Vpn server iso

SoftEther VPN Project develops and distributes  SoftEther VPN


An Open-Source Free ​Cross-platform Multi-protocol VPN Program

as an academic project from  University of Tsukuba
, under the Apache License 2.0.

What is SoftEther VPN


SoftEther VPN

(“SoftEther” means “Software Ethernet”)
is one of the world’s most powerful and easy-to-use multi-protocol VPN software. It runs on Windows, Linux, Mac, FreeBSD and Solaris.

SoftEther VPN is open source
. You can use SoftEther for any personal or commercial use for free charge.

SoftEther VPN is an optimum alternative to OpenVPN
and Microsoft’s VPN servers
. SoftEther VPN has a clone-function of OpenVPN Server. You can integrate from OpenVPN to SoftEther VPN smoothly. SoftEther VPN is faster than OpenVPN
. SoftEther VPN also supports Microsoft SSTP VPN for Windows Vista / 7 / 8. No more need to pay expensive charges for Windows Server license for Remote-Access VPN function.

SoftEther VPN can be used to realize BYOD
(Bring your own device) on your business. If you have smartphones, tablets or laptop PCs, SoftEther VPN’s L2TP/IPsec server function
 will help you to establish a remote-access VPN from your local network. SoftEther VPN’s L2TP VPN Server has strong compatible with Windows
, Mac
, iOS
and Android


SoftEther VPN is not only an alternative VPN server to existing VPN products (OpenVPN, IPsec and MS-SSTP). SoftEther VPN has also original strong SSL-VPN protocol
to penetrate any kinds of firewalls. Ultra-optimized SSL-VPN Protocol of SoftEther VPN has very fast throughput, low latency and firewall resistance.


Easy to imagine, design and implement your VPN topology with SoftEther VPN. It virtualizes Ethernet by software-enumeration
. SoftEther VPN Client implements Virtual Network Adapter
, and SoftEther VPN Server implements Virtual Ethernet Switch
. You can easily build both Remote-Access VPN
and Site-to-Site VPN
, as expansion of Ethernet-based L2 VPN. Of course, traditional IP-routing L3 based VPN
can be built by SoftEther VPN.


SoftEther VPN has strong compatibility to today’s most popular VPN products  among the world
. It has the interoperability with OpenVPN, L2TP, IPsec, EtherIP, L2TPv3, Cisco VPN Routers and MS-SSTP VPN Clients. SoftEther VPN is the world’s only VPN software which supports SSL-VPN, OpenVPN, L2TP, EtherIP, L2TPv3 and IPsec, as a single VPN software.

SoftEther VPN is free software because it was developed as Daiyuu Nobori’s Master Thesis research
in the University. You can download
and use it
 from today. The source-code
of SoftEther VPN is available under the Apache License 2.0.

Features of SoftEther VPN

Architecture of SoftEther VPN


Virtualization of Ethernet devices is the key of the SoftEther VPN architecture. SoftEther VPN virtualizes Ethernet devices in order to realize a flexible virtual private network for both remote-access VPN
and site-to-site VPN
. SoftEther VPN implements the Virtual Network Adapter program as a software-emulated traditional Ethernet network adapter. SoftEther VPN implements the Virtual Ethernet Switch program (called Virtual Hub
) as a software-emulated traditional Ethernet switch. SoftEther VPN implements VPN Session as a software-emulated Ethernet cable between the network adapter and the switch.

You can create one or many Virtual Hub
with SoftEther VPN on your server computer. This server computer will become a VPN server
, which accepts VPN connection requests from VPN client

You can create one or many Virtual Network Adapter
with SoftEther VPN on your client computer. This client computer will become a VPN client, which establishes a VPN connections to the Virtual Hub on the VPN server.

You can establish VPN sessions, as called ‘VPN tunnels’, between VPN clients and VPN servers. A VPN session is the virtualized network cable. A VPN session is realized over a TCP/IP connection. The signals through the VPN session is encrypted by SSL. Therefore, you can safely establish a VPN session beyond the Internet. A VPN session is established by SoftEther VPN’s “VPN over HTTPS” technology
. It means that SoftEther VPN can create a VPN connection beyond any kinds of firewalls and NATs


The Virtual Hub exchanges all Ethernet packets from each connected VPN session to other connected sessions. The behavior is same to traditional Ethernet switches. The Virtual Hub has a FDB (forwarding database) to optimize the transmission of Ethernet frames.

You can define a local bridge
between the Virtual Hub and the existing physical Ethernet segment by using the Local Bridge function. The Local Bridge exchanges packets between the physical Ethernet adapter and the Virtual Hub. You can realize a remote-access VPN
from home or mobile to the company network by using the Local Bridge function.

