Install and connect SoftEther VPN on Linux



1. Download SoftEther VPN client for Linux
2. Install SoftEther VPN client on Linux
3. Configure SoftEther VPN client on Linux
4. Connect to SoftEther VPN on Linux and routing setting
5. Disconnect from SoftEther VPN on Linux

Commands beginning with the # prompt are executed as the root user, the $ prompt means the execution is from a regular user.


1. Downloading


Download the SoftEther VPN client distro for the OS architecture from the official site or from the project repository on GitHub. For example, terminal command of downloading the client distro for Linux x64 looks like this.
$ wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.29-9680-rtm/softether-vpnclient-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz

Next unzip the downloaded archive, terminal command for it looks like this.
$ tar -xvf softether-vpnclient-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz

All described below actions have to execute in Linux terminal only.


2. Installing


Change path to the archive directory which was unzipped on previous step.
$ cd vpnclient

There is the script file .install.sh in the directory. The file name beginning with dot (.), so a graphic explorer may be doesn't find it. Run the command to verify that the file exists.
$ ls -lah
total 1,4M
drwxrwxr-x. 4 user user 4,0K фев 28 12:41 .
drwxr-xr-x. 3 user user 4,0K июн 26 03:10 ..
-rwxrwxr-x. 1 user user 82 фев 28 12:41 Authors.txt
drwxrwxr-x. 2 user user 4,0K фев 28 12:41 code
-rwxrwxr-x. 1 user user 1,3M фев 28 12:41 hamcore.se2
-rwxrwxr-x. 1 user user 1,5K фев 28 12:41 .install.sh
drwxrwxr-x. 2 user user 4,0K фев 28 12:41 lib
-rwxrwxr-x. 1 user user 3,1K фев 28 12:41 Makefile
-rwxrwxr-x. 1 user user 31K фев 28 12:41 ReadMeFirst_Important_Notices_cn.txt
-rwxrwxr-x. 1 user user 36K фев 28 12:41 ReadMeFirst_Important_Notices_en.txt
-rwxrwxr-x. 1 user user 50K фев 28 12:41 ReadMeFirst_Important_Notices_ja.txt
-rwxrwxr-x. 1 user user 3,6K фев 28 12:41 ReadMeFirst_License.txt

Run the script. Questions about the license should be answered in the affirmative (1. Yes).
$ ./.install.sh
--------------------------------------------------------------------

SoftEther VPN Client (Ver 4.29, Build 9680, Intel x64 / AMD64) for Linux Install Utility
Copyright (c) SoftEther Project at University of Tsukuba, Japan. All Rights Reserved.

--------------------------------------------------------------------


Do you want to read the License Agreement for this software ?

1. Yes
2. No

Please choose one of above number:
1

Copyright (c) all contributors on SoftEther VPN project in GitHub.
Copyright (c) Daiyuu Nobori, SoftEther Project at University of Tsukuba, and SoftEther Corporation.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License.


DISCLAIMER
==========

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

THIS SOFTWARE IS DEVELOPED IN JAPAN, AND DISTRIBUTED FROM JAPAN, UNDER JAPANESE LAWS. YOU MUST AGREE IN ADVANCE TO USE, COPY, MODIFY, MERGE, PUBLISH, DISTRIBUTE, SUBLICENSE, AND/OR SELL COPIES OF THIS SOFTWARE, THAT ANY JURIDICAL DISPUTES WHICH ARE CONCERNED TO THIS SOFTWARE OR ITS CONTENTS, AGAINST US (SOFTETHER PROJECT, SOFTETHER CORPORATION, DAIYUU NOBORI OR OTHER SUPPLIERS), OR ANY JURIDICAL DISPUTES AGAINST US WHICH ARE CAUSED BY ANY KIND OF USING, COPYING, MODIFYING, MERGING, PUBLISHING, DISTRIBUTING, SUBLICENSING, AND/OR SELLING COPIES OF THIS SOFTWARE SHALL BE REGARDED AS BE CONSTRUED AND CONTROLLED BY JAPANESE LAWS, AND YOU MUST FURTHER CONSENT TO EXCLUSIVE JURISDICTION AND VENUE IN THE COURTS SITTING IN TOKYO, JAPAN. YOU MUST WAIVE ALL DEFENSES OF LACK OF PERSONAL JURISDICTION AND FORUM NON CONVENIENS. PROCESS MAY BE SERVED ON EITHER PARTY IN THE MANNER AUTHORIZED BY APPLICABLE LAW OR COURT RULE.

USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS YOU HAVE A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY CRIMINAL LAWS OR CIVIL RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS SOFTWARE IN OTHER COUNTRIES IS COMPLETELY AT YOUR OWN RISK. THE SOFTETHER VPN PROJECT HAS DEVELOPED AND DISTRIBUTED THIS SOFTWARE TO COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING CIVIL RIGHTS INCLUDING PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER COUNTRIES' LAWS OR CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES. WE HAVE NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+ COUNTRIES AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE WORLD, WITH DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY COUNTRIES' LAWS, REGULATIONS AND CIVIL RIGHTS TO MAKE THE SOFTWARE COMPLY WITH ALL COUNTRIES' LAWS BY THE PROJECT. EVEN IF YOU WILL BE SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A PUBLIC SERVANT IN YOUR COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE LIABLE TO RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL
RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT JUST A STATEMENT FOR WARNING AND DISCLAIMER.

READ AND UNDERSTAND THE 'src/WARNING.TXT' FILE BEFORE USING THIS SOFTWARE. SOME SOFTWARE PROGRAMS FROM THIRD PARTIES ARE INCLUDED ON THIS SOFTWARE WITH LICENSE CONDITIONS WHICH ARE DESCRIBED ON THE 'src/THIRD_PARTY.TXT' FILE.


Did you read and understand the License Agreement ?
(If you couldn't read above text, Please read 'ReadMeFirst_License.txt'
file with any text editor.)

1. Yes
2. No

Please choose one of above number:
1


Did you agree the License Agreement ?

1. Agree
2. Do Not Agree

Please choose one of above number:
1

Preparing SoftEther VPN Client...
ranlib lib/libcharset.a
ranlib lib/libcrypto.a
ranlib lib/libedit.a
ranlib lib/libiconv.a
ranlib lib/libintelaes.a
ranlib lib/libncurses.a
ranlib lib/libssl.a
ranlib lib/libz.a
ranlib code/vpnclient.a
gcc code/vpnclient.a -no-pie -O2 -fsigned-char -pthread -m64 -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -o vpnclient
ranlib code/vpncmd.a
gcc code/vpncmd.a -no-pie -O2 -fsigned-char -pthread -m64 -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -o vpncmd

--------------------------------------------------------------------
The preparation of SoftEther VPN Client is completed !


*** How to switch the display language of the SoftEther VPN Client Service ***
SoftEther VPN Client supports the following languages:
- Japanese
- English
- Simplified Chinese

You can choose your prefered language of SoftEther VPN Client at any time.
To switch the current language, open and edit the 'lang.config' file.


*** How to start the SoftEther VPN Client Service ***

Please execute './vpnclient start' to run the SoftEther VPN Client Background Service.
And please execute './vpncmd' to run the SoftEther VPN Command-Line Utility to configure SoftEther VPN Client.

Of course, you can use the VPN Server Manager GUI Application for Windows / Mac OS X on the other Windows / Mac OS X computers in order to configure the SoftEther VPN Client remotely.


*** For Windows users ***
You can download the SoftEther VPN Server Manager for Windows
from the http://www.softether-download.com/ web site.
This manager application helps you to completely and easily manage the VPN server services running in remote hosts.


*** For Mac OS X users ***
In April 2016 we released the SoftEther VPN Server Manager for Mac OS X.
You can download it from the http://www.softether-download.com/ web site.
VPN Server Manager for Mac OS X works perfectly as same as the traditional Windows versions. It helps you to completely and easily manage the VPN server services running in remote hosts.

--------------------------------------------------------------------

All described below actions have to execute with the root user rights.

Use commands sudo or su to get the root user rights. For example, enter sudo su to login as root in a desktop Debian-based distros (Ubuntu, Linux Mint and others). And use su in a RedHat-based distros (RHEL, Fedora, CentOS and others) and server Debian-based distros.


3. Configuring


Run the VPN client.
# ./vpnclient start
The SoftEther VPN Client service has been started.

You can proceed to import configurations after successfully launching the VPN client. Download the configs archive file and unzip it.
# wget https://cabinet.deepwebvpn.net/downloads/softether/all.zip
# unzip all.zip

It is not necessary download archive of all SoftEther configs, you may select and download a specific configs (Single chains and Double chains).

