This tutorial aims to Setup your own SoftEther Server via Local Bridging with DHCP Server(BIND)VirtualNAT from scratch.
Requirements:
First Step:
+ Prepare anything.
Second Step:
+ Installing all our needed and wanted packages(editing,download/upload files,archiving/extracting files and encoding)
Third Step:
+ Downloading and Compiling SoftEtherVPN source
# Our source came from SoftEtherVPN stable repository from github.
Fourth Step:
+ Configuring SoftEther Server
# We're using "vpncmd" command for controlling and managing SoftEther.
# Lets start SoftEther first
Copy first:
# then edit, and run like this for example:
# And setting our SoftEther virtual DHCP Function. Usable private IPs are (10.0.0.0/8, 192.168.0.0/16 and 172.16.0.0/12)(100.64.0.0/10 are reserved addresses for Telecommunications or Carrier Networks like Globe and Smart)
# For more info about subnets , please google it, our setup here is routing on 65,526 clients or /16 (decresed by 9, 1 is reserved for our virtual dhcp main IP)
# But first , delete po muna natin yung default configuration ng SoftEther
# Next, I-Enable po natin ung IP Forwarding sa vps
# And set our Server Encryption Algorithm, set lang po muna naten sa simple cipher like 128-bit AES
Fifth Step:
+ Configuring SoftEther Services
# Kung gusto nyo po ng SoftEtherVPN-Only lang, ignore nyo na po ito, proceed na po kayo sa next step, pero kung want nyo po i-enable din si L2TP, SSTP and OpenVPN, follow nyo lang po ito
# Ang gagamitin po natin na VirtualHub dito is yung variable po natin kanina
# Configure IPSec and L2TP VPN Function
# Need po natin dito magset ng Pre-Shared key, same lang po sa ginawa natin kanina, copy, paste and edit lang po ng value sa variable
# Configure SSTP
# If you dont want to enable it, wag nyo na po irun
# Configure OpenVPN
# my fave function of SoftEther, a built-in OpenVPN Server clone inside of a SoftEther Server
# Magseset po muna tayo ng variable for OpenVPN ports para magamit po natin mamaya sa paggawa ng client config.
Copy:
# Magagamit po natin ito para sa openvpn server clone
# Makikita nyo po ung command parang may mga changable values like name ko , country and city, pwede nyo po palitan yan lahat, Ingat lang po sa pagpalit ng value ng C. C po is Country Name , dapat po 2 or 3 Characters lang po yan or else mag eerror ung certificate na gagawin po natin
# ung EXPIRES:9999 is expiry po ng certificate nyo, that's 9999 Days(Maximum value na po yan, wag nyo na po dagdagan)
# Like variables po: copy , edit and run
# Note: SoftEther's OpenVPN are multi protocol.Ibig sabihin ung port po na gamit natin ay pwede pong gamitin as TCP or UDP port, were using UDP in our .ovpn config
Sixth Step:
+ Creating user for our SoftEtherVPN Server
# Note here we're using our created Virtual Hub to create a user account. Every Hub, different user databases.
# Set nyo po muna ung values sa variables, copy this then edit:
Seventh Step:
+ Configuring Proxy for TCP Connections, we will using Squid as a proxy
# Ang setup po natin is normal lang na squid proxy, non-caching proxy-only setup.
# We need to install it first.
Eigth Step:
+ Creating TCP OpenVPN client config to test our squid proxy
Last Step:
+ Setting our SoftEther Admin Password, sinadya ko po talaga itong ipahuli, para di po masyadong mahaba ung i eexecute natin na commands sa taas.
# copy, edit, then run:
Thats all, your SoftEther server is now ready to go.
• For some experienced softether users out there, pasensya na po kung hindi masyadong klaro ung terms na gamit ko, And please correct me if something is wrong in this thread.. Para mafix po agad, thanks.
If someone's having a hard time following the tutorial, please comment down below.
Im not open for silly questions, for Example: (what is vps, what is softether,how can i get vps,how to use this ssh client..) Dont troll this thread please.
And dont forget to leave a like in my thread.
VirtualNAT is not performant and speed tuned against on our previous Local Bridging setup.
