FedoraRHEL Based

How To Install SoftEther VPN Server on Fedora 42

r00t

Install SoftEther VPN Server on Fedora 42

Setting up a robust VPN infrastructure has become essential for organizations and individuals seeking secure network communications. SoftEther VPN Server stands out as one of the most versatile and powerful open-source VPN solutions available today. This comprehensive guide walks you through the complete installation and configuration process of SoftEther VPN Server on Fedora 42, providing detailed instructions, troubleshooting tips, and optimization strategies.

Whether you’re a system administrator looking to implement enterprise-grade VPN capabilities or a privacy-conscious user wanting to create your own secure VPN server, this tutorial covers everything you need to know. From initial system preparation to advanced configuration options, you’ll learn how to deploy a fully functional VPN server that supports multiple protocols and client types.

Understanding SoftEther VPN Server

What is SoftEther VPN

SoftEther VPN represents a breakthrough in VPN technology, developed at the University of Tsukuba in Japan. This open-source, multi-protocol VPN software transcends traditional VPN limitations by supporting virtually all VPN protocols including OpenVPN, L2TP/IPsec, MS-SSTP, L2TPv3, and EtherIP. The software’s name derives from “Software Ethernet,” highlighting its ability to create virtual Ethernet switches over IP networks.

Unlike conventional VPN solutions that focus on single protocols, SoftEther VPN operates as a universal VPN platform. This approach enables seamless integration with existing network infrastructure while providing maximum flexibility for different client requirements.

Key Features and Benefits

SoftEther VPN Server delivers exceptional performance through its advanced networking stack and optimized protocol implementations. The software achieves higher throughput compared to traditional VPN solutions by utilizing sophisticated buffering mechanisms and parallel processing capabilities.

The multi-protocol support ensures compatibility with virtually any VPN client, from legacy systems to modern mobile devices. This versatility eliminates the need for multiple VPN servers when supporting diverse client environments. The built-in SSL-VPN functionality works seamlessly through firewalls and NAT devices, making it ideal for restrictive network environments.

Enterprise-grade security features include robust encryption algorithms, certificate-based authentication, and comprehensive access control mechanisms. The software supports Perfect Forward Secrecy (PFS) and implements industry-standard security protocols to protect sensitive data transmission.

The web-based management interface simplifies server administration, allowing administrators to configure settings, monitor connections, and manage users through an intuitive graphical interface. Advanced users can also utilize command-line tools for automated deployment and scripting.

System Requirements and Prerequisites

Fedora 42 System Requirements

Running SoftEther VPN Server efficiently requires adequate system resources. For basic deployments supporting up to 50 concurrent connections, a minimum of 1GB RAM and a single CPU core suffices. However, production environments benefit significantly from enhanced specifications.

Recommended server configurations include 4GB RAM, dual-core processors, and SSD storage for optimal performance. High-traffic deployments serving hundreds of simultaneous connections should utilize servers with 8GB+ RAM, quad-core processors, and high-speed network interfaces.

Network considerations play a crucial role in VPN server performance. Ensure sufficient bandwidth allocation for peak usage scenarios, considering that VPN encryption adds computational overhead. Port availability is essential, particularly for standard VPN ports including 443 (HTTPS/SSTP), 992 (SSL), 1194 (OpenVPN), and 5555 (SoftEther default).

Required Dependencies

Fedora 42 installations require specific development tools and libraries for successful SoftEther VPN compilation. The build process depends on GCC compiler suite, make utilities, and various system libraries. Essential packages include gcc, make, wget, tar, and gzip for basic functionality.

SSL development libraries are critical for encryption capabilities. Install openssl-devel for cryptographic functions and certificate management. Additional dependencies include zlib-devel for compression, readline-devel for interactive command-line interfaces, and ncurses-devel for terminal management.

System libraries such as libpthread and librt provide threading and real-time capabilities essential for high-performance VPN operations. These libraries are typically included in standard Fedora installations but should be verified before proceeding.

