IntroductionWhether you want to be able to connect remotely to your corporate network or to construct a virtual network between two remote points, through an unsecure network (eg: Internet), you will somehow need a VPN (Virtual Private Network). A VPN allows you to securely connect to a remote LAN (Local Area Network) through Internet or untrusted networks.
SoftEther is an Open Source VPN Server, an alternative to OpenVPN. It's thought to be the world's most powerful and easy-to-user multi-protocol VPN software. Our article concerns how to setup SoftEther on Ubuntu Xenial Xerus Linux.
What you will need
- Ubuntu 16.04 Xenial Xerus Linux
- A 30 GB available disk space is recommended
- A root privilege
Conventions# - requires given command to be executed with root privileges either directly as a root user or by use of
$ - given command to be executed as a regular non-privileged user
> - given command to be executed from vpncmd command line interface
Preparing the serverUpgrade the system:
$ sudo apt update $ sudo apt upgradeInstall (if not installed yet)
build-essentialfor compilation purpose:
$ sudo apt install build-essential
Fetch softether sourcesLet's fetch SoftEther sources (latest build is the version 4.22 released on 2016-11-27):
$ wget http://www.softether-download.com/files/softether/v4.22-9634-beta-2016.11.27-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gz
Uncompress the sources
$ tar xzf softether-vpnserver-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gzAfter successful decompression, we find a folder named
vpnserverin our current directory.
Install from the sources
$ cd vpnserver $ sudo makeDuring the installation process, we will have to type
1to read the Licence Agreement, type
1again to confirm that we have read the License Agreement and finally type
1to agree the License Agreement. After the installation, we can go through the output to confirm that the whole process went correctly without any error. Once everything is done correctly, we will be able to run the vpn server from the installation folder by using this command:
$ sudo ./vpnserver startLet’s do better by configuring it as a
Configuration as a daemonLet's follow these steps to configure our vpn server as a
Move the installation folder to /usr/local
$ cd .. $ sudo mv vpnserver /usr/local
Give appropriate rights to files
$ cd /usr/local/vpnserver/ $ sudo chmod 600 * $ sudo chmod 700 vpnserver $ sudo chmod 700 vpncmdBefore going further, let’s check that the vpn server can operate normally on our server. It is important to make this check before starting
- Run the
- Then type
$ cd /usr/local/vpnserver/ $ sudo ./vpncmd
If everything is well done, we should get “All checks passed” message at the end of the operation.
Create a systemd serviceCreate the file
$ sudo vi /lib/systemd/system/vpnserver.serviceAnd put the following content within it:
[Unit] Description=SoftEther VPN Server After=network.target [Service] Type=forking ExecStart=/usr/local/vpnserver/vpnserver start ExecStop=/usr/local/vpnserver/vpnserver stop [Install] WantedBy=multi-user.targetNow the VPN server starts automatically on boot, and we are able to manage the vpnserver using
Prepare SoftEther VPN Server for useSoftEther offers many use cases: Ad-hoc VPN, Remote access to LAN, LAN to LAN bridge, etc. In this article, we are configuring it for “Remote access to LAN” use. We will first create a
virtual hub, and then make a kind of link between that
virtual huband the server network (the corporate LAN).
Set an admin password for vpncmdFor obvious reasons, it’s recommended to immediately set an admin password for
vpncmdas soon as the the VPN server is installed. This is done through the
$ cd /usr/local/vpnserver/ $ sudo ./vpncmd
As shown in the above picture, we select
1for “Management of VPN Server or VPN Bridge”, then just press
Enterfor the following questions until we get
VPN Server>prompt. At the command prompt, we type
Create a virtual hubBy using
vpncmd, we are going to create a
virtual hubnamed “myFirstHUB”:
$ cd /usr/local/vpnserver/ $ sudo ./vpncmd > HubCreate myFirstHUB
Connect the virtual hub to the server networkIn order to allow clients to reach the server network, we need to link the
virtual hubto the LAN. This can be done using a Local Bridge connection or using the
SecureNATfunction. In our case, the
SecureNATfunction will be used.
SecureNATfunction allows to use the VPN server as Simple Network Gateway, DHCP Server, or Simple Gateway to Remotely Access Remote Sites. Let's select our
virtual huband enable
$ cd /usr/local/vpnserver/ $ sudo ./vpncmd > Hub myFirstHUB > SecureNatEnable
Create usersCommand to create a user:
After user's creation, we need to set a password. Note that it's possible to use other methods of authentication:
RADIUS, etc. The default authentication method is “password”.
Command to set the password:
Client configurationSoftEther provides clients for many OS including Linux.
Download the clientWe will use
wgetcommand to download the client.
$ wget http://www.softether-download.com/files/softether/v4.22-9634-beta-2016.11.27-tree/Linux/SoftEther_VPN_Client/64bit_-_Intel_x64_or_AMD64/softether-vpnclient-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gz
Uncompress the sources
$ tar xzf softether-vpnclient-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gz
Install from the sourcesThe client compilation is similar to the server.
$ cd vpnclient $ sudo makeAfter installation we change files permissions as follow:
$ sudo chmod 600 * $ sudo chmod 700 vpnclient $ sudo chmod 700 vpncmdNow we can start the VPN client and make the required configuration to connect to the server.
$ sudo ./vpnclient start $ sudo ./vpncmdSelect
2to enter “Management of VPN Client”. And perform these actions:
- Create a virtual adapter (use
NiceCreate, give “any” name you want)
- Create a VPN connection (
- Specify the destination server hostname and port number (server:port)
- Select the
virtual hubto which you want to be connected (in our case we are using “myFirstHUB” created on the server)
- Enter the username
- Use the virtual adapter created previously
Now we can launch the VPN client connection. Before doing so, we have to specify the password for the user we have previously configured in the VPN connection.
> AccountPassword account0 > standard > AccountConnect account0
The client is now connected but no ip address is assigned to the virtual adapter. As last step, we need to request an IP address from the vpn server. We can use
ifconfigcommand to find the vpn virtual adapter (prefixed by
vpn_) and then use
dhclientcommand to request an IP address.
$ sudo dhclient vpn_ethvpn0After this command, the VPN client will get an ip address from the SoftEther VPN server and can communicate with the remote LAN.
Thanks for your interest in this article. We appreciate your questions and improvements.