Install and connect SoftEther VPN on Linux
1. Download SoftEther VPN client for Linux 2. Install SoftEther VPN client on Linux 3. Configure SoftEther VPN client on Linux 4. Connect to SoftEther VPN on Linux and routing setting 5. Disconnect from SoftEther VPN on Linux 6. Determining IP of VPN chain incoming server on LinuxCommands beginning with the # prompt are executed as the root user, the $ prompt means the execution is from a regular user.
1. Downloading
Download the SoftEther VPN client distro for the OS architecture from the official site or from the project repository on GitHub. For example, terminal command of downloading the client distro for Linux x64 looks like this.$ wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.29-9680-rtm/softether-vpnclient-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gzNext unzip the downloaded archive, terminal command for it looks like this.
$ tar -xvf softether-vpnclient-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz
All described below actions have to execute in Linux terminal only.
2. Installing
Change path to the archive directory which was unzipped in the previous step.$ cd vpnclientThere is the script file .install.sh in the directory. The file name beginning with dot (.), so a graphic explorer may be doesn't find it. Run the command to verify that the file exists.
$ ls -lah total 1,4M drwxrwxr-x. 4 user user 4,0K фев 28 12:41 . drwxr-xr-x. 3 user user 4,0K июн 26 03:10 .. -rwxrwxr-x. 1 user user 82 фев 28 12:41 Authors.txt drwxrwxr-x. 2 user user 4,0K фев 28 12:41 code -rwxrwxr-x. 1 user user 1,3M фев 28 12:41 hamcore.se2 -rwxrwxr-x. 1 user user 1,5K фев 28 12:41 .install.sh drwxrwxr-x. 2 user user 4,0K фев 28 12:41 lib -rwxrwxr-x. 1 user user 3,1K фев 28 12:41 Makefile -rwxrwxr-x. 1 user user 31K фев 28 12:41 ReadMeFirst_Important_Notices_cn.txt -rwxrwxr-x. 1 user user 36K фев 28 12:41 ReadMeFirst_Important_Notices_en.txt -rwxrwxr-x. 1 user user 50K фев 28 12:41 ReadMeFirst_Important_Notices_ja.txt -rwxrwxr-x. 1 user user 3,6K фев 28 12:41 ReadMeFirst_License.txtRun the script. Questions about the license should be answered in the affirmative (1. Yes).
$ ./.install.sh -------------------------------------------------------------------- SoftEther VPN Client (Ver 4.29, Build 9680, Intel x64 / AMD64) for Linux Install Utility Copyright (c) SoftEther Project at University of Tsukuba, Japan. All Rights Reserved. -------------------------------------------------------------------- Do you want to read the License Agreement for this software ? 1. Yes 2. No Please choose one of above number: 1 Copyright (c) all contributors on SoftEther VPN project in GitHub. Copyright (c) Daiyuu Nobori, SoftEther Project at University of Tsukuba, and SoftEther Corporation. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. DISCLAIMER ========== THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. THIS SOFTWARE IS DEVELOPED IN JAPAN, AND DISTRIBUTED FROM JAPAN, UNDER JAPANESE LAWS. YOU MUST AGREE IN ADVANCE TO USE, COPY, MODIFY, MERGE, PUBLISH, DISTRIBUTE, SUBLICENSE, AND/OR SELL COPIES OF THIS SOFTWARE, THAT ANY JURIDICAL DISPUTES WHICH ARE CONCERNED TO THIS SOFTWARE OR ITS CONTENTS, AGAINST US (SOFTETHER PROJECT, SOFTETHER CORPORATION, DAIYUU NOBORI OR OTHER SUPPLIERS), OR ANY JURIDICAL DISPUTES AGAINST US WHICH ARE CAUSED BY ANY KIND OF USING, COPYING, MODIFYING, MERGING, PUBLISHING, DISTRIBUTING, SUBLICENSING, AND/OR SELLING COPIES OF THIS SOFTWARE SHALL BE REGARDED AS BE CONSTRUED AND CONTROLLED BY JAPANESE LAWS, AND YOU MUST FURTHER CONSENT TO EXCLUSIVE JURISDICTION AND VENUE IN THE COURTS SITTING IN TOKYO, JAPAN. YOU MUST WAIVE ALL DEFENSES OF LACK OF PERSONAL JURISDICTION AND FORUM NON CONVENIENS. PROCESS MAY BE SERVED ON EITHER PARTY IN THE MANNER AUTHORIZED BY APPLICABLE LAW OR COURT RULE. USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS YOU HAVE A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY CRIMINAL LAWS OR CIVIL RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS SOFTWARE IN OTHER COUNTRIES IS COMPLETELY AT YOUR OWN RISK. THE SOFTETHER VPN PROJECT HAS DEVELOPED AND DISTRIBUTED THIS SOFTWARE TO COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING CIVIL RIGHTS INCLUDING PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER