Blog
Introduction:
Secure Socket Tunneling Protocol (SSTP) is a robust VPN protocol utilizing SSL/TLS encryption, designed by Microsoft to enhance security and simplicity. This guide walks you through configuring an SSTP VPN server on Linux using the versatile SoftEther VPN.
What Is SoftEther VPN?
Discover SoftEther VPN, an open-source, cross-platform VPN implementation by the SoftEther VPN Project. Compatible with Windows, Mac, and Linux, it stands out as one of the rare projects offering SSTP support on Linux.
Preparing the Environment:
Before installing SoftEther VPN Server, ensure your Linux environment meets prerequisites. Use these commands for Debian/Ubuntu or RedHat/Fedora-based systems to set up the necessary components.
$ apt-get update
$ apt-get install wget make gcc binutils
$ yum install wget make gcc binutilsInstallation:
Follow these steps, tested on AlmaLinux 8 and Ubuntu 23.04, to download, compile, and install SoftEther VPN Server. Use the provided commands, adjusting for your distribution.
$ wget "https://www.softether-download.com/files/softether/v4.41-9787-rtm-2023.03.14-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.41-9787-rtm-2023.03.14-linux-x64-64bit.tar.gz"
tar -xzf softether-vpnserver-v4.41-9787-rtm-2023.03.14-linux-x64-64bit.tar.gzMove the compiled files to /usr/local/ and set file permissions. Adjust SELinux settings if needed.
$ cd ..
$ mv vpnserver /usr/local/
$ chmod -R 600 /usr/local/vpnserver/*
$ chmod 700 /usr/local/vpnserver/vpnserver
$ chmod 700 /usr/local/vpnserver/vpncmd
$ chcon -Rv -u system_u -t bin_t /usr/local/vpnserver/vpnserverCreate a systemd service file for automatic startup. Enable and start the service.
$ cat /usr/lib/systemd/system/softether.service
$ systemctl daemon-reload
$ systemctl enable softether
$ systemctl start softetherVerify the service status.
$ systemctl status softetherVerifying the Installation:
Use the vpncmd tool to check if SoftEther VPN Server can operate on your system. Run the following command:
$ /usr/local/vpnserver/vpncmd /TOOLS /CMD checkIf all checks pass, you’re ready for configuration.
Configuration:
Configure basic system settings, including admin password, hub creation, user setup, and SSTP configuration.
Server Configuration:
Enter server configuration mode.
$ /usr/local/vpnserver/vpncmd /SERVERCreate a password for the administrator account.
$ VPN Server> ServerPasswordSetCreate a Virtual Hub for the SSTP server.
$ VPN Server> HubCreate SSTPConfigure the hub to use SecureNAT for connecting to the physical network.
$ VPN Server/SSTP> SecureNatEnableUser Configuration:
Enter the newly created hub and create a VPN user.
$ VPN Server> Hub SSTP
$ VPN Server/SSTP> UserCreate myuser
$ VPN Server/SSTP> UserPasswordSet myuserSSL Certificate:
Generate or set an SSL certificate for SSTP. Replace mydomain.com with your domain.
$ VPN Server/SSTP> ServerCertRegenerate mydomain.com
$ VPN Server/SSTP> ServerCertGet ~/mydomain.com.cerEnable SSTP:
Enable SSTP for your hub.
$ VPN Server/SSTP> SstpEnable yesVerifying Installation:
Check the hub status to ensure correct operation.
$ VPN Server/SSTP> StatusGetType exit or hit ctrl-q to exit configuration mode, saving changes automatically.
Firewall Configuration:
Configure your firewall to allow incoming connections on TCP port 443, used by SSTP.
Conclusion:
This guide explored the installation and configuration of SoftEther VPN Server on Linux, transforming it into an SSTP server. SSTP, leveraging SSL over TCP port 443, simplifies configuration and extends its use beyond Windows, thanks to SoftEther’s cross-platform compatibility.