Update server and install essential package
sudo apt-get update && sudo apt-get -y upgrade sudo apt-get -y install build-essential wget curl
Install SoftEther RTM from source as systemd daemon
#!/usr/bin/env bash RTM=$(curl http://www.softether-download.com/files/softether/ | grep -o 'v[^"]*e' | grep rtm | tail -1) IFS='-' read -r -a RTMS <<< "${RTM}" mkdir -p /tmp/softether cd /tmp/softether || exit 1 wget "http://www.softether-download.com/files/softether/${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-${RTMS[4]}/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz" tar xzf "softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz" cd vpnserver sudo make cd .. sudo mv vpnserver /usr/local/ sudo chmod 0600 /usr/local/vpnserver/* sudo chmod +x /usr/local/vpnserver/vpnserver sudo chmod +x /usr/local/vpnserver/vpncmd cat <<EOF >>/lib/systemd/system/vpnserver.service [Unit] Description=SoftEther VPN Server After=network.target [Service] Type=forking ExecStart=/usr/local/vpnserver/vpnserver start ExecStop=/usr/local/vpnserver/vpnserver stop [Install] WantedBy=multi-user.target EOF systemctl enable vpnserver.service systemctl restart vpnserver.service exit 0
Init first config
cd /usr/local/vpnserver/ sudo ./vpncmd 1 ServerPasswordSet
Installer script
#!/usr/local/env bash | |
# Register vultr.com with free credit https://www.vultr.com/?ref=8221367-4F | |
# Create vps with 5usd price | |
# Tested on Ubuntu 18.04, Debian 10.0 | |
# How to… | |
# 1. Save this file as softether-installer.sh | |
# 2. chmod +x softether-installer.sh | |
# 3. Run bash file | |
# > ./softether-installer.sh | |
# Or just | |
# > bash softether-installer.sh | |
# 4. Init config vpnserver | |
# > /usr/local/vpnserver/vpncmd | |
# Enter into local server/hub config | |
# > ServerPasswordSet {yourPassword} | |
# Then use SoftEther VPN Server Manager to mange your server | |
# If you have own certificate can load into vpnserver by | |
# > /usr/local/vpnserver/vpncmd \ | |
# localhost:5555 \ | |
# /SERVER \ | |
# /PASSWORD:"${VPN_PWD}" \ | |
# /CMD ServerCertSet \ | |
# /LOADCERT:/etc/ssl/private/${fullcahin}.pem \ | |
# /LOADKEY:/etc/ssl/private/${privkey}.pem | |
if [ "$(whoami)" != "root" ]; then | |
SUDO=sudo | |
fi | |
# Update system | |
${SUDO} apt-get update && ${SUDO} apt-get -y upgrade | |
# Get build tools | |
${SUDO} apt-get -y install build-essential wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev zlib1g-dev | |
# Define softether version | |
VER=$(curl -s https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/ | egrep -o '(v[0-9]).*(linux-x64-64bit.tar.gz)' | grep vpnserver | head -1) | |
#VER=$(curl -s https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/ | egrep -o '(v[0-9]).*(linux-x64-64bit.tar.gz)' | grep vpnserver | grep rtm | head -1) | |
# Get softether source | |
wget "https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/${VER}" -O /tmp/softether-vpnserver.tar.gz | |
# Stop service | |
${SUDO} systemctl stop vpnserver | |
# Extract softether source | |
${SUDO} tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/ | |
# Remove unused file | |
${SUDO} rm /tmp/softether-vpnserver.tar.gz | |
# Move to source directory | |
cd /usr/local/vpnserver | |
# Workaround for 18.04+ | |
#${SUDO} sed -i 's|OPTIONS=-O2|OPTIONS=-no-pie -O2|' Makefile | |
# Build softether | |
./configure | |
${SUDO} make i_read_and_agree_the_license_agreement | |
# Change file permission | |
${SUDO} chmod 0600 * && ${SUDO} chmod +x vpnserver && ${SUDO} chmod +x vpncmd | |
# Link binary files | |
#${SUDO} ln -sf /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver | |
#${SUDO} ln -sf /usr/local/vpnserver/vpncmd /usr/local/bin/vpncmd | |
# Add systemd service | |
${SUDO} bash -c 'cat <<EOF >/lib/systemd/system/vpnserver.service | |
[Unit] | |
Description=SoftEther VPN Server | |
After=network.target auditd.service | |
ConditionPathExists=!/usr/local/vpnserver/do_not_run | |
[Service] | |
Type=forking | |
EnvironmentFile=-/usr/local/vpnserver | |
ExecStart=/usr/local/vpnserver/vpnserver start | |
ExecStop=/usr/local/vpnserver/vpnserver stop | |
KillMode=process | |
Restart=on-failure | |
# Hardening | |
PrivateTmp=yes | |
ProtectHome=yes | |
ProtectSystem=full | |
ReadOnlyDirectories=/ | |
ReadWriteDirectories=-/usr/local/vpnserver | |
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID | |
[Install] | |
WantedBy=multi-user.target | |
EOF' | |
# Act as router | |
echo "net.ipv4.ip_forward = 1" | ${SUDO} tee -a /etc/sysctl.conf | |
# Tune Kernel | |
echo "net.ipv4.ip_local_port_range = 1024 65535" | ${SUDO} tee -a /etc/sysctl.conf | |
echo "net.ipv4.tcp_congestion_control = bbr" | ${SUDO} tee -a /etc/sysctl.conf | |
echo "net.core.default_qdisc = fq" | ${SUDO} tee -a /etc/sysctl.conf | |
${SUDO} sysctl –system | |
# Reload service | |
${SUDO} systemctl daemon-reload | |
# Enable service | |
${SUDO} systemctl enable vpnserver | |
# Start service | |
${SUDO} systemctl restart vpnserver | |
exit 0 |
Latest posts by Kawin Viriyaprasopsook (see all)
- Convert flac audio to ogg/mp3 - 2020-12-20
- Fix systemd resolved not working (127.0.0.53) - 2019-09-23
- Safely remove SATA disk from a running Linux system - 2019-05-24