Go to http://www.softether-download.com/files/softether and download SoftEther Client for the right architecture.
> cd /tmp
> wget http://www.softether-download.com/files/softether/v4.18-9570-rtm-2015.07.26-tree/Linux/SoftEther_VPN_Client/64bit_-_Intel_x64_or_AMD64/softether-vpnclient-v4.18-9570-rtm-2015.07.26-linux-x64-64bit.tar.gz
> tar xf softether-vpnclient-v4.18-9570-rtm-2015.07.26-linux-x64-64bit.tar.gzThen we have to compile it :
> apt-get install build-essential
> cd vpnclient
> makeThen move it elsewhere to start using it :
> cd ..
> mv vpnclient/ /usr/local/.
> cd /usr/local/vpnclient
> chmod 600 *
> chmod 700 vpn*Go to the install dir and run the client configuration utility :
> ./vpnclient start
> cd /usr/local/vpnclient
> ./vpncmdSelect 2. Management of VPN Client and hit Enter to connect to your client management console.
By using vpncmd program, the following can be achieved.
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 2
Specify the host name or IP address of the computer that the destination VPN Client is operating on.
If nothing is input and Enter is pressed, connection will be made to localhost (this computer).
Hostname of IP Address of Destination:
Connected to VPN Client "localhost".First we have to create a Virtual Network Adapter :
VPN Client>NicCreate vpn1
NicCreate command - Create New Virtual Network Adapter
The command completed successfully.
VPN Client>NicEnable vpn1
NicEnable command - Enable Virtual Network Adapter
The command completed successfully.We can see that a new network interface is present on our computer :
> ip addr show vpn_vpn1 # Our new interface name, always start with vpn_*
7: vpn_vpn1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/ether 00:ac:d9:4e:a6:ac brd ff:ff:ff:ff:ff:ff
inet6 fe80::2ac:d9ff:fe4e:a6ac/64 scope link
valid_lft forever preferred_lft foreverNow we have to create an account to connect to our VPN :
VPN Client>AccountCreate AschenVPN
AccountCreate command - Create New VPN Connection Setting
Destination VPN Server Host Name and Port Number: vpn.example.com:443 # VPN server address and port
Destination Virtual Hub Name: MyVPN # Virtual Hub name on the server
Connecting User Name: aschen # Username
Used Virtual Network Adapter Name: vpn1 # Virtual Network Adapter we just create
The command completed successfully.Set the account password :
VPN Client>accountpasswordset AschenVPN
AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication
Please enter the password. To cancel press the Ctrl+D key.
Password: *************
Confirm input: ***********
Specify standard or radius: standard
The command completed successfully.We can finally connect to our server and test the connection :
VPN Client> AccountConnect AschenVPN
AccountConnect command - Start Connection to VPN Server using VPN Connection Setting
The command completed successfully.
VPN Client>AccountStatusGet AschenVPN
AccountStatusGet command - Get Current VPN Connection Setting Status
Item |Value
------------------------------------------+------------------------------------------
VPN Connection Setting Name |AschenVPN
Session Status |Connection Completed (Session Established)
VLAN ID |-
Server Name |vpn.example.com
Port Number |TCP Port 443
Server Product Name |SoftEther VPN Server (64 bit)Now we have a successfull connection to our VPN but we still expose our real IP on internet. We have to route all the traffic throught the VPN tunnel.
First we have to obtain IP Address from VPN server.
> dhclient vpn_vpn0
> ip addr show vpn_vpn0
6: vpn_vpn0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/ether 00:ac:57:8e:88:73 brd ff:ff:ff:ff:ff:ff
inet 192.168.30.10/24 brd 192.168.30.255 scope global vpn_vpn0 # We now have an IP Address
valid_lft forever preferred_lft forever
inet6 fe80::2ac:57ff:fe8e:8873/64 scope link
valid_lft forever preferred_lft forever
Then we need several informations :
- Your internet router IP
- VPN Server IP on vpn_vpn0
- VPN Server public IP
To find Internet router IP and VPN Server IP on vpn_vpn0, first find your IP on these network :
> ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether a4:1f:72:74:91:99 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.36/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::a61f:72ff:fe74:9199/64 scope link
valid_lft forever preferred_lft forever
> ip addr show vpn_vpn0
6: vpn_vpn0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/ether 00:ac:57:8e:88:73 brd ff:ff:ff:ff:ff:ff
inet 192.168.30.10/24 brd 192.168.30.255 scope global vpn_vpn0
valid_lft forever preferred_lft forever
inet6 fe80::2ac:57ff:fe8e:8873/64 scope link
valid_lft forever preferred_lft foreverMy IP are 192.168.1.36 for eth0 and 192.168.30.10 for vpn_vpn0 so I try to find internet box and VPN server IP-s :
> ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=2.45 ms
> ping 192.168.30.1
PING 192.168.30.1 (192.168.30.1) 56(84) bytes of data.
