How to Install SoftEther VPN Server on Ubuntu 20.04
SoftEther VPN is a free, open source and one of the most powerful multi-protocol VPN software. It can be installed on all major operating systems including, Windows, Linux, Mac, FreeBSD and Solaris. It is simple, easy to use and developed by the University of Tsukuba in Japan. It is an alternative to OpenVPN and Microsoft’s VPN servers and can integrate from OpenVPN to SoftEther VPN smoothly.
SoftEther VPN Features
- Free and Open source
- Supports Windows, Linux, Mac, Android, iPhone, iPad and Windows Mobile
- Embedded dynamic-DNS and NAT-traversal
- SSL-VPN Tunneling on HTTPS to pass through NATs and firewalls
- Supports SSL-VPN, OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3 and EtherIP
- RSA certificate authentication function
- RADIUS / NT Domain user authentication function
In this post, we will show you how to install SoftEther VPN server on Ubuntu 20.04.
Why You Should Deploy SoftEther VPN Server on Windows in the Cloud
Try deploying our Cloud SoftEther VPN Server solution into Azure, AWS or GCP and test it out for yourself.
SoftEther VPN on Azure
SoftEther VPN on AWS
SoftEther VPN on Google
SoftEther VPN Prerequisites
- Two servers running Ubuntu 20.04 server, one for VPN server and one for VPN client.
- A root password is configured on both servers.
Install Required Dependency
First, it is a good idea to update your system’s package cache to the latest version. Run the following command to update all package cache.
apt-get update -y
Once your system is updated, install other required dependencies using the following command:
apt-get install build-essential gnupg2 gcc make -y
Once all the dependencies are installed, you can proceed to the next step.
Install SoftEther VPN on Ubuntu 20.04
First, go to the SoftEther VPN download page and download the latest version using the following command:
wget http://www.softether-download.com/files/softether/v4.38-9760-rtm-2021.08.17-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz
Sample output:
HTTP request sent, awaiting response... 200 OK
Length: 7529219 (7.2M) [application/x-gzip]
Saving to: ‘softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz’
softether-vpnserver-v4.38-9760-rtm- 100%[==================================================================>] 7.18M 1.01MB/s in 10s
2021-10-15 08:36:37 (704 KB/s) - ‘softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz’ saved [7529219/7529219]
Once the download is completed, extract the downloaded file using the following command:
tar -xvzf softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz
Next, navigate to the extracted directory and install the SoftEther VPN using the following command:
cd vpnserver
make
Once the installation has been finished, you will get the following output:
*** PacketiX VPN Server HTML5 Web Administration Console (NEW) ***
This VPN Server / Bridge has the built-in HTML5 Web Administration Console.
After you start the server daemon, you can open the HTML5 Web Administration Console is available at
https://127.0.0.1:5555/
or
https://ip_address_of_the_vpn_server:5555/
This HTML5 page is obviously under construction, and your HTML5 development contribution is very appreciated.
--------------------------------------------------------------------
make[1]: Leaving directory '/root/vpnserver'
Next, go back to your home directory and move the extracted directory to /ust/local directory:
cd ..
mv vpnserver /usr/local/
Next, set proper permission to vpnserver directory:
cd /usr/local/vpnserver/
chmod 600 *
chmod 700 vpnserver
chmod 700 vpncmd
Once you are finished, you can proceed to the next step.
Create a Systemd Service File for SoftEther VPN
Next, you will need to create a systemd service file to manage the SoftEther VPN service. You can create it using the following command:
nano /etc/init.d/vpnserver
Add the following lines:
#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
Save and close the file then create required directory and set proper permission to the systemd service file using the command below:
mkdir /var/lock/subsys
chmod 755 /etc/init.d/vpnserver
Next, start the SoftEther VPN with the following command:
/etc/init.d/vpnserver start
You will get the following output:
The SoftEther VPN Server service has been started.
Let's get started by accessing to the following URL from your PC:
https://69.28.88.203:5555/
or
https://69.28.88.203/
Note: IP address may vary. Specify your server's IP address.
