Skip to content

Instantly share code, notes, and snippets.

@FaridLU
Created August 14, 2023 09:17
Show Gist options
  • Save FaridLU/20eee009f4c96bdb67f359b98c8cff2e to your computer and use it in GitHub Desktop.
Save FaridLU/20eee009f4c96bdb67f359b98c8cff2e to your computer and use it in GitHub Desktop.
Setup SoftEther VPN Server, SoftEther Remote Server Management Tool (in Windows / Mac), VPN Client

SoftEther VPN Server Setup

Follow the instructions below to setup OpenVPN and SoftEther Server Manager.

  1. Make sure you have a Linux server, which will be used as a VPN server.

  2. ssh into the server by the following command:

    $ ssh root@your_server_ip_address

  3. Now run the following command to update your server and remove unnecessary things:

    $ sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y

  4. Install some necessary dependencies in the server which can be useful for a VPN server.

    $ sudo apt -y install build-essential wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev zlib1g-dev

  5. Now go to the following link to get the source URL of the SoftEther VPN Server.

  6. In the Component section choose "SoftEther VPN Server". After that choose "Linux" as a platform and finally choose "Intel x64 / AMD64 (64bit)" as CPU.

  7. Now there will be available download options for different versions SoftEther VPN Server. Choose the latest one and right-click on the title (which contains tar.gz file) and copy the link address.

  8. Now type the following command and replace the URL with the copied one.

    $ wget https://www.softether-download.com/files/softether/v4.42-9798-rtm-2023.06.30-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.42-9798-rtm-2023.06.30-linux-x64-64bit.tar.gz
  9. Now extract the downloaded zip file in the following command (make sure to ):

    $ tar -xvzf softether-vpnserver-v4.42-9798-rtm-2023.06.30-linux-x64-64bit.tar.gz
  10. Now run the following commands to setup the environment:

    $ cd vpnserver/
    $ make
    $ cd ..
    $ mv vpnserver/ /usr/local/
    $ cd /usr/local/vpnserver/
    $ chmod 600 *
    $ chmod 700 vpncmd
    $ chmod 700 vpnserver
  11. Now setup the server by running the following command:

    $ ,/vpncmd

    i) Press 3 (to set up the server to work as VPN tools) which will show the shell of VPNTools.

    ii) Now type check in that shell, to see if everything is fine so far.

    iii) Type exit to get out from the shell

  12. Create a vpnserver service by running the following command:

    $ nano /etc/init.d/vpenserver
  13. Now put the following config in that file:

    #!/bin/sh
    ### BEGIN INIT INFO
    # Provides: myscript
    # Required-Start:
    # Required Stop:
    # Default-Start: 2 3 4 5
    # Default Stop: 1 0 6
    # Short-Description: simple description.
    ### END INIT INFO
    # chkconfig: 2345 99 01
    # description: SoftEther VPN Server
    DAEMON=/usr/local/vpnserver/vpnserver
    LOCK=/var/lock/subsys/vpnserver
    test -x $DAEMON || exit 0
    case "$1" in
    start)
    $DAEMON start
    touch $LOCK
    ;;
    stop)
    $DAEMON stop
    rm $LOCK
    ;;
    restart)
    $DAEMON stop
    sleep 3
    $DAEMON start
    ;;
    *)
    echo "Usage: $0 {start|stop|restart}"
    exit 1
    esac
    exit 0
    
  14. Now give the necessary permission to that config file and start the service:

    $ chmod 700 /etc/init.d/vpenserver
    $ update-rc.d vpenserver defaults
    $ /etc/init.d/vpenserver start
  15. The SoftEther VPN Server service has been started. After starting the service 5555 port will be exposed which is going to use by the SoftEther Server Management Tool (to make the modification in the server remotely). From now on you can manage this VPN server using SoftEther VPN Server Management Tool.

SoftEther Server Management Tool

  1. First of all, download the SoftEther VPN Server Management Tool in the system (Windows / Mac OSX) from where you want to manage the VPN Server.

  2. After installation, open the GUI of the server management tool. Create a new connection setting.

  3. In the name section put any relevant name according to your need.

  4. In the Host Name section, put the public IP address of your server.

  5. Now try to connect in that connection.

  6. The New Password window will pop up and try putting a strong password so that no one can access your server.

  7. Now there will be a window to choose the type of your VPN Server, which will be initialized. Mark the Remote Access VPN Server option from this section.

  8. Now Virtual Hub Name option will pop up. Put the name of your virtual hub. (A VPN Server can have multiple virtual hubs). One user of a particular hub can't access the private IP of another virtual hub.

  9. Now there will be a window named Dynamic DNS Function. Change the Dynamic DNS Hostname to any readable name (Similar to the configuration name of step 3), and click on Set to Above Hostname. Now click on exit.

  10. There will be an option to choose settings for choosing the Server function. According to our need mark Enable L2TP Server Function (L2TP over IPsec) option, and click ok.

  11. In this window, choose Disable VPN Azure option and click ok.

  12. In the VPN Easy Setup Tasks window, you can create users and configure other destination VPN servers. I prefer not to do anything here because we will create users for each virtual hub from the main dashboard. To ignore this for now just click on close button.