64 bytes from 192.168.30.1: icmp_seq=1 ttl=128 time=249 msThen I need to find the VPN Server public IP :
> host vpn.example.com
vpn.example.com has address 93.184.216.34So I have :
- Internet router IP : 192.168.1.1
- VPN Server IP on vpn_vpn0 : 192.168.30.1
- VPN Server public IP : 93.184.216.34
First we add route to our VPN Server public IP throught our Internet Box and change the default route to the VPN Server IP on vpn_vpn0:
> ip route add 93.184.216.34/32 via 192.168.1.1 dev eth0
> ip route del default
> ip route add default via 192.168.30.1 dev vpn_vpn0 You can now verify if traffic is routed throught the VPN :
> dig +short myip.opendns.com @resolver1.opendns.com
93.184.216.34You have first to delete your custom route and restore the previous one :
> ip route del 93.184.216.34/32
> ip route del default
> ip route add default via 192.168.1.1 dev eth0
> ifconfig vpn_vpn0 0.0.0.0 Then disconnect from your VPN Server:
> /usr/local/vpnclient/vpncmd
[...]
VPN Client> AccountDisconnect AschenVPN
AccountDisconnect command - Disconnect VPN Connection Setting During Connection
The command completed successfully.We can create 2 small script to connect, disconnect and redirect traffic :
/usr/local/vpnclient/start.sh
#!/bin/bash
ACCOUNT=AschenVPN
VPN_INTERFACE=vpn_vpn0
LOCAL_INTERFACE=eth0
IP_VPN_PUBLIC=93.184.216.34
IP_VPN_PRIVATE=192.168.30.1
IP_INTERNET_BOX=192.168.1.1
echo "Connect to VPN"
echo -e "2\n\nAccountConnect $ACCOUNT\n" | /usr/local/vpnclient/vpncmd # Connect Account
echo "Redirect traffic"
dhclient $VPN_INTERFACE
ip route add $IP_VPN_PUBLIC/32 via $IP_INTERNET_BOX dev $LOCAL_INTERFACE
ip route del default
ip route add default via $IP_VPN_PRIVATE dev $VPN_INTERFACE
echo "Public ip :"
dig +short myip.opendns.com @resolver1.opendns.com/usr/local/vpnclient/stop.sh
#!/bin/bash
ACCOUNT=AschenVPN
VPN_INTERFACE=vpn_vpn0
LOCAL_INTERFACE=eth0
IP_VPN_PUBLIC=93.184.216.34
IP_INTERNET_BOX=192.168.1.1
echo "Connect to VPN"
echo -e "2\n\nAccountDisconnect $ACCOUNT\n" | /usr/local/vpnclient/vpncmd
echo "Redirect traffic"
ip route del $IP_VPN_PUBLIC/32
ip route del default
ip route add default via $IP_INTERNET_BOX dev $LOCAL_INTERFACE
ifconfig $VPN_INTERFACE 0.0.0.0
echo "Public ip :"
dig +short myip.opendns.com @resolver1.opendns.comNow we will create a init script to run vpnclient and setup default route at startup.
/etc/init.d/vpnclient
#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Client
DAEMON=/usr/local/vpnclient/vpnclient
START=/usr/local/vpnclient/start.sh
STOP=/usr/local/vpnclient/stop.sh
case "$1" in
start)
$DAEMON start
sleep 1
$START
;;
stop)
$DAEMON stop
$STOP
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0Then add init script to startup :
> chmod +x /etc/init.d/vpnclient
> update-rc.d vpnclient defaults
Hello Aschen,
Your tutorial was very usefull to me to set up a linux ubuntu VPN Client,
but I found a command that grow up an error:
VPN Client>AccountCreate AschenVPN
I changed the line
with
and it worked correctly
I hope it will be usefull
Thank you again for your work
Sincerely
Paolo