You can define a cascading connection
between two or more remote Virtual Hubs. With cascading, you can integrate two or more remote Ethernet segments to a single Ethernet segment. For example, after you establish cascading connections between the site A, B and C, then any computers in the site A will be able to communicate with the computers in the site B and the site C. This is a site-to-site VPN

SoftEther VPN Server supports additional VPN protocols, including L2TP/IPsec
, OpenVPN
, Microsoft SSTP
, L2TPv3
and EtherIP
. These realizes the interoperability with built-in L2TP/IPsec VPN clients on iPhone, iPad, Android, Windows and Mac OS X
, and also with Cisco’s VPN routers
and other vendors VPN products.

How to Use SoftEther VPN ?


SoftEther VPN is an essential infrastructure to build-up IT systems on enterprises and small-businesses.


SoftEther VPN can build-up flexible and dependable virtual network around Clouds. Amazon EC2, Windows Azure and most of other Clouds are supporting SoftEther VPN.


SoftEther VPN supports several mobile devices including iPhone and Android. Your smartphone is now a part of your on-premise or Cloud network by using SoftEther VPN.


SoftEther VPN is also an ultra-convenient tool for effective system management by IT professionals on enterprises and system integrators.




IPsec-based VPN protocols which are developed on 1990’s are now obsoleted. I Psec-based VPN are not familiar with most of firewalls, NATs or proxies. Unlike IPsec-based VPN, SoftEther VPN is familiar with any kind of firewalls. Additionally SoftEther VPN requires no expensive Cisco or other hardware devices. You can replace your Cisco or OpenVPN to SoftEther VPN today.


SoftEther VPN consists of three software: VPN Client, VPN Server and VPN Bridge.


SoftEther VPN Client


В этот раз я расскажу как сделать собственный VPN сервер за границей. Где я взял дешевый сервер за 109 рублей в месяц. А так же подробно как защитить этот сервер от атак из интернета.

Vpn server iso

Регистрируйтесь по ссылке
и получите бонус  15%
 к пополнению баланса, который будет действовать  24 часа


До 2022 года я не пользовался VPN серверами и они мне были не нужны. Ни один из заблокированных сайтов в РФ мне был не нужен. Но в 2023 году ситуация поменялась. Теперь не мы запрещаем доступ, а нам запрещают доступ. Целый ряд мелких и средних, а так же несколько больших корпораций закрыли доступ к своим ресурсам для Российского сегмента интернета. Решить эту задачу можно используя VPN за границей.

Можно взять услугу VPN, таких сервисов сейчас много. Но вот незадача, они с 99% долей вероятности сливают ваши данные заграничным спецслужбам. А те уже и другим неблагоприятным отморозкам. Это нужно для совершения атак на вас. Взлома пароля, аккаунта или просто подсовывания вам информации, которая настроит вас против своей страны. Поэтому нужен именно свой VPN, неподконтрольный никому.

To solve this problem, you need to use a common service VPS
(Virtual Private Server). Those. you take a virtual machine with a Linux server (it is cheaper than on Windows and works more stable) located abroad and with a white static IP address of some country, the main thing is not from the Russian segment. And many such companies, having servers abroad (I probably tried 20-30 of these), issue IP addresses from the Russian segment and consider this normal.

Vpn server iso

But this is not normal and it completely makes such VPN and VPS pointless.

Also, another criterion for choosing a hosting is payment by Russian cards, since all foreign hosters do not allow this.

I found one hoster that provides VPS service in Germany for very cheap from 99 rubles per month and gives out IP addresses of Luxembourg. This is hosting Aéza
. This is a referral link that will support my work, please follow it. If you follow my link, then
get a bonus 15%
to replenish the balance, which will be valid 24 hours

Hosting rates at the time of this writing are:

Register via link
and get a bonus 15%
to replenish the balance, which will be valid 24 hours

Vpn server iso

At the time of writing, this plan is not available, but the hosting manager promised to launch it in the near future, as soon as they receive and set up new equipment.

Vpn server iso

The tariff for 109 rubles per month is perfect for a VPN server for a family or a small group of people. But there is a limit of 100Mb / s in it. If you need a speed higher up to 1Gb / s, then you need to take a more expensive tariff. However, 391 rubles a month is also not at all expensive for a VPN service with unlimited traffic. Discounts when paying for a long period.

So follow the link
, register, choose a tariff, and I will show you how to set up this very VPN on VPS hosting.


When buying a VPS, I recommend choosing the Ubuntu 22.04 or later operating system, depending on the time when you are reading this article and I will show all the actions in this OS,

When you purchase and pay for the service in the hosting control panel, you can see the following window in active services:

Vpn server iso

To connect to the server via SSH, open:

  • PowerShell – if you have Windows 10 or newer
  • Terminal – if you have MacOS or linux
  • Download Putty – if you have another Windows similar OS

Enter the command in this utility:

 ssh root@IP address 
Vpn server iso

Then the system will ask you to enter a password, you also need to take it in the control panel as in the picture above.

Let me remind you that when entering a password, this input itself is not visible, you just enter the password and press inter. In Putty, pasting from the clipboard is by default the right mouse button.

