Introduction
This is a fast solution to create a personal VPN server. I’ve personally used this server while working remotely in Russia to bypass restrictions and it worked smoothly (SoftEther bypasses restrictions by mimicking regular https traffic).
SoftEther does require l2tp tunneling protocol which might not be available on all devices, for example new Android devices don’t have a built in l2tp tunneling protocol. Otherwise this was tested on MacOS, Windows and IOS devices successfully.
Also while in Russia the VPN did not work using cellular data. It did work on a device that is connected to cellular data via hotspot.
Prerequisites
I personally use Vultr to create my servers, you can use the following link to get $300 on Vultr to test it out: Vultr $300 referral link.
Downloading SoftEther Package on Ubuntu
Get the SoftEther VPN Server package link by going to the Official Download Page and selecting the following:
- SoftEther VPN (Freeware) from the Select Software option.
- SoftEther VPN Server from the Select Component option
- Linux from the Select Platform option
- The CPU your server is using, in my case Intel x64 / AMD64
After selecting the above you will have a download link below for the latest version. Right click on the link and copy it.
Now in Ubuntu cli download the package by executing the following command:
wget the_url_you_just_copied
This will download the package in your current directory.
After the package is download view the file by listing current directories contents:
ls
You should have a file named similar to:
softether-vpnserver-some-version-here.tar.gz
Extracting and Installing SoftEther VPN Package
To extract the contents of the downloaded file run:
tar xzvf name-of-the-file-you-downloaded.tar.gz
This should extract to contents into a vpnserver directory.
Go inside the vpnserver directory and execute make:
cd vpnserver/
make
It is recommended to move the vpnserver directory to /usr/local/, let's do that:
cd ..
mv vpnserver /usr/local
ls -l /usr/local/vpnserver/
Now let's go to that directory and set the correct permissions:
cd /usr/local/vpnserver/
chmod 600 *
chmod 700 vpncmd
chmod 700 vpnserver
Check if SoftEther is Installed Correctly
We can run a SoftEther health check through its command line by doing the following:
cd /usr/local/vpnserver/
./vpncmd
You will be prompted with 3 options, type 3 and click enter. Next write check and click enter as in the image below:
If all checks pass then proceed with the next steps.
Create a Startup Script
Create the script using nano:
nano /opt/vpnserver.sh
Paste the following directives:
#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
Save and exit the file.
Set the correct file permissions:
chmod 755 /opt/vpnserver.sh
Create a systemd config file:
nano /etc/systemd/system/vpnserver.service
Paste the following directives:
[Unit]
Description = vpnserver daemon
[Service]
ExecStart = /opt/vpnserver.sh start
ExecStop = /opt/vpnserver.sh stop
ExecReload = /opt/vpnserver.sh restart
Restart = always
Type = forking
[Install]
WantedBy = multi-user.target
Now we can enable the script on startup, start the service and check its status:
systemctl enable vpnserver
systemctl start vpnserver
systemctl status vpnserver
Now you should have softether vpn running.
Creating a Hub
Let's enter the vpncmd and create a hub and a user in that hub:
cd /usr/local/vpnserver/
./vpncmd
Select option 1 Management of VPN Server or VPN Bridge
Press enter when prompted Hostname of IP Address of Destination:
Press enter when prompted Specify Virtual Hub Name:
To create a hub we'll first need to set the administrator password by running:
ServerPasswordSet
Set the password and remember it as it will be needed for creating the Hub.
Now let's create the Hub, you can name it anything:
HubCreate testHub
Now let's access the Hub:
Hub testHub
Let's enable SecureNAT feature, which makes it easy for devices connected to the VPN to get an internet connection and an IP address automatically, without needing extra setup or special equipment.
SecureNatEnable
Now lets enable IPsec, which allows the VPN server to support IPsec-based connections. IPsec is a widely-used protocol for secure communication, often used for connecting to VPNs on devices like phones and PC's.
IPsecEnable
Answer the prompts with the following:
Enable L2TP over IPsec Server Function (yes / no): yes
Enable Raw L2TP Server Function (yes / no): no
Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): no
Pre Shared Key for IPsec (Recommended: 9 letters at maximum): testkey
Default Virtual HUB in a case of omitting the HUB on the Username: testHub
Creating a Hub User
Now let's create a user for the hub:
UserCreate user1
Now lets set a password for the user:
UserPasswordSet user1
You will be prompted to create a password, remember it.
Disabling UFW
Ubuntu 24.04 comes with UFW enabled by default, let's disable it to allow all incoming connections:
ufw disable
Now everything should be ready for devices to connect to our VPN server.
Connecting to the VPN Server Using Windows
Download the SoftEther VPN client by going to the official download page, and selecting SoftEther VPN Client for component and Windows for Platform.
After installing SoftEther VPN open it, click on the Connect tab and select New VPN Connection Setting..
Add the setting name (name it anything you'd like).
Add the servers IP Address in the Host Name: field.
Keep the Port Number set to 443.
In the Virtual Hub Name dropdown you should find the Hub name that you previously created, select it.
In the User Authentication Setting:
- Select the Auth Type as Standard Password Authentication
- Enter the user created for the hub in the User Name field.
- Enter the users password in the Password field.
This is how the settings should look like:
Click OK.
Now double click or right click > Connect on your newly created vpn server, and you should successfully connect.
Connecting to the VPN Server using an IOS Device
Got to Settings > VPN > Add VPN Configuration...
Select L2TP for the Type option.
Add a Description.
Add servers IP Address in the Server field.
Add the Hub Username in the Account field.
Add the Hub Username's password in the Password field.
In the Secret field add the Pre Shared Key which you created previously when enabling the IPSec option (IPsecEnable in the Creating a Hub section).
Your settings should look similar to:
Save the settings, select the VPN you created and click on the slider next to VPN Status and you should connect.
Connecting the the VPN Server using MacOS
Click on the Wi-Fi icon > Network Preferences...
At the bottom left in the Network window you'll have the + icon to add a service, click on it.
In the Interface: option select VPN. For VPN Type select L2TP over IPSec.
In the Service Name field put a descriptive name for our service, such as SoftEther VPN Server, and click Create.
Keep the Configuration field set as Default. For the Server Address field add your servers IP Address. In the Account Name field add the user we've created for the Hub (user1 in this tutorial).
Click on the Authentication Settings.. , select Password for the User Authentication and add the users password. In the Shared Secret field under Machine Authentication put the pre-shared key string (created when enabling ipsec for the Hub). Click OK and Apply.
Now you should be able to connect to the server after clicking the Connect button.
Here is an image of the VPN configuration on MacOS:
ChatGPT Tip
ChatGPT does not give accurate commands when asked about SoftEtherVPN, therefor you need to provide it additional information.
When inside the virtual hub run the help command to list all the available commands, copy all of them and include them with your questions when asking chatGPT, this will provide you with accurate results.