Next, enable the SoftEther VPN service to start at system reboot:
update-rc.d vpnserver defaults
Configure SoftEther VPN Server
Next, change the directory to /usr/local/vpnserver and configure the SoftEther VPN using the following command:
cd /usr/local/vpnserver
./vpncmd
You will be asked to select VPN component:
By using vpncmd program, the following can be achieved.
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 1
Type 1 and press Enter twice. You will get the following output:
Specify the host name or IP address of the computer that the destination VPN Server or VPN Bridge is operating on.
By specifying according to the format 'host name:port number', you can also specify the port number.
(When the port number is unspecified, 443 is used.)
If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer).
Hostname of IP Address of Destination:
If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name.
If connecting by server admin mode, please press Enter without inputting anything.
Specify Virtual Hub Name:
Connection has been established with VPN Server "localhost" (port 443).
You have administrator privileges for the entire VPN Server.
Next, run the following command to set a password:
ServerPasswordSet
You should see the following output:
ServerPasswordSet command - Set VPN Server Administrator Password
Please enter the password. To cancel press the Ctrl+D key.
Password: **********
Confirm input: **********
The command completed successfully.
Next, run the following command to create a hub and set a password:
HubCreate myhub
You will get the following output:
HubCreate command - Create New Virtual Hub
Please enter the password. To cancel press the Ctrl+D key.
Password: **********
Confirm input: **********
The command completed successfully.
Next, enter to the hub using the following command:
Hub myhub
Sample output:
Hub command - Select Virtual Hub to Manage
The Virtual Hub "myhub" has been selected.
The command completed successfully.
VPN Server/myhub>
Next, allow the hub to work as a virtual LAN, run the following command:
SecureNatEnable
Sample output:
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.
Next, create a VPN user with the following command:
UserCreate vpnuser
Sample output:
UserCreate command - Create User
Assigned Group Name:
User Full Name: VPN User
User Description: IT
The command completed successfully.
Next, set a password for VPN user using the command below:
UserPasswordSet vpnuser
Sample output:
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
Please enter the password. To cancel press the Ctrl+D key.
Password: **********
Confirm input: **********
The command completed successfully.
Next, enable the IPsec to get Multi-Protocol working using the following command:
IPsecEnable
Answer all the questions as shown below:
IPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes
Enable Raw L2TP Server Function (yes / no): yes
Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): yes
Pre Shared Key for IPsec (Recommended: 9 letters at maximum): vpnserver
Default Virtual HUB in a case of omitting the HUB on the Username: myhub
The command completed successfully.
Finally, exit from the VPN configuration wizard using the following command:
exit
Configure UFW Firewall
If the UFW firewall is installed and configured in your system then you will need to allow ports 443, 5555, 992 and 1194 through the firewall. You can allow them with the following command:
ufw allow 443/tcp
ufw allow 5555/tcp
ufw allow 992/tcp
ufw allow 1194/udp
Once all the required rules are added, reload the UFW firewall using the following command:
ufw reload
Install SoftEther VPN Client
At this point, the SoftEther VPN server is installed and running. Now, you will need to install the SoftEther VPN client on the Client machine.
First, install the required dependencies using the following command:
apt-get install build-essential gnupg2 gcc make -y
Next, download the latest version of the SoftEther VPN client using the following command:
wget http://www.softether-download.com/files/softether/v4.38-9760-rtm-2021.08.17-tree/Linux/SoftEther_VPN_Client/64bit_-_Intel_x64_or_AMD64/softether-vpnclient-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz
Once the download is completed, extract the downloaded file with the following command:
tar -xvzf softether-vpnclient-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz
This will extracts all contents in to the vpnclient directory. Next, create a directory to store VPN client script.
mkdir /root/vpnscript
Next, go visit the VPN script download page and download all scripts using the following command.
