Skip to content

Instantly share code, notes, and snippets.

@Aschen

Aschen/tutorial_softether.md

Last active September 2, 2022 00:35
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Aschen/c0fa370dd2ca7fa7b14f to your computer and use it in GitHub Desktop.
Save Aschen/c0fa370dd2ca7fa7b14f to your computer and use it in GitHub Desktop.
Download ZIP
Tutorial SoftEther L2TP/IPSEC Server (Ubuntu)
Raw
tutorial_softether.md

SoftEther Server

Download and install

Go to http://www.softether-download.com/files/softether and download SoftEther Server for the right architecture.

> cd /tmp
> wget http://www.softether-download.com/files/softether/v4.18-9570-rtm-2015.07.26-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.18-9570-rtm-2015.07.26-linux-x64-64bit.tar.gz
> tar xf softether-vpnserver-v4.18-9570-rtm-2015.07.26-linux-x64-64bit.tar.gz

Then we have to compile it :

> apt-get install build-essential
> cd vpnserver
> make

Then move it elsewhere to start using it :

> cd ..
> mv vpnserver/ /usr/local/.
> cd /usr/local/vpnserver
> chmod 600 *
> chmod 700 vpn*

Startup script

Now we will create a init script to run vpnserver at startup.

/etc/init.d/vpnserver

#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0

case "$1" in
  start)
    $DAEMON start
    touch $LOCK
  ;;
  stop)
    $DAEMON stop
    rm $LOCK
  ;;
  restart)
    $DAEMON stop
    sleep 3
    $DAEMON start
  ;;
  *)
  echo "Usage: $0 {start|stop|restart}"
  exit 1
esac
exit 0

Then create the /var/lock/subsys dir and add init script to startup :

> mkdir /var/lock/subsys
> chmod +x /etc/init.d/vpnserver
> update-rc.d vpnserver defaults
> service vpnserver start

SoftEther Server Configuration

Go to the installation dir and start the configuration utility :

> cd /usr/local/vpnserver
> ./vpncmd

Choose 1. Management of VPN Server or VPN Bridge and just hit Enter when you are asked for Hostname and IP Address of Destination , then hit Enter again to connect you to your server managemement console.

Specify the host name or IP address of the computer that the destination VPN Server or VPN Bridge is operating on. 
By specifying according to the format 'host name:port number', you can also specify the port number. 
(When the port number is unspecified, 443 is used.)
If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer).
Hostname of IP Address of Destination: 

If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name. 
If connecting by server admin mode, please press Enter without inputting anything.
Specify Virtual Hub Name: 
Connection has been established with VPN Server "localhost" (port 443).

You have administrator privileges for the entire VPN Server.

VPN Server>

First change the default password to your server :

VPN Server> ServerPasswordSet
ServerPasswordSet command - Set VPN Server Administrator Password
Please enter the password. To cancel press the Ctrl+D key.

Password: ****************
Confirm input: ****************


The command completed successfully.

Now we will create a Virtual Hub for your vpn connection and assign a password to it (for administration).

VPN Server> HubCreate MyVPN
HubCreate command - Create New Virtual Hub
Please enter the password. To cancel press the Ctrl+D key.

Password: ********
Confirm input: ********


The command completed successfully.

Then select the Virtual Hub :

VPN Server> Hub MyVPN
Hub command - Select Virtual Hub to Manage
The Virtual Hub "MyVPN" has been selected.
The command completed successfully.

VPN Server/MyVPN>

Enable SecureNAT which is the most easier setup and will work pretty well for your situation I guess.

VPN Server/MyVPN> SecureNatEnable
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.

In order to connect to our VPN, we have to create Users and assign them passwords :

VPN Server/MyVPN> UserCreate aschen
UserCreate command - Create User 
Assigned Group Name: 
User Full Name: 
User Description: 

The command completed successfully.

VPN Server/MyVPN> UserPasswordSet aschen
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
Please enter the password. To cancel press the Ctrl+D key.

Password: ****************
Confirm input: ****************

The command completed successfully.

Finally we have to enable L2TP/IPSec :

VPN Server/MyVPN> IpSecEnable
IPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes   # Enable IPSEC encryption

Enable Raw L2TP Server Function (yes / no): no  # Don't allow client to connect without IPSec encryption

Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): no 

Pre Shared Key for IPsec (Recommended: 9 letters at maximum): iamthepresharedkey   # Pre shared key

Default Virtual HUB in a case of omitting the HUB on the Username: MyVPN  # Default Virtual Hub

The command completed successfully.

We have now a fully functionnal L2TP over IPSec vpn server :)

Sources

https://www.digitalocean.com/community/tutorials/how-to-setup-a-multi-protocol-vpn-server-using-softether

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment