How To Install SoftEther VPN Server on Fedora 42
Setting up a robust VPN infrastructure has become essential for organizations and individuals seeking secure network communications. SoftEther VPN Server stands out as one of the most versatile and powerful open-source VPN solutions available today. This comprehensive guide walks you through the complete installation and configuration process of SoftEther VPN Server on Fedora 42, providing detailed instructions, troubleshooting tips, and optimization strategies.
Whether you’re a system administrator looking to implement enterprise-grade VPN capabilities or a privacy-conscious user wanting to create your own secure VPN server, this tutorial covers everything you need to know. From initial system preparation to advanced configuration options, you’ll learn how to deploy a fully functional VPN server that supports multiple protocols and client types.
Understanding SoftEther VPN Server
What is SoftEther VPN
SoftEther VPN represents a breakthrough in VPN technology, developed at the University of Tsukuba in Japan. This open-source, multi-protocol VPN software transcends traditional VPN limitations by supporting virtually all VPN protocols including OpenVPN, L2TP/IPsec, MS-SSTP, L2TPv3, and EtherIP. The software’s name derives from “Software Ethernet,” highlighting its ability to create virtual Ethernet switches over IP networks.
Unlike conventional VPN solutions that focus on single protocols, SoftEther VPN operates as a universal VPN platform. This approach enables seamless integration with existing network infrastructure while providing maximum flexibility for different client requirements.
Key Features and Benefits
SoftEther VPN Server delivers exceptional performance through its advanced networking stack and optimized protocol implementations. The software achieves higher throughput compared to traditional VPN solutions by utilizing sophisticated buffering mechanisms and parallel processing capabilities.
The multi-protocol support ensures compatibility with virtually any VPN client, from legacy systems to modern mobile devices. This versatility eliminates the need for multiple VPN servers when supporting diverse client environments. The built-in SSL-VPN functionality works seamlessly through firewalls and NAT devices, making it ideal for restrictive network environments.
Enterprise-grade security features include robust encryption algorithms, certificate-based authentication, and comprehensive access control mechanisms. The software supports Perfect Forward Secrecy (PFS) and implements industry-standard security protocols to protect sensitive data transmission.
The web-based management interface simplifies server administration, allowing administrators to configure settings, monitor connections, and manage users through an intuitive graphical interface. Advanced users can also utilize command-line tools for automated deployment and scripting.
System Requirements and Prerequisites
Fedora 42 System Requirements
Running SoftEther VPN Server efficiently requires adequate system resources. For basic deployments supporting up to 50 concurrent connections, a minimum of 1GB RAM and a single CPU core suffices. However, production environments benefit significantly from enhanced specifications.
Recommended server configurations include 4GB RAM, dual-core processors, and SSD storage for optimal performance. High-traffic deployments serving hundreds of simultaneous connections should utilize servers with 8GB+ RAM, quad-core processors, and high-speed network interfaces.
Network considerations play a crucial role in VPN server performance. Ensure sufficient bandwidth allocation for peak usage scenarios, considering that VPN encryption adds computational overhead. Port availability is essential, particularly for standard VPN ports including 443 (HTTPS/SSTP), 992 (SSL), 1194 (OpenVPN), and 5555 (SoftEther default).
Required Dependencies
Fedora 42 installations require specific development tools and libraries for successful SoftEther VPN compilation. The build process depends on GCC compiler suite, make utilities, and various system libraries. Essential packages include gcc
, make
, wget
, tar
, and gzip
for basic functionality.
SSL development libraries are critical for encryption capabilities. Install openssl-devel
for cryptographic functions and certificate management. Additional dependencies include zlib-devel
for compression, readline-devel
for interactive command-line interfaces, and ncurses-devel
for terminal management.
System libraries such as libpthread
and librt
provide threading and real-time capabilities essential for high-performance VPN operations. These libraries are typically included in standard Fedora installations but should be verified before proceeding.
