Tutorial SoftEther Client (Ubuntu)

tutorial_softether_client.md

SoftEther Client

Download and install

Go to http://www.softether-download.com/files/softether and download SoftEther Client for the right architecture.

> cd /tmp
> wget http://www.softether-download.com/files/softether/v4.18-9570-rtm-2015.07.26-tree/Linux/SoftEther_VPN_Client/64bit_-_Intel_x64_or_AMD64/softether-vpnclient-v4.18-9570-rtm-2015.07.26-linux-x64-64bit.tar.gz
> tar xf softether-vpnclient-v4.18-9570-rtm-2015.07.26-linux-x64-64bit.tar.gz

Then we have to compile it :

> apt-get install build-essential
> cd vpnclient
> make

Then move it elsewhere to start using it :

> cd ..
> mv vpnclient/ /usr/local/.
> cd /usr/local/vpnclient
> chmod 600 *
> chmod 700 vpn*

Client configuration

Go to the install dir and run the client configuration utility :

> ./vpnclient start
> cd /usr/local/vpnclient
> ./vpncmd

Select 2. Management of VPN Client and hit Enter to connect to your client management console.

By using vpncmd program, the following can be achieved. 

1. Management of VPN Server or VPN Bridge 
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 2

Specify the host name or IP address of the computer that the destination VPN Client is operating on. 
If nothing is input and Enter is pressed, connection will be made to localhost (this computer).
Hostname of IP Address of Destination: 

Connected to VPN Client "localhost".

First we have to create a Virtual Network Adapter :

VPN Client>NicCreate vpn1
NicCreate command - Create New Virtual Network Adapter
The command completed successfully.

VPN Client>NicEnable vpn1
NicEnable command - Enable Virtual Network Adapter
The command completed successfully.

We can see that a new network interface is present on our computer :

> ip addr show vpn_vpn1  # Our new interface name, always start with vpn_*
7: vpn_vpn1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/ether 00:ac:d9:4e:a6:ac brd ff:ff:ff:ff:ff:ff
    inet6 fe80::2ac:d9ff:fe4e:a6ac/64 scope link 
       valid_lft forever preferred_lft forever

Now we have to create an account to connect to our VPN :

VPN Client>AccountCreate AschenVPN
AccountCreate command - Create New VPN Connection Setting
Destination VPN Server Host Name and Port Number: vpn.example.com:443  # VPN server address and port

Destination Virtual Hub Name: MyVPN  # Virtual Hub name on the server

Connecting User Name: aschen  # Username 

Used Virtual Network Adapter Name: vpn1  # Virtual Network Adapter we just create

The command completed successfully.

Set the account password :

VPN Client>accountpasswordset AschenVPN
AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication
Please enter the password. To cancel press the Ctrl+D key.

Password: *************
Confirm input: ***********


Specify standard or radius: standard

The command completed successfully.

We can finally connect to our server and test the connection :

VPN Client> AccountConnect AschenVPN
AccountConnect command - Start Connection to VPN Server using VPN Connection Setting
The command completed successfully.

VPN Client>AccountStatusGet AschenVPN
AccountStatusGet command - Get Current VPN Connection Setting Status
Item                                      |Value
------------------------------------------+------------------------------------------
VPN Connection Setting Name               |AschenVPN
Session Status                            |Connection Completed (Session Established)
VLAN ID                                   |-
Server Name                               |vpn.example.com
Port Number                               |TCP Port 443
Server Product Name                       |SoftEther VPN Server (64 bit)

Redirect traffic

Now we have a successfull connection to our VPN but we still expose our real IP on internet. We have to route all the traffic throught the VPN tunnel.

Find IP Address

First we have to obtain IP Address from VPN server.

> dhclient vpn_vpn0
> ip addr show vpn_vpn0
6: vpn_vpn0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/ether 00:ac:57:8e:88:73 brd ff:ff:ff:ff:ff:ff
    inet 192.168.30.10/24 brd 192.168.30.255 scope global vpn_vpn0  # We now have an IP Address
       valid_lft forever preferred_lft forever
    inet6 fe80::2ac:57ff:fe8e:8873/64 scope link 
       valid_lft forever preferred_lft forever

Then we need several informations :

• Your internet router IP
• VPN Server IP on vpn_vpn0
• VPN Server public IP

To find Internet router IP and VPN Server IP on vpn_vpn0, first find your IP on these network :

> ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether a4:1f:72:74:91:99 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.36/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::a61f:72ff:fe74:9199/64 scope link 
       valid_lft forever preferred_lft forever
> ip addr show vpn_vpn0
6: vpn_vpn0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/ether 00:ac:57:8e:88:73 brd ff:ff:ff:ff:ff:ff
    inet 192.168.30.10/24 brd 192.168.30.255 scope global vpn_vpn0
       valid_lft forever preferred_lft forever
    inet6 fe80::2ac:57ff:fe8e:8873/64 scope link 
       valid_lft forever preferred_lft forever

