Introduction:
This comprehensive guide provides step-by-step instructions on installing and configuring a powerful multi-protocol VPN server using SoftEther on Linux. By following this guide, you will learn how to set up OpenVPN, L2TP over IPSec, and SSTP VPN servers on CentOS and Ubuntu.
What is SoftEther:
SoftEther VPN is a feature-rich and user-friendly multi-protocol VPN software developed by the University of Tsukuba, Japan. It is free, open-source, and compatible with Windows, Linux, Mac, FreeBSD, and Solaris. You can use SoftEther for personal or commercial purposes without any charge.
Step 1: Update Server Software:
Ensure your server software is up to date by running the following commands:
Debian / Ubuntu:
apt-get update && apt-get upgrade -y
CentOS / Fedora:
yum upgrade -y
Step 2: Download SoftEther:
Download the latest SoftEther server package for Linux from the official website. Visit their site on your computer, select the appropriate Component, Platform, and CPU, and click on the download link. For example:
wget https://www.softether-download.com/files/softether/v4.41-9787-rtm-2023.03.14-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.41-9787-rtm-2023.03.14-linux-x64-64bit.tar.gz
Step 3: Install and Configure SoftEther:
Extract the downloaded package and compile SoftEther. Make sure you have the necessary tools and packages installed. Move the vpnserver directory, set file permissions, and configure SoftEther to start as a service on startup. Here is an example:
# Extract the package
tar xzvf softether-vpnserver-v4.41-9787-rtm-2023.03.14-linux-x64-64bit.tar.gz
# Move the vpnserver directory
mv vpnserver /usr/local
cd /usr/local/vpnserver/
# Set file permissions
chmod 600 *
chmod 700 vpnserver
chmod 700 vpncmd
# Create the startup script
vi /etc/init.d/vpnserver
# Paste the script content (see below)
# Save and close the file
# Make the directory for startup script
mkdir -p /var/lock/subsys
# Start SoftEther VPN server
chmod 755 /etc/init.d/vpnserver && /etc/init.d/vpnserver start
Startup script content for /etc/init.d/vpnserver:
#!/bin/sh
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
Step 4: Generate a Let’s Encrypt Certificate:
Install certbot and generate a Let’s Encrypt SSL certificate for your VPN server. Configure automatic renewal to keep the certificate up to date. Example commands:
yum install epel-release -y
yum install certbot -y
certbot certonly --standalone -d your_domain.com
certbot renew --quiet
Change Admin Password:
Set an administrator password for SoftEther using
vpncmd. This password is essential for server-wide configuration changes. Example command:
./vpncmd
# Select option 1 for "Management of VPN Server or VPN Bridge"
# Connect to the localhost server
# Set the admin password using the "ServerPasswordSet" command
# Exit vpncmd
Create a Virtual Hub:
Create a Virtual Hub in SoftEther to manage VPN connections. Assign an administrator password for the hub. Example commands:
./vpncmd
# Select option 1 for "Management of VPN Server or VPN Bridge"
# Connect to the localhost server
# Create a new Virtual Hub using the "HubCreate" command
# Set an administrator password for the hub
# Select the Virtual Hub using the "Hub" command
# Exit vpncmd
Enable SecureNAT:
Enable SecureNAT to connect your hubs to the server network. SecureNAT combines Virtual NAT and DHCP Server functions for easy configuration. Example command:
./vpncmd
# Select option 1 for "Management of VPN Server or VPN Bridge"
# Connect to the localhost server
# Select the Virtual Hub using the "Hub" command
# Enable SecureNAT using the "SecureNatEnable" command
# Exit vpncmd
Create and Manage Users:
Create users for your Virtual Hub with different authentication modes. Use commands like UserCreate, UserPasswordSet, and more to manage users and their authentication methods. Example commands:
./vpncmd
# Select option 1 for "Management of VPN Server or VPN Bridge"
# Connect to the localhost server
# Select the Virtual Hub using the "Hub" command
# Create a new user using the "UserCreate" command
# Set the user's password using the "UserPasswordSet" command
# Exit vpncmd
Setup L2TP/IPSec:
Enable L2TP/IPSec VPN server functionality using the IPsecEnable command. Configure L2TP server options, including pre-shared key encryption and default Virtual Hub. Example command:
./vpncmd
# Select option 1 for "Management of VPN Server or VPN Bridge"
# Connect to the localhost server
# Select the Virtual Hub using the "Hub" command
# Enable L2TP/IPSec using the "IPsecEnable" command
# Configure L2TP server options
# Exit vpncmd
Setup SSTP/OpenVPN:
Import the SSL certificate and key for your server. Enable SSTP and OpenVPN server functions using the SstpEnable and OpenVpnEnable commands. Customize port settings if desired. Example commands:
./vpncmd
# Select option 1 for "Management of VPN Server or VPN Bridge"
# Connect to the localhost server
# Select the Virtual Hub using the "Hub" command
# Import the SSL certificate and key using the "ServerCertSet" command
# Enable SSTP using the "SstpEnable" command
# Enable OpenVPN using the "OpenVpnEnable" command
# Exit vpncmd
Set up IP Forwarding:
Enable IP forwarding in the sysctl kernel to ensure proper routing. Modify the /etc/sysctl.conf file and apply the changes using sysctl -p. Example commands:
sysctl net.ipv4.ip_forward
# If the output is net.ipv4.ip_forward = 0, proceed with the following steps
vi /etc/sysctl.conf
# Add the following line: net.ipv4.ip_forward = 1
# Save and close the file
sysctl -p
See Also:
For more detailed instructions and advanced configurations, refer to the [SoftEther VPN Manual](
7.3 Install on Linux and Initial Configurations - SoftEther VPN Project).
By following these step-by-step instructions, you can successfully set up a multi-protocol VPN server using SoftEther on Linux. Take advantage of the powerful features and ease of use provided by SoftEther VPN for secure and efficient remote access.