You can use torsocks to download configs via Tor.
# torsocks wget http://deepwebvpnvvotmw.onion/downloads/softether/all.zip

In Debian-based Linux (Debian, Ubuntu, Linux Mint and others) to install torsocks use command like this.
# apt-get install torsocks
In RedHat-based Linux (RHEL, Fedora, CentOS and others) use the next command.
# yum install torsocks
.

Next step is importing one or more configs. For example, the command for import config of the chain DoubleSSL_PL1_RU1 looks like this.
# ./vpncmd localhost /CLIENT /CMD AccountImport DoubleSSL_PL1_RU1.vpn

Use the next command to show all imported configs (accounts).
./vpncmd localhost /CLIENT /CMD AccountList

You have to set the username and password for the imported config. Replace urusername and urpassword by your username and password in the example below.
The username and password are the same as the username and password of the DeepWebVPN Cabinet.

# ./vpncmd localhost /CLIENT /CMD AccountUsernameSet double-ssl-pl1-ru1 /USERNAME:urusername
# ./vpncmd localhost /CLIENT /CMD AccountPassword double-ssl-pl1-ru1 /PASSWORD:urpassword /TYPE:radius

Use the same command again to change the username or password.

4. Connect and routing


Use the next command to connect.
# ./vpncmd localhost /CLIENT /CMD AccountConnect double-ssl-pl1-ru1

Check the connection status after a few seconds. If connection is successful the status will change to Connected.
# ./vpncmd localhost /CLIENT /CMD AccountList
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.29 Build 9680 (English)
Compiled 2019/02/28 19:22:54 by yagi at pc33
Copyright (c) SoftEther VPN Project. All Rights Reserved.

Connected to VPN Client "localhost".

VPN Client>AccountList
AccountList command - Get List of VPN Connection Settings
Item |Value
----------------------------+---------------------------------------------------
VPN Connection Setting Name |double-ssl-pl1-ru1
Status |Connected
VPN Server Hostname |XX.XX.XX.XX/tcp:443 (Direct TCP/IP Connection)
Virtual Hub |double-ssl-pl1-ru1
Virtual Network Adapter Name|VPN
The command completed successfully.

You have to configure routing after successfully connecting. First of all turn on the IP forwarding.
# echo 1 > /proc/sys/net/ipv4/ip_forward
# echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf && sysctl -p

Next step is setting IP of VPN connection.
# dhclient vpn_vpn

Now you need to know the default gateway (it is 192.168.0.1 on the second line in the example below). Default gateway belongs to the interface of external network (internet connection) usually, it is wlan0 in the example.
# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.244.1 0.0.0.0 UG 0 0 0 vpn_vpn
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
192.168.244.0 0.0.0.0 255.255.255.0 U 0 0 0 vpn_vpn

Add new routing rule, where XX.XX.XX.XX replaced with IP of the incoming (or only server for a Single chain) server (see command ./vpncmd localhost /CLIENT /CMD AccountList) and 192.168.0.1 is a default gateway.
# ip route add XX.XX.XX.XX via 192.168.0.1

Make sure there is default via 192.168.234.1 dev vpn_vpn for a Single chain in the routing table or default via 192.168.244.1 dev vpn_vpn for a Double chain (the example below is for a Double chain).
# ip route show
default via 192.168.244.1 dev vpn_vpn
default via 192.168.0.1 dev wlan0 proto dhcp metric 600
XX.XX.XX.XX via 192.168.0.1 dev wlan0
192.168.244.0/24 dev vpn_vpn proto kernel scope link src 192.168.244.22

It is important to remember that the gateway 192.168.234.1 is for a Single chain and 192.168.244.1 is for a Double chain. The rule of the example above is for a Double chain.

Add the rule if it is not in the routing table.
# ip route add default via 192.168.244.1 dev vpn_vpn

And remove the last gateway.
# ip route del default via 192.168.0.1

Don't forget setting DNS after succesfully connecting.

5. Disconnect


Turn off the client to disconnect from a SoftEther VPN chain.
# ./vpnclient stop

Then remove the VPN routing rule and make back the default gateway. Don't forget replace XX.XX.XX.XX with IP of the incoming VPN server (see command ./vpncmd localhost /CLIENT /CMD AccountList).
# ip route del XX.XX.XX.XX
# ip route add default via 192.168.0.1