OpenVPN has provided a great solid solution over the years and I've installed many point to point solutions as well as VPNs for commercial and private use. While I'm certainly a fan, circumstances have warranted investigating a new solution, specifically one that provides L2TP/IPsec server functionality and additional throughput. Enter SoftEther.
SoftEther is a multi-protocol VPN software that runs on Mac, Linux, FreeBSD and Windows. Due to the clone function, it even allows for easy integration from OpenVPN, meaning you can connect using the client you previously used to connect to an OpenVPN server. Furthermore the L2TP capability aids in connectivity with iOS and Android devices. A full review of the specifications and capability can be found at softether.org.
For my purposes, I needed the ability to provide VPN access from an iPhone, and a LAN to LAN bridge to connect several commercial offices.
My specifications as you can see were initially very conservative. I found that even a system with as little as 512MB and 5G of storage was capable of providing a reasonable VPN for a small office or home use. While not necessary, I choose to run a separate server or virtual machine for VPN access.
- Virtual Machine
- Debian 7
- 1G (Virtual allows for easy modification based on usage)
- 10G Storage
1. Install Debian
I used the mini.iso, no options other than system tools. I like to run lean and don't use a gui for any production system.
Acquire the necessary tools for compiling SoftEther.
apt-get install build-essential
2. Download & Install SoftEther
Wget or Lynx are your best options.
lynx http://www.softether-download.com/files/softether/
You have multiple different versions to choose from. I've typically utilized the 'rtm' versions instead of 'beta' but the choice is yours.
Once you locate your version of choice and architecture, highlight it and press "d" to download. When prompted, choose "save to disk".
I keep my downloads in /usr/local/src.
cd /usr/local/src
tar xvfz softether-vpnserver-version-number-you-downloaded.tar.gz
The archive will extract and create a vpnserver directory.
cd /usr/local/src/vpnserver
You'll be prompted to read the License Agreement, confirm you read it and agree to the License Agreement.
Any issues with 'make' are likely due to unmet dependancies. Verify you completed the step of installing the 'build-essential' components.
My habit is to move services to the /etc folder.
mv /usr/local/src/vpnserver /etc
cd /etc/vpnserver
chmod 600 *
chmod 700 vpnserver
chmod 700 vpncmd
Create startup script
Example:
#!/bin/sh
# SoftEther
DAEMON=/etc/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
chmod 755 /etc/init.d/vpnserver
Debian makes it easy to update the run levels and have SoftEther start on boot up.
update-rc.d vpnserver defaults
Note the use of /var/lock/subsys, you'll need to create the directory.
Start SoftEther
/etc/init.d/vpnserver start
3. Check Installation and configure.
cd /etc/vpnserver
./vpncmd
Check installation by choosing option 3.
Virtual Hub
Choose option 1 this time
You now need to choose the Hub you just created (like a database).
There are different ways for authentication (please read and determine how best to proceed for your circumstances).
UserPasswordSet NewUserName
Enable L2TP
This is a very basic configuration. There are a multitude of other options available, far beyond what I've described here. I'd also suggest changing/setting an administrative password which wasn't covered, but is a simple command.
A few items that I intend to write a follow up on are:
- Certificate Setup & Generation
- OpenVPN Compatibility Configuration
- SSTP Config
- Client Configuration
- LAN to LAN Bridge