SoftEther VPN
SoftEther Builds 5.xx
https://gueldenpfennigs.blogspot.com/2025/07/softether-build.htmlhttps://www.softether.org
Architecture
Features
- Free for Server & Clients
- Open Source (!)
- Supported Protocols
- SoftEther SSL VPN (proprietary)
- L2TP/IPSec
- MS-SSTP SSL
- OpenVPN
- OS for
- Servers: Linux & Windows
- Clients: Windows (Intel & ARM), Linux, Mac OS X, iOS, Android & Windows Mobile
SoftEther VPN <=> VpnGate Service
SoftEther VPN is the VPN-Server & Client Technology. This is just the Server and the Client in order to setup the VPN yourself. If you now are located in an area where Internet is partly blocked or you want to watch TV with geo-coding, you can use the VpnGate Service in order to "get through" ;-)
VpnGate uses the SoftEther Servers and Clients, but a lot of people worldwide are providing this as a service for you.
http://106.255.46.237:63913/en/ <<< free VpnGates in the web ;-)
Example VpnGate Server:
https://opengw.net
Username: vpn, Password: vpn
Pre-shared Key (Secret): vpn
http://106.255.46.237:63913/en/howto_l2tp.aspx
https://www.vpngate.net/en/howto_softether.aspx
Firewall "Hacks" via DNS & ICMP
Support in Europe:
TDT AG, 84051 Essenbach
http://www.tdt.de/lng/en/softether-vpn.htmlhttp://www.tdt.de/lng/en/products/vpn-gateways-loadbalancer.html
LEIBOLD, Nürnberg
https://www.leibold-it.de/portfolio/softether
https://www.leibold-it.de/wp-content/uploads/2015/12/flyervpn.pdf
Installation SoftEther
https://www.softether-download.com/en.aspx?product=softether
root
apt-get install build-essential gnupg2 gcc make
Download ... or similar like this:
wget http://www.softether-download.com/files/softether/v4.38-9760-rtm-2021.08.17-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz
cd /sapcd/softether
tar -xvf softether-vpnserver-v4.43-9799-beta-2023.08.31-linux-x64-64bit.tar.gz
cd /sapcd/softether/vpnserver
make
cd ..
mv vpnserver /usr/local/
cd /usr/local/vpnserver/
chmod 600 *
chmod 700 vpnserver
chmod 700 vpncmd
vi /etc/init.d/vpnserver
#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
mkdir /var/lock/subsys
chmod 755 /etc/init.d/vpnserver
Start & Stop the SoftEther VPN
/etc/init.d/vpnserver restart
/etc/init.d/vpnserver start
("start" can be run many times ...)
/etc/init.d/vpnserver stop
Logs ...
cd /usr/local/vpnserver/server_log
e.g.:
view vpn_20250325.log
update-rc.d vpnserver defaults
vi /usr/local/vpnserver/vpn_server.config
... this is done, in order to reduce many dns requests ...
declare DDnsClient
{
bool Disabled false =>true
byte Key dZk...
=>
declare DDnsClient
{
bool Disabled true
byte Key dZk...
(as 443 is used already, we have to change this in order to get the SoftEther Server up & running ...)
declare Listener0
{
bool DisableDos false
bool Enabled true
uint Port 443
}
=>
declare Listener0
{
bool DisableDos false
bool Enabled true
uint Port 992
}
declare Listener1
{
bool DisableDos false
bool Enabled true
uint Port 1194
}
declare Listener2
{
bool DisableDos false
bool Enabled true
uint Port 5555
}
declare Listener3
{
bool DisableDos false
bool Enabled true
uint Port 5556
}
chmod 777 /var/lock/subsys
SSL Certificate Update
... Copy & convert the letsencrypt for SoftEther:
cd /etc/letsencrypt/live/vpn.gueldenpfennig.info
openssl pkcs12 -export -out vpn.gueldenpfennig.info.pfx -inkey privkey.pem -in fullchain.pem
(No PIN!)
The import of this certificate vpn.gueldenpfennig.info.pfx happens via the SoftEther Server-Manager.
This is a 4096 Bit Certificate right now - this is supported by SofEther 5 ONLY (4.x does support 1024 & 2048 only)
Web-Interface - General
https://vpn.gueldenpfennig.info:5555
Web-Interface - Admin (pretty BAD - please use Win-Admin Tool below ...)
https://vpn.gueldenpfennig.info:5555/admin/default/
(Login with pwd of root BUT without user!!!)
Admin via Windows-Admin Tool - "VPN Server Manager"
VPN Server Manager - Admin pwd: like root ... (just the pwd, not the user!)
Dynamic IP for the Server: (DynDns - not really needed) <<< deactivated in the meantime! (bool Disabled true - can only be reactivated again with changing the config - admin tool is gray on this side now)
vpn918606294.softether.net
DNS Key: dZkdFx+2ztqicOZaIVI/YKJ5sC0=
VPN Azure Cloud VPN Service activated: <<< deactivated in the meantime as well! (could be activated via Admin Tool again)
vpn918606294.vpnazure.net
=>
https://www.vpnazure.net/en/
VPN User: Volker
pwd - like root ...
Encryption:
AES128-SHA => AES256-SHA256
Manage Virtual Hub -> Virtual NAT and Virtual DHCP Server (SecureNAT)
- Enable SecureNAT
- SecureNAT Configuration for "real VPN":
- Adjust the Network: 192.168.217.x
- DNS-Server: 45.89.127.31
- SecureNAT Configuration for "Pi-hole ONLY":
- Adjust the Network: 192.168.227.x
- DNS-Server: 45.89.127.31
Setup Windows VPN:
vpn918606294.softether.net:5555 <<< deactivated - see above
vpn.gueldenpfennig.info:5555
Official certificate should be installed ... perhaps the same one as for OpenConnect?
=> then Windows VPN will work without changing the trusted certificates ...
Setup Softether VPN:
Install Softether Client
vpn.gueldenpfennig.info:5555
or
vpn918606294.softether.net:5555
Certificates are not checked by default
Setup L2TP VPN: (e.g. iPhone)
PSK in Keepass Volker - "Softether - PSK IPsec - for iPhone L2TP IPsec"
Setup the client ... unfortunately, it did not work ... perhaps because of wrong certificate ...
vpn.gueldenpfennig.info:5555
#
0 Kommentare:
Kommentar veröffentlichen