As the technological world advances, the need for secure communication grows more crucial by the day. VPNs, or “Virtual Private Networks,” have become pivotal in maintaining online security.
However, there are many ways in which network providers and institutions can block a VPN connection. You can circumvent these blocks by setting up your very own VPN over HTTPS with SoftEther.
Here’s how SoftEther works, how it differs from popular VPN services, and how to install your own SoftEther VPN on an Ubuntu Linux Server.
What Is SoftEther and VPN Over HTTPS
Most VPN service providers use a standardized set of ports and protocols. These connections are easily blocked at the firewall level or by forcing traffic through a web proxy server.
If your local network firewall is preventing VPN connections, how can you overcome it? The answer lies in routing the VPN tunnel over HTTPS. A SoftEther VPN uses the Hypertext Transfer Protocol Secure (HTTPS) as the transport protocol. SoftEther creates a secure VPN that can pass through almost every firewall or proxy server.
This is made possible because HTTPS traffic, which is essentially web traffic, is not typically blocked by firewalls. This ensures a reliable and uninterrupted connection.
SoftEther, which stands for “Software Ethernet,” is an open-source, cross-platform, and multi-protocol VPN solution. This little-known platform was developed by the University of Tsukuba and is characterized by flexibility and robustness.
You can install SoftEther clients using VPN over HTTPS on Windows and Linux.
How to Install and Configure SoftEther on Ubuntu Linux
SoftEther is known to run best on CentOS Linux, but it can be adapted to run just fine on Ubuntu. The online support environment for Ubuntu is huge, which is why it’s a great choice to host your SoftEther VPN.
While this guide is quite straightforward, some knowledge of Linux systems is required to get it up and running. A few prerequisites should also be in place before you start.
SoftEther VPN Prerequisites
- Ubuntu Server (22.04.x LTS), ideally using a virtual private server
- Publicly routable IPv4 or v6 address
- Root administration access
- A /var/ partition with at least 10Gb of free space
- SSH
- Correct network configuration. Here’s how to configure a network on Ubuntu server, if you need a refresher.
Installing SoftEther on Ubuntu Server
Fire up your Ubuntu server and login as root.
The first step is to update your software and repositories.
apt-get update -y
Now we need to install the required dependencies for the SoftEther software.
apt-get install build-essential gnupg2 gcc make -y
Then download the SoftEther server. You’ll need to browse for the latest version of the software using the Lynx terminal based browser.
To do that, first install lynx.
apt-get install lynx -y
Now open the SoftEther download page inside the browser.
lynx http:
Use the arrow keys to browse for the latest version. Highlight the latest version and hit enter.
Highlight “Linux” and hit enter.
Now highlight “SoftEther_VPN_Server” and hit enter.
Finally, select the version your architecture supports (most likely this will be 64bit_-_Intel_x64) and hit enter one last time.
Now highlight the .tar.gz file and press “d”. The file will now download.
Finally, Select “Save to disk” and then press “q” to quit the Lynx browser.
Next step is to extract the archive. Note that your file name might be different if you have downloaded a newer version.
tar -xvzf softether-vpnserver-v4.42-9798-rtm-2023.06.30-linux-x64-64bit.tar.gz
Navigate to the newly created vpnserver directory
cd vpnserver
Next, issue the make command to compile the software.
make
You should see the following output at the end of the process:
*** PacketiX VPN Server HTML5 Web Administration Console (NEW) ***
This VPN Server / Bridge has the built-in HTML5 Web Administration Console.After you start the server daemon, you can open the HTML5 Web Administration Console is available at
https:
or
https:
This HTML5 page is obviously under construction, and your HTML5 development contribution is very appreciated.
make[1]: Leaving directory '/root/vpnserver'
The next step is to move the newly compiled software and directory to /usr/local.
cd ..
mv vpnserver /usr/local/
Now, set the right permissions on the vpnserver directory.