Pre-installation Checklist

Verify administrative access through either root privileges or sudo capabilities. Test internet connectivity to ensure package downloads and updates function correctly. Document current firewall configurations to plan VPN port access requirements.

Check SELinux status using sestatus command. While SoftEther VPN can operate with SELinux enabled, initial installations often proceed more smoothly with permissive mode. Plan to re-enable enforcing mode after successful configuration.

Preparing the Fedora 42 System

System Update Process

Begin preparation by updating the Fedora 42 system to ensure all security patches and package updates are applied. Execute the comprehensive update command:

sudo dnf update -y

This command downloads and installs all available package updates, including kernel updates if available. The process may take several minutes depending on the number of pending updates and network speed. Monitor the output for any error messages or dependency conflicts.

Following significant updates, particularly kernel updates, reboot the system to ensure all changes take effect:

sudo reboot

After rebooting, verify the system is running the latest kernel version using uname -r command.

Installing Development Tools

SoftEther VPN requires compilation from source code, necessitating a complete development environment. Install the essential development tools group:

sudo dnf groupinstall "Development Tools" -y

This command installs a comprehensive set of development utilities including GCC compiler suite, make utilities, debugging tools, and standard development libraries. The installation process typically requires 200-500MB of disk space.

Install additional required packages individually:

sudo dnf install openssl-devel zlib-devel readline-devel ncurses-devel wget -y

Verify successful installation by checking compiler version:

gcc --version
make --version

Firewall Configuration

Configure firewalld to allow VPN traffic through required ports. SoftEther VPN utilizes multiple ports for different protocols, requiring careful firewall management.

Add permanent firewall rules for essential VPN ports:

sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --permanent --add-port=992/tcp
sudo firewall-cmd --permanent --add-port=1194/udp
sudo firewall-cmd --permanent --add-port=5555/tcp
sudo firewall-cmd --permanent --add-port=500/udp
sudo firewall-cmd --permanent --add-port=4500/udp

Apply firewall rule changes:

sudo firewall-cmd --reload

Verify active firewall rules:

sudo firewall-cmd --list-all

Downloading SoftEther VPN Server

Locating the Official Download

Navigate to the official SoftEther VPN download portal at the University of Tsukuba website. The download section provides multiple package options organized by operating system and architecture. Select the Linux version specifically designed for Intel/AMD 64-bit processors.

Current stable releases follow semantic versioning (v4.x.x-rtm) with regular updates addressing security issues and feature enhancements. Always choose the latest stable release rather than beta or development versions for production deployments.

Download Process

Create a dedicated directory for SoftEther VPN installation files:

mkdir ~/softether-vpn
cd ~/softether-vpn

Download the latest SoftEther VPN Server package using wget:

wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.44-9807-rtm/softether-vpnserver-v4.44-9807-rtm-2025.04.16-linux-x64-64bit.tar.gz

Verify download integrity by checking file size and ensuring the download completed successfully:

ls -lh softether-vpnserver-*.tar.gz

The downloaded file should be approximately 5-10MB in size. Incomplete downloads may indicate network issues requiring retry attempts.

Installation and Compilation Process

Extracting the Package

Extract the downloaded tar.gz archive using tar command:

tar xzf softether-vpnserver-*.tar.gz

This creates a vpnserver directory containing all necessary source code and compilation files. Navigate to the extracted directory:

cd vpnserver

Examine the directory contents to understand the package structure:

ls -la

Key files include Makefile for compilation, ReadMeFirst_License.txt for licensing information, and various source code directories.

Compilation Process

Initiate the compilation process using the make command:

make

The compilation process presents several license agreement prompts requiring acceptance. Read each license carefully and respond with 1 to accept the agreements when prompted. The compilation typically requires 2-5 minutes depending on system performance.

Monitor compilation output for warning messages or errors. Successful compilation produces several binary files including vpnserver, vpncmd, and various library files. Warning messages about deprecated functions are generally acceptable and don’t indicate compilation failures.

