Output:
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function) The command completed successfully.
Next, create a VPN user.
UserCreate user1
Define your username, description, and full username:
Assigned Group Name: User Full Name: User User Description: IT The command completed successfully.
Set a password for the VPN user.
UserPasswordSet user1
Set a password for your user as shown below:
Please enter the password. To cancel press the Ctrl+D key. Password: ****** Confirm input: ****** The command completed successfully.
Enable the IPsec to get Multi-Protocol working.
IPsecEnable
Answer the following questions:
IPsecEnable command - Enable or Disable IPsec VPN Server Function Enable L2TP over IPsec Server Function (yes / no): yes Enable Raw L2TP Server Function (yes / no): yes Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): yes Pre Shared Key for IPsec (Recommended: 9 letters at maximum): vpnserver Default Virtual HUB in a case of omitting the HUB on the Username: myhub The command completed successfully.
Finally, exit from the VPN configuration wizard using the following command:
exit
Step 4 – Install SoftEther VPN Client
Now, you will need to install the SoftEther VPN client on the Client machine.
First, install all required dependencies.
apt-get install build-essential gnupg2 gcc make -y
Next, download the latest SoftEther VPN client package.
wget http://www.softether-download.com/files/softether/v4.38-9760-rtm-2021.08.17-tree/Linux/SoftEther_VPN_Client/64bit_-_Intel_x64_or_AMD64/softether-vpnclient-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz
Once the download is completed, extract the downloaded file.
tar -xvzf softether-vpnclient-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz
Navigate to the extracted directory and install it using the following command:
cd vpnclient make
Next, create a directory for the VPN client script.
mkdir /root/vpnscript
Navigate to the created directory and download all required scripts.
cd /root/vpnscript wget https://raw.githubusercontent.com/mfaizanse/intellexlab-files/main/softether-vpn-client/remove-client.sh wget https://raw.githubusercontent.com/mfaizanse/intellexlab-files/main/softether-vpn-client/setup-client.sh wget https://raw.githubusercontent.com/mfaizanse/intellexlab-files/main/softether-vpn-client/vpn-connect.sh wget https://raw.githubusercontent.com/mfaizanse/intellexlab-files/main/softether-vpn-client/vpn-disconnect.sh wget https://raw.githubusercontent.com/mfaizanse/intellexlab-files/main/softether-vpn-client/vpn_config
Set proper permissions on all scripts.
chmod 755 *
Edit the VPN client configuration file.
nano vpn_config
Define your VPN server IP, user, and gateway as shown below:
CLIENT_DIR="/root/vpnclient" NIC_NAME="nic1" ACCOUNT_NAME="user1" VPN_HOST_IPv4="vpn-server-ip" LOCAL_GATEWAY="gateway-ip-of-client-machine"
Save and close the file, then set up the VPN client using the following command:
./setup-client.sh
You will be asked to provide your VPN server details.
vpncmd command - SoftEther VPN Command Line Management Utility SoftEther VPN Command Line Management Utility (vpncmd command) Version 4.38 Build 9760 (English) Compiled 2021/08/17 22:32:49 by buildsan at crosswin Copyright (c) SoftEther VPN Project. All Rights Reserved. Connected to VPN Client "localhost". VPN Client>AccountCreate user1 AccountCreate command - Create New VPN Connection Setting Destination VPN Server Host Name and Port Number: 69.28.85.145:443 Destination Virtual Hub Name: myhub Connecting User Name: user1 Used Virtual Network Adapter Name: nic1 The command completed successfully. vpncmd command - SoftEther VPN Command Line Management Utility SoftEther VPN Command Line Management Utility (vpncmd command) Version 4.38 Build 9760 (English) Compiled 2021/08/17 22:32:49 by buildsan at crosswin Copyright (c) SoftEther VPN Project. All Rights Reserved. Connected to VPN Client "localhost". VPN Client>AccountPassword user1 AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication Please enter the password. To cancel press the Ctrl+D key. Password: ****** Confirm input: ****** Specify standard or radius: radius The command completed successfully.
Finally, connect to your VPN server using the following command:
./vpn-connect.sh
Once you are connected to the VPN server, you will get the following output:
vpncmd command - SoftEther VPN Command Line Management Utility SoftEther VPN Command Line Management Utility (vpncmd command) Version 4.38 Build 9760 (English) Compiled 2021/08/17 22:32:49 by buildsan at crosswin Copyright (c) SoftEther VPN Project. All Rights Reserved. Connected to VPN Client "localhost". VPN Client>AccountList AccountList command - Get List of VPN Connection Settings Item |Value ----------------------------+------------------------------------------- VPN Connection Setting Name |user1 Status |Connected VPN Server Hostname |69.28.85.145:443 (Direct TCP/IP Connection) Virtual Hub |myhub Virtual Network Adapter Name|nic1 The command completed successfully.
After the successful connection, a new VPN interface named vpn_nic1 has been created. You can check it using the following command:
ip a
Output:
98: vpn_nic1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether 5e:2a:27:ba:9a:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.30.10/24 brd 192.168.30.255 scope global dynamic vpn_nic1
valid_lft 7121sec preferred_lft 7121sec
inet6 fe80::5c2a:27ff:feba:9a9a/64 scope link
valid_lft forever preferred_lft forever
Conclusion
By following the installation and configuration steps outlined in this guide, users can set up their own SoftEther VPN Server instance on Ubuntu 22.04 and customize it according to their specific requirements. Whether you’re a small business looking to establish a secure remote access solution or an individual user wanting to protect your online privacy, SoftEther VPN provides the tools and capabilities needed to achieve these goals. Try to deploy the SoftEther VPN server on dedicated server hosting from Atlantic.Net!