Install SoftEther VPN Server on Ubuntu && Debian

_.:=iTake=:._

Administrator
Staff member
Credits
3,488
#1
Preparing
Upgrade the system
Code:
# apt-get update && apt-get -y upgrade
Install (if it’s not installed yet) build-essential for compilation purpose
Code:
# apt-get -y install build-essential
And other required packages
Code:
# apt-get -y install wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev zlib1g-dev
Installing SoftEther VPN
Download the last stable version (marked rtm) or stable-beta, and save it in /tmp

Code:
# wget "https://www.softether-download.com/files/softether/v4.25-9656-rtm-2018.01.15-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.25-9656-rtm-2018.01.15-linux-x64-64bit.tar.gz" -O /tmp/softether-vpnserver.tar.gz
Uncompress the sources
Code:
# tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/
Remove unused file
# rm /tmp/softether-vpnserver.tar.gz

Install from the sources

Code:
# cd /usr/local/vpnserver/
# make
During the installation process, we will have to type 1 to read the Licence Agreement, type 1 again to confirm that we have read the License Agreement and finally type 1 to agree with the License Agreement.



Kawin uses key i_read_and_agree_the_license_agreement, that does not require confirmation

Code:
# make i_read_and_agree_the_license_agreement
Change file permission

Code:
# chmod 0600 *
# chmod 0700 vpnserver
# chmod 0700 vpncmd
 

_.:=iTake=:._

Administrator
Staff member
Credits
3,488
#2
Server checking
Before going further, let’s check that the VPN server can operate normally
To do that run the vpncmd command and use the check VPN tool.



Service configuration
Link binary files

Code:
# ln -s /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver
# ln -s /usr/local/vpnserver/vpncmd /usr/local/bin/vpncmd
Create the file /lib/systemd/system/vpnserver.service
Code:
# vim /lib/systemd/system/vpnserver.service
and add following

Code:
[Unit]
Description=SoftEther VPN Server
After=network.target
ConditionPathExists=!/usr/local/vpnserver/do_not_run
[Service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure
WorkingDirectory=/usr/local/vpnserver
# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/usr/local/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID
[Install]
WantedBy=multi-user.target
Now the VPN server starts automatically on boot, and we are able to manage the vpnserver using systemctl

Code:
# systemctl start vpnserver
# systemctl status vpnserver
# systemctl stop vpnserver
Reload, enable and start the service

Code:
# systemctl daemon-reload
# systemctl enable vpnserver
# systemctl restart vpnserver
 

_.:=iTake=:._

Administrator
Staff member
Credits
3,488
#3
Set an admin password for VPNCMD
Code:
# cd /usr/local/vpnserver
# ./vpncmd
At the VPN command prompt, we type ServerPasswordSet

Code:
ServerPasswordSet yourPassword
 
Top