With added OpenVPN, L2TP and SSTP plus Squid Proxy installation
Requirements:
- Own VPS (1GB RAM and 1vCPU for Minimal)(No any SoftEther related softwares/packages Installed)
- Common sense, if you're new for handling a VPS or a linux, research first(basic controls for linux instance,key shortcuts, basic commands)
- SSH Client [Windows: PuTTy,Bitvise][Android: JuiceSSH,Termius,ConnectBot] (In this tutorial, im using Termius app)
- This is my Termius App im using for everyday linux usage, Link provided by BARTS: You do not have permission to view the full content of this post. Log in or register now.
- Must have root access or superuser privileges (run
sudo su -
sa mga sudoer na hindi pa naka root user)
- Patience and calm-minded, medyo mahaba-haba po ito.
- Notepad for scratching commands
- Stable Internet para maiwasan po magdisconnect sa ssh client
Im trying to focus on one-liner commands as possible(its more on copy&paste or copy,paste&edit commands) to shortcut your time configuring your server, so medyo mapapadali po ng konti ung tutorial
First Step:
+ Prepare anything.
- Login to your VPS via ssh client, run
sudo su -
for non-root user.
- For Debian/Ubuntu, run:
apt update && apt upgrade -y
- For CentOS, run:
yum update -y
- For Fedora, run:
dnf update -y
Second Step:
+ Installing all our needed and wanted packages(editing,download/upload files,archiving/extracting files and encoding)
- For Debian/Ubuntu, run:
apt install nano wget curl zip unzip tar gzip bc rc openssl cron net-tools dnsutils dos2unix screen bzip2 -y
- For CentOS, we need to install epel-release first:
yum install epel-release -y
Then run:yum install nano wget curl zip unzip tar gzip bc rc openssl cronie net-tools bind-utils dos2unix screen bzip2 initscripts chkconfig -y
- For Fedora, run:
dnf install nano wget curl zip unzip tar gzip bc rc openssl cronie net-tools bind-utils dos2unix screen bzip2 -y
- For Debian/Ubuntu, run:
apt install build-essential libreadline-dev libssl-dev libncurses-dev zlib1g-dev -y
- For CentOS, run:
yum groupinstall 'Development Tools' -y && yum install glibc-devel zlib-devel openssl-devel readline-devel ncurses-devel libstdc++-devel -y
- For Fedora, run:
dnf groupinstall 'Development Tools' -y && dnf install glibc-devel zlib-devel openssl-devel readline-devel ncurses-devel libstdc++-devel -y
- Tips: To preserve our installation and kung sakaling magkaroon po ng connection lost at masave parin po ung ginagawa natin, run:
screen -S phc
. Then for example po nag disconnect po talaga kayo sa ssh session, runscreen -r phc
to continue your session. vice-versa if nag dc po kayo ulit, run the second command.
Third Step:
+ Downloading and Compiling SoftEtherVPN source
# Our source came from SoftEtherVPN stable repository from github.
- run this to download source and extract:
wget -qO softether.tar.gz "https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/archive/v4.34-9745-beta.tar.gz" && tar xzf softether.tar.gz && rm -f softether.tar.gz && mv SoftEtherVPN_Stable* SE
- run:
cd SE && ./configure && make && make install
- For Debian/Ubuntu, run:
cp debian/softether-vpnserver.init /etc/init.d/vpnserver && chmod +x /etc/init.d/vpnserver
- For CentOS/Fedora, run:
cp centos/SOURCES/init.d/vpnserver /etc/init.d/vpnserver && chmod +x /etc/init.d/vpnserver
- Then exit to our SoftEther source directory and delete the entire folder/directory:
cd .. && rm -rf SE
Fourth Step:
