Setup SoftEther VPN on Ubuntu into Google Cloud Platform

Setup SoftEther VPN on Ubuntu into Google Cloud Platform

Comments 0 Comment

VPN doesn’t need much intro in this age but a basic definition is:

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

Meaning you can browse privately without prying eyes on connected public/private network. Or by pass GEO restrictions.

In this tutorial, we will be using Google Cloud Platform (GCP) trial account to setup up a VM (Virtual Machine) that will contain our VPN server. You can sign up for a trial account or use any existing subscription.
https://cloud.google.com/free/

CREATE NEW INSTANCE

Once you have signed up for a new account, head over to Console -> Compute Engine and select “CREATE INSTANCE”.
We will be using following settings:
Name: ubuntu-openvpn

Zone: [Choose the closest one to you to get better latency and speed] – GCP Regions and Zone 

Machine Type: micro (1 Shared vCPU) – f1-Micro

Boot Disk: Ubuntu 16.04 LTS. Make sure to choose SSD Disk  not Standard Persistent.

Firewall: Check both checkboxes to allow http and https. We will be using 443 port for accessing our VPN server and thus HTTPS checkbox is marked.

Complete Settings:

You can go for a higher instance in terms of CPU and Memory but micro-f1 instance should be enough for few users. and 10 GB size is more than sufficient.  Click create and let it build.

Secure a static IP

We will need to assign a static IP otherwise, a new dynamic IP will be assigned each time vm is restarted.

Go to VPN Network -> External IP Address

and Change IP type from Ephemeral to Static for the VM we created. Give it a name.

Before:

After:

INSTALL SOFTETHER VPN SERVER

SSH into the newly created VM using SSH button on Instance details page.

SSH into VM

Update/Upgrade VM

  1. sudo apt-get update && sudo apt-get upgrade

Download SoftEther Vpn Server:

You can download the latest stable version from here. For this tutorial we will be using “v4.25-9656-rtm-2018.01.15-tree”. Run the following command to download directly into vm.

  1. wget http://www.softether-download.com/files/softether/v4.25-9656-rtm-2018.01.15-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.25-9656-rtm-2018.01.15-linux-x64-64bit.tar.gz

Extract the files:

  1. sudo tar xvzf softether-vpnserver-v4.25-9656-rtm-2018.01.15-linux-x64-64bit.tar.gz

Install required libraries to build SoftEther vpnserver from source:

  1. sudo apt-get install build-essential -y

Go to extracted Directory “vpnserver” and build

  1. cd vpnserver && sudo make

Press 1 for all prompts:

If you don’t see any error, it’s been compiled successfully and we are ready to configure it.

Let’s move it to more meaning full directory: /usr/local by running following commands –

  1. cd ..
  2. sudo mv vpnserver /usr/local

Go to that directory:

  1. cd /usr/local/vpnserver

Now we need to setup proper permissions for it to be executed.  Run following:

  1. sudo chmod 600 *
  2. sudo chmod 700 vpnserver
  3. sudo chmod 700 vpncmd

Configure it to run at Start Up:

  1. sudo vi /etc/init.d/vpnserver

Past the following and Save:

  1. #!/bin/sh
  2. # chkconfig: 2345 99 01
  3. # description: SoftEther VPN Server
  4. DAEMON=/usr/local/vpnserver/vpnserver
  5. LOCK=/var/lock/subsys/vpnserver
  6. test -x $DAEMON || exit 0
  7. case “$1” in
  8. start)
  9. $DAEMON start
  10. touch $LOCK
  11. ;;
  12. stop)
  13. $DAEMON stop
  14. rm $LOCK
  15. ;;
  16. restart)
  17. $DAEMON stop
  18. sleep 3
  19. $DAEMON start
  20. ;;
  21. *)
  22. echo “Usage: $0 {start|stop|restart}”
  23. exit 1
  24. esac
  25. exit 0

Change permission for Start Up file:

  1. sudo chmod 755 /etc/init.d/vpnserver

Start the server:

  1. sudo /etc/init.d/vpnserver start

Make it run at startup

  1. sudo update-rc.d vpnserver defaults

Check if everything is OK

  1. cd /usr/local/vpnserver
  2. sudo ./vpncmd

Press 3 and type check

  1. check

If all test pass, we are good to go:

Press exit to leave.

CONFIGURING VPN SERVER

Run below command if you are out of VPN Tool

  1. sudo ./vpncmd

Press 1 to enter into “Management of VPN Server or VPN Bridge“. Keep pressing enter for next two prompts without giving any input values.

Set Admin Password:

  1. ServerPasswordSet

Create a Virtual Hub named “VPN” and provide a password for the hub.

  1. HubCreate VPN

Select the new Hub

  1. Hub VPN

Enable SecureNat

  1. SecureNatEnable

Create a User

  1. UserCreate johndoe

Set Password

  1. UserPasswordSet johndoe

Enable L2TP/IPSec

  1. IPsecEnable

Use following configuration:

Generate Certificate:

  1. ServerCertRegenerate [CN]
  1. ServerCertGet ~/cert.cer

Enable SSTP function

  1. SstpEnable yes

Enable OpenVPN

  1. OpenVpnEnable yes /PORTS:443

Copy OpenVPN Client configuration to a Zip File:

  1. OpenVpnMakeConfig ~/my_openvpn_config.zip

It’s now saved in user’s Directory.

You can use FTP to download  the config and use with OpenVPN Connect to connect to vpn server.

UPDATE: 2018-11-22

Or you can SSH into the box directly from Google Cloud Console and use the inbuilt functionality to download/upload files.

Provide the full path of the file and download

Leave a Reply