Pre-installation Checklist
Verify administrative access through either root privileges or sudo capabilities. Test internet connectivity to ensure package downloads and updates function correctly. Document current firewall configurations to plan VPN port access requirements.
Check SELinux status using sestatus
command. While SoftEther VPN can operate with SELinux enabled, initial installations often proceed more smoothly with permissive mode. Plan to re-enable enforcing mode after successful configuration.
Preparing the Fedora 42 System
System Update Process
Begin preparation by updating the Fedora 42 system to ensure all security patches and package updates are applied. Execute the comprehensive update command:
sudo dnf update -y
This command downloads and installs all available package updates, including kernel updates if available. The process may take several minutes depending on the number of pending updates and network speed. Monitor the output for any error messages or dependency conflicts.
Following significant updates, particularly kernel updates, reboot the system to ensure all changes take effect:
sudo reboot
After rebooting, verify the system is running the latest kernel version using uname -r
command.
Installing Development Tools
SoftEther VPN requires compilation from source code, necessitating a complete development environment. Install the essential development tools group:
sudo dnf groupinstall "Development Tools" -y
This command installs a comprehensive set of development utilities including GCC compiler suite, make utilities, debugging tools, and standard development libraries. The installation process typically requires 200-500MB of disk space.
Install additional required packages individually:
sudo dnf install openssl-devel zlib-devel readline-devel ncurses-devel wget -y
Verify successful installation by checking compiler version:
gcc --version
make --version
Firewall Configuration
Configure firewalld to allow VPN traffic through required ports. SoftEther VPN utilizes multiple ports for different protocols, requiring careful firewall management.
Add permanent firewall rules for essential VPN ports:
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --permanent --add-port=992/tcp
sudo firewall-cmd --permanent --add-port=1194/udp
sudo firewall-cmd --permanent --add-port=5555/tcp
sudo firewall-cmd --permanent --add-port=500/udp
sudo firewall-cmd --permanent --add-port=4500/udp
Apply firewall rule changes:
sudo firewall-cmd --reload
Verify active firewall rules:
sudo firewall-cmd --list-all
Downloading SoftEther VPN Server
Locating the Official Download
Navigate to the official SoftEther VPN download portal at the University of Tsukuba website. The download section provides multiple package options organized by operating system and architecture. Select the Linux version specifically designed for Intel/AMD 64-bit processors.
Current stable releases follow semantic versioning (v4.x.x-rtm) with regular updates addressing security issues and feature enhancements. Always choose the latest stable release rather than beta or development versions for production deployments.
Download Process
Create a dedicated directory for SoftEther VPN installation files:
mkdir ~/softether-vpn
cd ~/softether-vpn
Download the latest SoftEther VPN Server package using wget:
wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.44-9807-rtm/softether-vpnserver-v4.44-9807-rtm-2025.04.16-linux-x64-64bit.tar.gz
Verify download integrity by checking file size and ensuring the download completed successfully:
ls -lh softether-vpnserver-*.tar.gz
The downloaded file should be approximately 5-10MB in size. Incomplete downloads may indicate network issues requiring retry attempts.
Installation and Compilation Process
Extracting the Package
Extract the downloaded tar.gz archive using tar command:
tar xzf softether-vpnserver-*.tar.gz
This creates a vpnserver
directory containing all necessary source code and compilation files. Navigate to the extracted directory:
cd vpnserver
Examine the directory contents to understand the package structure:
ls -la
Key files include Makefile
for compilation, ReadMeFirst_License.txt
for licensing information, and various source code directories.
Compilation Process
Initiate the compilation process using the make command:
make
The compilation process presents several license agreement prompts requiring acceptance. Read each license carefully and respond with 1
to accept the agreements when prompted. The compilation typically requires 2-5 minutes depending on system performance.
Monitor compilation output for warning messages or errors. Successful compilation produces several binary files including vpnserver
, vpncmd
, and various library files. Warning messages about deprecated functions are generally acceptable and don’t indicate compilation failures.