Also, the first time you connect, the system will ask you to confirm and save the public key, agree by entering yes. There will be no such issue in the future.

That’s it, you got to your newly purchased VPS server for VPN

:/>  Настройка встроенного файрвола Windows XP Service Pack 2. Брандмауэр Windows XP
Vpn server iso
Demos, login and IP address will be different for you

If it will not connect in the future due to a key validity error

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
Please contact your system administrator.
Add correct host key in C:\\Users\\alexandrlinux/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in C:\\Users\\alexandrlinux/.ssh/known_hosts:15
Host key for has changed and you have requested strict checking.
Host key verification failed.

And this is the screenshot itself:

Vpn server iso

Then you need to remove the key from the known_host file with such a command, as shown in the picture above

 ssh-keygen -R host

Where host

is it an IP address or domain name

Initial setup

First of all, we enter such commands

 apt update
apt upgrade
apt install dialog tasksel ntpdate net-tools
tasksel --new-install 

Answer yes to all questions and do the following for the last one:

Vpn server iso

Remove all extra checkboxes with a space and set only the last two. This is necessary to install all the necessary utilities on the server, since initially hosters use a very minimalist OS assembly.

After that, you need to reboot the server with the command reboot

and after 1-2 minutes connect to it again via SSH

Configuring WireGuard with a script

is a VPN server(service) that has gained a lot of popularity lately. Therefore, I will start with it, especially since the method that I will show will be very simple. And there are clients for WireGuard for all devices and operating systems.

To install and configure the WireGuard server, we will use a ready-made script from GitHub
and enter the following commands:

 curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh

The first command will download the installation script to the server in the folder where you are. The second one will make the script executable, and the third one will run the script and this window will appear.

First of all, you need to specify the white static address of your VPS. In my case, this is a virtual machine on Synology VMM, but as a rule, the script itself substitutes the correct data perfectly, you just need to check. In general, all questions can be clicked on or corrected, for example, I would not use DNS server but use some other one, but everything will work well with this.

Vpn server iso
Vpn server iso
Vpn server iso

As you can see, everything is quite simple.

However, some clients, such as those on MacOS or Mikrotic, will not work properly with this configuration. Therefore, it would be a good idea to add in the Peer section at the end of PersistentKeepalive equal to, say, 5. Then it will work stably and if the connection is interrupted, the connection will also break after 5 seconds, which will positively affect the operation of the Internet on the client device.

 PersistentKeepalive = 5

Now, if you need to add, remove or see which users have been created, then just run the installation script again with the command ./wireguard-install.sh

Vpn server iso

The script will offer options, and you just need to select the one you need. Very comfortably.

On this, the WireGuard server is configured and you can connect to it with all the necessary data for connecting.

On MacOS, the Wireguard client is buggy. Sometimes it connects, but the Internet disappears, and the following appears in the MacOS logs:

 2023-05-13 16:20:44.155 [NET] Routine: handshake worker 1 - stopped
2023-05-13 16:20:44.155 [NET] Routine: handshake worker 5 - stopped
2023-05-13 16:20:44.157 [NET] Routine: handshake worker 7 - stopped
2023-05-13 16:20:44.157 [NET] Routine: encryption worker 8 - stopped
2023-05-13 16:20:44.157 [NET] Routine: encryption worker 3 - stopped

To solve this problem in MacOS, turn off WIFI and turn it on after 5-10 seconds. If a wired connection is used, disable and enable it.

Configuring OpenVPN with a script

is a freely distributed open source protocol that is loved by millions of users around the world and has come to be used on almost any kind of network devices.

To install and configure the OpenVPN server, use the ready-made script from GitHub
and enter the following commands:

 curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh

The first command will download the installation script to the server in the folder where you are. The second one will make the script executable, and the third one will run the script and this window will appear.

Vpn server iso
  1. Enter the IP address of your server. Usually the script finds it by itself. This is a white VPS address
  2. Domain name or IP address through which clients will connect to the server
  3. IPv6 support is optional (usually)
  4. The port on which the OpenVPN server will run. Better replace non non standard
  5. It is recommended to use UDP protocol
  6. You can choose DNS servers from the list, default adguard is a good choice
  7. Turning on compression is not recommended, but if you have a slow Internet connection, you can turn it on. Will be valid for all clients.
  8. Better not change the default encryption
  9. Press any button to finish setting

The process of installing the necessary components and setting them up will begin. And at the end, the script will ask you to enter the data of the first user

Vpn server iso
  1. Username
  2. You can encrypt the user’s key file with a password. Not all clients support this, so I chose 1

You can view the file with the cat command like this:

 root@vds:~# cat /home/sbaf/user1.ovpn
proto udp
remote vds.domen.ru 1194
dev tune
resolv-retry infinite
persist key
remote-cert-tls server
verify-x509-name server_eGGuvsq4ftvTKnbs name
auth SHA256
cipher AES-128-GCM
tls-version-min 1.2
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3

If you run the script again, it will offer to create a new user, delete an existing user, or delete the entire OpenVPN server with configuration.