  13. Finally, the main dashboard from where we can do a lot of stuff. Options which we are going to consider the most are the following:

    i) Virtual Hub (CRUD, On/Off)

    ii) OpenVPN Setting (In the bottom right corner)

    iii) Dynamic DNS Setting

Virtual Hub Management

  1. Double-click on a virtual hub name that you want to manage.

  2. Click on the Manage Users option so that you can create and manage users of this particular virtual hub.

  3. Now in the bottom left corner, click on new to create a new user.

  4. Do the following to create a new user:

    • Input username for new user. (You can't edit this next time)

    • Fill Full Name and Note section.

    • Add an Expiration date if you want to add this user for a certain period (This can be changed later on)

    • Choose Auth Type for this particular user. Selecting the Password Authentication option is recommended.

    • In the Password Authentication Settings section, put the password for this particular user. As it can't be viewed in any way, make sure to remember this password. You can edit the password but you can't view the existing password.

    • If you choose Individual Certificate Authentication in the Auth Type section, you need to create a certificate from the Individual Certificate Authentication Settings section for this particular user.

    • Now click on ok, and you will be notified that the user you have been created.

  5. Get back to the Virtual Hub Management window, and click on Virtual NAT and Virtual DHCP Function (SecureNAT) setting option*.

    • Click on the SecureNAT Configuration button to change the default configuration for this virtual hub.

    • By default the private IP Address Range is IPv4 Class C. We need to change this to IPv4 Class B.

    • In the Virtual Host's Network Interface Settings section, the the IP Address to 172.16.0.1 and change the Subnet Mask to 255.255.0.0

    • Now in the Virtual DHCP Server Functions option, change the distributed IP address 172.16.0.10 to 172.16.0.200, and change the Subnet Mask to 255.255.0.0

    • Clear the IP Address from Default Gateway Address, and do the same for DNS Server Address 1. Leave those blank, and click on ok button.

    N.B: The reason we are removing those default gateway address is, in this way, the VPN will act like an network adapter. The normal traffic under this VPN will flow with the normal network. Only the PrivateIPs under this VPN can be accessed (while being connected in this VPN configuration).

    • Click on *Enable SecureNAT.

OpenVPN Setting

  1. Click on the OpenVPN Setting of the main window of SoftEther VPN Server Manager.

  2. Make sure the Enable OpenVPN Clone Server Function option is checked.

  3. Click on Generate Sample Configuration File for OpenVPN Clients, which will generate a zip file which contains the two ovpn files and one readme file. In our case, we will consider the ovpn file which contains openvpn_remote_access in the filename. This ovpn file will be used to connect to this VPN Server. The config file can be shared with everyone. But no one can access it until they use the username and password (which is created in this system).

  4. Everything here is finished, now you can check out the other readme which contains the instructions to connect to the VPN Server.

VPN Client

User Manual (GUI)

Download & Installation

Download & Install OpenVPN from the following link:

  1. Android - https://play.google.com/store/apps/details?id=net.openvpn.openvpn
  2. IOS - https://apps.apple.com/us/app/openvpn-connect-openvpn-app/id590379981
  3. Windows - https://openvpn.net/client/client-connect-vpn-for-windows/
  4. Mac - https://openvpn.net/client-connect-vpn-for-mac-os/
  5. Linux - There doesn't have any official GUI of OpenVPN for Linux. The CLI commands will be instructed separately at end of this documentation.

App / Software setup and connect to VPN server.

  1. Open the app/software, try to create a new profile for our VPN server.

  2. Import the ovpn file, that was generated (The instructions are present in the documentation of vpn server management).

  3. A new window will pop up to input username and password. Place your username and password so that you can connect to the VPN server. Without valid username and password you won't be able to connect to that VPN.

User Manual (CLI)

To connect to the VPN server using the command-line interface (CLI) on Linux, follow these steps:

  1. Install OpenVPN:

    First, you need to install the OpenVPN client on your Linux system. Open a terminal and run the appropriate command based on your Linux distribution:

    • For Debian/Ubuntu:
        $ sudo apt-get update
        $ sudo apt-get install openvpn
    • For Red Hat-based systems:
        $ sudo yum install epel-release
        $ sudo yum install openvpn
  2. Download Configuration File:

    Obtain the ovpn configuration file for the VPN server from your company's VPN server management. You might receive this file via email or through a secure download link.

  3. Connect to VPN:

    Once you have the configuration file, you can initiate the VPN connection using the following command:

    $ sudo openvpn --config /path/to/your/config.ovpn
  4. Replace /path/to/your/config.ovpn with the actual path to your downloaded ovpn configuration file.

  5. Enter Username and Password:

  6. After running the above command, OpenVPN will prompt you for your username and password. Enter the credentials associated with your VPN account and press Enter.

    • Connected:

      If the provided credentials are correct, OpenVPN will establish a connection to the VPN server, and you'll see log messages indicating the connection status. You are now securely connected to your company's VPN.

    • Disconnect:

      To disconnect from the VPN server, simply press Ctrl + C in the terminal where the OpenVPN connection is running. This will gracefully terminate the connection.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment