System administrator / DevOps / Ethical Penetration tester
How to configure SoftEther VPN on Ubuntu 20.0 LTS
Now if you have read my previous post on “How to Setup SoftEther VPN on Ubuntu 20.0 LTS” and have installed SoftEther VPN, then in this post you will find information How to configure SoftEther VPN.
So, let’s get started.
- Open your Terminal and login to your server with root user or by becoming root user by typing sudo su
2. Let’s open our VPN directory
3. Let’s run VPN administrative tool:
4. Once you have run the above command then press 3 to choose Use of VPN Tools and then type:
With the above command, we will get a system output if all our VPN service and the system is functional. If you want to exit, then Type “exit” to exit VPN Tools.
5. Let’s now Change Admin Password
Now, I recommend using a strong administrator password something between 15-25 Characters, that includes Letters, Digits, and special symbols, since this password will be used to make any changes, create new users, delete old users, and other functions. Since we have installed a fresh SoftEther VPN it doesn’t have any passwords enabled at the moment and we need to change that, to protect our VPN.
In your terminal run:
Select “Management of VPN Server or VPN Bridge”. by pressing 1 and then Enter
After that, it will ask you “Hostname of IP Address of Destination“:
Type: localhost:5555 and then press Enter
After that is done press Enter without inputting anything to connect to server by server admin mode.
Now type ServerPasswordSet and press Enter
It will ask you to enter your password and after you do that and have pressed the Enter key, it will ask to Confirm input where you need to type again your password. I recommend using 25 characters long password that includes Letters, Digits, and special symbols.
Now, that we are done setting the administrator password we need to set up a Virtual HUB
6. Let’s create a Virtual Hub
To use SoftEther we must first create a Virtual Hub. Here is an example we create a hub named VALTERS, to do that enter the command below in the vpncmd tool:
Next, you will be asked to enter an administrator password for the hub. This password will be used whenever you are not logged in as server admin mode, and you want to manage that specific hub.
7. Once our Virtual HUB is created, let’s select it and make additional configurations, for example to auto-assign IP using Local Bridge and other required things. Execute the following command
8. Enable SecureNAT
There are two ways of connecting your hubs to the server network: using a Local Bridge connection or using the SecureNAT function.
You can use each one separately, but using these two together will cause problems.
Here we use SecureNAT, which is very easy to setup and works pretty well in most situations. You could also use Local Bridge, but then you have to install and configure a DHCP Server too.
SecureNAT is a combination of Virtual NAT and DHCP Server function. You can enable SecureNAT using the command below:
Once we have done all the above successfully we can now create our 1 users
9. Create and manage new users
Now we have to create users for our Virtual Hub to use the VPN. We can create users for our Virtual Hub using the command UserCreate and view the list of current users by UserList. Users can be added to groups and can even have different types of authentication modes (including: Password, Certificate, RADIUS, NTLM, etc.).
So let’s call our new user n.surname
The default type of authentication we will leave the Password but we can change it to a different type using the commands below:
- UserNTLMSet for NT Domain Authentication
- UserPasswordSet for Password Authentication
- UserAnonymousSet for Anonymous Authentication
- UserRadiusSet for RADIUS Authentication
- UserCertSet for Individual Certificate Authentication
- UserSignedSet for Signed Certificate Authentication
In this tutorial we use Password as the user authentication mode for our n.surname user, so using this command set a password for user n.surname:
10. Setup L2TP/IPSec
To enable L2TP/IPsec VPN server you can use the command below:
After entering this command, you will be asked to configure the L2TP server functions:
Enable L2TP over IPsec Server Function: Choose yes to enable L2TP VPN over IPSec with pre-shared key encryption. Now you can make VPN connections to this server using iPhone, Android, Windows, and Mac OS X devices.
Enable Raw L2TP Server Function: This will enable L2TP VPN for clients with no IPSec encryption.
Enable EtherIP / L2TPv3 over IPsec Server Function: Routers which are compatible with EtherIP / L2TPv3 over IPsec can connect to this server by enabling this function.
Pre Shared Key for IPsec: Enter a pre-shared key to use with L2TP VPN.
Default Virtual HUB in a case of omitting the HUB on the Username: Users must specify the Virtual Hub they are trying to connect to by using [email protected] as their username when connecting. This option specifies which Virtual Hub to be used if the user does not provide such information. In our case enter VPN.
So now you are all set and have a fully functional VPN. Soon, I will create separate posts showing, how to connect softer VPN to Windows and macOS also possible for Kali Linux. If you need some assistance please feel free to contact me on LinkedIn, Twitter, or Telegram