SoftEther on VPS

I saw a post on lowendtalk last week introducing a new piece of vpn software call SoftEther.

What is SoftEther

A Free Cross-platform Multi-protocol VPN program, as an academic project from University of Tsukuba.

It is a single server which support SSL-VPN (HTTPS) and 6 major VPN protocols (OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3 and EtherIP).

I would like to also highlight the VPN over ICMP and VPN over DNS feature if you are inside a very strict network.

VPS Setup Guide

This post use SecureNAT. You may want to setup local bridge.

SoftEther author contacted me to highlight serveral points:

  • On physical server, local bridge will perform better than SecureNAT
  • DO NOT enable both local bridge and SecureNAT at the same time. Packets will loop infinitly and make your server 100% CPU usage.

Requirement: VPS

I am using vps from buyvm. I got from a year deal which is USD12/year. I would recommend Ramnode(affiliated) as a VPS provider. Their VPS is speedy and support is amazing.

  • Spec:
    • RAM: 128MB
    • Burst: 256MB
    • Disk Space: 15GB
    • Bandwidth: 500GB
    • Location: Buffalo, USA
  • OS:
    • Debian 6.0 64bit (minimal)

Make sure you login root as follow:

login as root

Before installing SoftEther Server let us install some prerequisite.

(build_tools.sh) download
1
2
apt-get update
apt-get install build-essential

Go to SoftEther to download the server binary.

download selection

I am using Ver 1.00, Build 9029, rc2 in this tutorial.

After download, run

(make.sh) download
1
2
3
tar zxf softether-vpnserver-v1.00-9029-rc2-2013.03.16-linux-x64-64bit.tar.gz
cd vpnserver
make

Read the Agreement and press 1 three times.

Then we move the dir to /usr/local/

(install.sh) download
1
2
3
4
5
6
7
cd ..
mv vpnserver /usr/local
cd /usr/local/vpnserver/
chmod 600 *
chmod 700 vpncmd
chmod 700 vpnserver
nano /etc/init.d/vpnserver

paste the following content to nano

(vpnserver.sh) download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/bin/sh
### BEGIN INIT INFO
# Provides:          vpnserver
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start daemon at boot time
# Description:       Enable Softether by daemon.
### END INIT INFO
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

ctrl-o ret ctrl-x

After that we enable the service

(service.sh) download
1
2
3
4
5
chmod 755 /etc/init.d/vpnserver
mkdir /var/lock/subsys
update-rc.d vpnserver defaults
/etc/init.d/vpnserver start
cd /usr/local/vpnserver/

Then we need to do a checking.

1
2
3
./vpncmd
3
check

You should get 4 “Pass”.

We need to set the server admin password

1
2
3
4
5
./vpncmd
1
ret
ret
VPN Server>ServerPasswordSet

Enter the admin password.

I do the setting on a windows client. It is running

server manager

Install it, run it, click New setting. Input ip and password.

input setting

Then connect to it. On successful login, it will pop up Easy Setup

easy setup Check Remote Access Server and Next

warning

Yes

Virtual Hub name

OK

Setup L2TP Check Enable L2TP Server Function and input your own pre-share key

OK

Azure We disable Azure VPN

Create User

Then we need to create a new user. This is trivial.

User

Manager Click on “Manage Virtual Hub”

Click on “Secure NAT” (If you want a faster connection we can refer to my 2nd post on softether)

Secure NAT

Enable the Virtual NAT

Again DO NOT enable SecureNAT and local bridge at the same time!

Done

You can try to connect to the vpn server through L2TP/IPSec.

Comments