In the previous post was compared 5 different Free Open Source VPN servers, and easily was defined top 3 solutions. They include OpenVPN; SoftEther VPN; Libreswan. By the functions, SoftEther was much interesting from them. This solution supports OpenVPN protocol, IPsec, L2TPv3. I must note, that OpenVPN is much easier in the installation process on Ubuntu 16.04. But I decided to install SoftEther VPN and got more functions instead of installing speed.
Types of possible installations
I googling and found 3 types of installation SoftEther VPN Server on Ubuntu 16.04:
- The official, from the source file (stable version) by the official manual
- From repository, Launchpad PPA maintained by Dmitry Verkhoturov. However, this approach had some issues.
- From the source file by Kawin’s Viriyaprasopsook bash-script
I preferred the first approach but Kawin’s bash-script also useful, especially for automatization. In reason save information in one place, I added the manual installation steps below.
Preparing
Upgrade the system
# apt-get update && apt-get -y upgrade
Install (if it’s not installed yet) build-essential for compilation purpose
# apt-get -y install build-essential
And other required packages
# apt-get -y install wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev zlib1g-dev
Installing SoftEther VPN
Download the last stable version (marked rtm) or stable-beta, and save it in /tmp
# wget "https://www.softether-download.com/files/softether/v4.25-9656-rtm-2018.01.15-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.25-9656-rtm-2018.01.15-linux-x64-64bit.tar.gz" -O /tmp/softether-vpnserver.tar.gz
Uncompress the sources
# tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/
Remove unused file
# rm /tmp/softether-vpnserver.tar.gz
Install from the sources
# cd /usr/local/vpnserver/
# make
During the installation process, we will have to type 1 to read the Licence Agreement, type 1 again to confirm that we have read the License Agreement and finally type 1 to agree with the License Agreement.
Kawin uses key i_read_and_agree_the_license_agreement, that does not require confirmation
# make i_read_and_agree_the_license_agreement
Change file permission
# chmod 0600 * # chmod 0700 vpnserver # chmod 0700 vpncmd
Server checking
Before going further, let’s check that the VPN server can operate normally
To do that run the vpncmd command and use the check VPN tool.
Service configuration
Link binary files
# ln -s /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver # ln -s /usr/local/vpnserver/vpncmd /usr/local/bin/vpncmd
Create the file /lib/systemd/system/vpnserver.service
# vim /lib/systemd/system/vpnserver.service
and add following
[Unit] Description=SoftEther VPN Server After=network.target ConditionPathExists=!/usr/local/vpnserver/do_not_run [Service] Type=forking ExecStart=/usr/local/vpnserver/vpnserver start ExecStop=/usr/local/vpnserver/vpnserver stop KillMode=process Restart=on-failure WorkingDirectory=/usr/local/vpnserver # Hardening PrivateTmp=yes ProtectHome=yes ProtectSystem=full ReadOnlyDirectories=/ ReadWriteDirectories=-/usr/local/vpnserver CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID [Install] WantedBy=multi-user.target
Now the VPN server starts automatically on boot, and we are able to manage the vpnserver using systemctl
# systemctl start vpnserver # systemctl status vpnserver # systemctl stop vpnserver
Reload, enable and start the service
# systemctl daemon-reload # systemctl enable vpnserver # systemctl restart vpnserver
Set an admin password for VPNCMD
# cd /usr/local/vpnserver # ./vpncmd
At the VPN command prompt, we type ServerPasswordSet
ServerPasswordSet yourPassword
SoftEther configuration
You can use SoftEther VPN Server Manager is an administration utility for Windows.
There is SoftEther VPN Server Manager for Mac OS X (Ver 4.21, Build 9613, beta)
SoftEther offers many use cases: Ad-hoc VPN, Remote access to LAN, LAN to LAN bridge, etc. In this article, we are configuring it for “Remote access to LAN” use. You can find detailed information in the manual: 1.4 VPN Processing Principle and Communication Method
You also can find different examples of Building VPN Networks