Knowledgebase : Networking > VPN > L2TP > SoftEther
SoftEther Installation
Posted by Administrator on 14 October 2016 04:55 pm
This guide will show you how to install SoftEther on your Centos Server.

First update your Server as root

 yum -y update

Next install console download tool "Lynx"

 yum install lynx -y

Now download SoftEther:

  
lynx http://www.softether-download.com/files/softether/

Find the newest stable release for your OS and download it, you can use "s" to save and "q" to quit

Now extract your file:
tar xzvf softether-vpnserver-v2.00-9387-rtm-2013.09.16-linux-x86-32bit.tar.gz

Developement tools must be installed

 yum groupinstall "Development Tools"

 cd vpnserver
make

Accept the next 3 questionsto agree to software licensing, then we can move these files to an executable location
 
cd ..
mv vpnserver /usr/local
cd /usr/local/vpnserver/

Next set file permission:

chmod 600 *
chmod 700 vpnserver
chmod 700 vpncmd

Next make an executable startup script:

nano /etc/init.d/vpnserver
#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

Save this script and make it execute:
chmod 755 /etc/init.d/vpnserver && /etc/init.d/vpnserver start

Verify your installation:
chkconfig --add vpnserver 

cd /usr/local/vpnserver
./vpncmd
select option 3 to test the app. and enter "check"
type exit to continue configuring:

./vpncmd and use option 1
secure your VPN server:
ServerPasswordSet

HubCreate VPN
Hub VPN
SecureNatEnable
configure a user
UserCreate vpnuser
userPasswordSet vpnuser

The default type of authentication is Password but we can change it to a different type using commands below:

UserNTLMSet for NT Domain Authentication

UserPasswordSet for Password Authentication

UserAnonymousSet for Anonymous Authentication

UserRadiusSet for RADIUS Authentication

UserCertSet for Individual Certificate Authentication

UserSignedSet for Signed Certificate Authentication

 
IPsecEnable

__________________________________________________________________________________
That's your done or you can configure SoftEther to accept login by certificates

The SoftEther can clone the functions of Microsoft SSTP VPN Server and OpenVPN Server. But before we enable these we have to generate a self-signed SSL certificate for our server. You can use openssl or SoftEther's own command to generate a SSL certificate.

Here we use SoftEther's ServerCertRegenerate command to generate and register a self-signed SSL certificate for our server. The argument passed to command is CN (Common Name), and must be set to your host name (FQDN) or IP address:

ServerCertRegenerate [CN]

Note 1: SoftEther also comes with a built-in Dynamic DNS function, which can assign a unique and permanent hostname for your server. You can use the hostname assigned by this function for creating a SSL Certificate and connecting to your server.

Note 2: If you already have a SSL certificate or you have created one using openssl, it can be added to the server using the command ServerCertSet.

Now that we have created the certificate, we have to download the certificate to our clients and add them as trusted. Using the command below, we save the server certificate into a file named cert.cer:

ServerCertGet ~/cert.cer

Now you can download the certificate to your client using FileZilla or any other SFTP Client.

To make the certificate trusted in Windows, you have to install it in the Trusted Root Certification Authorities store. Here's an article explaining how (read the To install a certificate chain part):

Installing a Certificate Chain

Now that we have created and registered a SSL Certificate for our server, we can enable SSTP function with this command:

SstpEnable yes

And to enable OpenVPN:

OpenVpnEnable yes /PORTS:1194

Note: OpenVPN's default port is 1194, but you can change it to any port you want by changing the/PORTS:1194 part of the command above to your desired port or ports (yes it supports multiple ports).

After you enabled OpenVPN, you can download a sample configuration file for OpenVPN client. Here we create a sample OpenVPN configuration file and save it to myopenvpnconfig.zip:

OpenVpnMakeConfig ~/my_openvpn_config.zip

Then you can download it using any SFTP client such as FileZilla and apply it to your OpenVPN clients.

