Install SoftEther VPN Server on Ubuntu && Debian

[_.:=iTake=:._]

Preparing

Upgrade the system

# apt-get update && apt-get -y upgrade

 

Install (if it’s not installed yet) build-essential for compilation purpose

# apt-get -y install build-essential

 

And other required packages

# apt-get -y install wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev zlib1g-dev

 

Installing SoftEther VPN

Download the last stable version (marked rtm) or stable-beta, and save it in /tmp

 

# wget "https://www.softether-download.com/files/softether/v4.25-9656-rtm-2018.01.15-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.25-9656-rtm-2018.01.15-linux-x64-64bit.tar.gz" -O /tmp/softether-vpnserver.tar.gz

 

Uncompress the sources

# tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/

 

Remove unused file

# rm /tmp/softether-vpnserver.tar.gz

 

Install from the sources

 

# cd /usr/local/vpnserver/
# make

 

During the installation process, we will have to type 1 to read the Licence Agreement, type 1 again to confirm that we have read the License Agreement and finally type 1 to agree with the License Agreement.

 

 

Kawin uses key i_read_and_agree_the_license_agreement, that does not require confirmation

 

# make i_read_and_agree_the_license_agreement

 

Change file permission

 

# chmod 0600 *
# chmod 0700 vpnserver
# chmod 0700 vpncmd

[_.:=iTake=:._]

Server checking

Before going further, let’s check that the VPN server can operate normally

To do that run the vpncmd command and use the check VPN tool.

 

 

Service configuration

Link binary files

 

# ln -s /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver
# ln -s /usr/local/vpnserver/vpncmd /usr/local/bin/vpncmd

 

Create the file /lib/systemd/system/vpnserver.service

# vim /lib/systemd/system/vpnserver.service

 

and add following

 

[unit]
Description=SoftEther VPN Server
After=network.target
ConditionPathExists=!/usr/local/vpnserver/do_not_run
[service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure
WorkingDirectory=/usr/local/vpnserver
# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/usr/local/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID
[install]
WantedBy=multi-user.target

 

Now the VPN server starts automatically on boot, and we are able to manage the vpnserver using systemctl

 

# systemctl start vpnserver
# systemctl status vpnserver
# systemctl stop vpnserver

 

Reload, enable and start the service

 

# systemctl daemon-reload
# systemctl enable vpnserver
# systemctl restart vpnserver

[_.:=iTake=:._]

Set an admin password for VPNCMD

# cd /usr/local/vpnserver
# ./vpncmd

 

At the VPN command prompt, we type [iCODE]ServerPasswordSet[/iCODE]

 

ServerPasswordSet yourPassword