Verify successful compilation by checking for generated binaries:

ls -la vpnserver vpncmd

Both files should be present with executable permissions indicated by the x flag in file permissions.

Installation Verification

Test system compatibility before proceeding with configuration:

./vpnserver check

This command performs comprehensive system checks including CPU compatibility, memory availability, and required library presence. All checks should return OK status. Any failed checks indicate missing dependencies or system incompatibilities requiring resolution.

Initial SoftEther VPN Server Configuration

Starting the VPN Server

Launch the VPN server daemon in background mode:

./vpnserver start

The server initializes and creates necessary runtime files. Verify successful startup by checking the process status:

ps aux | grep vpnserver

The output should display running vpnserver processes. Initial startup creates configuration files and establishes the management interface.

Administrative Password Setup

Access the VPN server management interface using the vpncmd utility:

./vpncmd

The vpncmd utility presents a menu with three options. Select option 1 (Management of VPN Server or VPN Bridge) to access server administration functions.

Specify the server address as localhost and press Enter to accept the default port. When prompted for administrator password, press Enter since no password is initially set.

Set the server administrator password using the ServerPasswordSet command:

ServerPasswordSet

Enter a strong password containing uppercase letters, lowercase letters, numbers, and special characters. The password should be at least 12 characters long for adequate security. Re-enter the password when prompted for confirmation.

Virtual Hub Configuration

SoftEther VPN utilizes Virtual Hubs to organize VPN connections and apply policies. Configure the default Virtual Hub named “DEFAULT”:

Hub DEFAULT

This command enters the Virtual Hub management mode. Set a strong password for the Virtual Hub:

SetHubPassword

Configure basic hub settings including maximum concurrent sessions and security policies:

SetMaxSession 100

This limits the hub to 100 simultaneous connections, preventing resource exhaustion attacks.

Creating VPN Users and Authentication

User Account Creation

Create VPN user accounts within the Virtual Hub context. Each user requires a unique username and authentication method. Create a sample user account:

UserCreate testuser

Specify the user’s group assignment when prompted. Users can belong to different groups with varying access privileges and bandwidth limitations.

Add additional users as needed:

UserCreate adminuser
UserCreate mobileuser

Organize users into logical groups based on access requirements and security policies.

Password Configuration

Set secure passwords for created user accounts:

UserPasswordSet testuser

Enter a strong password following organizational password policies. Each user should have a unique password to prevent unauthorized access if one account is compromised.

Configure password policies to enforce security requirements:

SetUserPasswordPolicy

Enable password expiration, minimum length requirements, and complexity rules as appropriate for your security requirements.

Certificate-based Authentication

For enhanced security, configure certificate-based authentication. Generate user certificates using the built-in certificate authority:

UserCertSet testuser

Provide the certificate file when prompted. Certificate authentication provides stronger security than password-only authentication and enables automated client authentication.

Network and DHCP Configuration

Enabling SecureNAT Function

SecureNAT provides NAT (Network Address Translation) and DHCP services for VPN clients. Enable SecureNAT within the Virtual Hub:

SecureNatEnable

This command activates the built-in NAT functionality, allowing VPN clients to access internet resources through the VPN server. SecureNAT automatically configures routing and NAT rules for client traffic.

Verify SecureNAT status:

SecureNatStatusGet

The output displays current NAT configuration including IP address ranges, routing tables, and active connections.

DHCP Server Configuration

Configure the DHCP server to assign IP addresses to VPN clients automatically:

DhcpSet /START:192.168.30.10 /END:192.168.30.200 /MASK:255.255.255.0 /EXPIRE:7200 /GW:192.168.30.1 /DNS:8.8.8.8 /DNS2:8.8.4.4 /DOMAIN:vpn.local /LOG:yes

This configuration provides:

  • IP address range from 192.168.30.10 to 192.168.30.200
  • Subnet mask 255.255.255.0 (24-bit network)
  • Gateway address 192.168.30.1
  • Primary DNS server 8.8.8.8 (Google DNS)
  • Secondary DNS server 8.8.4.4
  • Domain name vpn.local
  • DHCP lease time 7200 seconds (2 hours)

Verify DHCP configuration:

DhcpGet

Review all settings to ensure correct IP ranges and DNS servers are configured.

