A quick lookup page for me to install softether vpn server on Ubuntu 16.04 since the apt version no longer work properly (17-01-2020)
Original apt version
https://launchpad.net/~paskal-07/+archive/ubuntu/softethervpn
Requirements
apt-get install -y build-essential make gccDownload
wget -O /tmp/softether-vpnserver.tar.gz https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.32-9731-beta/softether-vpnserver-v4.32-9731-beta-2020.01.01-linux-x64-64bit.tar.gzExtract
tar xfz /tmp/softether-vpnserver.tar.gz -C /usr/localCompile
cd /usr/local/vpnserver
makeMethod 1: Non-root User
Note that local bridge setting will not work, so you will need to use SecureNAT
Adding a service account for softether
sudo useradd --system --no-create-home softetherPermissions
chown -R softether:softether /usr/local/vpnserver
find /usr/local/vpnserver -type f -exec chmod 600 {} \;
find /usr/local/vpnserver -type d -exec chmod 700 {} \;
chmod +x /usr/local/vpnserver/vpncmd
chmod +x /usr/local/vpnserver/vpnserverCreate /etc/systemd/system/softether.service
[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/usr/local/vpnserver/do_not_run
[Service]
Type=forking
TasksMax=16777216
User=softether
Group=softether
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure
# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=/usr/local/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYSLOG CAP_SETUID
[Install]
WantedBy=multi-user.targetAllow vpnserver to bind to local ports despite being run by softether user (non-root)
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/vpnserver/vpnserverStart service
systemctl daemon-reload
systemctl start softether.service
systemctl enable softether.serviceMethod 2: Root User
Permissions
chown -R root:root /usr/local/vpnserver
find /usr/local/vpnserver -type f -exec chmod 600 {} \;
find /usr/local/vpnserver -type d -exec chmod 700 {} \;
chmod +x /usr/local/vpnserver/vpncmd
chmod +x /usr/local/vpnserver/vpnserverCreate /etc/systemd/system/softether.service
cat > /lib/systemd/system/softether.service << EOF
[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/usr/local/vpnserver/do_not_run
[Service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOFRun
Enable and start the Service
systemctl daemon-reload
systemctl start softether.service
systemctl enable softether.serviceClean up
rm -f /tmp/softether-vpnserver.tar.gz Full Script
apt-get update
apt-get install -y build-essential make gcc
curl -s https://api.github.com/repos/SoftEtherVPN/SoftEtherVPN_Stable/releases/latest \
| grep "softether-vpnserver.*linux-x64-64bit.tar.gz" \
| cut -d : -f 2,3 \
| tr -d \" \
| wget -O /tmp/softether-vpnserver.tar.gz -i -
tar xfz /tmp/softether-vpnserver.tar.gz -C /usr/local
cd /usr/local/vpnserver
make
chown -R root:root /usr/local/vpnserver
find /usr/local/vpnserver -type f -exec chmod 600 {} \;
find /usr/local/vpnserver -type d -exec chmod 700 {} \;
chmod +x /usr/local/vpnserver/vpncmd
chmod +x /usr/local/vpnserver/vpnserver
cat > /lib/systemd/system/softether.service << EOF
[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/usr/local/vpnserver/do_not_run
[Service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start softether.service
systemctl enable softether.service
rm -f /tmp/softether-vpnserver.tar.gz You can find the script in https://github.com/adjscent/softether_installer.