Verify successful compilation by checking for generated binaries:
ls -la vpnserver vpncmd
Both files should be present with executable permissions indicated by the x
flag in file permissions.
Installation Verification
Test system compatibility before proceeding with configuration:
./vpnserver check
This command performs comprehensive system checks including CPU compatibility, memory availability, and required library presence. All checks should return OK
status. Any failed checks indicate missing dependencies or system incompatibilities requiring resolution.
Initial SoftEther VPN Server Configuration
Starting the VPN Server
Launch the VPN server daemon in background mode:
./vpnserver start
The server initializes and creates necessary runtime files. Verify successful startup by checking the process status:
ps aux | grep vpnserver
The output should display running vpnserver processes. Initial startup creates configuration files and establishes the management interface.
Administrative Password Setup
Access the VPN server management interface using the vpncmd utility:
./vpncmd
The vpncmd utility presents a menu with three options. Select option 1
(Management of VPN Server or VPN Bridge) to access server administration functions.
Specify the server address as localhost
and press Enter to accept the default port. When prompted for administrator password, press Enter since no password is initially set.
Set the server administrator password using the ServerPasswordSet command:
ServerPasswordSet
Enter a strong password containing uppercase letters, lowercase letters, numbers, and special characters. The password should be at least 12 characters long for adequate security. Re-enter the password when prompted for confirmation.
Virtual Hub Configuration
SoftEther VPN utilizes Virtual Hubs to organize VPN connections and apply policies. Configure the default Virtual Hub named “DEFAULT”:
Hub DEFAULT
This command enters the Virtual Hub management mode. Set a strong password for the Virtual Hub:
SetHubPassword
Configure basic hub settings including maximum concurrent sessions and security policies:
SetMaxSession 100
This limits the hub to 100 simultaneous connections, preventing resource exhaustion attacks.
Creating VPN Users and Authentication
User Account Creation
Create VPN user accounts within the Virtual Hub context. Each user requires a unique username and authentication method. Create a sample user account:
UserCreate testuser
Specify the user’s group assignment when prompted. Users can belong to different groups with varying access privileges and bandwidth limitations.
Add additional users as needed:
UserCreate adminuser
UserCreate mobileuser
Organize users into logical groups based on access requirements and security policies.
Password Configuration
Set secure passwords for created user accounts:
UserPasswordSet testuser
Enter a strong password following organizational password policies. Each user should have a unique password to prevent unauthorized access if one account is compromised.
Configure password policies to enforce security requirements:
SetUserPasswordPolicy
Enable password expiration, minimum length requirements, and complexity rules as appropriate for your security requirements.
Certificate-based Authentication
For enhanced security, configure certificate-based authentication. Generate user certificates using the built-in certificate authority:
UserCertSet testuser
Provide the certificate file when prompted. Certificate authentication provides stronger security than password-only authentication and enables automated client authentication.
Network and DHCP Configuration
Enabling SecureNAT Function
SecureNAT provides NAT (Network Address Translation) and DHCP services for VPN clients. Enable SecureNAT within the Virtual Hub:
SecureNatEnable
This command activates the built-in NAT functionality, allowing VPN clients to access internet resources through the VPN server. SecureNAT automatically configures routing and NAT rules for client traffic.
Verify SecureNAT status:
SecureNatStatusGet
The output displays current NAT configuration including IP address ranges, routing tables, and active connections.
