Posted inNetwork

Installing SoftEther VPN on Linux: A Powerful ‘All-in-One’ VPN Solution

Network tutorial - IT technology blog
Network tutorial - IT technology blog

Ending the Struggle with OpenVPN Setup and WireGuard Blocking

Back when I was managing the system for an office of 50 people, the biggest headache wasn’t security—it was user support. OpenVPN is great, but installing the client for non-technical users is a nightmare. Meanwhile, WireGuard, though fast, uses the UDP protocol, which corporate firewalls often block outright.

At the time, I needed a VPN system that was both secure and compatible with all devices without forcing users to install third-party apps. That’s how I discovered SoftEther VPN.

SoftEther isn’t just a VPN software; it’s a multi-protocol engine. It supports everything from L2TP/IPsec and SSTP (by Microsoft) to OpenVPN and its own proprietary protocol running on port 443, which can punch through any firewall. The best part? You can manage the Linux server through a highly intuitive GUI on Windows.

Quick Start: Install SoftEther VPN Server in 5 Minutes

If you already have a VPS running Ubuntu or Debian, copy and paste the commands below to get the system up and running.

# Update the system and install build tools
sudo apt update && sudo apt install build-essential wget -y

# Download the stable version (Example: v4.38)
wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.38-9760-rtm/softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz

# Extract and compile
tar xzvf softether-vpnserver-*.tar.gz
cd vpnserver
make

# Start the server
sudo ./vpnserver start

During the make process, the system will ask for confirmation three times. Simply type 1 and press Enter to agree to the terms. Once the server is running, set the administrator password immediately:

./vpncmd
# Select 1, then press Enter twice
# Enter command: ServerPasswordSet

Why SoftEther Outperforms Its Competitors

Through practical deployment in many projects, I’ve found that SoftEther solves three critical weaknesses often found in other solutions:

  • SSTP (Secure Socket Tunneling Protocol): This is the “secret weapon” for Windows users. You just go to Settings and enter the server address—no app installation required. Since it runs over HTTPS (Port 443), it slips through firewalls as easily as web traffic.
  • L2TP/IPsec for Mobile: Both iPhone and Android have built-in support for this protocol. Just enter the Secret Key and Username, and you’re connected in 30 seconds.
  • Local Bridge: This feature connects the VPN’s virtual network card directly to the server’s physical network. Remote computers will receive IPs in the same range as the office, making printing or accessing file servers as seamless as being on-site.

Detailed Configuration: Mastering the System Step-by-Step

1. Using SoftEther VPN Server Manager

Don’t bother typing commands on Linux. Download SoftEther VPN Server Manager for Windows to your personal computer. This tool allows you to connect to the Linux server and configure everything via a graphical interface. From creating users to managing Virtual Hubs, it’s all just a few clicks away.

2. Local Bridge – The Key to Internal Networking

To allow VPN clients to “see” each other, you need to configure a Local Bridge. In the Manager interface, select Local Bridge Setting, choose the Virtual Hub, and point it to the physical network card (usually eth0 or ens3).

Pro tip: If you are using a VPS from DigitalOcean or Vultr, Local Bridges are often blocked by the provider. The solution here is to enable SecureNAT. It acts as its own DHCP and NAT server for clients. It’s extremely convenient, though it uses a bit more CPU.

3. Enabling L2TP/IPsec and SSTP

To optimize for mobile devices, enable the following features:

  • L2TP over IPsec: Check “Enable L2TP over IPsec Server Function” and set a strong IPsec Pre-Shared Key.
  • SSTP: Simply enable this feature. If you don’t have your own SSL certificate, you can use SoftEther’s free Dynamic DNS (e.g., *.softether.net) to obtain an automatic certificate.

Advanced: Performance Optimization for Large Systems

When the number of users exceeds 20-30, SecureNAT can consume significant resources. I’ve seen CPU usage spike to 50% just from virtual NAT processing. The best approach is to disable SecureNAT and use a Bridge Tap Interface combined with dnsmasq on Linux. This method can reduce CPU load by up to 40% and increase data transfer speeds.

To create a Tap Interface, go to vpncmd and type:

BridgeCreate VirtualHubName /DEVICE:soft /TAP:yes

Then, simply configure the IP for the new tap_soft interface that appears on Linux, and you’re done.

A Few Small but Important Notes

  • Open Firewall Ports: Don’t forget to open port 443 (SSTP) and 500/4500 UDP (L2TP) on your firewall. If you miss this step, you’ll spend all day wondering why you can’t connect.
  • Check Logs Regularly: SoftEther logs everything in detail within the server_log folder. If a user reports an error, check here first. Most issues stem from system time discrepancies (NTP) or typing the Pre-shared key incorrectly.

Switching to SoftEther helped me reduce VPN-related support tickets by 80%. No more guiding users through complex installations; now everything is just ‘enter and run’.

Share:
Tags: