UbuntuUbuntu Based

How To Install SoftEther VPN Server on Ubuntu 24.04 LTS

r00t

Install SoftEther VPN Server on Ubuntu 24.04

Virtual Private Networks (VPNs) have become essential tools for secure internet connectivity in today’s digital landscape. SoftEther VPN stands out as a powerful, flexible, and open-source multi-protocol VPN solution that offers robust security features while maintaining excellent performance. This comprehensive guide will walk you through the complete process of installing and configuring SoftEther VPN Server on Ubuntu 24.04 LTS, enabling you to create your own secure VPN infrastructure for personal or business use.

Understanding SoftEther VPN

SoftEther VPN (where “SoftEther” stands for “Software Ethernet”) is an open-source, cross-platform VPN software developed as part of a Master’s thesis research at the University of Tsukuba in Japan. Unlike traditional VPN solutions, SoftEther offers exceptional versatility by supporting multiple VPN protocols including OpenVPN, L2TP/IPsec, SSTP, and its native SSL-VPN protocol.

The architecture of SoftEther VPN revolves around the virtualization of Ethernet devices. It implements Virtual Network Adapters that function as software-emulated traditional Ethernet adapters on client computers. On the server side, it creates Virtual Hubs that operate as software-emulated traditional Ethernet switches. VPN sessions act as virtualized network cables between these components, allowing for secure communication over public networks.

Why Set Up Your Own VPN Server

Self-hosting a VPN server offers significant advantages compared to using commercial VPN services. First and foremost, running your own VPN server gives you complete control over your data and privacy policies. Commercial VPN providers may claim “no-logging” policies, but when you manage your own server, you know exactly what information is being recorded.

Additionally, self-hosted VPN servers allow you to implement specific network security policies. For example, you can create IP address whitelists to restrict access to sensitive services like email servers, adding an extra layer of protection against unauthorized access. This approach significantly enhances your overall security posture.

For businesses and IT professionals, setting up a VPN server serves as an excellent learning experience while potentially reducing costs associated with commercial VPN subscriptions. The versatility of SoftEther VPN makes it an ideal choice for both remote-access VPN and site-to-site VPN implementations, accommodating various network security requirements.

Prerequisites

Before proceeding with the installation, ensure that your system meets the following requirements:

  • A server running Ubuntu 24.04 LTS (either physical or virtual)
  • Minimum hardware specifications: 1GB RAM, 10GB free disk space, and a modern CPU
  • A public IP address or VPS located outside your country’s filtering system for accessing blocked content
  • Access to the following TCP ports: 22 (SSH), 443 (HTTPS), 992, 1194 (OpenVPN), and 5555 (Management)
  • A domain name (recommended for HTTPS-based connections)
  • Non-root user with sudo privileges
  • Basic familiarity with Linux commands and networking concepts

Step 1: Preparing Your Ubuntu 24.04 Server

Properly preparing your server is essential for a smooth installation process. Start by updating your system’s package repository and upgrading all installed packages:

sudo apt update -y
sudo apt upgrade -y

Next, install the essential dependencies required for compiling and running SoftEther VPN:

sudo apt install build-essential gnupg2 gcc make -y

Additional dependencies will be needed for the compilation process:

sudo apt install -y gcc binutils gzip libreadline-dev libssl-dev libncurses5-dev libncursesw5-dev libpthread-stubs0-dev

Setting the correct timezone ensures proper logging and time synchronization:

sudo timedatectl set-timezone Your_Timezone

Replace “Your_Timezone” with your actual timezone (e.g., “America/New_York” or “Asia/Tokyo”).

Step 2: Downloading and Installing SoftEther VPN

The SoftEther VPN server installation begins with downloading the latest stable version from the official website. Use the wget command to obtain the package:

wget https://www.softether-download.com/files/softether/v4.42-9798-rtm-2023.06.30-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.42-9798-rtm-2023.06.30-linux-x64-64bit.tar.gz

Note that the URL might change as newer versions become available. Always check the official SoftEther download page for the most recent stable version.

After the download completes, extract the archive:

tar xvf softether-vpnserver-*.tar.gz

Next, navigate to the extracted directory:

cd vpnserver/

Now compile the SoftEther VPN Server using the make command:

make

During the compilation process, you’ll need to agree to the displayed license terms by typing “1” three times when prompted. The compilation will create two important binaries: vpnserver (the server binary) and vpncmd (the command-line management utility).

The make process will also run a check to verify if your server environment is suitable for running SoftEther VPN. Ensure that all checks pass successfully before proceeding.

Step 3: Moving Server Files and Setting Permissions

For better organization and system integration, it’s recommended to move the vpnserver directory to a standard location like /opt/ or /usr/local/:

cd ..
sudo mv vpnserver /opt/softether

Next, set the appropriate file permissions to ensure secure and proper operation:

sudo chmod 600 /opt/softether/*
sudo chmod 700 /opt/softether/vpncmd
sudo chmod 700 /opt/softether/vpnserver

Create necessary directories for logs if they don’t already exist:

sudo mkdir -p /var/log/softether
sudo chown -R root:root /opt/softether
sudo chmod -R 600 /var/log/softether

These permissions ensure that only the root user can access and modify critical SoftEther VPN files, enhancing security.

Step 4: Creating a Systemd Service Unit

To enable SoftEther VPN to start automatically at boot and be managed like any other system service, create a systemd service unit file:

sudo nano /etc/systemd/system/softether-vpnserver.service

Add the following content to the file:

[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=/opt/softether/vpnserver

[Service]
Type=forking
ExecStart=/opt/softether/vpnserver start
ExecStop=/opt/softether/vpnserver stop
KillMode=process
Restart=on-failure

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=/opt/softether
ReadWriteDirectories=/var/log/softether

[Install]
WantedBy=multi-user.target

Save the file and exit the editor. Next, reload the systemd manager configuration:

sudo systemctl daemon-reload

Enable the service to start automatically at boot:

sudo systemctl enable softether-vpnserver

Start the SoftEther VPN Server:

sudo systemctl start softether-vpnserver

Verify that the service is running correctly:

sudo systemctl status softether-vpnserver

If everything is configured correctly, you should see “active (running)” in the output.

Step 5: Configuring Firewall Rules

Proper firewall configuration is crucial for allowing VPN traffic while maintaining server security. If you’re using UFW (Uncomplicated Firewall), configure it with the following commands:

sudo ufw allow 22/tcp
sudo ufw allow 443/tcp
sudo ufw allow 992/tcp
sudo ufw allow 1194/tcp
sudo ufw allow 1194/udp
sudo ufw allow 5555/tcp
sudo ufw enable

These rules allow traffic on the essential ports for SSH access (22), HTTPS connections (443), SoftEther protocols (992), OpenVPN (1194), and management interface (5555).

Verify that the firewall rules are correctly applied:

sudo ufw status verbose

If you’re using iptables instead of UFW, the equivalent configuration would be:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 992 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 5555 -j ACCEPT
sudo iptables-save > /etc/iptables/rules.v4

Step 6: Initial SoftEther VPN Server Configuration

Now that the server is running, you need to perform the initial configuration using the vpncmd command-line utility:

/opt/softether/vpncmd

When prompted, select option 1 to manage the VPN server:

1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

For the hostname, enter “127.0.0.1:5555” to connect to the local server. Press Enter to skip the Virtual Hub selection at this stage.

The first essential configuration task is setting an administrator password using the ServerPasswordSet command:

ServerPasswordSet

You will be prompted to enter and confirm a strong password. Make sure to use a complex password with a mix of uppercase and lowercase letters, numbers, and special characters.

Next, configure a Virtual Hub. You can use the default hub named “DEFAULT”:

Hub DEFAULT

Virtual Hubs in SoftEther VPN function as software-emulated Ethernet switches, allowing multiple VPN connections to communicate with each other and with external networks.

Step 7: Configuring Virtual NAT and DHCP Server

To enable clients to obtain IP addresses automatically when connecting to your VPN server, you need to configure the Virtual NAT and DHCP Server:

SecureNatEnable

This command enables the SecureNAT functionality, which provides both NAT and DHCP services for your VPN clients. After enabling SecureNAT, configure the DHCP settings:

DhcpSet

You’ll be asked to provide several parameters:

  • Start Point for Distributed Address Band: 192.168.30.10
  • End Point for Distributed Address Band: 192.168.30.200
  • Subnet Mask: 255.255.255.0
  • Lease Limit (Seconds): 7200
  • Default Gateway: 192.168.30.1
  • DNS Server 1: 192.168.30.1
  • DNS Server 2: 1.0.0.1 (or another public DNS server like 8.8.8.8)
  • Domain Name: (press Enter to skip)
  • Save Log: yes

These settings define the IP address range that will be assigned to VPN clients, along with network configuration details like subnet mask, default gateway, and DNS servers.

Step 8: Creating VPN Users and Access Controls

With the VPN server and Virtual Hub configured, you can now create user accounts for VPN access:

UserCreate username

Replace “username” with the actual username you want to create. You’ll be prompted to enter details like the group name, full name, and description. These can be left empty by pressing Enter.

Set a secure password for the user:

UserPasswordSet username

You can create multiple users by repeating these commands with different usernames. For more advanced access control, consider creating user groups and implementing access policies based on source IP addresses or other criteria.

To view the list of created users:

UserList

To delete a user if needed:

UserDelete username

Implementing proper access controls is crucial for maintaining VPN security. Avoid using weak passwords and consider implementing additional authentication methods for sensitive environments.

Step 9: Enabling and Optimizing VPN Protocols

SoftEther VPN supports multiple VPN protocols, allowing clients with different capabilities to connect. By default, the SoftEther protocol (SSL-VPN) is enabled, but you can configure additional protocols for broader compatibility.