DHCP Server Configuration
Configure the DHCP server to assign IP addresses to VPN clients automatically:
DhcpSet /START:192.168.30.10 /END:192.168.30.200 /MASK:255.255.255.0 /EXPIRE:7200 /GW:192.168.30.1 /DNS:8.8.8.8 /DNS2:8.8.4.4 /DOMAIN:vpn.local /LOG:yes
This configuration provides:
- IP address range from 192.168.30.10 to 192.168.30.200
- Subnet mask 255.255.255.0 (24-bit network)
- Gateway address 192.168.30.1
- Primary DNS server 8.8.8.8 (Google DNS)
- Secondary DNS server 8.8.4.4
- Domain name vpn.local
- DHCP lease time 7200 seconds (2 hours)
Verify DHCP configuration:
DhcpGet
Review all settings to ensure correct IP ranges and DNS servers are configured.
Protocol-Specific Configuration
OpenVPN Server Setup
Enable OpenVPN clone functionality to support standard OpenVPN clients:
OpenVpnEnable yes /PORTS:1194
This command activates OpenVPN compatibility on UDP port 1194. Generate OpenVPN configuration files for client distribution:
OpenVpnMakeConfig openvpn_config.zip
The generated ZIP file contains client configuration files, certificates, and connection profiles for various OpenVPN clients including Windows, macOS, Linux, and mobile platforms.
L2TP/IPsec Configuration
Configure L2TP over IPsec for built-in VPN client support on Windows, macOS, and mobile devices:
IPsecEnable /L2TP:yes /L2TPRAW:yes /ETHERIP:no /PSK:YourPreSharedKey123 /DEFAULTHUB:DEFAULT
Replace “YourPreSharedKey123” with a strong pre-shared key containing random characters. This configuration enables:
- L2TP over IPsec tunnel mode
- Raw L2TP without IPsec (for testing)
- Default hub assignment for L2TP connections
Verify IPsec configuration:
IPsecGet
SSTP Configuration
Enable SSTP (Secure Socket Tunneling Protocol) for secure connections through firewalls:
SstpEnable yes
SSTP utilizes port 443 (HTTPS) making it ideal for restrictive network environments. The protocol works seamlessly through corporate firewalls and proxy servers.
Configure SSL certificate for SSTP connections:
ServerCertSet
Use a valid SSL certificate from a trusted certificate authority for production deployments. Self-signed certificates work for testing but may cause client warnings.
System Service Configuration
Creating Systemd Service
Create a systemd service unit for automatic VPN server startup:
sudo nano /etc/systemd/system/softether-vpnserver.service
Add the following service configuration:
[Unit]
Description=SoftEther VPN Server
After=network.target
[Service]
Type=forking
User=root
ExecStart=/home/username/softether-vpn/vpnserver/vpnserver start
ExecStop=/home/username/softether-vpn/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
Replace /home/username/softether-vpn/vpnserver/
with the actual installation path.
Service Management
Reload systemd configuration and enable the service:
sudo systemctl daemon-reload
sudo systemctl enable softether-vpnserver
sudo systemctl start softether-vpnserver
Verify service status:
sudo systemctl status softether-vpnserver
The service should display “active (running)” status with no error messages.
Security Hardening and Best Practices
Access Control Configuration
Implement IP-based access restrictions to limit management interface access:
AccessAdd /PRIORITY:10 /SRC:192.168.1.0/24 /PASS:yes /NOTE:"Local network access"
AccessAdd /PRIORITY:20 /SRC:0.0.0.0/0 /PASS:no /NOTE:"Deny all other access"
Configure user group policies with bandwidth limitations:
GroupPolicySet testgroup /NAME:"Standard Users" /REALNAME:"Standard VPN Users" /NOTE:"Regular users with bandwidth limits" /MAXSESSION:2 /TIMEEXPIREMSG:"Session expired" /FIXEDPASSWORD:no /MAXMAC:1 /MAXIP:1 /MAXUPLOAD:1000000 /MAXDOWNLOAD:5000000
Encryption and Security Settings
Configure strong cipher suites and security parameters:
ServerCipherSet DHE-RSA-AES256-SHA
Enable Perfect Forward Secrecy (PFS) for enhanced security:
ProtoOptionsSet /NAME:SecureNAT /VALUE:yes
Implement comprehensive logging for security monitoring:
LogEnable packet
LogSwitchSet packet /DISKQUOTA:100000000
Client Connection Setup and Testing
Windows Client Configuration
Install the SoftEther VPN Client on Windows systems from the official download page. Create a new VPN connection using the Connection Manager:
- Launch SoftEther VPN Client Manager
- Click “Add VPN Connection”
- Enter server hostname or IP address
- Specify port number (default 443)
- Enter username and password
- Select authentication method
- Test connection functionality
For built-in Windows VPN clients, configure L2TP/IPsec connections using the pre-shared key configured earlier.
