Introduction:
Secure Socket Tunneling Protocol (SSTP) is a robust VPN protocol utilizing SSL/TLS encryption, designed by Microsoft to enhance security and simplicity. This guide walks you through configuring an SSTP VPN server on Linux using the versatile SoftEther VPN.
What Is SoftEther VPN?
Discover SoftEther VPN, an open-source, cross-platform VPN implementation by the SoftEther VPN Project. Compatible with Windows, Mac, and Linux, it stands out as one of the rare projects offering SSTP support on Linux.
Preparing the Environment:
Before installing SoftEther VPN Server, ensure your Linux environment meets prerequisites. Use these commands for Debian/Ubuntu or RedHat/Fedora-based systems to set up the necessary components.
$ apt-get update
$ apt-get install wget make gcc binutils
$ yum install wget make gcc binutils
Installation:
Follow these steps, tested on AlmaLinux 8 and Ubuntu 23.04, to download, compile, and install SoftEther VPN Server. Use the provided commands, adjusting for your distribution.
$ wget "https://www.softether-download.com/files/softether/v4.41-9787-rtm-2023.03.14-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.41-9787-rtm-2023.03.14-linux-x64-64bit.tar.gz"
tar -xzf softether-vpnserver-v4.41-9787-rtm-2023.03.14-linux-x64-64bit.tar.gz
Move the compiled files to /usr/local/ and set file permissions. Adjust SELinux settings if needed.
$ cd ..
$ mv vpnserver /usr/local/
$ chmod -R 600 /usr/local/vpnserver/*
$ chmod 700 /usr/local/vpnserver/vpnserver
$ chmod 700 /usr/local/vpnserver/vpncmd
$ chcon -Rv -u system_u -t bin_t /usr/local/vpnserver/vpnserver
Create a systemd service file for automatic startup. Enable and start the service.
$ cat /usr/lib/systemd/system/softether.service
$ systemctl daemon-reload
$ systemctl enable softether
$ systemctl start softether
Verify the service status.
$ systemctl status softether
Verifying the Installation:
Use the vpncmd tool to check if SoftEther VPN Server can operate on your system. Run the following command:
$ /usr/local/vpnserver/vpncmd /TOOLS /CMD check
If all checks pass, you’re ready for configuration.
Configuration:
Configure basic system settings, including admin password, hub creation, user setup, and SSTP configuration.
Server Configuration:
Enter server configuration mode.
$ /usr/local/vpnserver/vpncmd /SERVER
Create a password for the administrator account.
$ VPN Server> ServerPasswordSet
Create a Virtual Hub for the SSTP server.
$ VPN Server> HubCreate SSTP
Configure the hub to use SecureNAT for connecting to the physical network.
$ VPN Server/SSTP> SecureNatEnable
User Configuration:
Enter the newly created hub and create a VPN user.
$ VPN Server> Hub SSTP
$ VPN Server/SSTP> UserCreate myuser
$ VPN Server/SSTP> UserPasswordSet myuser
SSL Certificate:
Generate or set an SSL certificate for SSTP. Replace mydomain.com with your domain.
$ VPN Server/SSTP> ServerCertRegenerate mydomain.com
$ VPN Server/SSTP> ServerCertGet ~/mydomain.com.cer
Enable SSTP:
Enable SSTP for your hub.
$ VPN Server/SSTP> SstpEnable yes
Verifying Installation:
Check the hub status to ensure correct operation.
$ VPN Server/SSTP> StatusGet
Type exit or hit ctrl-q to exit configuration mode, saving changes automatically.
Firewall Configuration:
Configure your firewall to allow incoming connections on TCP port 443, used by SSTP.
Conclusion:
This guide explored the installation and configuration of SoftEther VPN Server on Linux, transforming it into an SSTP server. SSTP, leveraging SSL over TCP port 443, simplifies configuration and extends its use beyond Windows, thanks to SoftEther’s cross-platform compatibility.