Update server and install essential package
sudo apt-get update && sudo apt-get -y upgrade sudo apt-get -y install build-essential wget curl
Install SoftEther RTM from source as systemd daemon
#!/usr/bin/env bash
RTM=$(curl http://www.softether-download.com/files/softether/ | grep -o 'v[^"]*e' | grep rtm | tail -1)
IFS='-' read -r -a RTMS <<< "${RTM}"
mkdir -p /tmp/softether
cd /tmp/softether || exit 1
wget "http://www.softether-download.com/files/softether/${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-${RTMS[4]}/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz"
tar xzf "softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz"
cd vpnserver
sudo make
cd ..
sudo mv vpnserver /usr/local/
sudo chmod 0600 /usr/local/vpnserver/*
sudo chmod +x /usr/local/vpnserver/vpnserver
sudo chmod +x /usr/local/vpnserver/vpncmd
cat <<EOF >>/lib/systemd/system/vpnserver.service
[Unit]
Description=SoftEther VPN Server
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
[Install]
WantedBy=multi-user.target
EOF
systemctl enable vpnserver.service
systemctl restart vpnserver.service
exit 0
Init first config
cd /usr/local/vpnserver/ sudo ./vpncmd 1 ServerPasswordSet
Installer script
| #!/usr/local/env bash | |
| # Register vultr.com with free credit https://www.vultr.com/?ref=8221367-4F | |
| # Create vps with 5usd price | |
| # Tested on Ubuntu 18.04, Debian 10.0 | |
| # How to… | |
| # 1. Save this file as softether-installer.sh | |
| # 2. chmod +x softether-installer.sh | |
| # 3. Run bash file | |
| # > ./softether-installer.sh | |
| # Or just | |
| # > bash softether-installer.sh | |
| # 4. Init config vpnserver | |
| # > /usr/local/vpnserver/vpncmd | |
| # Enter into local server/hub config | |
| # > ServerPasswordSet {yourPassword} | |
| # Then use SoftEther VPN Server Manager to mange your server | |
| # If you have own certificate can load into vpnserver by | |
| # > /usr/local/vpnserver/vpncmd \ | |
| # localhost:5555 \ | |
| # /SERVER \ | |
| # /PASSWORD:"${VPN_PWD}" \ | |
| # /CMD ServerCertSet \ | |
| # /LOADCERT:/etc/ssl/private/${fullcahin}.pem \ | |
| # /LOADKEY:/etc/ssl/private/${privkey}.pem | |
| if [ "$(whoami)" != "root" ]; then | |
| SUDO=sudo | |
| fi | |
| # Update system | |
| ${SUDO} apt-get update && ${SUDO} apt-get -y upgrade | |
| # Get build tools | |
| ${SUDO} apt-get -y install build-essential wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev zlib1g-dev | |
| # Define softether version | |
| VER=$(curl -s https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/ | egrep -o '(v[0-9]).*(linux-x64-64bit.tar.gz)' | grep vpnserver | head -1) | |
| #VER=$(curl -s https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/ | egrep -o '(v[0-9]).*(linux-x64-64bit.tar.gz)' | grep vpnserver | grep rtm | head -1) | |
| # Get softether source | |
| wget "https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/${VER}" -O /tmp/softether-vpnserver.tar.gz | |
| # Stop service | |
| ${SUDO} systemctl stop vpnserver | |
| # Extract softether source | |
| ${SUDO} tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/ | |
| # Remove unused file | |
| ${SUDO} rm /tmp/softether-vpnserver.tar.gz | |
| # Move to source directory | |
| cd /usr/local/vpnserver | |
| # Workaround for 18.04+ | |
| #${SUDO} sed -i 's|OPTIONS=-O2|OPTIONS=-no-pie -O2|' Makefile | |
| # Build softether | |
| ./configure | |
| ${SUDO} make i_read_and_agree_the_license_agreement | |
| # Change file permission | |
| ${SUDO} chmod 0600 * && ${SUDO} chmod +x vpnserver && ${SUDO} chmod +x vpncmd | |
| # Link binary files | |
| #${SUDO} ln -sf /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver | |
| #${SUDO} ln -sf /usr/local/vpnserver/vpncmd /usr/local/bin/vpncmd | |
| # Add systemd service | |
| ${SUDO} bash -c 'cat <<EOF >/lib/systemd/system/vpnserver.service | |
| [Unit] | |
| Description=SoftEther VPN Server | |
| After=network.target auditd.service | |
| ConditionPathExists=!/usr/local/vpnserver/do_not_run | |
| [Service] | |
| Type=forking | |
| EnvironmentFile=-/usr/local/vpnserver | |
| ExecStart=/usr/local/vpnserver/vpnserver start | |
| ExecStop=/usr/local/vpnserver/vpnserver stop | |
| KillMode=process | |
| Restart=on-failure | |
| # Hardening | |
| PrivateTmp=yes | |
| ProtectHome=yes | |
| ProtectSystem=full | |
| ReadOnlyDirectories=/ | |
| ReadWriteDirectories=-/usr/local/vpnserver | |
| CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF' | |
| # Act as router | |
| echo "net.ipv4.ip_forward = 1" | ${SUDO} tee -a /etc/sysctl.conf | |
| # Tune Kernel | |
| echo "net.ipv4.ip_local_port_range = 1024 65535" | ${SUDO} tee -a /etc/sysctl.conf | |
| echo "net.ipv4.tcp_congestion_control = bbr" | ${SUDO} tee -a /etc/sysctl.conf | |
| echo "net.core.default_qdisc = fq" | ${SUDO} tee -a /etc/sysctl.conf | |
| ${SUDO} sysctl –system | |
| # Reload service | |
| ${SUDO} systemctl daemon-reload | |
| # Enable service | |
| ${SUDO} systemctl enable vpnserver | |
| # Start service | |
| ${SUDO} systemctl restart vpnserver | |
| exit 0 |
System administrator at Zercle Technology Co., Ltd.
System admin กากๆ
รักในการเล่นเกม
ชอบดู Anime ญี่ปุ่น
รักในการเล่นเกม
ชอบดู Anime ญี่ปุ่น
Latest posts by Kawin Viriyaprasopsook (see all)
- Convert flac audio to ogg/mp3 - 2020-12-20
- Fix systemd resolved not working (127.0.0.53) - 2019-09-23
- Safely remove SATA disk from a running Linux system - 2019-05-24