Go to http://www.softether-download.com/files/softether and download SoftEther Server for the right architecture.
> cd /tmp
> wget http://www.softether-download.com/files/softether/v4.18-9570-rtm-2015.07.26-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.18-9570-rtm-2015.07.26-linux-x64-64bit.tar.gz
> tar xf softether-vpnserver-v4.18-9570-rtm-2015.07.26-linux-x64-64bit.tar.gz
Then we have to compile it :
> apt-get install build-essential
> cd vpnserver
> make
Then move it elsewhere to start using it :
> cd ..
> mv vpnserver/ /usr/local/.
> cd /usr/local/vpnserver
> chmod 600 *
> chmod 700 vpn*
Now we will create a init script to run vpnserver
at startup.
/etc/init.d/vpnserver
#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
Then create the /var/lock/subsys dir and add init script to startup :
> mkdir /var/lock/subsys
> chmod +x /etc/init.d/vpnserver
> update-rc.d vpnserver defaults
> service vpnserver start
Go to the installation dir and start the configuration utility :
> cd /usr/local/vpnserver
> ./vpncmd
Choose 1. Management of VPN Server or VPN Bridge
and just hit Enter when you are asked for Hostname and IP Address of Destination
, then hit Enter again to connect you to your server managemement console.
Specify the host name or IP address of the computer that the destination VPN Server or VPN Bridge is operating on.
By specifying according to the format 'host name:port number', you can also specify the port number.
(When the port number is unspecified, 443 is used.)
If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer).
Hostname of IP Address of Destination:
If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name.
If connecting by server admin mode, please press Enter without inputting anything.
Specify Virtual Hub Name:
Connection has been established with VPN Server "localhost" (port 443).
You have administrator privileges for the entire VPN Server.
VPN Server>
First change the default password to your server :
VPN Server> ServerPasswordSet
ServerPasswordSet command - Set VPN Server Administrator Password
Please enter the password. To cancel press the Ctrl+D key.
Password: ****************
Confirm input: ****************
The command completed successfully.
Now we will create a Virtual Hub
for your vpn connection and assign a password to it (for administration).
VPN Server> HubCreate MyVPN
HubCreate command - Create New Virtual Hub
Please enter the password. To cancel press the Ctrl+D key.
Password: ********
Confirm input: ********
The command completed successfully.
Then select the Virtual Hub
:
VPN Server> Hub MyVPN
Hub command - Select Virtual Hub to Manage
The Virtual Hub "MyVPN" has been selected.
The command completed successfully.
VPN Server/MyVPN>
Enable SecureNAT
which is the most easier setup and will work pretty well for your situation I guess.
VPN Server/MyVPN> SecureNatEnable
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.
In order to connect to our VPN, we have to create Users and assign them passwords :
VPN Server/MyVPN> UserCreate aschen
UserCreate command - Create User
Assigned Group Name:
User Full Name:
User Description:
The command completed successfully.
VPN Server/MyVPN> UserPasswordSet aschen
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
Please enter the password. To cancel press the Ctrl+D key.
Password: ****************
Confirm input: ****************
The command completed successfully.
Finally we have to enable L2TP/IPSec
:
VPN Server/MyVPN> IpSecEnable
IPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes # Enable IPSEC encryption
Enable Raw L2TP Server Function (yes / no): no # Don't allow client to connect without IPSec encryption
Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): no
Pre Shared Key for IPsec (Recommended: 9 letters at maximum): iamthepresharedkey # Pre shared key
Default Virtual HUB in a case of omitting the HUB on the Username: MyVPN # Default Virtual Hub
The command completed successfully.
We have now a fully functionnal L2TP over IPSec vpn server :)