Vpn server iso

On this, the OpenVPN server is configured and you can connect to it with all the necessary connection data.

Configuring IKEv2 with a script

is a new protocol developed by Microsoft and Cisco for a secure and reliable VPN connection. This protocol is used on all modern platforms. For example, Android 13 will only have this protocol built into the system.

There is an excellent article about IKEv2 on Habr https://habr.com/ru/companies/ruvds/articles/498924/

To install and configure the IKEv2 server, we will use a ready-made script from GitHub
and enter the following commands:

 wget https://raw.githubusercontent.com/jawj/IKEv2-setup/master/setup.sh
chmod u+x setup.sh

The principle of this script is the same as the others above, but there are some peculiarities. For example, the IKEv2 protocol necessarily needs a domain to bind a certificate. Therefore, get this in advance.

Also, this script does not support creating and deleting users. But you can edit them in the file yourself

 sudo nano /etc/ipsec.secrets 

To exit nano is Ctrl + O
, then Ctrl + X
to apply the changes, enter the command:

 sudo ipsec secrets

On this IKEv2 server is configured and you can connect to it with all the necessary connection data.

SoftEther VPN L2TP and OpenVPN setup

To configure L2TP and OpenVPN protocols, I will use SoftEther VPN
. It is an open source server and client that supports all protocols required for VPN

If you want to use this solution, then you need to remove the OpenVPN server and IKEv2 that was installed by the script above.

It is installed on the server with one command

 apt install softether-vpnserver 
Vpn server iso

At the first launch, you need to create a new session with the New Setting button

Vpn server iso

In the window that opens, come up with a session name and enter the white static IP address of your server, which was issued by the host. You can also change the port to 5555 from the list of ports. Useful for the future.

Vpn server iso

When you connect for the first time, the system will ask you to create a password. Come up with a complex password and remember it. It will be needed for further connection to the server.

Vpn server iso

Also, when connecting for the first time, you need to go through the initial setup procedure. Check the box as in the picture below or choose your option. This can be changed later.

Vpn server iso

Come up with a name for the first hub, there can be many of them. This is sufficient for our task.

Vpn server iso

SoftEther VPN has its own DDNS service, come up with a name or use the default, then you can turn it off.

Vpn server iso

Now enable the L2TP\IpSec protocol, create a password for the public key in English and remember it.

Vpn server iso

I suggest disabling Azure Cloud VPN service. It is needed when the server is behind NAT or firewall. In our case, we have a white static IP address on a VPS hosting.

Vpn server iso

Now it’s time to create the first user

Vpn server iso
  1. Create a login
  2. Add a description so you don’t forget who it is
  3. Create a complex password
  4. Repeat complex password
  5. Press OK to create user
Vpn server iso

In the future, to manage users, follow the numbers as in the picture below

Vpn server iso

You also need to enable NAT and DHCP in SothEther VPN itself, in order not to do this in Linux. To do this, open SecureNAT where circled in the picture above

In the window that opens, first configure SecureNAT

Vpn server iso

You can change the network in the settings, but this is not necessary. But be sure to change the DNS server. You can choose as I have in the picture below or any others. For example, here are their list

Vpn server iso

Apply the changes and enable SecureNAT as shown in one of the pictures above.

Now it remains to perform one more very important setting. Since we installed the server on a VPS, and not inside the local network, we need to enable NAT at the system kernel level, as shown in the picture below. DisableKernelModeSecureNAT must be 1.

Vpn server iso

On this SofthEther VPN is configured and ready to go. You can connect via L2TP on Windows, Mac, Android and iPhone. To connect via the OpenVPN protocol, you need a configuration file with keys. To generate it, open the OpenVPN\MS-SSTP Settings and click the generate OpenVPN configuration button as shown in the picture below

Vpn server iso
Vpn server iso

Checking internet speed on VPS

To check the speed on the VPS server, you can use the following commands:

 wget -O /dev/null https://speedtest.selectel.ru/100MB 
wget -O /dev/null https://speed.hetzner.de/100MB.bin

The first will check the speed to the Russian segment of the Internet, and the second to the foreign one in Germany.

:/>  Usn journal verification completed что делать - dcvesta.org

Please note that the speed will be in Mega Bytes and to get Mega bits you need to multiply Mega Bytes by 8. This is a computer science course at school.

And here is the speed that the phone shows through a VPN with the Wireguard protocol. I think the result is very good.

Vpn server iso


Since the VPS usually has little RAM, I recommend creating a 1 gigabyte swap file to protect the server from freezing when there is not enough memory.

 fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
free -m

Then write this to the fstab file to apply after reboot

 nano /etc/fstab
/swapfile none swap sw 0 0

To install important security updates in automatic mode, I recommend doing this

 dpkg-reconfigure -plow unattended-upgrades

nano /etc/apt/apt.conf.d/50unattended-upgrades

Then paste into the configuration file 50unattended-upgrades


 Unattended-Upgrade::Mail "ваша почта яндекс";
Unattended-Upgrade::MailReport "on-change";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "now";

Mail will not be delivered to Yandex until the necessary changes are made in postfix. These options will not be covered in this article.

