Setting up SoftEther VPN Server on Ubuntu 16.04 Xenial Xerus Linux

Introduction

Whether you want to be able to connect remotely to your corporate network or to construct a virtual network between two remote points, through an unsecure network (eg: Internet), you will somehow need a VPN (Virtual Private Network). A VPN allows you to securely connect to a remote LAN (Local Area Network) through Internet or untrusted networks.

SoftEther is an Open Source VPN Server, an alternative to OpenVPN. It’s thought to be the world’s most powerful and easy-to-user multi-protocol VPN software.
Our article concerns how to setup SoftEther on Ubuntu Xenial Xerus Linux.

What you will need

  • Ubuntu 16.04 Xenial Xerus Linux
  • A 30 GB available disk space is recommended
  • A root privilege

Note that binaries used for this article are x64 architectures. If your machine is not x64, you need to choose the suitable binaries.

Conventions

# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user
> – given command to be executed from vpncmd command line interface

Preparing the server

Upgrade the system:

$ sudo apt update
$ sudo apt upgrade

Install (if not installed yet) build-essential for compilation purpose:

$ sudo apt install build-essential

Installing SoftEther

Fetch softether sources

Let’s fetch SoftEther sources (latest build is the version 4.22 released on 2016-11-27):

$ wget http://www.softether-download.com/files/softether/v4.22-9634-beta-2016.11.27-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gz


Uncompress the sources

$ tar xzf softether-vpnserver-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gz

After successful decompression, we find a folder named vpnserver in our current directory.

Install from the sources

$ cd vpnserver
$ sudo make

During the installation process, we will have to type 1 to read the Licence Agreement, type 1 again to confirm that we have read the License Agreement and finally type 1 to agree the License Agreement.
After the installation, we can go through the output to confirm that the whole process went correctly without any error.
Once everything is done correctly, we will be able to run the vpn server from the installation folder by using this command:

$ sudo ./vpnserver start

Let’s do better by configuring it as a daemon.

Configuration as a daemon

Let’s follow these steps to configure our vpn server as a daemon.

Move the installation folder to /usr/local

$ cd ..
$ sudo mv vpnserver /usr/local

Give appropriate rights to files

$ cd /usr/local/vpnserver/
$ sudo chmod 600 *
$ sudo chmod 700 vpnserver
$ sudo chmod 700 vpncmd

Before going further, let’s check that the vpn server can operate normally on our server. It is important to make this check before starting vpnserver.

  • Run the vpncmd command
  • Type 3
  • Then type check
$ cd /usr/local/vpnserver/
$ sudo ./vpncmd


check vpnserver installation

If everything is well done, we should get “All checks passed” message at the end of the operation.

Create a systemd service

Create the file /lib/systemd/system/vpnserver.service

$ sudo vi /lib/systemd/system/vpnserver.service

And put the following content within it:

[Unit]
Description=SoftEther VPN Server
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop

[Install]
WantedBy=multi-user.target

Now the VPN server starts automatically on boot, and we are able to manage the vpnserver using systemctl.

systemd service for vpnserver



Prepare SoftEther VPN Server for use

SoftEther offers many use cases: Ad-hoc VPN, Remote access to LAN, LAN to LAN bridge, etc. In this article, we are configuring it for “Remote access to LAN” use.
We will first create a virtual hub, and then make a kind of link between that virtual hub and the server network (the corporate LAN).

Set an admin password for vpncmd

For obvious reasons, it’s recommended to immediately set an admin password for vpncmd as soon as the the VPN server is installed. This is done through the vpncmd utility:

$ cd /usr/local/vpnserver/
$ sudo ./vpncmd

set admin password for vpncmd

As shown in the above picture, we select 1 for “Management of VPN Server or VPN Bridge”, then just press Enter for the following questions until we get VPN Server> prompt. At the command prompt, we type ServerPasswordSet.

Create a virtual hub

By using vpncmd, we are going to create a virtual hub named “myFirstHUB”:

$ cd /usr/local/vpnserver/
$ sudo ./vpncmd
> HubCreate myFirstHUB

create virtual hub

Connect the virtual hub to the server network

In order to allow clients to reach the server network, we need to link the virtual hub to the LAN. This can be done using a Local Bridge connection or using the SecureNAT function.
In our case, the SecureNAT function will be used. SecureNAT function allows to use the VPN server as Simple Network Gateway, DHCP Server, or Simple Gateway to Remotely Access Remote Sites.
Let’s select our virtual hub and enable SecureNAT function.

$ cd /usr/local/vpnserver/
$ sudo ./vpncmd
> Hub myFirstHUB
> SecureNatEnable

enable secure nat

Create users

Command to create a user: UserCreate
After user’s creation, we need to set a password. Note that it’s possible to use other methods of authentication: NTLM, RADIUS, etc. The default authentication method is “password”.
Command to set the password: UserPasswordSet

create user



Client configuration

SoftEther provides clients for many OS including Linux.

Download the client

We will use wget command to download the client.

$ wget http://www.softether-download.com/files/softether/v4.22-9634-beta-2016.11.27-tree/Linux/SoftEther_VPN_Client/64bit_-_Intel_x64_or_AMD64/softether-vpnclient-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gz

Uncompress the sources

$ tar xzf softether-vpnclient-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gz 

Install from the sources

The client compilation is similar to the server.

$ cd vpnclient
$ sudo make

After installation we change files permissions as follow:

$ sudo chmod 600 *
$ sudo chmod 700 vpnclient
$ sudo chmod 700 vpncmd

Now we can start the VPN client and make the required configuration to connect to the server.

$ sudo ./vpnclient start
$ sudo ./vpncmd

Select 2 to enter “Management of VPN Client”. And perform these actions:

  • Create a virtual adapter (use NiceCreate, give “any” name you want)
  • Create a VPN connection (AccountCreate account0)
  • Specify the destination server hostname and port number (server:port)
  • Select the virtual hub to which you want to be connected (in our case we are using “myFirstHUB” created on the server)
  • Enter the username
  • Use the virtual adapter created previously

vpn client conf

Now we can launch the VPN client connection. Before doing so, we have to specify the password for the user we have previously configured in the VPN connection.

> AccountPassword account0
> standard
> AccountConnect account0

client account connect


The client is now connected but no ip address is assigned to the virtual adapter. As last step, we need to request an IP address from the vpn server. We can use ifconfig command to find the vpn virtual adapter (prefixed by vpn_) and then use dhclient command to request an IP address.

$ sudo dhclient vpn_ethvpn0

After this command, the VPN client will get an ip address from the SoftEther VPN server and can communicate with the remote LAN.

Thanks for your interest in this article. We appreciate your questions and improvements.