COUNTRIES' LAWS OR CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES. WE HAVE NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+ COUNTRIES AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE WORLD, WITH DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY COUNTRIES' LAWS, REGULATIONS AND CIVIL RIGHTS TO MAKE THE SOFTWARE COMPLY WITH ALL COUNTRIES' LAWS BY THE PROJECT. EVEN IF YOU WILL BE SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A PUBLIC SERVANT IN YOUR COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE LIABLE TO RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT JUST A STATEMENT FOR WARNING AND DISCLAIMER. READ AND UNDERSTAND THE 'src/WARNING.TXT' FILE BEFORE USING THIS SOFTWARE. SOME SOFTWARE PROGRAMS FROM THIRD PARTIES ARE INCLUDED ON THIS SOFTWARE WITH LICENSE CONDITIONS WHICH ARE DESCRIBED ON THE 'src/THIRD_PARTY.TXT' FILE. Did you read and understand the License Agreement ? (If you couldn't read above text, Please read 'ReadMeFirst_License.txt' file with any text editor.) 1. Yes 2. No Please choose one of above number: 1 Did you agree the License Agreement ? 1. Agree 2. Do Not Agree Please choose one of above number: 1 Preparing SoftEther VPN Client... ranlib lib/libcharset.a ranlib lib/libcrypto.a ranlib lib/libedit.a ranlib lib/libiconv.a ranlib lib/libintelaes.a ranlib lib/libncurses.a ranlib lib/libssl.a ranlib lib/libz.a ranlib code/vpnclient.a gcc code/vpnclient.a -no-pie -O2 -fsigned-char -pthread -m64 -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -o vpnclient ranlib code/vpncmd.a gcc code/vpncmd.a -no-pie -O2 -fsigned-char -pthread -m64 -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -o vpncmd -------------------------------------------------------------------- The preparation of SoftEther VPN Client is completed ! *** How to switch the display language of the SoftEther VPN Client Service *** SoftEther VPN Client supports the following languages: - Japanese - English - Simplified Chinese You can choose your prefered language of SoftEther VPN Client at any time. To switch the current language, open and edit the 'lang.config' file. *** How to start the SoftEther VPN Client Service *** Please execute './vpnclient start' to run the SoftEther VPN Client Background Service. And please execute './vpncmd' to run the SoftEther VPN Command-Line Utility to configure SoftEther VPN Client. Of course, you can use the VPN Server Manager GUI Application for Windows / Mac OS X on the other Windows / Mac OS X computers in order to configure the SoftEther VPN Client remotely. *** For Windows users *** You can download the SoftEther VPN Server Manager for Windows from the http://www.softether-download.com/ web site. This manager application helps you to completely and easily manage the VPN server services running in remote hosts. *** For Mac OS X users *** In April 2016 we released the SoftEther VPN Server Manager for Mac OS X. You can download it from the http://www.softether-download.com/ web site. VPN Server Manager for Mac OS X works perfectly as same as the traditional Windows versions. It helps you to completely and easily manage the VPN server services running in remote hosts. --------------------------------------------------------------------
All described below actions have to execute with the root user rights.
Use commands sudo or su to get the root user rights. For example, enter sudo su to login as root in a desktop Debian-based distros (Ubuntu, Linux Mint and others). And use su in a RedHat-based distros (RHEL, Fedora, CentOS and others) and server Debian-based distros.
3. Configuring
Run the VPN client.# ./vpnclient start The SoftEther VPN Client service has been started.You can proceed to import configurations after the successfull launching VPN client. Download the archive file of configs and unzip it.
# unzip all.zip
It is not necessary download archive of all SoftEther configs, you may select and download a specific configs (Single chains and Double chains).
Next step is importing one or more configs. For example, the command for import config of the chain DoubleSSL_PL1_RU1 looks like this.
# ./vpncmd localhost /CLIENT /CMD AccountImport DoubleSSL_PL1_RU1.vpn
Use the next command to show all imported configs (accounts).
You have to set the username and password for the imported config. Replace urusername and urpassword by your username and password in the example below.
./vpncmd localhost /CLIENT /CMD AccountList
The username and password are the same as the username and password of the DeepWebVPN Cabinet.
# ./vpncmd localhost /CLIENT /CMD AccountUsernameSet double-ssl-pl1-ru1 /USERNAME:urusername # ./vpncmd localhost /CLIENT /CMD AccountPassword double-ssl-pl1-ru1 /PASSWORD:urpassword /TYPE:radiusUse the same command again to change the username or password.
4. Connect and routing
Use the next command to connect.# ./vpncmd localhost /CLIENT /CMD AccountConnect double-ssl-pl1-ru1Check the connection status after a few seconds. If connection is successfull the status will change to Connected.
# ./vpncmd localhost /CLIENT /CMD AccountList vpncmd command - SoftEther VPN Command Line Management Utility SoftEther VPN Command Line Management Utility (vpncmd command) Version 4.29 Build 9680 (English) Compiled 2019/02/28 19:22:54 by yagi at pc33 Copyright (c) SoftEther VPN Project. All Rights Reserved. Connected to VPN Client "localhost". VPN Client>AccountList AccountList command - Get List of VPN Connection Settings Item |Value ----------------------------+--------------------------------------------------- VPN Connection Setting Name |double-ssl-pl1-ru1 Status |Connected VPN Server Hostname |XX.XX.XX.XX/tcp:443 (Direct TCP/IP Connection) Virtual Hub |double-ssl-pl1-ru1 Virtual Network Adapter Name|VPN The command completed successfully.You have to configure routing after the successfull connecting. First of all enable IP forwarding.
# echo 1 > /proc/sys/net/ipv4/ip_forward # echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf && sysctl -pNext step is setting IP of VPN connection.
# dhclient vpn_vpnNow you need to know the default gateway (it is 192.168.0.1 on the second line in the example below). Default gateway belongs to the interface of external network (internet connection) usually, it is wlan0 in the example.
# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.244.1 0.0.0.0 UG 0 0 0 vpn_vpn 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 192.168.244.0 0.0.0.0 255.255.255.0 U 0 0 0 vpn_vpnAdd new routing rule, where XX.XX.XX.XX replaced with IP of the incoming (or only server for a Single chain) server (q.v. par. 6) and 192.168.0.1 is a default gateway.
# ip route add XX.XX.XX.XX via 192.168.0.1Make sure there is default via 192.168.234.1 dev vpn_vpn for a Single chain in the routing table or default via 192.168.244.1 dev vpn_vpn for a Double chain (the example below is for a Double chain).
# ip route show default via 192.168.244.1 dev vpn_vpn default via 192.168.0.1 dev wlan0 proto dhcp metric 600 XX.XX.XX.XX via 192.168.0.1 dev wlan0 192.168.244.0/24 dev vpn_vpn proto kernel scope link src 192.168.244.22
It is important to remember that the gateway 192.168.234.1 is for a Single chain and 192.168.244.1 is for a Double chain. The rule of the example above is for a Double chain.
Add the rule if it is not in the routing table.
# ip route add default via 192.168.244.1 dev vpn_vpnAnd remove the last gateway.
# ip route del default via 192.168.0.1Don't forget setting DNS after successfull connecting.
5. Disconnect
Turn off the client to disconnect from a SoftEther VPN chain.# ./vpnclient stopThen remove the VPN routing rule and make back the default gateway. Don't forget replace XX.XX.XX.XX with IP of the incoming VPN server (q.v. par. 6).
# ip route del XX.XX.XX.XX # ip route add default via 192.168.0.1
6. Determining IP of VPN chain incoming server
Open SoftEther VPN config file as a text file in the terminal (by using cat) or in any text editor. The line that has option string Hostname has also a domain name. This domain points to IP of incoming server in VPN chain.# cat DoubleSSL_PL1_RU1.vpn | grep Hostname string Hostname the-sample.ip.of-warsaw-server.pl1.random-domain.com/tcpThe domain the-sample.ip.of-warsaw-server.pl1.random-domain.com points to IP of PL1 server in the example above. If use domain name in ping, the utility shows origin IP address of server. This address is IP of VPN chain incoming server.
# ping the-sample.ip.of-warsaw-server.pl1.random-domain.com PING the-sample.ip.of-warsaw-server.pl1.random-domain.com (XX.XX.XX.XX): 56 data bytes