Linux Client Setup
Install SoftEther VPN Client on Linux distributions:
wget https://www.softether-download.com/files/softether/v4.41-9782-beta/Linux/SoftEther_VPN_Client/64bit_-_Intel_x64_or_AMD64/softether-vpnclient-v4.41-9782-beta-2022.11.17-linux-x64-64bit.tar.gz
tar xzf softether-vpnclient-*.tar.gz
cd vpnclient
make
Create client connections using vpncmd:
./vpncmd
Select option 2 (Management of VPN Client) and configure connections using AccountCreate and AccountConnect commands.
Mobile Device Configuration
Configure Android and iOS devices using built-in VPN clients with L2TP/IPsec settings:
- Server address: VPN server IP or hostname
- L2TP secret: Pre-shared key
- Username and password: VPN user credentials
- Encryption: Require encryption
Test connections from various network locations to verify functionality.
Troubleshooting Common Issues
Connection Problems
Common connection failures include firewall restrictions, incorrect authentication credentials, and network routing issues. Diagnose connection problems systematically:
Check server logs for authentication failures:
LogGet
Verify firewall rules allow VPN traffic:
sudo firewall-cmd --list-all
Test port accessibility from client networks using telnet or nc commands:
telnet vpn.server.com 443
Performance and Stability Issues
Monitor server performance using built-in statistics:
StatusGet
SessionList
Address memory usage issues by adjusting connection limits and implementing user quotas. Monitor CPU utilization during peak usage periods and consider hardware upgrades for high-traffic deployments.
Optimize network performance by adjusting TCP window sizes and buffer settings:
ProtoOptionsSet /NAME:OpenVPN_UdpPortList /VALUE:"1194"
Advanced Configuration and Optimization
Load Balancing and Clustering
Deploy multiple SoftEther VPN servers for high availability and load distribution. Configure server clustering using the built-in clustering functionality:
ClusterEnable
ClusterMemberAdd server2.example.com
Implement external load balancers to distribute client connections across multiple servers. Use health checks to monitor server availability and automatically redirect traffic during server failures.
Monitoring and Logging
Configure comprehensive logging for security and performance monitoring:
LogEnable security
LogEnable admin
LogEnable session
Set up log rotation to prevent disk space exhaustion:
LogSwitchSet security /DISKQUOTA:500000000
Implement external monitoring tools to track server performance, connection statistics, and security events.
Maintenance and Updates
Regular Maintenance Tasks
Establish regular maintenance schedules including log review, performance monitoring, and security updates. Create automated backup scripts for configuration files and user databases:
#!/bin/bash
cp /path/to/vpnserver/vpn_server.config /backup/vpn_server.config.$(date +%Y%m%d)
Monitor disk usage and clean up old log files periodically. Review user access logs for suspicious activities and unauthorized access attempts.
Version Upgrade Process
Plan SoftEther VPN upgrades carefully, testing new versions in development environments before production deployment. Download new versions and follow the same compilation process. Stop the current server, backup configuration files, install the new version, and restore configurations.
Test all functionality after upgrades including client connections, authentication systems, and administrative interfaces.
Congratulations! You have successfully installed SoftEther VPN. Thanks for using this tutorial for installing the SoftEther VPN Server on Fedora 42 Linux system. For additional help or useful information, we recommend you check the official SoftEther website.