I don’t like OpenVPN. With that out of the way, SoftEther VPN supports a lot more protocols (including SSTP) and is made in Japan, so I decided to go with it. Unfortunately it is not available in package managers, but they do have a GitHub repo.

$> cd /opt
$> git clone https://github.com/SoftEtherVPN/SoftEtherVPN.git
$> cd SoftEtherVPN
$> ./configure
$> apt install libreadline-dev libssl-dev libncurses5-dev
# I thought I DID install build-essential but those packages weren't present...
$> make
$> fucking-coffee.sh
# Google it, fun read
$> make install

Then we can verify the server works and start configuring it.

$> vpnserver start
$> vpncmd

The instructions in vpncmd suggested that the default setting for the server would be localhost:8888 but that was wrong. It seems that if you leave everything blank the vpncmd utility tries to connect to localhost:443, which in my case was used by the web server and caused the command to fail.

Next, once we manage to make a connection to the VPN server with vpncmd, we set the server password: ServerPasswordSet.

Rather than reading the manual, here I preferred using the GUI configuration tool they provide to manage the settings. Namely enable L2TP/IPsec, disable the less secure L2TP variant, turn on SSTP and create a user (apparently RADIUS or AD authentication is not available in the open-source version for some reason…).

Final step I took was to disable the built-in DDNS and sign and install a certificate.

$> openssl genrsa -out vpnserver.key 4096
$> openssl req -new -key vpnserver.key -out vpnserver.csr

Use the CSR to request a certificate using certsrv (for Windows Server CAs), download the certificate, and load them up from SoftEther’s GUI tool along with the private key.

And of course create a systemd service because despite all the hate it gets I like it.

$> nano /etc/systemd/system/softether.service
Description=SoftEther VPN daemon

ExecStart=/usr/bin/vpnserver start
ExecStop=/usr/bin/vpnserver stop


Then start and enable the service. Relatively simple.