cd /root/vpnscript
wget https://raw.githubusercontent.com/mfaizanse/intellexlab-files/main/softether-vpn-client/remove-client.sh
wget https://raw.githubusercontent.com/mfaizanse/intellexlab-files/main/softether-vpn-client/setup-client.sh
wget https://raw.githubusercontent.com/mfaizanse/intellexlab-files/main/softether-vpn-client/vpn-connect.sh
wget https://raw.githubusercontent.com/mfaizanse/intellexlab-files/main/softether-vpn-client/vpn-disconnect.sh
wget https://raw.githubusercontent.com/mfaizanse/intellexlab-files/main/softether-vpn-client/vpn_config
Once all the scripts are downloaded, set proper permission to the downloaded script:
chmod 755 *
Next, edit the vpn_config file and define your VPN client directory, VPN server IP, VPN username, and local gateway IP.
nano vpn_config
Add the following lines as per your configuration:
CLIENT_DIR="/root/vpnclient"
NIC_NAME="nic1"
ACCOUNT_NAME="vpnuser"
VPN_HOST_IPv4="vpn-server-ip"
LOCAL_GATEWAY="gateway-ip-of-client-machine"
Save and close the file then setup the VPN client using the following command:
./setup-client.sh
You will be asked to provide your VPN server IP, port, Hub name, VPN username, Virtual adapter name and password as shown below:
Connected to VPN Client "localhost".
VPN Client>AccountCreate vpnuser
AccountCreate command - Create New VPN Connection Setting
Destination VPN Server Host Name and Port Number: 69.28.88.203:443
Destination Virtual Hub Name: myhub
Connecting User Name: vpnuser
Used Virtual Network Adapter Name: nic1
The command completed successfully.
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.38 Build 9760 (English)
Compiled 2021/08/17 22:32:49 by buildsan at crosswin
Copyright (c) SoftEther VPN Project. All Rights Reserved.
Connected to VPN Client "localhost".
VPN Client>AccountPassword vpnuser
AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication
Please enter the password. To cancel press the Ctrl+D key.
Password: **********
Confirm input: **********
Specify standard or radius: radius
The command completed successfully.
Next, connect to the VPN server using the following script:
./vpn-connect.sh
Once you are connected successfully, you will get the following output:
Stopping the SoftEther VPN Client service ...
SoftEther VPN Client service has been stopped.
The SoftEther VPN Client service has been started.
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.38 Build 9760 (English)
Compiled 2021/08/17 22:32:49 by buildsan at crosswin
Copyright (c) SoftEther VPN Project. All Rights Reserved.
Connected to VPN Client "localhost".
VPN Client>AccountConnect vpnuser
AccountConnect command - Start Connection to VPN Server using VPN Connection Setting
The command completed successfully.
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.38 Build 9760 (English)
Compiled 2021/08/17 22:32:49 by buildsan at crosswin
Copyright (c) SoftEther VPN Project. All Rights Reserved.
Connected to VPN Client "localhost".
VPN Client>AccountList
AccountList command - Get List of VPN Connection Settings
Item |Value
----------------------------+-------------------------------------------
VPN Connection Setting Name |vpnuser
Status |Connected
VPN Server Hostname |69.28.88.203:443 (Direct TCP/IP Connection)
Virtual Hub |myhub
Virtual Network Adapter Name|nic1
The command completed successfully.
After the successful connection, a new VPN interface named vpn_nic1 has been created. You can check it using the following command:
ifconfig
You will get the following output:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 69.28.85.54 netmask 255.255.254.0 broadcast 69.28.85.255
inet6 fe80::200:45ff:fe1c:5536 prefixlen 64 scopeid 0x20<link>
ether 00:00:45:1c:55:36 txqueuelen 1000 (Ethernet)
RX packets 19867 bytes 74357003 (74.3 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8098 bytes 1085017 (1.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 854 bytes 648247 (648.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 854 bytes 648247 (648.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vpn_nic1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.30.10 netmask 255.255.255.0 broadcast 192.168.30.255
inet6 fe80::5c86:a0ff:fe6a:a652 prefixlen 64 scopeid 0x20<link>
ether 5e:86:a0:6a:a6:52 txqueuelen 1000 (Ethernet)
RX packets 312 bytes 20440 (20.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 292 bytes 22588 (22.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Conclusion
In the above guide, we explained how to install and set up a SoftEther VPN server on Ubuntu 20.04. We also explained how to install the SoftEther VPN client and connect to the VPN server.
