SoftEther VPN ubuntu server

Update server and install essential package

sudo apt-get update && sudo apt-get -y upgrade
sudo apt-get -y install build-essential wget curl

Install SoftEther RTM from source as systemd daemon

#!/usr/bin/env bash
RTM=$(curl http://www.softether-download.com/files/softether/ | grep -o 'v[^"]*e' | grep rtm | tail -1)
IFS='-' read -r -a RTMS <<< "${RTM}"

mkdir -p /tmp/softether
cd /tmp/softether || exit 1

wget "http://www.softether-download.com/files/softether/${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-${RTMS[4]}/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz"

tar xzf "softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz"

cd vpnserver
sudo make

cd ..
sudo mv vpnserver /usr/local/

sudo chmod 0600 /usr/local/vpnserver/*
sudo chmod +x /usr/local/vpnserver/vpnserver
sudo chmod +x /usr/local/vpnserver/vpncmd

cat <<EOF >>/lib/systemd/system/vpnserver.service
[Unit]
Description=SoftEther VPN Server
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop

[Install]
WantedBy=multi-user.target
EOF

systemctl enable vpnserver.service
systemctl restart vpnserver.service

exit 0

Init first config

cd /usr/local/vpnserver/
sudo ./vpncmd

1


ServerPasswordSet

Installer script

#!/usr/local/env bash
# Register vultr.com with free credit https://www.vultr.com/?ref=8221367-4F
# Create vps with 5usd price
# Tested on Ubuntu 18.04, Debian 10.0
# How to…
# 1. Save this file as softether-installer.sh
# 2. chmod +x softether-installer.sh
# 3. Run bash file
# > ./softether-installer.sh
# Or just
# > bash softether-installer.sh
# 4. Init config vpnserver
# > /usr/local/vpnserver/vpncmd
# Enter into local server/hub config
# > ServerPasswordSet {yourPassword}
# Then use SoftEther VPN Server Manager to mange your server
# If you have own certificate can load into vpnserver by
# > /usr/local/vpnserver/vpncmd \
# localhost:5555 \
# /SERVER \
# /PASSWORD:"${VPN_PWD}" \
# /CMD ServerCertSet \
# /LOADCERT:/etc/ssl/private/${fullcahin}.pem \
# /LOADKEY:/etc/ssl/private/${privkey}.pem
if [ "$(whoami)" != "root" ]; then
SUDO=sudo
fi
# Update system
${SUDO} apt-get update && ${SUDO} apt-get -y upgrade
# Get build tools
${SUDO} apt-get -y install build-essential wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev zlib1g-dev
# Define softether version
VER=$(curl -s https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/ | egrep -o '(v[0-9]).*(linux-x64-64bit.tar.gz)' | grep vpnserver | head -1)
#VER=$(curl -s https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/ | egrep -o '(v[0-9]).*(linux-x64-64bit.tar.gz)' | grep vpnserver | grep rtm | head -1)
# Get softether source
wget "https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/${VER}" -O /tmp/softether-vpnserver.tar.gz
# Stop service
${SUDO} systemctl stop vpnserver
# Extract softether source
${SUDO} tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/
# Remove unused file
${SUDO} rm /tmp/softether-vpnserver.tar.gz
# Move to source directory
cd /usr/local/vpnserver
# Workaround for 18.04+
#${SUDO} sed -i 's|OPTIONS=-O2|OPTIONS=-no-pie -O2|' Makefile
# Build softether
./configure
${SUDO} make i_read_and_agree_the_license_agreement
# Change file permission
${SUDO} chmod 0600 * && ${SUDO} chmod +x vpnserver && ${SUDO} chmod +x vpncmd
# Link binary files
#${SUDO} ln -sf /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver
#${SUDO} ln -sf /usr/local/vpnserver/vpncmd /usr/local/bin/vpncmd
# Add systemd service
${SUDO} bash -c 'cat <<EOF >/lib/systemd/system/vpnserver.service
[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/usr/local/vpnserver/do_not_run
[Service]
Type=forking
EnvironmentFile=-/usr/local/vpnserver
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure
# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/usr/local/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID
[Install]
WantedBy=multi-user.target
EOF'
# Act as router
echo "net.ipv4.ip_forward = 1" | ${SUDO} tee -a /etc/sysctl.conf
# Tune Kernel
echo "net.ipv4.ip_local_port_range = 1024 65535" | ${SUDO} tee -a /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control = bbr" | ${SUDO} tee -a /etc/sysctl.conf
echo "net.core.default_qdisc = fq" | ${SUDO} tee -a /etc/sysctl.conf
${SUDO} sysctl –system
# Reload service
${SUDO} systemctl daemon-reload
# Enable service
${SUDO} systemctl enable vpnserver
# Start service
${SUDO} systemctl restart vpnserver
exit 0

view raw
softether.sh
hosted with ❤ by GitHub

โซเชียล

Leave a Reply