How to setup a SoftEther VPN server on CentOS 7?

Are you concerned about your security and privacy, and you want to access the Internet safely? In this article, we will show how you can setup a SoftEther VPN server on your CentOS 7 server and how to connect it to your devices. This tutorial should work also on CentOS 8 (AlmaLinux 8 also).

Getting started

We will need a CentOS 7 VPS/VDS server where we will install the VPN server. We chose CentOS for this tutorial because it is the recommended operating system from the SoftEther's team.

Feel free to check out the specifications of the SoftEther's VPN server.

Server preparation for SoftEther VPN server

The first thing you have to do is to enter your server's terminal through SSH. In order to prepare your server for the SoftEthers VPN server, you need to run the following commands:

yum -y update
yum -y install epel-release
yum -y groupinstall "Development Tools"

Installing SoftEther VPN server

We will navigate to /usr/local folder, and there we will download the SoftEther's VPN software. Run the following command:

cd /usr/local/

Now we have to download the VPN software with the following command:

wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.38-9760-rtm/softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz

NOTICE: This is the URL of the latest version at the time we wrote this article. You can check and download the latest stable version from the SoftEther website.

After successful download, we need to extract the files:

tar xvf softether-vpnserver-*

The final step is to enter in the directory and compile the installation using the following command:

cd vpnserver && make

If you see a screen like this:

Please agree to the Terms and proceed.

When the installation is complete, we have to make the VPN server run on the boot of the operating system. We will do this creating a new file in the /etc/init.d folder:

vim /etc/init.d/vpnserver

Press i to enter INSERT mode and paste the following content in the file.

#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

Press Esc and type :x to save and exit the editor.

The next step is to fix the file permissions with this command:

chmod 755 /etc/init.d/vpnserver

Start the SoftEther VPN server:

/etc/init.d/vpnserver start

We have to make the server start when the OS is booted, and we will do it with the following command:

chkconfig --add vpnserver 

The installation of the VPN server is fully completed, and now we have to move to the configuration part of the VPN.

Configuring SoftEther VPN Server

We assume that you are still in /usr/local/vpnserver folder. If you are not, you can enter it with this command:

cd /usr/local/vpnserver/

Now we will begin configuring your VPN server. Type this command in your terminal:

./vpncmd

You should see this screen:

On this step, press 1 and Enter.

Now you will be prompted to enter a hostname - do not enter anything, just press Enter. You will be asked to enter Virtual Hub Name, leave it empty and press Enter. After doing this you will enter the VPN Server Admin console. It should look like this:

The next command we have to type is:

ServerPasswordSet

Now you will be prompted to enter the VPN Server Administrator password. Enter it, press Enter, and confirm the password.

We have to create a Hub. We will do it with this command:

HubCreate your_hub_name

NOTICE: You can replace your_hub_name with anything you want.

You will be prompted to enter a hub's password. Enter it, press Enter, and confirm the password.

Let's enter the hub we just created and start controlling it:

Hub your_hub_name

NOTICE: You have to replace your_hub_name with the hub name you have just created.

The console must change like this:

Now, we will do some network configurations. Type this command:

SecureNatEnable

The output of the command should be:

SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.

We will continue with the following command:

IPsecEnable

You will be asked some questions, please answer as answered in the picture below:

NOTICE: You have to replace your_hub_name with the hub name you have created.

Now let's create our first user:

UserCreate user1

NOTICE: You can replace user1 with anything you want. That's the username of your user.

You will be prompted to enter some data, you can skip this and just press Enter three times.

We have to set a password for the user we have created. We will do this using this command:

UserPasswordSet user1

NOTICE: You have to replace user1 with the username of the user you have created. 

Enter the password for this user and confirm it.

Let's disable the security logs:

LogDisable

Now you will be prompted which log you want to disable. Enter Security and press Enter.

Let's disable also the packet logs:

LogDisable

Now you will be prompted which log you want to disable. Enter Packet and press Enter.

We are done with the configuration of the SoftEther VPN server. To exit the VPN server Admin console, press Ctrl + D.

Connecting to the SoftEther's VPN server from a Windows machine

In order to connect to the VPN server from your Windows machine, you will have to download the SoftEther's VPN client for Windows. You can download the latest version from SoftEther's official download page. Install the client and open the program. It should look like this:

Double click on the item Add VPN Connection. You will be prompted to create a new network adapter. Click Yes and create it. After that, double click on the item Add VPN Connection. You will see the following screen:

In the field Setting name, you can enter anything you want. This is just an internal name for the VPN connection.

In the field Hostname, enter your server IP address. After you enter it, the dropdown menu Virtual Hub name will refresh, and you will have to select the name of your virtual hub that you have created earlier.

Now we go directly to the Authentication settings. Enter your username and password for the user you have created.

Once you entered all these fields, press Ok, and your connection will be saved. Double click on the newly created VPN connection, and, if everything entered is correct, you should connect to the VPN server successfully.

Now your access to the Internet is going through this VPN server. Your IP is hidden, and you can browse safely.