+ Configuring SoftEther Server
# We're using "vpncmd" command for controlling and managing SoftEther.
# Lets start SoftEther first
- run:
vpnserver start &> /dev/null
- run:
chkconfig vpnserver on &> /dev/null || systemctl enable vpnserver &> /dev/null
Copy first:
Code:
VirtualHubName='PHCorner' && VirtualHubPass='www.phcorner.net'
- run:
VirtualHubName='Bon-chan' && VirtualHubPass='bonv'
-
vpncmd localhost /SERVER /CMD HubCreate "$VirtualHubName" /PASSWORD:"$VirtualHubPass"
-
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD NatEnable
-
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD SecureNatEnable
-
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD DhcpEnable
# And setting our SoftEther virtual DHCP Function. Usable private IPs are (10.0.0.0/8, 192.168.0.0/16 and 172.16.0.0/12)(100.64.0.0/10 are reserved addresses for Telecommunications or Carrier Networks like Globe and Smart)
# For more info about subnets , please google it, our setup here is routing on 65,526 clients or /16 (decresed by 9, 1 is reserved for our virtual dhcp main IP)
# But first , delete po muna natin yung default configuration ng SoftEther
- run:
DefIP_ID="$(vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD IpTable | grep "ID" | head -n1 | cut -d "|" -f2)" && vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD IpDelete $DefIP_ID
-
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD SecureNatHostSet /MAC:none /IP:"172.16.0.1" /MASK:"255.255.0.0"
-
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD DhcpSet /START:"172.16.0.10" /END:"172.16.255.254" /MASK:"255.255.0.0" /EXPIRE:"10" /GW:"172.16.0.1" /DNS:"1.1.1.1" /DNS2:"1.0.0.1" /DOMAIN:none /LOG:yes
# Next, I-Enable po natin ung IP Forwarding sa vps
- run:
sed -i '/net.ipv4.ip_forward.*/d' /etc/sysctl.conf && sed -i '/net.ipv4.ip_forward.*/d' /etc/sysctl.d/*.conf && echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/20-softether.conf && sysctl --system &> /dev/null
# And set our Server Encryption Algorithm, set lang po muna naten sa simple cipher like 128-bit AES
- run:
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD ServerCipherSet AES128-SHA
Fifth Step:
+ Configuring SoftEther Services
# Kung gusto nyo po ng SoftEtherVPN-Only lang, ignore nyo na po ito, proceed na po kayo sa next step, pero kung want nyo po i-enable din si L2TP, SSTP and OpenVPN, follow nyo lang po ito
# Ang gagamitin po natin na VirtualHub dito is yung variable po natin kanina
# Configure IPSec and L2TP VPN Function
# Need po natin dito magset ng Pre-Shared key, same lang po sa ginawa natin kanina, copy, paste and edit lang po ng value sa variable
Code:
PreSharedKey='phcornerkey'
- # And run like this for example:
PreSharedKey='phcornerkey'
- run:
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD IPSecEnable /L2TP:yes /L2TPRAW:yes /ETHERIP:yes /PSK:"$PreSharedKey" /DEFAULTHUB:"$VirtualHubName"
# Configure SSTP
# If you dont want to enable it, wag nyo na po irun
-
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD SstpEnable yes &> /dev/null
# Configure OpenVPN
# my fave function of SoftEther, a built-in OpenVPN Server clone inside of a SoftEther Server
# Magseset po muna tayo ng variable for OpenVPN ports para magamit po natin mamaya sa paggawa ng client config.
Copy:
Code:
OpenVPN_Port='8888'
- Edit for your desired port, then run it for example:
OpenVPN_Port='8888'
- run:
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD OpenVpnEnable yes /PORTS:"$OpenVPN_Port"
# Magagamit po natin ito para sa openvpn server clone
# Makikita nyo po ung command parang may mga changable values like name ko , country and city, pwede nyo po palitan yan lahat, Ingat lang po sa pagpalit ng value ng C. C po is Country Name , dapat po 2 or 3 Characters lang po yan or else mag eerror ung certificate na gagawin po natin
# ung EXPIRES:9999 is expiry po ng certificate nyo, that's 9999 Days(Maximum value na po yan, wag nyo na po dagdagan)
# Like variables po: copy , edit and run
- run:
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD MakeCert /CN:"Bon-chan SoftEther Service" /O:"BonvScripts SoftEther Tutorial" /OU:"github.com/Bonveio/BonvScripts" /C:PH /ST:NCR /L:"Caloocan" /SERIAL:none /EXPIRES:9999 /SAVECERT:"~/ca.crt" /SAVEKEY:"~/ca.key"
- run:
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD ServerCertSet /LOADCERT:"~/ca.crt" /LOADKEY:"~/ca.key"
- Tip: Pwede nyo pong gamitin ulit ung generated nyong Certificate sa new or sa iba nyong VPS na iinstallan nyo din po ng SoftEther(1; Archive your ca.crt and ca.key in your root folder.2; Extract that file to your another vps na iinstallan ng SoftEtherVPN Server. 3; Run
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD ServerCertSet /LOADCERT:"~/ca.crt" /LOADKEY:"~/ca.key"
But Set your $VirtualHubName variable first.)