My IP are 192.168.1.36 for eth0 and 192.168.30.10 for vpn_vpn0 so I try to find internet box and VPN server IP-s :

> ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=2.45 ms
> ping 192.168.30.1
PING 192.168.30.1 (192.168.30.1) 56(84) bytes of data.
64 bytes from 192.168.30.1: icmp_seq=1 ttl=128 time=249 ms

Then I need to find the VPN Server public IP :

> host vpn.example.com
vpn.example.com has address 93.184.216.34

So I have :

• Internet router IP : 192.168.1.1
• VPN Server IP on vpn_vpn0 : 192.168.30.1
• VPN Server public IP : 93.184.216.34

Route all traffic throught VPN

First we add route to our VPN Server public IP throught our Internet Box and change the default route to the VPN Server IP on vpn_vpn0:

> ip route add 93.184.216.34/32 via 192.168.1.1 dev eth0 
> ip route del default
> ip route add default via 192.168.30.1 dev vpn_vpn0 

You can now verify if traffic is routed throught the VPN :

> dig +short myip.opendns.com @resolver1.opendns.com
93.184.216.34

Disconnect your VPN

You have first to delete your custom route and restore the previous one :

> ip route del 93.184.216.34/32
> ip route del default
> ip route add default via 192.168.1.1 dev eth0
> ifconfig vpn_vpn0 0.0.0.0 

Then disconnect from your VPN Server:

> /usr/local/vpnclient/vpncmd

 [...]

VPN Client> AccountDisconnect AschenVPN
AccountDisconnect command - Disconnect VPN Connection Setting During Connection
The command completed successfully.

Scripting

We can create 2 small script to connect, disconnect and redirect traffic :

/usr/local/vpnclient/start.sh

#!/bin/bash

ACCOUNT=AschenVPN
VPN_INTERFACE=vpn_vpn0
LOCAL_INTERFACE=eth0
IP_VPN_PUBLIC=93.184.216.34
IP_VPN_PRIVATE=192.168.30.1
IP_INTERNET_BOX=192.168.1.1

echo "Connect to VPN"
echo -e "2\n\nAccountConnect $ACCOUNT\n" | /usr/local/vpnclient/vpncmd # Connect Account                                                        

echo "Redirect traffic"
dhclient $VPN_INTERFACE
ip route add $IP_VPN_PUBLIC/32 via $IP_INTERNET_BOX dev $LOCAL_INTERFACE
ip route del default
ip route add default via $IP_VPN_PRIVATE dev $VPN_INTERFACE

echo "Public ip :"
dig +short myip.opendns.com @resolver1.opendns.com

/usr/local/vpnclient/stop.sh

#!/bin/bash                                                                                                                                      
ACCOUNT=AschenVPN
VPN_INTERFACE=vpn_vpn0
LOCAL_INTERFACE=eth0
IP_VPN_PUBLIC=93.184.216.34
IP_INTERNET_BOX=192.168.1.1

echo "Connect to VPN"
echo -e "2\n\nAccountDisconnect $ACCOUNT\n" | /usr/local/vpnclient/vpncmd

echo "Redirect traffic"
ip route del $IP_VPN_PUBLIC/32
ip route del default
ip route add default via $IP_INTERNET_BOX dev $LOCAL_INTERFACE
ifconfig $VPN_INTERFACE 0.0.0.0

echo "Public ip :"
dig +short myip.opendns.com @resolver1.opendns.com

Now we will create a init script to run vpnclient and setup default route at startup.

/etc/init.d/vpnclient

#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Client
DAEMON=/usr/local/vpnclient/vpnclient
START=/usr/local/vpnclient/start.sh 
STOP=/usr/local/vpnclient/stop.sh 

case "$1" in
     start)
        $DAEMON start
        sleep 1
        $START
     ;;
     stop)
        $DAEMON stop
        $STOP
     ;;
     restart)
        $DAEMON stop
        sleep 3
        $DAEMON start
     ;;
     *)
        echo "Usage: $0 {start|stop|restart}"
        exit 1
     esac

exit 0

Then add init script to startup :

> chmod +x /etc/init.d/vpnclient
> update-rc.d vpnclient defaults

Sources

https://www.sumovpn.com/guides/ubuntu/sevpn.html

https://www.digitalocean.com/community/tutorials/how-to-setup-a-multi-protocol-vpn-server-using-softether

Hello Aschen,
Your tutorial was very usefull to me to set up a linux ubuntu VPN Client,
but I found a command that grow up an error:

VPN Client>AccountCreate AschenVPN

I changed the line

Used Virtual Network Adapter Name: vpn_vpn1

with

Used Virtual Network Adapter Name: vpn1

and it worked correctly
I hope it will be usefull
Thank you again for your work
Sincerely
Paolo

Hey @paololeo thanks you for your kind message ! I modified the gist.
Sincerely I had no idea this was useful to someone but I'm glad :-)