By default, Ubuntu Server uses an alternative iptables, I recommend returning the normal one with the command

  update-alternatives --all

Answer all questions by default, only one point set the answer to 1 as shown below

 Press <enter> to keep the current choice[*], or type selection number: 
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).

  Selection    Path                       Priority   Status
* 0            /usr/sbin/iptables-nft      20        auto mode
  1            /usr/sbin/iptables-legacy   10        manual mode
  2            /usr/sbin/iptables-nft      20        manual mode

Press <enter> to keep the current choice[*], or type selection number: 1

Password protection

I’m afraid if I describe this moment in the same detail, the article will become very large. Therefore, this item will only be in the video clip. As well as setting up a firewall, changing the SSH port and taking care of disk space on the video.

Employed resources

Since I have a tariff for 109 rubles and the amount of resources there is very limited: 1 processor core, 1 gigabyte of RAM and 10 gigabytes of disk, it’s interesting to see how much it will take when I install, configure and use everything.

Now I have 3 active VPN users and 5 more have been created, but they use it periodically, not constantly. There are 8 users in total. At the same time, there are enough resources on the VPS server for it to work correctly.

Vpn server iso

: CPU load depends on the user’s protocol and whether they download or not. In general, 1 processor core does an excellent job, there is no huge load.

: Out of 1 gigabyte of memory, 315 megabytes have been used. This is 33% of the total.

: The disk is the bottleneck here. It took me over 6 gigabytes. This is 62% of the total volume of 10 gigabytes. The stock is still there and will last for a long time. Basically, the space will be engaged in various logs. Standard logs will clean themselves, but others will have to be cleaned manually. To do this, I prepared an article “ How to delete old log files in Linux
But don’t be in a hurry to do it. Wait, you may not need it. Look in half a year or a year.

Of course, I can describe how to connect to a VPN from various operating systems and devices, but this will obviously be superfluous, since this information is already too much on the Internet. Recommend Keenetic help
, where everything is detailed for each platform. You only need to take into account that you do not have Keenetic, but your own VPN on VPS and make the appropriate edits.


As a result, you will get a full-fledged VPN server to bypass blocking by unfriendly countries and services, and even for a very modest fee. Moreover, you can do this instruction on any VPS from any hoster. I suggested Aéza
, as the cheapest of those that gives real IP addresses of the foreign segment of the Internet.

And if you were looking for an anonymous VPN server, then I want to disappoint you that this one is not like that, since you will always go to one static IP address and, accordingly, foreign intelligence agencies will easily find you. And you need to hide from them, your own will not do anything bad to you if you do not violate the law of the Russian Federation.

Register via link
and get a bonus 15%
to replenish the balance, which will be valid 24 hours

As part of this blog, there was a note about installing SoftEther VPN on FreeBSD
I thought it would be interesting to describe how to install this product on Ubuntu.

A few words about the program

SoftEther is an open and freely distributed product (under the Apache 2.0 license).
Written by a student at the Japanese University of Tsukuba as part of an academic project.
The project is a multi-platform solution (MacOS, Linux, Windows and BSD).
In addition, the solution is a multi-protocol VPN server (l2tp, ipsec, openvpn)

We will consider the installation and initial configuration of a VPN server with the l2tp/ipsec protocol.
The advantage of this protocol is native support for Windows operating systems.


Provide remote users with secure access to the organization’s terminal server.
The server has a direct IP address.
In this note, the use of Microsoft Azur to organize a VPN server behind NAT will remain behind the scenes.

Network Diagram


We will do the installation in the terminal, setting up SoftEther VPN using its client in Windows.


Update repositories and install compilers

 sudo apt update
sudo apt install build-essential 

Getting distribution kit

Unlike FreeBSD, where SoftEther is available in ports and packages, Ubuntu does not have it in the standard repositories 🙂
Therefore, choose a platform on this page
and copy the link to the distribution.