Protocol-Specific Configuration

OpenVPN Server Setup

Enable OpenVPN clone functionality to support standard OpenVPN clients:

OpenVpnEnable yes /PORTS:1194

This command activates OpenVPN compatibility on UDP port 1194. Generate OpenVPN configuration files for client distribution:

OpenVpnMakeConfig openvpn_config.zip

The generated ZIP file contains client configuration files, certificates, and connection profiles for various OpenVPN clients including Windows, macOS, Linux, and mobile platforms.

L2TP/IPsec Configuration

Configure L2TP over IPsec for built-in VPN client support on Windows, macOS, and mobile devices:

IPsecEnable /L2TP:yes /L2TPRAW:yes /ETHERIP:no /PSK:YourPreSharedKey123 /DEFAULTHUB:DEFAULT

Replace “YourPreSharedKey123” with a strong pre-shared key containing random characters. This configuration enables:

  • L2TP over IPsec tunnel mode
  • Raw L2TP without IPsec (for testing)
  • Default hub assignment for L2TP connections

Verify IPsec configuration:

IPsecGet

SSTP Configuration

Enable SSTP (Secure Socket Tunneling Protocol) for secure connections through firewalls:

SstpEnable yes

SSTP utilizes port 443 (HTTPS) making it ideal for restrictive network environments. The protocol works seamlessly through corporate firewalls and proxy servers.

Configure SSL certificate for SSTP connections:

ServerCertSet

Use a valid SSL certificate from a trusted certificate authority for production deployments. Self-signed certificates work for testing but may cause client warnings.

System Service Configuration

Creating Systemd Service

Create a systemd service unit for automatic VPN server startup:

sudo nano /etc/systemd/system/softether-vpnserver.service

Add the following service configuration:

[Unit]
Description=SoftEther VPN Server
After=network.target

[Service]
Type=forking
User=root
ExecStart=/home/username/softether-vpn/vpnserver/vpnserver start
ExecStop=/home/username/softether-vpn/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure

[Install]
WantedBy=multi-user.target

Replace /home/username/softether-vpn/vpnserver/ with the actual installation path.

Service Management

Reload systemd configuration and enable the service:

sudo systemctl daemon-reload
sudo systemctl enable softether-vpnserver
sudo systemctl start softether-vpnserver

Verify service status:

sudo systemctl status softether-vpnserver

The service should display “active (running)” status with no error messages.

Security Hardening and Best Practices

Access Control Configuration

Implement IP-based access restrictions to limit management interface access:

AccessAdd /PRIORITY:10 /SRC:192.168.1.0/24 /PASS:yes /NOTE:"Local network access"
AccessAdd /PRIORITY:20 /SRC:0.0.0.0/0 /PASS:no /NOTE:"Deny all other access"

Configure user group policies with bandwidth limitations:

GroupPolicySet testgroup /NAME:"Standard Users" /REALNAME:"Standard VPN Users" /NOTE:"Regular users with bandwidth limits" /MAXSESSION:2 /TIMEEXPIREMSG:"Session expired" /FIXEDPASSWORD:no /MAXMAC:1 /MAXIP:1 /MAXUPLOAD:1000000 /MAXDOWNLOAD:5000000

Encryption and Security Settings

Configure strong cipher suites and security parameters:

ServerCipherSet DHE-RSA-AES256-SHA

Enable Perfect Forward Secrecy (PFS) for enhanced security:

ProtoOptionsSet /NAME:SecureNAT /VALUE:yes

Implement comprehensive logging for security monitoring:

