It’s assumed that you already have a vpn server deployed in your network, created user, password and enabled bridged network during vpn server configuration. A sample snippet of VPN Server Bridge enabled is below-
So here’re the setup value-
- On Softether Server IP- 103.146.221.30/24 and Gateway- 103.146.221.1
- Client Server IP- 123.49.47.245/24, Gateway- 123.49.47.1 Once the server is connected to the vpn, it will be using 103.146.221.5 as bridged IP.
Let’s start.
My setup was done on Debian-10 fresh installation, should work on any linux distro though, it’s simple. The dependency packages that I needed were development tools/build-essentials and few other which were installed as below-
apt-get update apt-get install build-essential gcc openssl apt-transport-https
Step-1 Download Softetehr Client
SoftEther VPN Client installation process on Mint require advanced linux skills.
Download SoftEther VPN Client from the official site selecting your platform and CPU: http://www.softether-download.com/en.aspx?product=softether
* current selection is for linux 64bit OS.
Uncompress the tar.gz file and enter into the unzipped directory. Mine was located-
cd /root/vpnclient/
Step-2 Install SoftEther
- Run the .install.sh script that is provided with the client
- Start the VPN Client: ./vpnclient start
Step-3 Configure a VPN account
The vpncmd utility is used to configure accounts and to connect to a VPN. This utility connects to the VPN client running on your local machine.
-
Run ./vpncmd and choose option 2.
-
Press ENTER to connect to the client running on your local machine.
-
enter command "check" to test your installation.
-
"NicCreate ktl" to create a virtual VPN interface on your computer
-
"AccountCreate rumi" to create your account. You will be prompted with the following information:
-
User Name- in my case it was rumi
-
Account Name- in my case it was rumi
-
VPN server URL- in my case it was 103.146.221.30
-
port number for the VPN server- in my case it was 443
-
Virtual hub to connect to- in my case it was VPN
-
Virtual Network Adapter Name (You created this earlier - ktl)
Note: during account creation, when asked, Desination VPN Server Host Name and Port Number:, enter the information as follows:103.146.221.30:443
-
AccountPassword [accountName] to enter your VPN account password. Specify Standard when requested. Connect to SoftEther VPN
-
Run ./vpncmd if you have not already done so.
-
Select option 2 and press ENTER to connect to your local VPN Client.
-
AccountConnect [accountName] to connect to the VPN server
-
AccountList shows connection settings. Look for Connected under Status
-
For Auto Connect once the vpnclient service is running- use the command, "AccountStartupSet rumi"
-
I wanted to keep the connection always on with unlimited retrey. used this command- "AccountRetrySet" followed by number of retry- I entered 999 and again followed by Interval to connect- I used 60
-
Enter ctrl+D to exit the vpncmd utility
Step-4 Modify Route Table
Now that you are connected to the VPN and have an IP address, you must modify your IP route table to send traffic through the VPN. There are two procedures below. The first will route ALL traffic from your computer through the VPN, including traffic destined for the Internet. The second will route traffic from your computer throught the VPN and on to the VPN network, but leaves your default route in place so that traffic destined for the Internet still uses your local network interface.
Option-1 Route ALL traffic from your computer through the VPN (in my case I applied it):
N.B. you will lose connectivity to local devices on your network such as printers. (I am short on time – if anyone using this can submit a PR with commands to restore routing for local devices, please do so.)
cat /proc/sys/net/ipv4/ip_forward to check if IP Forwarding is enabled. If ‘1’ is returned then skip the next step
(You may need to sudo su to perform some of the next commands)
nano /etc/sysctl.conf
uncomment
net.ipv4.ip_forward=1
save the file and apply
sysctl -p
The following section is for those who want a DHCP IP (typically behind secureNAT or TAP Nat, however, my intended setup didn’t require so, it’s an option for those who needs)
- dhclient vpn_ktl to obtain an IP address from the VPN DHCP server
- ip a to show the vpn_ktl interface and the assigned IPv4 address
- netstat -rn to show the route table prior to modification.
The following assumes that your local network is 123.49.47.245/24 and your default gateway is 123.49.47.1, and that the IP address of the remote VPN server is 103.146.221.30.
Here goes the script that I made as net.sh and saved it in /root/vpnclient
#!/bin/bash # Set environment PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin sleep 20s su - ifconfig vpn_ktl 103.146.221.5 netmask 255.255.255.0 up && ip route add 103.146.221.30/32 via 123.49.47.1 && ip route del default via 103.146.221.1 && route add default gw 103.146.221.1
Here basically the default route is deleted and made the VPN server as default gateway. Review the new route table with netstat -rn
Ping google’s nameservers at 8.8.8.8 ping 8.8.8.8 -c4
Check your public IP address
wget -qO- http://ipecho.net/plain ; echo
<- note that in this line, O is “capital letter O”.
N.B: I made 2 crons to execute:
-
@reboot su - && cd /root/vpnclient && ./vpnclient start
-
@reboot bash /root/vpnclient/net.sh
Option-2 Route only VPN traffic through the VPN interface (To whom it may concern- I didn’t need that)
cat /proc/sys/net/ipv4/ip_forward to check if IP Forwarding is enabled. If ‘1’ is returned then skip the next step
(You may need to sudo su to perform some of the next commands)
echo 1 > /proc/sys/net/ipv4/ip_forward
- dhclient vpn_ktl to obtain an IP address from the VPN DHCP server
- ip a to show the vpn_se interface and the assigned IPv4 address
- netstat -rn to show the route table prior to modification The following assumes that your local network is 192.168.0.0/24 and your default gateway is 192.168.0.1, and that the IP address of the remote VPN server is 15.48.223.55.
- Delete the default route added by the dhclient command you issued earlier. sudo ip route del default via 192.168.0.1
- Review the new route table with netstat -rn
Ping google’s nameservers at 8.8.8.8 ping 8.8.8.8 -c4
Ping the remote gateway at 192.168.0.1 ping 192.168.0.1 -c4
Check your public IP address wget -qO- http://ipecho.net/plain ; echo <- note that in this line, O is “capital letter O”. The IP address returned should be your local public IP address.
Route issues on cloud computers (again for those it may concern!)
Be aware that the dhclient command will install a deafult route to the gateway received via DHCP over the VPN.
If you are using a cloud Linux instance, you will loose your ssh (or other) Internet connectivity to your cloud Linux instance.
In such as case, you may want to create a script with the following commands:
dhclient vpn_ktl route add default gw X.Y.Z.J eth0
Where X.Y.Z.J is the IP address of your cloud Linux instance Internet gateway, and eth0 is the Internet facing network interface.
Use netstat -nr to ensure that the desired route to the VPN subnet IPs is properly being routed over the VPN interface vpn_ktl.
Disconnect from VPN and restore route table (Flush/restore to original settings)
vpnclient stop ip route del 103.146.221.30/32 ip route add default via 123.49.47.247
Finally I was able to do it!
Src & Credits:
https://www.softether.org/@api/deki/pages/356/pdf
https://www.cactusvpn.com/tutorials/how-to-set-up-softether-vpn-client-on-linux/
https://www.rapidvpn.com/setup-vpn-softether-mint
https://www.softether.org/4-docs/1-manual/6._Command_Line_Management_Utility_Manual/6.5_VPN_Client_Management_Command_Reference
https://github.com/bgilmer77/SoftEther-VPN-Client-Setup-on-Linux/blob/master/softether-linux-howto.md