SoftEther VPN Download page

Distribution download page

Download, unzip and compile

 mkdir ~/tmp
cd ~/tmp
wget https://www.softether-download.com/files/softether/v4.34-9745-rtm-2020.04.05-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.34-9745-rtm -2020.04.05-linux-x64-64bit.tar.gz
tar zxf softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-x64-64bit.tar.gz
cd vpnserver
make && cd ./ 

At the time of compilation, we accept the conditions three times by entering the number 1

Transfer compiled SoftEther, assign rights to its files

 sudo mv ~/tmp/vpnserver /opt
sudo chmod 600 /opt/vpnserver/*
sudo chmod 700 /opt/vpnserver/vpncmd
sudo chmod 700 /opt/vpnserver/vpnserver 

Create autorun via systemctl

 sudo vi /lib/systemd/system/vpnserver.service 
Description=SoftEther VPN Server

ExecStart=/opt/vpnserver/vpnserver start
ExecStop=/opt/vpnserver/vpnserver stop


Allow service start

 sudo systemctl enable vpnserver 


 sudo systemctl start vpnserver 


 sudo systemctl status vpnserver
● vpnserver.service - SoftEther VPN Server
 Loaded: loaded (/lib/systemd/system/vpnserver.service; enabled; vendor preset: enabled)
 Active: active (running) since Thu 2020-11-05 11:23:05 MSK; 20s ago
 Process: 5179 ExecStart=/opt/vpnserver/vpnserver start (code=exited, status=0/SUCCESS)
 Main PID: 5227 (vpnserver)
 Tasks: 36 (limit: 629145)
 Memory: 105.1M
 CGroup: /system.slice/vpnserver.service
 ├─5227 /opt/vpnserver/vpnserver execsvc
 └─5228 /opt/vpnserver/vpnserver execsvc

Create an administrative password

 sudo /opt/vpnserver/vpncmd 

Choose Management of VPN Server or VPN Bridge

by entering the number 1 and pressing Enter twice

  • Hostname of IP Address of Destination:
  • Specify Virtual Hub Name:
 VPN Server > ServerPasswordSet 

Download and install SoftEther VPN Server Manager for Windows

From this page
by selecting the desired platform and bit depth

SoftEther VPN Server Manager download page

Selecting SoftEther VPN Server Manager

Installing this client

SoftEther VPN Server Manager

Selecting the desired component

Launch SoftEther VPN Server Manager

Click on the button New Setting

and fill in the fields:

  • Setting Name
  • Address (host name)
  • The password we set (Password)

New Connection Setting SoftEther VPN

Press OK

and connect
We get into the initial setup wizard:

SoftEther Wizard

For our task, we need to select “Remote Access VPN Server”

Press Next

we get a warning window:

SoftEther VPN Server Manager The current settings of this VPN Server or VPN Bridge will be initialized. Do you really want to do this?

The current settings of this VPN server or VPN bridge will be initialized.

Press Yes

, and a window appears asking you to create a virtual hub ( Virtual Hub

), give it a name and press OK

Virtual Hub softether

The next window will be Dynamic DNS Function
SoftEther Dynamic DNS Function

Press Exit

and get into the IPsec settings

Enable lt2tp/IPsec and set IPsec Pre-Shared key

SoftEther IPsec Pre-Shared key

Press OK

and get into the setting Azure

I turn off this setting, because. I have a direct IP address
SoftEther VPN Azure

Enable Secure NAT
SoftEther Secure NAT

Set up VPN client as l2tp/IPsek without forgetting to specify the passphrase


That’s all I wanted to say 🙂

A few words about security

, in windows clients (in network properties, IPv4) disable the function “ Use default gateway on remote network”

So that only local resources are given to clients via VPN.
Использовать основной шлюз в удаленной сети

, as a rule, computers of remote users are their personal tangible asset 🙂
With the whole zoo of programs, including anti-virus software.
If remote users only need to connect to a terminal server, close other ports.
First of all, close the SMB protocol.
SoftEther VPN has a firewall on its board, it is configured in the Virtual Hub setting —> Manage Access List


SoftEther Access List

, limit the user to the number of concurrent sessions.
Configured in user account policies.
It will be correct to drop users into groups and edit policies in groups.

That’s all 🙂

Today, VPN technology is gaining more and more popularity. V PN is used by ordinary users to access the Internet. Using this service allows you to bypass regional blocking of resources and protect yourself from possible tracking from the outside. When connecting to a VPN server, a secure tunnel is created between the user’s computer and the server, which is inaccessible from the outside, and the VPN server itself becomes the Internet access point. There are many paid and free VPN services on the web, but if for some reason third-party services do not suit you, you can set up a VPN server yourself.

To create your own VPN, you need to rent a suitable virtual server
. To create a VPN connection, there are various software that differ in the supported operating systems and the algorithms used. The article discusses two independent ways to implement a VPN server. The first is based on the PPTP protocol, which today is considered outdated and insecure, but at the same time very easy to set up. The second uses modern and secure OpenVPN software, but requires a third-party client application and more advanced settings.

In the test environment, a virtual server running the Ubuntu Server 18.04 operating system is used as a server. The firewall on the server is disabled because its configuration is not covered in this article. The configuration of the client part is described using the example of Windows 10.

Preparatory operations

Regardless of which VPN server option you prefer, clients’ access to the Internet will be implemented by standard means of the operating system. In order to open Internet access from the internal network through the external interface of the server, it is necessary to allow packet forwarding between interfaces (packet forwarding), and configure address translation.

