Users can be added to groups and each group can have different authentication mode, for example Password, Certificate, RADIUS, NTLM and others. Users are created with command UserCreate and you can view the list of users by command UserList. Now we need to create user for the MOB virtual hub we created. Set promiscuous mode and then retry creation of the tap device. HyperV and VMware by default create VMs without promiscuous mode. If TAP device creation fails with message about insufficient privileges, you might want to check if your network controller is set in promiscuous mode. So local bridge is created with following command: BridgeCreate /DEVICE:"soft" /TAP:yes MOB We will go with local bridge and tap device, note that with local bridge also DHCP server needs to be configured and installed which will do at the end of tutorial. That is more efficient of the ways, there is also SecureNAT which is easier to setup but it is resource intensive. It will ask you to set password, which you will use to administer a hub, without access to entire VPN server. We will create one named MOB with following command HubCreate MOB In order to use softether, virtual hub needs to be created. Press Enter one more time to get access to server as Administrator. Press 1 to select "Management of VPN Server or VPN Bridge", and then whe it asks you which server to configure, just press enter and it wll chose localhost where you just installed Softether. Moving over to configuration part, we need to start vpncmd utility /usr/local/vpnserver/vpncmd chmod +x /etc/init.d/vpnserverĭon't mind that it complaints about tap interface, that is because we added it to init script and made it start with softether but didn't yet made the tap interface in softether config. Next need to add the executable bit to the init script and start it for the first time in the old fashion way and then enable it it with systemd to start at every boot. # Description: Enable Softether by daemon. # Short-Description: Start daemon at boot time So run vi /etc/init.d/vpnserver and make paste this script. Next wee need to make init script for softether, as one is not included into the install. wget tar xzvf softether-vpnserver-v4.20-960.04.17-linux-圆 -C /usr/localĬompile will ask you three questions at the end, you need to answer all with 1. We will use 4.20 version of Softether which is in the time of writing newest rtm version.
Next we need to cd to /usr/src, download the Softether, unpack it and compile it. Of those two batches of commands, one will error because you are not running two firewalls. The firewall rules will be set after all is configured systemctl disable firewalld After the server boots up, disable both firewalls because they can interfere with testing.
Sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/configĪfter this reboot the computer so selinux stop and new kernel start if update had any new kernel.
Yum -y install gcc zlib-devel openssl-devel readline-devel ncurses-devel wget tar dnsmasq net-tools iptables-services system-config-firewall-tui nano iptables-services
We are going to use only Linux and no GUIs here, so lets start. In the beginning, lets update the system, install dependencies and disable SElinux yum update
That may be the reason why it is so Windows oriented, the configuration GUI is windows only and connecting from Linux clients requires extra work. Softether have long been proprietary product under name PacketX and it has been open sourced just several years ago. Choice of open source VPN packages is long but today we decided to try Softether coming from University of Tsukuba in Japan. Setting up your own virtual private network server is a good way to evade blockage and be able to access sites that are blocked in your country.