cd /usr/local/vpnuser
chmod 600 *
chmod 700 vpnserver
chmod 700 vpncmd
Next, we must create some files to ensure the SoftEther server runs when the Ubuntu server is rebooted. The inbuilt nano text file editor can be used to create and edit the files.
nano /etc/init.d/vpnserver
Now copy and paste the following into the file, and save it (ctrl-o, ctrl-x):
#!/bin/sh
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
Create a new directory and set permissions on the newly created service.
mkdir /var/lock/subsys
chmod 755 /etc/init.d/vpnserver
Next, create a new file called “vpnserver.service” in the “/lib/systemd/system” directory
nano /lib/systemd/system/vpnserver.service
Copy and paste the following into the file, save and close it.
Description=SoftEther VPN Server
After=network.target[Service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
[Install]
WantedBy=multi-user.target
Enable the SoftEther service to start on reboot.
systemctl enable vpnserver.service
Now start the SoftEther VPN service.
/etc/init.d/vpnserver start
You should see the following output:
The SoftEther VPN Server service has been started.Let's get started by accessing to the following URL from your PC:
https:
or
https:
Note: IP address may vary. Specify your server's IP address.
Next, enable the server script to start on reboot.
update-rc.d vpnserver defaults
Configuring the SoftEther Server
SoftEther has a handy built-in configuration script to make set up a breeze. To start the script we change the working directory and execute the script.
cd /usr/local/vpnserver
./vpncmd
You will see the following choices:
By using vpncmd program, the following can be achieved.
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools
Select 1, 2 or 3: 1
Select 1, and press enter twice, and you should see the following output:
Before we continue we need to set an admin password
ServerPasswordSet
This is where the admin password for EtherSoft is set, enter your (new) password and confirm.
The Next step is creating a hub, and setting a password (different to the admin password). You can call the hub whatever you like, in this example we have used “VPN”.
HubCreate VPN
Now we configure the hub “VPN” that was just created.
Hub VPN
Your prompt should show:
VPN Server/VPN>
Now, we create the virtual LAN, which assigns IP addresses to remote clients.
SecureNatEnable
The output should now show:
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.
Next we create the first user for the VPN.
UserCreate vpnuser1
You should see the following output:
Next, set a password for the VPN user.
UserPasswordSet vpnuser1
In the next step, the SoftEther multi-protocol platform is configured.
IPsecEnable
You will now be asked several questions regarding which services to turn on. You can use the answers below:
Please note, the IPSec key will be used for L2TP connections, so please make it as complex as possible.
Congratulations, configuration is completed. Type “exit” to quit.
exit
Enabling and Configuring UFW Firewall for SoftEther
If your Ubuntu server was fresh before starting, you’ll need to enable and configure the built-in UFW firewall.
First Set the default policy.
ufw default allow outgoing
ufw default deny incoming
Now issue the following commands to open the ports required for SoftEther
ufw allow 443/tcp
ufw allow 5555/tcp
ufw allow 992/tcp
ufw allow 1194/udp
ufw allow SSH
Enable and start the firewall.
ufw enable
Set UFW to start on reboot.
systemctl enable ufw
Finishing Touches and Resources
Congratulations, your SoftEther VPN is now ready for use. At this stage it’s a good idea to reboot the server and ensure all services are running before attempting a client connection.
To check the status of the SoftEther VPN server use the command:
systemctl status vpnserver.service
To check the status of the UFW firewall use the command:
systemctl status ufw && ufw status verbose
To connect your Windows PC to your HTTPS SoftEther VPN, the client can be downloaded from the SoftEther website. There you can also find SoftEther’s instructions on how to install and connect the software.
Additional information regarding connecting other operating systems can also be found in the tutorial section of the SoftEther website.
Conclusion
A SoftEther VPN installed on your own Ubuntu server offers numerous benefits, especially in terms of flexible and secure networking.
This little-known VPN software solution can be deployed and used worldwide, and it can circumvent even the toughest VPN blocking techniques. So please spread the word, and enjoy this adaptable and versatile VPN solution.