Last active
April 14, 2023 21:12
-
-
Save bouroo/30ea2e3ce065d47a44e580093aa21bb3 to your computer and use it in GitHub Desktop.
Install softether vpn server on ubuntu 16.04+
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/env bash | |
| # Register vultr.com with free credit https://www.vultr.com/?ref=9206731-8H | |
| # Create vps | |
| # Tested on Ubuntu 18.04, Debian 10.0 | |
| # How to... | |
| # 1. Save this file as softether-installer.sh | |
| # 2. chmod +x softether-installer.sh | |
| # 3. Run bash file | |
| # > ./softether-installer.sh | |
| # Or just | |
| # > bash softether-installer.sh | |
| # 4. Init config vpnserver | |
| # > /usr/local/vpnserver/vpncmd | |
| # Enter into local server/hub config | |
| # > ServerPasswordSet {yourPassword} | |
| # Then use SoftEther VPN Server Manager to mange your server | |
| # If you have own certificate can load into vpnserver by | |
| # > /usr/local/vpnserver/vpncmd \ | |
| # localhost:5555 \ | |
| # /SERVER \ | |
| # /PASSWORD:"${VPN_PWD}" \ | |
| # /CMD ServerCertSet \ | |
| # /LOADCERT:/etc/ssl/private/${fullcahin}.pem \ | |
| # /LOADKEY:/etc/ssl/private/${privkey}.pem | |
| if [ "$(whoami)" != "root" ]; then | |
| SUDO=sudo | |
| fi | |
| # Update system | |
| ${SUDO} apt-get update && ${SUDO} apt-get -y upgrade | |
| # Get build tools | |
| ${SUDO} apt-get -y install build-essential wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev zlib1g-dev | |
| # Define softether version | |
| VER=$(curl -s https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/ | egrep -o '(v[0-9]).*(linux-x64-64bit.tar.gz)' | grep vpnserver | head -1) | |
| #VER=$(curl -s https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/ | egrep -o '(v[0-9]).*(linux-x64-64bit.tar.gz)' | grep vpnserver | grep rtm | head -1) | |
| # Get softether source | |
| wget "https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/${VER}" -O /tmp/softether-vpnserver.tar.gz | |
| # Stop service | |
| ${SUDO} systemctl stop vpnserver | |
| # Extract softether source | |
| ${SUDO} mv /usr/local/vpnserver /usr/local/vpnserver_bak | |
| ${SUDO} tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/ | |
| ${SUDO} cat /usr/local/vpnserver_bak/vpn_server.config > /usr/local/vpnserver/vpn_server.config | |
| # Remove unused file | |
| ${SUDO} rm /tmp/softether-vpnserver.tar.gz | |
| # Move to source directory | |
| cd /usr/local/vpnserver | |
| # Workaround for 18.04+ | |
| #${SUDO} sed -i 's|OPTIONS=-O2|OPTIONS=-no-pie -O2|' Makefile | |
| # Build softether | |
| ./configure && make | |
| ${SUDO} make main | |
| # Change file permission | |
| ${SUDO} chmod 0600 * && ${SUDO} chmod +x vpnserver && ${SUDO} chmod +x vpncmd | |
| # Link binary files | |
| #${SUDO} ln -sf /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver | |
| #${SUDO} ln -sf /usr/local/vpnserver/vpncmd /usr/local/bin/vpncmd | |
| # Add systemd service | |
| ${SUDO} bash -c 'cat <<EOF >/lib/systemd/system/vpnserver.service | |
| [Unit] | |
| Description=SoftEther VPN Server | |
| After=network.target auditd.service | |
| ConditionPathExists=!/usr/local/vpnserver/do_not_run | |
| [Service] | |
| Type=forking | |
| EnvironmentFile=-/usr/local/vpnserver | |
| ExecStart=/usr/local/vpnserver/vpnserver start | |
| ExecStop=/usr/local/vpnserver/vpnserver stop | |
| KillMode=process | |
| Restart=on-failure | |
| # Hardening | |
| PrivateTmp=yes | |
| ProtectHome=yes | |
| ProtectSystem=full | |
| ReadOnlyDirectories=/ | |
| ReadWriteDirectories=-/usr/local/vpnserver | |
| CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF' | |
| # Act as router | |
| #echo "net.ipv4.ip_forward = 1" | ${SUDO} tee -a /etc/sysctl.conf | |
| # Tune Kernel | |
| #echo "net.ipv4.ip_local_port_range = 1024 65535" | ${SUDO} tee -a /etc/sysctl.conf | |
| #echo "net.ipv4.tcp_congestion_control = bbr" | ${SUDO} tee -a /etc/sysctl.conf | |
| #echo "net.core.default_qdisc = fq" | ${SUDO} tee -a /etc/sysctl.conf | |
| ${SUDO} sysctl --system | |
| # Reload service | |
| ${SUDO} systemctl daemon-reload | |
| # Enable service | |
| ${SUDO} systemctl enable vpnserver | |
| # Start service | |
| ${SUDO} systemctl restart vpnserver | |
| exit 0 |
@mikeevans82 thx, just fixed that line.
@bouroo I tested your edit on line 59 and it still produces a "permission denied" error for me when running as a normal user. I believe the problem is that ">" is interpreted by the current bash shell, which is not being elevated by sudo. In your script, bash needs to be elevated to create a file in /lib/... but your sudo command is being applied to cat instead. In my solution "sudo bash -c" runs the command with an elevated(super user) bash process.
Tested and works with Ubuntu 22.04.1 LTS @ Vultr VPS
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for this script! I have a few notes on the comments and issues I had.
@Akonova1enko: If you see "Fatal Error: The file "hamcore.se2" is missing or broken." its probably because you are running vpncmd without elevated permissions. Use a root account or sudo.
@amanjuman: If you see "/usr/local/env: bad interpreter: No such file or directory" you need to specify the correct path to env at line one in the script. I'm not sure how this is working for other Ubuntu users. On 18.04 Server I updated the path to /usr/bin/env.
For me /usr/local/env was missing on 18.04 Desktop, 18.04 Server, 19.04 Desktop, and 19.10 Desktop.
@bouroo: I got permission denied on line 59 when running without the sudo command. Replacing it with this fixed it for me:
${SUDO} bash -c 'cat > /lib/systemd/system/vpnserver.service' << EOF