By Abdulaziz Gebril, Alibaba Cloud Community Blog author.
SoftEther VPN ("SoftEther" stands for "Software Ethernet") is one of the world's most powerful and easy-to-use multi-protocol VPN programs. It can run on nearly any platform, including Windows, Linux, MacOS, and even FreeBSD and Solaris.
SoftEther VPN is open source and works on multiple platforms. You can use it for personal or commercial use for free charge. It is compatibility with today's most popular VPN products among the world and has the interoperability with OpenVPN, L2TP, IPsec, EtherIP, L2TPv3, Cisco VPN Routers, and MS-SSTP VPN Clients. SoftEther VPN is also the world's only VPN software which supports SSL-VPN, OpenVPN, L2TP, EtherIP, L2TPv3 and IPsec, as a single VPN software program.
If interested, you can read more information about the features and specifications of SoftEther VPN on their official website. In this tutorial, we will show you how you can take advantage of all the features of SoftEther VPN by showing you how to set up a VPN serving using it.
Don't have Alibaba Cloud account yet? Sign up to get $300 - $1200 Worth of Free Trial for your new Alibaba Cloud account.
In this tutorial, you will specifically need to install a server with CentOS 7 with a minimum of 512 MB RAM, and configure inbound/outbound firewall rules.
We need to ensure that your server is up to date by using the following command:
yum -y update
Next, we will install CentOS Development Tools, Wget package (which we will use to download the installation archive of SoftEther VPN server) and nano package as a text editor. Use the following command:
yum -y groupinstall "Development Tools" && yum -y install wget nano
Firewall rules define what kind of Internet traffic is allowed or blocked. You can think of it as an additional protection layer provided by your hosting provider to take control of your traffic.
If your hosting provider asks you to configure the firewall rules of your traffic (Skip if not), you have to configure your firewall rules to allow your traffic though their network. Here is a list of mostly used default ports on servers:
20 – FTP
21 – FTP
22 – SSH
25 – SMTP/EMAIL
26 – SMTP
53 – BIND/DNS
80 – HTTP / Apache Web server
110 – POP3/EMAIL
143 – IMAP
443 – HTTPS / Apache Web server SSL
465 – SMTP/EMAIL SSL/TLS
873 – RSYNC
993 – IMAP/EMAIL SSL
995 – POP3/EMAIL SSL
3306 – MYSQL
Ports used by SoftEther VPN:
Protocol | Port | Description |
---|---|---|
TCP | 1194 | SoftEther OpenVPN |
TCP | 5555 | SoftEther Management |
UDP | 1194 | SoftEther OpenVPN |
UDP | 500 | SoftEther SoftEther L2TP/IPSec |
UDP | 1701 | SoftEther SoftEther L2TP/IPSec |
UDP | 4500 | SoftEther SoftEther L2TP/IPSec |
Additionally, you have to add any other ports that you use for the VPN server to that list.
For Alibaba Cloud customers, you can do that by Creating a security group and Adding security group rules to allow connections on these ports.
You have to get the link of the latest stable package (rtm) of SoftEther VPN Server for Linux Platform from SoftEther Download Center. You will be asked to select the the CPU architecture of your server. Currently, Intel x64 / AMD64 (64bit) is the most popular CPU architecture for servers, but if you are not sure about the CPU architecture of your server, you can use the command below to find it out.
lscpu
As of this writing, the latest version for Intel x64 / AMD64 (64bit) distribution is (Ver 4.29, Build 9680, rtm) and the download link is:
http://www.softether-download.com/files/softether/v4.29-9680-rtm-2019.02.28-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz
Ok, let’s navigate to the /usr/local directory to download SoftEther VPN there.
cd /usr/local
We can proceed with downloading the installation archive of SoftEther VPN server from their website using Wget:
wget "YOUR_DOWNLOAD_LINK" -O softether-vpnserver-linux.tar.gz
Extract the archive we’ve just downloaded:
tar -xvf softether-vpnserver-linux.tar.gz
Remove the compressed file:
rm -f softether-vpnserver-linux.tar.gz
Navigate to the /usr/local/vpnserver directory:
cd /usr/local/vpnserver
Run make command to compile and install SoftEther VPN server:
make
During the installation process, you will have to type 1 to read the License Agreement, type 1 again to confirm that you have read the License Agreement and finally type 1 to agree with the License Agreement.
During the process, the installer will make a quick check to ensure that your VPN server can operate normally. You should see something like this as part of the output:
In order to start the VPN server, you have to configure your system to operate the vpnserver program as a service mode by registering the vpnserver program as a daemon process that continues to run in the background.
To do that, we need to create a startup script, as shown below, with a file named vpnserver in /etc/init.d directory by using the following command:
nano /etc/init.d/vpnserver
Then put the following into the file:
#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
Save the file and exit, then change the permissions for the startup script like this:
chmod 755 /etc/init.d/vpnserver
Now, we can start the vpnserver service using the command below:
/etc/init.d/vpnserver start
Also, we will use the chkconfig command to allow the above startup script to start automatically in the background on boot.
chkconfig --add vpnserver
If you need to stop the VPN Server service at any time, you can type the following to stop it.