:/>  Windows Update Agent 7.6.7600.256 x86

To enable packet forwarding, open the file “/etc/sysctl.conf”
and change the value of the parameter “net.ipv4.ip_forward”
on 1

включение форвардинга пакетов для настройки VPN сервера

To apply the changes without restarting the server, run the command

sudo sysctl -p /etc/sysctl.conf

Address translation is configured using iptables
. First, specify the name of the external network interface by executing the command “ip link show”
, you will need it in the next step. In our case, the interface name is “ens3”

ip link show

Enable address translation on the external interface for all nodes of the local network.

Please note that you must specify the real name of the network interface in the command. It may differ on your server.

Default all created rules iptables
are reset after the server is rebooted, in order to avoid this, we will use the utility “iptables-persistent”
Installing the package.

sudo apt install iptables-persistent

During the installation process, a configuration window will open, in which the system will offer to save the current iptables rules. Since the rules are already set, we agree and double-click “Yes”
. Now, after restarting the server, the rules will be restored automatically.

Включаем трансляцию адресов на внешнем интерфейсе для всех узлов локальной сети

Server setup

sudo apt install pptpd

After the installation is completed, open the file “/etc/pptpd.conf” in any text editor
and bring it to the next form.

option /etc/ppp/pptpd-options #путь к файлу с настройками
logwtmp #механизм логирования клиентских подключений
connections 100 #количество одновременных подключений
localip #адрес, который будет шлюзом для клиентов
remoteip #диапазон адресов для клиентов

Next, edit the file “/etc/ppp/pptpd-options”
, most of the options are already set by default.

#service name, required when creating customer accounts

name pptpd

#prohibit obsolete authentication methods




#enable a stronger authentication method


#specify server dns for clients, you can specify any available



Настройка VPN сервера - создание учетной записи для подключения клиентов

To apply the settings, restart the service pptpd
and add it to startup.

sudo systemctl restart pptpd

sudo systemctl enable pptpd

Server setup completed.

Client Setting

Open “Start” - “Settings” - “Network and Internet” - “VPN”
and click “Add VPN Connection”

Настройка клиента для VPN подключения

In the window that opens, enter the connection parameters and click “Save”

  • VPN Service Provider: “Windows (Embedded)”
  • Connection name: “vpn_connect” (you can enter any)
  • Server name or address: (specify the external ip address of the server)
  • VPN Type: “Automatic”
  • Login data type: “Username and password”
  • Username: vpnuser
    (name as specified in the “chap-secrets” file on the server)
  • Password: 1
    (also from the “chap-secrets” file)

After saving the settings, a new connection will appear in the VPN window. Click on it with the left mouse button and press “Connect”
. Upon successful connection to the server, the connection icon will display “Connected”

Добавляем VPN подключение

The connection properties display the internal addresses of the client and server. In the field “Destination address”
the external address of the server is specified.

В свойствах подключения отображаются внутренние адреса клиента и сервера. В поле “Адрес назначения” указан внешний адрес сервера.

Проверка внешнего адреса компьютера при настройке VPN-соединения

Using any online service, you can make sure that the external IP address of the computer now matches the IP address of your VPN server.

OpenVPN server

Server setup

Let's elevate the rights of the current user, since all further actions require root access.

Install the necessary packages. Package “Easy-RSA”
needed to manage encryption keys.

apt install openvpn easy-rsa

Create a symbolic link to the OpenSSL configuration file, otherwise the system will give an error when loading variables.

Change to easy-rsa working directory, load variables and clear old configurations.

Let's start creating keys. We generate the Diffie-Hellman key, the process may take some time.

Генерируем ключи

We generate a certification authority.

In the process, you need to answer questions and enter information about the owner of the key. You can leave the default values, which are in square brackets. To complete the input, press “Enter”

Generate keys for the server, specify an arbitrary name as an argument, in our case it is “vpn-server”

As in the previous step, answer the questions or leave the default values. At the final stage, press twice SoftEther Wizard “y”

Create a folder in the OpenVPN working directory “keys”
to store the keys and copy the necessary files there.

mkdir /etc/openvpn/keys

cp ca.crt dh2048.pem vpn-server.key vpn-server.crt /etc/openvpn/keys/

Copy and unpack the configuration file template into the “/etc/openvpn/” directory.

Open the file for editing “/etc/openvpn/server.conf”
and make sure the following lines are present, adjust if necessary.

#Port, protocol and interface

port 1194

proto udp


#Path to encryption keys

ca /etc/openvpn/keys/ca.crt

cert /etc/openvpn/keys/vpn-server.crt

key /etc/openvpn/keys/vpn-server.key

dh /etc/openvpn/keys/dh2048.pem

#Network parameters

topology subnet


ifconfig-pool-persist /var/log/openvpn/ipp.txt

push "redirect-gateway def1 bypass-dhcp"

push “dhcp-option DNS”

push “dhcp-option DNS”

#Disabling additional encryption

#tls-auth ta.key 0

#Enable compression

compress lz4-v2

push "compress lz4-v2"

#Enable saving parameters after restart



#Redirecting logs

log /var/log/openvpn/openvpn.log

Leave other parameters unchanged.