# Note: SoftEther's OpenVPN are multi protocol.Ibig sabihin ung port po na gamit natin ay pwede pong gamitin as TCP or UDP port, were using UDP in our .ovpn config
- run:
echo -e "client\ndev tun\nproto udp\nremote $(curl -4s http://ipinfo.io/ip) $OpenVPN_Port\nremote-cert-tls server\ncipher none\nauth SHA1\nconnect-retry infinite\nresolv-retry infinite\nfloat\npersist-remote-ip\npersist-tun\nkeysize 0\nnobind\nmute-replay-warnings\nauth-user-pass\nauth-nocache\nverb 1\nsetenv CLIENT_CERT 0\n<ca>\n$(cat ~/ca.crt)\n</ca>" > ~/client.ovpn
- run:
curl -4SL "https://github.com/timvisee/ffsend/releases/download/v0.2.59/ffsend-v0.2.59-linux-x64-static" -o /usr/local/bin/ffsend && chmod +x /usr/local/bin/ffsend
- then run:
ffsend upload ~/client.ovpn
Sixth Step:
+ Creating user for our SoftEtherVPN Server
# Note here we're using our created Virtual Hub to create a user account. Every Hub, different user databases.
# Set nyo po muna ung values sa variables, copy this then edit:
- Edit this and run for example:
VPNUsername='Bon-chan' && VPNPassword='phcorner'
- run:
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD UserCreate $VPNUsername /GROUP:none /REALNAME:none /NOTE:none &> /dev/null && vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD UserPasswordSet $VPNUsername /PASSWORD:"$VPNPassword" &> /dev/null
-
vpncmd localhost /SERVER /ADMINHUB:"$VirtualHubName" /CMD SetMaxSession 50000
Seventh Step:
+ Configuring Proxy for TCP Connections, we will using Squid as a proxy
# Ang setup po natin is normal lang na squid proxy, non-caching proxy-only setup.
# We need to install it first.
- For Debian/Ubuntu, run:
apt install squid -y
- For CentOS, run:
yum install squid -y
- For Fedora, run:
dnf install squid -y
- run:
Proxy_Port='81'
- run:
echo -e "acl VPN dst $(wget -4qO- http://ipinfo.io/ip)/32\nhttp_access allow VPN\nhttp_access deny all\nhttp_port 0.0.0.0:$Proxy_Port\nacl all src 0.0.0.0/0.0.0.0\nno_cache deny all\ndns_nameservers 1.1.1.1 1.0.0.1\nvisible_hostname localhost" > /etc/squid/squid.conf
- run:
service squid restart
Eigth Step:
+ Creating TCP OpenVPN client config to test our squid proxy
- run:
echo -e "client\ndev tun\nproto tcp\nremote $(curl -4s http://ipinfo.io/ip) 443\nremote-cert-tls server\ncipher none\nauth SHA1\nconnect-retry infinite\nresolv-retry infinite\npersist-remote-ip\npersist-tun\nkeysize 0\nnobind\nmute-replay-warnings\nauth-user-pass\nauth-nocache\nverb 1\nsetenv CLIENT_CERT 0\nhttp-proxy $(curl -4s http://ipinfo.io/ip) $Proxy_Port\nhttp-proxy-option CUSTOM-HEADER Host www.googleapis.com\n<ca>\n$(cat ~/ca.crt)\n</ca>" > ~/client_tcp.ovpn
- then run:
ffsend upload ~/client_tcp.ovpn
Last Step:
+ Setting our SoftEther Admin Password, sinadya ko po talaga itong ipahuli, para di po masyadong mahaba ung i eexecute natin na commands sa taas.
# copy, edit, then run:
- run:
vpncmd localhost /SERVER /CMD ServerPasswordSet changePasswordHere
Thats all, your SoftEther server is now ready to go.
• For some experienced softether users out there, pasensya na po kung hindi masyadong klaro ung terms na gamit ko, And please correct me if something is wrong in this thread.. Para mafix po agad, thanks.
If someone's having a hard time following the tutorial, please comment down below.
Im not open for silly questions, for Example: (what is vps, what is softether,how can i get vps,how to use this ssh client..) Dont troll this thread please.
And dont forget to leave a like in my thread.
VirtualNAT is not performant and speed tuned against on our previous Local Bridging setup.
Last edited: