Blog

Setting Up an SSTP Server on Linux with SoftEther VPN

Introduction:

Secure Socket Tunneling Protocol (SSTP) is a robust VPN protocol utilizing SSL/TLS encryption, designed by Microsoft to enhance security and simplicity. This guide walks you through configuring an SSTP VPN server on Linux using the versatile SoftEther VPN.

What Is SoftEther VPN?

Discover SoftEther VPN, an open-source, cross-platform VPN implementation by the SoftEther VPN Project. Compatible with Windows, Mac, and Linux, it stands out as one of the rare projects offering SSTP support on Linux.

Preparing the Environment:

Before installing SoftEther VPN Server, ensure your Linux environment meets prerequisites. Use these commands for Debian/Ubuntu or RedHat/Fedora-based systems to set up the necessary components.

$ apt-get update
$ apt-get install wget make gcc binutils
$ yum install wget make gcc binutils

Installation:

Follow these steps, tested on AlmaLinux 8 and Ubuntu 23.04, to download, compile, and install SoftEther VPN Server. Use the provided commands, adjusting for your distribution.

$ wget "https://www.softether-download.com/files/softether/v4.41-9787-rtm-2023.03.14-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.41-9787-rtm-2023.03.14-linux-x64-64bit.tar.gz"
tar -xzf softether-vpnserver-v4.41-9787-rtm-2023.03.14-linux-x64-64bit.tar.gz

Move the compiled files to /usr/local/ and set file permissions. Adjust SELinux settings if needed.

$ cd ..
$ mv vpnserver /usr/local/
$ chmod -R 600 /usr/local/vpnserver/*
$ chmod 700 /usr/local/vpnserver/vpnserver
$ chmod 700 /usr/local/vpnserver/vpncmd
$ chcon -Rv -u system_u -t bin_t /usr/local/vpnserver/vpnserver

Create a systemd service file for automatic startup. Enable and start the service.

$ cat /usr/lib/systemd/system/softether.service
$ systemctl daemon-reload
$ systemctl enable softether
$ systemctl start softether

Verify the service status.

$ systemctl status softether

Verifying the Installation:

Use the vpncmd tool to check if SoftEther VPN Server can operate on your system. Run the following command:

$ /usr/local/vpnserver/vpncmd /TOOLS /CMD check

If all checks pass, you’re ready for configuration.

Configuration:

Configure basic system settings, including admin password, hub creation, user setup, and SSTP configuration.

Server Configuration:

Enter server configuration mode.

$ /usr/local/vpnserver/vpncmd /SERVER

Create a password for the administrator account.

$ VPN Server> ServerPasswordSet

Create a Virtual Hub for the SSTP server.

$ VPN Server> HubCreate SSTP

Configure the hub to use SecureNAT for connecting to the physical network.

$ VPN Server/SSTP> SecureNatEnable

User Configuration:

Enter the newly created hub and create a VPN user.

$ VPN Server> Hub SSTP
$ VPN Server/SSTP> UserCreate myuser
$ VPN Server/SSTP> UserPasswordSet myuser

SSL Certificate:

Generate or set an SSL certificate for SSTP. Replace mydomain.com with your domain.

$ VPN Server/SSTP> ServerCertRegenerate mydomain.com
$ VPN Server/SSTP> ServerCertGet ~/mydomain.com.cer

Enable SSTP:

Enable SSTP for your hub.

$ VPN Server/SSTP> SstpEnable yes

Verifying Installation:

Check the hub status to ensure correct operation.

$ VPN Server/SSTP> StatusGet

Type exit or hit ctrl-q to exit configuration mode, saving changes automatically.

Firewall Configuration:

Configure your firewall to allow incoming connections on TCP port 443, used by SSTP.

Conclusion:

This guide explored the installation and configuration of SoftEther VPN Server on Linux, transforming it into an SSTP server. SSTP, leveraging SSL over TCP port 443, simplifies configuration and extends its use beyond Windows, thanks to SoftEther’s cross-platform compatibility.

Scroll to Top