SoftEther also provides a dedicated VPN Client software for both Windows and Linux. It supports a SoftEther specific protocol called Ethernet over HTTPS or SSL-VPN which is very powerful. It uses HTTPS protocol and port 443 in order to establish a VPN tunnel, and because this port is well-known, almost all firewalls, proxy servers and NATs can pass the packet. In order to use SSL-VPN protocol, you must download and install SoftEther VPN Client, which can be obtained from their website.

 

Since SoftEther is a multi-protocol VPN server, there are many ways to connect to it as a client. You can choose any protocol to establish a secure connection to your server, including L2TP, SSTP, OpenVPN and an exclusive to SoftEther protocol named SSL-VPN.

Depending on the client operating system and configurations, you could use any of the mentioned protocols. However, I prefer to use SSL-VPN since it's both secure and fast, and also as mentioned before since it uses a common and well-known port (443 or https-port), it can penetrate most of the firewalls.

Here we use SoftEther's own VPN client software to connect to our server:

First download the SoftEther VPN Client for Linux from SoftEther's website. We can download it using alynx browser. Enter this command to open SoftEther's download page:

lynx http://www.softether-download.com/files/softether/

Then just as you did when downloading the Server software, select the latest version (Here we usedv2.00-9387-rtm-2013.09.16). Now choose Linux and in the next page choose SoftEther VPN Client. Now depending on your system's hardware architecture, choose a package (The 32bit - Intel x86 and 64bit - Intel x64 or AMD64 works for DigitalOcean 32bit or 64bit droplets). Finally download the tar file from the next page by pressing the "D" key on the link, and choose Save to disk when asked by Lynx. After the file is saved, press "Q" to quit Lynx.

Extract the tar file you just downloaded using this command:

tar xzvf softether-vpnclient-v2.00-9387-rtm-2013.09.16-linux-x86-32bit.tar.gz

Note: Change softether-vpnclient-v2.00-9387-rtm-2013.09.16-linux-x86-32bit.tar.gz to your downloaded file's name.

Now just as we did with the server, we have to compile and make vpnclient an executable file by running these commands (make sure you have the development tools mentioned:

cd vpnclient
make

Enter 1 three times when asked to read and accept the License Agreement, and then move the files to another directory and change permissions:

cd ..
mv vpnclient /usr/local
cd /usr/local/vpnclient/
chmod 600 *
chmod 700 vpnclient
chmod 700 vpncmd

Then start the VPN client service using this command:

./vpnclient start

To configure our client, we're going to use vpncmd. While you're in the vpnclient directory enter this command to run vpncmd tool:

./vpncmd

Choose 2 to enter Management of VPN Client mode, and then press enter to connect to and manage the local VPN client you just installed.

SoftEther uses Virtual Adapters to establish a connection to our VPN server, using this command create a Virtual Adapter named myadapter:

NicCreate myadapter

Now using this command, create a new VPN connection named myconnection:

AccountCreate myconnection

Then enter your SoftEther VPN server's IP and Port number. The port number could be any port that you have set as listening on your server. By default, SoftEther listens on these four ports: 443, 992, 1194, 5555. Here as an example where we use port 443:

Destination VPN Server Host Name and Port Number: [VPN Server IP Address]:443

Note: Instead of an IP Address, you could also enter you server's fully qualified domain name (FQDN).

Now enter the name of the Virtual Hub you're trying to connect to on your server. In our case it is namedVPN:

Destination Virtual Hub Name: VPN

Then enter the username of a user you created in your server. We created a user called test:

Connecting User Name: test

And finally enter the name of the Virtual Hub you just created:

Used Virtual Network Adapter Name: myadapter

Now our VPN connection has been created and it's ready to be connected. One last step is to change the Authentication mode to Password since that's how we configured our user's authentication mode in the server:

AccountPasswordSet myconnection

When asked for, enter standard as password authentication method:

Specify standard or radius: standard

Finally we can connect our connection-- use this command to do that:

AccountConnect myconnection

You can see the connection status using this command:

AccountStatusGet myconnection