/etc/init.d/vpnserver stop
SoftEther VPN comes with a command line based administration tool called "vpncmd" to perform management operations. You can read more about the general usage of vpncmd by clicking here.
Anytime if you want to check if your VPN server is working and operating normally, you can check by running the vpncmd command and type 3 to select “Use of the check VPN tools”
/usr/local/vpnserver/vpncmd
Then type the command below on the VPN Server> prompt:
check
At the time VPN Server is installed, but the admin password for the VPN Server is not set. We have to manage the VPN server in Admin Mode and set the admin password by running the vpncmd command and select 1 for “Management of VPN Server or VPN Bridge”
/usr/local/vpnserver/vpncmd
Then press the *enter key for next questions without giving any input values until you get VPN Server>* prompt.
Then type the command below on the VPN Server> prompt to set the admin password.
ServerPasswordSet
There are two ways to configure SoftEther VPN server, you can use the Windows or Mac based server manager or use the built-in vpncmd tool to configure your server.
SoftEther VPN Server Manager is an administration utility that supports GUI for administering SoftEther VPN Server by local or remote computer. Using VPN Server Manager enables you to connect to and administer SoftEther VPN Server without learning complicated commands or operation methods. You can also administer SoftEther VPN Server operating on a UNIX operating system from a familiar Windows terminal.
You can download SoftEther Server Manager for Windows or MacOS from SoftEther Download Center and do the configuration using the GUI that it provides, or you can continue reading this section, if you prefer to use the vpncmd tool to configure your VPN server.
We need to create a virtual hub for our VPN server by using HubCreate command on the VPN Server> prompt. For example we will create a Virtual Hub called "testVHub". You will be prompted to set the password which you will use to administer the hub.
HubCreate testVHub
Now we have to control the Virtual Hub by using the Hub command on the VPN Server> prompt.
Hub testVHub
We need to link the Virtual Hub to the server network by using the command below:
SecureNatEnable
We can create users for our Virtual Hub to use the VPN by using the command UserCreate and view the list of current users by UserList. For example we will create a user named "testuser". You can skip the group, name and description prompts by hitting enter a few times.
UserCreate testuser
Now we need to set a password for our user, this can be done by using UserPasswordSet command:
UserPasswordSet testuser
In this tutorial, we will focus on activating the connection of L2TP over IPSec, SSTP and OpenVPN protocols for the VPN server.
You need to manage the VPN server in Admin Mode using the vpncmd command and select 1 for “Management of VPN Server or VPN Bridge” until you reach VPN Server> prompt like we did before (this time, you will be asked for your admin password).
To enable L2TP over IPsec for your VPN server, you can use the following command on the VPN Server> prompt.
IPsecEnable
Then type “yes” as shown below and create a Pre Shared Key to connect your VPN with.
Default Virtual HUB in a case of omitting the HUB on the Username
When a VPN user wants to establish a VPN connection to the SoftEther VPN Server with IPsec/L2TP VPN Protocol, user have to specify the destination Virtual Hub in the username field by specifying the destination Virtual Hub Name after the username with appending '@' character, such like "testuser@testVHub" in our case.
However, you can specify the "Default Virtual Hub". If the destination Virtual Hub Name in the login-attempting username is omitted, then the default Virtual Hub is to be assumed to be designated by the user.
In our case, our Virtual Hub is "testVHub" , the user "testuser" on the testVHub can be logged on by just "testuser" . "@testVHub" can be omitted.
First, we need to use ServerCertRegenerate command to generate a self-signed SSL certificate for the server to use it for the SSTP and OpenVPN.
ServerCertRegenerate <YOUR SERVER IP or FQDN>
We have created the certificate and we need to save the server certificate into a file named cert.cer:
ServerCertGet ~/cert.cer
We can now enable SSTP for our VPN server:
SstpEnable yes
And to enable OpenVPN. The default OpenVPN port is 1194, but you can change it to any port you want.
OpenVpnEnable yes /PORTS:1194
You can download the configuration file for OpenVPN users by using the command below to create a sample OpenVPN configuration file and save it to openvpn-config.zip:
OpenVpnMakeConfig ~/openvpn-config.zip
2,599 posts | 762 followers
FollowAlibaba Clouder - August 19, 2020
Alibaba Clouder - August 2, 2019
Alibaba Clouder - April 7, 2021
Alibaba Clouder - August 9, 2018
Alibaba Clouder - January 11, 2021
Alibaba Clouder - July 6, 2021
2,599 posts | 762 followers
FollowElastic and secure virtual cloud servers to cater all your cloud hosting needs.
Learn MoreVPN Gateway is an Internet-based service that establishes a connection between a VPC and your on-premise data center.
Learn MoreA scalable and high-performance content delivery service for accelerated distribution of content to users across the globe
Learn MoreMore Posts by Alibaba Clouder