How to set up a SoftEther VPN server on CentOS 7

IMPORTANT: CentOS 7 reached its EOL in June 2024, meaning that it is no longer going to get updates moving forward. This means that if you wish to remain secure online and create your own VPN server using SoftEther, it's better to switch to a newer operating system like Ubuntu 22.

Are you concerned about your security and privacy? Do you want to access the Internet safely? In this tutorial, we are going to demonstrate how you can set up a personal, SoftEther VPN server using a cloud VPS server running on CentOS 7 or CentOS 8 (also applicable to AlmaLinux 8).

We are also going to show you how to establish a connection and how to add new devices so that you can stay safe while browsing online.

What you will need

As we mentioned, you are going to need a cloud VPS or VDS server that is running on CentOS 7. We chose to go for CentOS as it is the recommended operating system by SoftEther.

Feel free to check out the specifications of SoftEther's VPN server.

You will also need to download SoftEther by using your server’s terminal, but don’t worry as you can do so for free!

How to prepare your server for SoftEther VPN

The first thing that you need to do is to log into your server through SSH so that you can access the terminal. Once you have successfully logged in, you will need to run the following commands:

yum -y update
yum -y install epel-release
yum -y groupinstall "Development Tools"

How to install SoftEther VPN on your cloud server

First, you will need to navigate to the /usr/local folder. This is the directory where you will download the VPN software. To go to the folder, type in the following command:

cd /usr/local/

Next up, we need to download SoftEther VPN. You can do so with this command:

wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.38-9760-rtm/softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz

IMPORTANT: The software version that we have used in this article will be different from the version that you will be using. Remember to change the version of the software! You can check and download the latest stable version from the SoftEther website.

After the software has been successfully downloaded, you will need to extract the files:

tar xvf softether-vpnserver-*

The final step is to enter into the folder directory and compile the installation using the following command:

cd vpnserver && make

If you see a screen like this:

Please agree to the Terms and proceed.

Once the installation concludes, you will need to ensure that the VPN server will start when booting the operating system. To do this, you will need to create a new file in the /etc/init.d folder:

vim /etc/init.d/vpnserver

Press i to enter INSERT mode and paste the following content:

#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

Press Esc and type :x to save and exit the editor.

Next, you will need to set up file permissions with this command:

chmod 755 /etc/init.d/vpnserver

Start the SoftEther VPN server:

/etc/init.d/vpnserver start

To ensure that the server starts alongside the OS, you will need to use the following command:

chkconfig --add vpnserver 

That’s it! You have successfully installed SoftEther VPN on your cloud server! You can now begin configuring your server.

How to configure a SoftEther VPN Server

In order to configure your VPN software, you will need to be in the /usr/local/vpnserver folder. If you are not, you can go to it with this command:

cd /usr/local/vpnserver/

To start configuring your VPN server, you will need to type this this command in your terminal:

./vpncmd

You should see this screen:

Press 1 and then press Enter.

You will now be prompted to enter a hostname - do not enter anything, just press Enter. You will be asked to enter a Virtual Hub Name as well - leave it empty and press Enter. After doing this you will enter the VPN Server Admin console. It should look like this:

The next command you have to type is:

ServerPasswordSet

Next, you will be asked to enter the VPN Server Administrator password. Type it, press Enter, and confirm the password.

We will also need to create a Hub. We will do it with this command:

HubCreate your_hub_name

IMPORTANT: You can replace your_hub_name with anything you want.

You will be prompted to enter a hub password. Enter it, press Enter, and confirm the password.

Let's enter the hub we just created and start managing it:

Hub your_hub_name

IMPORTANT: You have to replace your_hub_name with the hub name you have just created.

The console must change like this:

Next, in order to configure the network, you will need to type:

SecureNatEnable

The output of the command should be:

SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.

We will continue with the following command:

IPsecEnable

You will be asked some questions. Please answer similarly to the picture below:

IMPORTANT: You have to replace your_hub_name with the hub name you have created.

Now let's create our first user:

UserCreate user1

IMPORTANT: You can replace user1 with anything you want. That's the username of your user.

You will be prompted to enter some data. You can skip this and just press Enter three times.

We have to set a password for the user we have created. We will do this using this command:

UserPasswordSet user1

IMPORTANT: You have to replace user1 with the username of the user you have created.

Enter the password for this user and confirm it.

Let's disable the security logs:

LogDisable

You will be asked which log you’d like to disable. Enter Security and press Enter.

Let's also disable the packet logs:

LogDisable

Again, you will be asked to choose which logs you want to disable. Enter Packet and press Enter.

That’s it - you have created your first user profile and you have configured your SoftEther VPN server! To exit the VPN server Admin console, press Ctrl + D.

How to connect to the SoftEther VPN server from a Windows machine

In order to connect to the VPN server from your Windows machine, you will have to download SoftEther's VPN client for Windows.

You can download the latest version from SoftEther's official download page. Install the client and open the program. It should look like this:

Double click on the Add VPN Connection item. You will be prompted to create a new network adapter. Click Yes and create it. After that, double click on the Add VPN Connection item. You will see the following screen:

In the Setting name field, you can enter anything you want. This is just an internal name for the VPN connection.

In the Hostname field, enter your server IP address. After you enter it, the dropdown menu Virtual Hub name will refresh, and you will have to select the name of your virtual hub that you created earlier.

Now we will go directly to the Authentication settings. Enter the username and password for the user you previously created.

Once you enter all these fields, press Ok, and your connection will be saved. Double click on the newly created VPN connection, and, if everything entered is correct, you should connect to the VPN server successfully.

Now your access to the Internet is going through this VPN server. Your IP is hidden, and you can browse safely.

If you happen to experience issues with the installation or configuration of your server, feel free to contact us!

Additionally, you can also get a VPS server with a pre-installed WireGuard VPN with the help of our application templates! Boost your productivity, save time and protect your privacy with only 1 click!