To enable OpenVPN protocol support:

OpenVpnEnable yes /PORTS:1194

For L2TP/IPsec support:

IPsecEnable /L2TP:yes /L2TPV3:yes /ETHERIP:yes /DEFAULTHUB:DEFAULT

To enable Microsoft SSTP for Windows clients:

SstpEnable yes

Each protocol has its advantages and use cases:

  • SoftEther Protocol: Fastest performance and best firewall traversal capabilities
  • OpenVPN: Excellent balance of security and compatibility
  • L2TP/IPsec: Widely supported by default on many operating systems
  • SSTP: Good option for Windows users in restricted networks

Optimize performance by adjusting compression and encryption settings according to your needs. For maximum security at the expense of some performance, use:

ServerCipherSet AES256-SHA256

For better performance with good security:

ServerCipherSet AES128-SHA1

Step 10: Client Setup and Connection

After configuring the server, you need to set up clients to connect to your VPN. SoftEther provides client software for various platforms, but you can also use native VPN clients depending on the protocol.

For Windows clients using SoftEther VPN Client:

  1. Download and install SoftEther VPN Client from the official website
  2. Create a new VPN connection with the server’s IP address or domain name
  3. Configure authentication using the username and password created earlier
  4. Connect to the VPN

For Linux clients using SoftEther VPN Client:

wget https://www.softether-download.com/files/softether/v4.42-9798-rtm-2023.06.30-tree/Linux/SoftEther_VPN_Client/64bit_-_Intel_x64_or_AMD64/softether-vpnclient-v4.42-9798-rtm-2023.06.30-linux-x64-64bit.tar.gz
tar xvf softether-vpnclient-*.tar.gz
cd vpnclient
make
sudo ./vpnclient start

Use vpncmd with option 2 to configure the client connections.

For mobile devices, you can use the OpenVPN Connect app or native L2TP/IPsec clients, depending on your configured protocols.

Advanced Configuration Options

SoftEther VPN offers several advanced features for specialized use cases:

Cascade Connections: Create a VPN connection between multiple SoftEther VPN servers to extend network reach or enhance security:

CascadeCreate cascade_name vpn_server_ip:port /HUB:hub_name /USERNAME:username /PASSWORD:password

VPN over ICMP/DNS: For extremely restricted networks, enable VPN tunneling over ICMP or DNS protocols:

VpnOverIcmpDnsEnable /ICMP:yes /DNS:yes

Advanced Routing Policies: Configure dynamic routing using the Virtual Layer 3 Switch functionality:

VirtualLayer3SwitchCreate switch1

These advanced features make SoftEther VPN extremely versatile for complex networking scenarios and highly restrictive environments.

Security Hardening

Enhancing the security of your VPN server is crucial for protecting sensitive data and preventing unauthorized access:

  1. Implement certificate-based authentication rather than password-only authentication: 
    ServerCertRegenerate [Country] [Organization] [State] [Locality] [Organization_Unit] [Common_Name]
  2. Enable audit logging to monitor connection attempts and potential security incidents: 
    LogEnable /SECURITY:yes
  3. Regularly update SoftEther VPN to patch security vulnerabilities: 
    sudo systemctl stop softether-vpnserver
# Download and install the latest version
sudo systemctl start softether-vpnserver
  4. Implement IP-based access restrictions to limit connections from specific networks: 
    AccessList
  5. Configure session timeouts to automatically disconnect inactive sessions: 
    SessionSet /NAME:DEFAULT /TIMEOUT:300

Regular security audits and monitoring of log files are essential practices for maintaining a secure VPN environment.

Troubleshooting Common Issues

Despite careful configuration, VPN setups can encounter various issues. Here are solutions to common problems:

Connection Failures:

  • Verify that the required ports are open in your firewall
  • Check that the VPN service is running: sudo systemctl status softether-vpnserver
  • Examine the server logs: cat /var/log/softether/server_log.txt

Authentication Problems:

  • Confirm that user credentials are correct
  • Check for case sensitivity in usernames and passwords
  • Verify that the user is configured for the correct Virtual Hub

IP Address Conflicts:

  • Ensure the DHCP range doesn’t overlap with your local network
  • Adjust the DHCP configuration if necessary: DhcpSet

Performance Issues:

  • Check for sufficient server resources (CPU, RAM)
  • Consider adjusting compression and encryption settings for better performance
  • Investigate network bottlenecks between the client and server

If you encounter crashes or unexpected behavior, check if the necessary files are corrupted. File corruption can sometimes occur during installation or after system updates. In such cases, reinstalling SoftEther VPN may resolve the issue.

For Ubuntu-specific issues, be aware that some versions of SoftEther may have compatibility problems with recent updates, particularly on Ubuntu 22.04 and potentially on 24.04. In these cases, checking for updated versions or applying patches from the SoftEther community might be necessary.

Congratulations! You have successfully installed SoftEther VPN. Thanks for using this tutorial for installing the SoftEther VPN Server on Ubuntu 24.04 LTS system. For additional help or useful information, we recommend you check the official SoftEther website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button