LogEnable packet
LogSwitchSet packet /DISKQUOTA:100000000

Client Connection Setup and Testing

Windows Client Configuration

Install the SoftEther VPN Client on Windows systems from the official download page. Create a new VPN connection using the Connection Manager:

  1. Launch SoftEther VPN Client Manager
  2. Click “Add VPN Connection”
  3. Enter server hostname or IP address
  4. Specify port number (default 443)
  5. Enter username and password
  6. Select authentication method
  7. Test connection functionality

For built-in Windows VPN clients, configure L2TP/IPsec connections using the pre-shared key configured earlier.

Linux Client Setup

Install SoftEther VPN Client on Linux distributions:

wget https://www.softether-download.com/files/softether/v4.41-9782-beta/Linux/SoftEther_VPN_Client/64bit_-_Intel_x64_or_AMD64/softether-vpnclient-v4.41-9782-beta-2022.11.17-linux-x64-64bit.tar.gz
tar xzf softether-vpnclient-*.tar.gz
cd vpnclient
make

Create client connections using vpncmd:

./vpncmd

Select option 2 (Management of VPN Client) and configure connections using AccountCreate and AccountConnect commands.

Mobile Device Configuration

Configure Android and iOS devices using built-in VPN clients with L2TP/IPsec settings:

  • Server address: VPN server IP or hostname
  • L2TP secret: Pre-shared key
  • Username and password: VPN user credentials
  • Encryption: Require encryption

Test connections from various network locations to verify functionality.

Troubleshooting Common Issues

Connection Problems

Common connection failures include firewall restrictions, incorrect authentication credentials, and network routing issues. Diagnose connection problems systematically:

Check server logs for authentication failures:

LogGet

Verify firewall rules allow VPN traffic:

sudo firewall-cmd --list-all

Test port accessibility from client networks using telnet or nc commands:

telnet vpn.server.com 443

Performance and Stability Issues

Monitor server performance using built-in statistics:

StatusGet
SessionList

Address memory usage issues by adjusting connection limits and implementing user quotas. Monitor CPU utilization during peak usage periods and consider hardware upgrades for high-traffic deployments.

Optimize network performance by adjusting TCP window sizes and buffer settings:

ProtoOptionsSet /NAME:OpenVPN_UdpPortList /VALUE:"1194"

Advanced Configuration and Optimization

Load Balancing and Clustering

Deploy multiple SoftEther VPN servers for high availability and load distribution. Configure server clustering using the built-in clustering functionality:

ClusterEnable
ClusterMemberAdd server2.example.com

Implement external load balancers to distribute client connections across multiple servers. Use health checks to monitor server availability and automatically redirect traffic during server failures.

Monitoring and Logging

Configure comprehensive logging for security and performance monitoring:

LogEnable security
LogEnable admin
LogEnable session

Set up log rotation to prevent disk space exhaustion:

LogSwitchSet security /DISKQUOTA:500000000

Implement external monitoring tools to track server performance, connection statistics, and security events.

Maintenance and Updates

Regular Maintenance Tasks

Establish regular maintenance schedules including log review, performance monitoring, and security updates. Create automated backup scripts for configuration files and user databases:

#!/bin/bash
cp /path/to/vpnserver/vpn_server.config /backup/vpn_server.config.$(date +%Y%m%d)

Monitor disk usage and clean up old log files periodically. Review user access logs for suspicious activities and unauthorized access attempts.

Version Upgrade Process

Plan SoftEther VPN upgrades carefully, testing new versions in development environments before production deployment. Download new versions and follow the same compilation process. Stop the current server, backup configuration files, install the new version, and restore configurations.

Test all functionality after upgrades including client connections, authentication systems, and administrative interfaces.

Congratulations! You have successfully installed SoftEther VPN. Thanks for using this tutorial for installing the SoftEther VPN Server on Fedora 42 Linux system. For additional help or useful information, we recommend you check the official SoftEther website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button