I. Start a Compute Instance on Cloud
You can start the instance in aws, azure or aliyun, make sure ports 22(tcp), 443(tcp), 500(tcp and udp), 992(tcp and udp), 1194(tcp and udp), 4500(tcp and udp), and 5555(tcp and udp) are opened. Recommanded images are ubuntu or centos.
II. Install SoftEther on the Instance
First, get softether VPN, wget https://www.softether-download.com/files/softether/v4.25-9656-rtm-2018.01.15-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.25-9656-rtm-2018.01.15-linux-x64-64bit.tar.gz, you also can get the other versions here.
Then extract the file, and change into the extracted directory, type ./.install and hit Enter, to compile vpn in your enviroment.
III. Start vpn Server and Configure
Start vpn server
Type ./vpnserver start to start the vpn server
You can stop the vpnserver with type ./vpnserver stop
Check to make sure SoftEther is working
Here we will run a quick check to make sure everything is working as desired.
Type cd ./vpnserver and hit Enter
Type ./vpncmd and hit Enter
Type 3 to choose the third option and hit Enter
Type check and hit Enter to run the test
Configuring SoftEther
Next we need to configure SoftEther so we can connect to it from our PC client.
1 While you’re still in the vpnserver directory, type ./vpncmd
2 Choose option 1 and hit Enter
3 For the hostname IP, input the IP address of the EC2 server instance followed by a colon and port 5555. You can find the IP of your server instance on the EC2 dashboard. The input should look like this: 123.123.123.123:5555
4 In the next step, leave the input blank and hit Enter to connect from the Server Admin node
5 The prompt should now read “VPN Server>”. Enter ServerPasswordSet and hit Enter
6 Enter a password of your choice and type it again to confirm
7 Next, type HubCreate VPN and enter a new password that you will use to log in when you are not in Server Admin mode
8 Type Hub VPN and hit Enter
9 Type SecureNatEnable
10 Type UserCreate paul, replacing “paul” with a username of your choice.
11 You will be asked to enter a Group Name, Full Name, and Description for the new user. Leave the Group Name blank, and use whatever you want for the other two.
12 Type UserPasswordSet paul, replacing “paul” with the username you just created. Enter and confirm a password for that user. For android/ios the password with special characters are not recommended except alphabet or digtial.
13 Repeat steps 10-12 for as many users as you wish.
14 A couple notes here. In step 9, we use Secure NAT as the means to connect hubs to the server network. Another option is Local Bridge connection, but it’s more complicated and requires you set up a DHCP server. Secure NAT takes care of the DHCP server for you.
15 Type Hub without the hub name, then hit enter to exit Hub admin, return to the upper menu server admin. You can also type Exit to exit vpncmd immediately.
In step 12, we use the UserPasswordSet command to enable password authentication on a particular user. SoftEther supports several other types of authentication, which can vary between users. They include NT domain, anonymous, RADIUS, individual certificate, and signed certificate authentication.
Create group/user and set user password console output:
1 | # ./vpncmd |
Set up L2TP/IPSec on the VPN server
We decided to use L2TP/IPSec as the VPN protocol in this tutorial for three main reason: a) it’s more secure than PPTP, b) it’s easier to set up than OpenVPN, and c) it works across multiple operating systems, unlike the Windows-only SSTP.
1 While still in vpncmd’s “VPN Server>” prompt, enter IPsecEnable
2 Next you are given a series of configuration prompts. Below we’ll give our recommended answers:
- Enable L2TP over IPsec Server Function – yes, enable the VPN for use on multiple devices including Windows PC, Mac OSX, iOS, and Android
- Enable Raw L2TP Server Function – no, do not allow connections without encryption
- Enable EtherIP / L2TPv3 over IPsec Server Function – yes, allow routers with this built-in function to connect
3 Next comes the pre-shared key. This is a password with a maximum of nine characters. Enter whatever you like.
4 For “Default Virtual HUB in a case of omitting the HUB on the Username:”, simply enter VPN
That’s it! Make sure you write down all the passwords you’ve created above and what each one is for.
IV. Client Configure
For windonws or macos, you could download the vpn client to connect the vpn server:
For ios mobile device, iPhone/iPad L2TP Client Setup
For android mobile device, Android L2TP Client Setup
Tips for AWS Ubuntu
- Set password after intall: sudo passwd
- Install compile enviroment: apt-get update; apt-get install gcc make
- Auto start and log manage, vpnsm.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14#!/bin/bash
if [ X"$1" = "Xstart" ]; then
/home/ubuntu/vpnserver/vpnserver stop
/home/ubuntu/vpnserver/vpnserver start
fi
if [ X"$1" = "Xlog" ]; then
rm -rf /home/ubuntu/vpnserver/server_log/* /home/ubuntu/vpnserver/security_log/* /home/ubuntu/vpnserver/packet_log/*
/home/ubuntu/vpnserver/vpnserver stop
/home/ubuntu/vpnserver/vpnserver start
fi
exit 0 - Add startup service for ubuntu, systemctl enable vpnstartup.service
1
2
3
4
5
6
7
8
9
10
11
12# /etc/systemd/system/vpnstartup.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/home/ubuntu/vpnsm.sh start
[Unit]
Wants=network-online.target
After=network-online.target
[Install]
WantedBy=multi-user.target - Create crontab task for ubuntu
1
2
3
4
5
6
7
8
9# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
50 3 * * * root /home/ubuntu/vpnsm.sh log
Reference
SoftetherVPN Howto
How to make a free VPN with SoftEther and an AWS EC2 Linux instance