Restart the OpenVPN service to apply the configuration.

systemctl restart openvpn

Server setup completed!

Client Setting

We go to the official website of the project “ https://openvpn.net
”, go to the section “COMUNITY”

Скачиваем клиент OpenVPN с официального сайта проекта

and download the installer for your version of the operating system. In our case, this is Windows 10.

скачиваем инсталлятор для своей версии операционной системы

Install the application, leaving all the default settings.

At the next stage, the following files must be prepared on the server and transferred to the client's computer:

  • public and private keys;
  • a copy of the certificate authority key;
  • configuration file template.

Connect to the server, elevate rights, go to the working directory of the utility “easy-rsa”
and load variables.

Generate a key pair for the client, specify an arbitrary name as an argument, in our case “client1”

Answering the questions, enter your data or just press “ENTER”
, leaving the default values. After that press twice “y”

Установка и настройка OpenVPN

Copy the client configuration file template to the same folder. When copying, change the file extension to “ovpn”

Change directory owner “~/client1/”
and all the files in it, in order to be able to transfer them to the client computer. In our case, let's make the owner of the user “mihail”

chown -R mihail:mihail ~/client1

Go to the client computer and copy the contents of the folder from the server “~/client1/”
in any available way, for example, using the utility “PSCP”
, which is part of the Putty client.

Key files “ca.crt”, “client1.crt”, “client1.key”
can be stored anywhere, in our case it is the folder “c:\Program Files\OpenVPN\keys”
, and the configuration file is “client.ovpn”
transfer to the directory “c:\Program Files\OpenVPN\config”

Let's start configuring the client. Open the file in notepad “c:\Program Files\OpenVPN\config\client.ovpn”
and edit the following lines

#We are a customer


#Interface and protocol the same as on the server

dev tune

proto udp

#Server IP address and port

remote ip_server_address 1194

#saving parameters across restarts



#Path to keys

ca “c:\\Program Files\\OpenVPN\\keys\\ca.cert”

cert “c:\\Program Files\\OpenVPN\\keys\\client1.crt”

key “c:\\Program Files\\OpenVPN\\keys\\client1.key”

#Enable server authentication

remote-cert-tls server

#Disable additional encryption

#tls-auth ta.key 1

cipher AES-256-CBC

comp lzo


verb 3

Leave other parameters unchanged.

Save the file and run the client application “OpenVPN GUI”

VPN setup finished

To connect to the server, right-click on the tray icon and select “Connect”
. If the connection is successful, the icon will turn green.

Using any online service, we make sure that the client's external ip address has changed and matches the server's IP address.

Best Top 20 Free Open Source VPN (Benefits). V PN is about having more security on your laptop or mobile when using public Wi-Fi. If you want to keep your personal data private and protect your computer or mobile phone from the prying eyes of hackers then this review is great for you.

What is VPN

Top 20 Free Open Source VPN What is VPN

A virtual private network, ( VPN
) gives you online privacy and anonymity. It creates a private network from a public internet connection. V PN then masks your internet protocol (IP) address so your online actions are not traceable. VPN establishes
secure and encrypted connection for greater privacy, even better than a secured Wi-Fi hotspot.

Best Top 20 Free Open Source VPN

Best Top 20 Free Open Source VPN

1. OpenVPN

OpenVPN features

It works in any configuration including remote access
, site to site VPNs, Wi-Fi security
and enterprise scale access solutions. It has features like load balancing
, failover and a ccess control
s. It can tunnel IP sub-networks or virtual Ethernet adapters. Open VPN benefits are: Supports perfect forward secrecy, has firewall compatibility and Better Security (256-bit encryption keys ).

OpenVPN is free to use as long as software license agreements are met.

2. Libreswan VPN

Libreswan VPN

It comes as a ready to use package on Red Hat Linux distributions and is compatible with FreeBSD OS and iOS, and Linux 2.4 – 4.x.

3. SoftEther VPN

SoftEther features

  • Virtual Firewall
    (prevent things like malware and spyware and unauthorized connections).
  • Dynamic Server is flexible to set up or have it in a cloud ( virtualization
  • Private Connection Network.
  • BYOD
    (bring your own device) where this VPN’s security and firewall systems makes it perfectly safe to work remotely, or bring your own devices into work with you.
  • SoftEther supports NAT traversal, meaning it helps to run VPN servers on computers that are behind personal gateways, corporate routers, and firewalls.
  • this VPN uses HTTPS to camouflage connections
    making firewalls unable to perform deep packet inspections to detect packets that are passing through the VPN’s tunnel.
  • It also offers remote access and control lists

If you like SoftEther
VPN as it gives excellent security and privacy, but also a lot more convenience work your business activities, consider this option.

SoftEther VPN on Azure

SoftEther VPN on AWS

Оставьте комментарий