SoftEther VPN on Raspberry Pi with Ubuntu 16.04
I don’t like OpenVPN. With that out of the way, SoftEther VPN supports a lot more protocols (including SSTP) and is made in Japan, so I decided to go with it. Unfortunately it is not available in package managers, but they do have a GitHub repo.
$> cd /opt
$> git clone https://github.com/SoftEtherVPN/SoftEtherVPN.git
$> cd SoftEtherVPN
$> ./configure
$> apt install libreadline-dev libssl-dev libncurses5-dev
# I thought I DID install build-essential but those packages weren't present...
$> make
$> fucking-coffee.sh
# Google it, fun read
$> make install
Then we can verify the server works and start configuring it.
$> vpnserver start
$> vpncmd
1
localhost:5555
<enter>
The instructions in vpncmd
suggested that the default setting for the server would be localhost:8888 but that was wrong. It seems that if you leave everything blank the vpncmd
utility tries to connect to localhost:443, which in my case was used by the web server and caused the command to fail.
Next, once we manage to make a connection to the VPN server with vpncmd
, we set the server password: ServerPasswordSet
.
Rather than reading the manual, here I preferred using the GUI configuration tool they provide to manage the settings. Namely enable L2TP/IPsec, disable the less secure L2TP variant, turn on SSTP and create a user (apparently RADIUS or AD authentication is not available in the open-source version for some reason…).
Final step I took was to disable the built-in DDNS and sign and install a certificate.
$> openssl genrsa -out vpnserver.key 4096
$> openssl req -new -key vpnserver.key -out vpnserver.csr
Use the CSR to request a certificate using certsrv
(for Windows Server CAs), download the certificate, and load them up from SoftEther’s GUI tool along with the private key.
And of course create a systemd service because despite all the hate it gets I like it.
$> nano /etc/systemd/system/softether.service
[Unit]
Description=SoftEther VPN daemon
After=network.target
[Service]
ExecStart=/usr/bin/vpnserver start
ExecStop=/usr/bin/vpnserver stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Then start and enable the service. Relatively simple.