Create your own VPN easy using SoftEther and Ubuntu (Step-by-step)
HTML-код
- Опубликовано: 4 окт 2024
- I'll show you how to install your own SoftEther VPN server in the cloud using Linode. It supports SSL VPN, L2TP/IPsec, MS-SSTP, and OpenVPN protocols. My blog post with all the commands: theitguycj.com.... SoftEther's website: www.softether....
Subscribe to my channel for more technology content: www.youtube.co...
Nice job ^_^ i also liked you put everything on blog so we can just copy paste them [ I still watched video to make sure doing it right] and it worked like charm
Thank you! I tried to create a great reference for anyone to be able to follow along with.
You can use ctrl + shift + K to delete a line with nano each time instead of a character, good tutorial 👍
Thank you for the video compliment and the tip! I'll be sure to start using that.
@@TheITGuyCJ
I left this out, if you want to delete all lines in a file using nano do this:
1) move the cursor to the very beginning of the file and hit Ctrl + Shift + 6
2) move the cursor all the way to the end ( or to the end where your selection is). The text to be deleted should be highlighted now.
3) Ctrl + K will delete all of the selected text
Hello, thank you for your good training.
When I connect to the VPN, I receive the following message and after a few seconds my connection is disconnected.
Please guide me in this regard.
** Connected with NAT traversal - might be unstable **
This VPN Client is connected to the VPN Server 'ubuntu-2gb-hel1-1Soft' by using the NAT Traversal (UDP Hole Punching) technology.
NAT Traversal allows the VPN Server behind the NAT-box to accept VPN connections from VPN Client without any port-forwarding setting on the NAT-box.
However, NAT Traversal-based VPN sessions sometimes become unstable, because NAT Traversal uses UDP-based protocol. For example, the VPN tunnel disconnects every 5 minutes if there is a poor NAT-box between the VPN Server and the VPN Client. Some large-scale NAT gateways in cheap ISPs sometimes cause the same problem on NAT Traversal. This is a problem of routers or ISPs. This is not a problem of SoftEther VPN software.
To solve the unstable tunnel problem, you should connect to the VPN Server's TCP listener port directly, instead of using NAT Traversal. To connect to the VPN Server directly by using TCP, a listener port of the VPN Server must be exposed to the Internet by a port-forward setting on the NAT-box. Ask the administrator of the NAT-box, or refer to the manual of the NAT-box to add a port-forwarding setting on the NAT-box.
If this message still remains despite the VPN Server is exposing a TCP port to the Internet, check the "Disable NAT-T" checkbox on the VPN Client connection setting screen.
I also check the "Disable NAT-T" checkbox on the VPN Client connection setting screen.
but then i recived Error (Error Code 2):
Protocol error occurred. Error was returned from the destination server.
Thank you @BricksMortar! If NAT-T for whatever reason will not work for you or other users, you can also enable the VPN Azure functionality when you are setting up SoftEther Server Configuration using Windows. www.softether.org/4-docs/2-howto/6.VPN_Server_Behind_NAT_or_Firewall/2.VPN_Azure
I tried with your tutorial. I have a problem man. I'm currently connected to the VPN server through the VPN client manager. But the problem is that in my client system, the virtual client adapter vpn, in the properties, it doesn't show the default gateway and it has just the ipv4 and the ipv4 subnetmask. Therefore I don't have an internet connection through this vpn and when I try to load a web page, it just works like I'm using my regular connection to the internet and don't access the free internet. I'm from Iran and my vps location is in Germany. I want the Germany free internet. Can you help me to find out the problem and why I don't have an internet connection through the client vpn?
Btw when I'm connected to the VPN client it doesn't disconnect me from internet connection and acts like I don't have vpn at all
Plz help me. I don't know what the problem is. And one more info.
I changed the DNS IP that you put 1.1.1.1 to the 8.8.8.8.
I don't think that is the problem? Yes?
Hmm... There could be restrictions on what DNS provider the government allows or they could be doing some ISP-level packet sniffing/re-routing. Could you try a different VPS provider or a different country?
Excellent tutorial and explanation!
Thank you!
@@TheITGuyCJ Seems like your server might be down.
Nice video. Is it possible to setup the Softether server through IPV6 intead of IPV4? and/or is it possible to connect VPN client through IPV6?
Thank you! I believe it is however you'll need to use the developer edition of SoftEther (github.com/SoftEtherVPN/SoftEtherVPN) instead of the stable release.
Thanks for the answer. May I ask you is there anyway to manage user's traffic usage? To define like how much traffic they can use.@@TheITGuyCJ
👍👍👍👍
Thank you for the good job. I followed all the steps on an AWS ubuntu 22.04 (all ports are open for now) and I setup the server manager and also the Softether client on a windows 10 machine. The connection has been setup successfully. BUT while connected, the client side doesn't have internet connection. I need to use the server internet in client side. Do I need to set a default gateway or so? Can you explain how?
Thank you.
I'm no AWS expert but I am currently studying for my AWS SSA-C03 certification so I have experience with it. It's hard to say exactly what's going on without looking at configs but I'll mention a couple of possible stumbling blocks:
1. In your "/etc/dnsmasq.conf" file, make sure to specify a server address (17:28). If not, it's not using a DNS server to resolve domain names to IPs. I use 1.1.1.1 in my example in my blog post linked in the description.
2. If you're using an EC2 instance, when you power down the instance then start it back up, you will have a new public IP address each time. You'll have assign the instance an elastic IP address for it to "stick" permanently. That'll be important when editing your firewall rules using iptables (21:37).
Let me know if the advice helps! It'll help me know I'm on the right track. Lol
my vpn server in ubuntu machine has started but when i try to connect in my windows(softherther server manager) machine it is giving "connection to the server failed. Check network connection and make sure address and port number of destination server are correct . where have i gone wrong ,could you plz guide
Where is your Ubuntu machine hosted? And could it be that your ISP is blocking SSH?
Hi again (since my last 1 and a half page message seems to be lost somehow)
Nice idea and presentation since I was trying to find a way to migrate my softether vpn server from windows to linux environment but up unitl I noticed your video, didn t occur to me the idea to manage it with a management tool from windows.
At the 10:14 you could show the installation at least the first step where you are presented with three options to choose from. I suppose it is the 3rd one SoftEther VPN Server Management (Admin Tools Only) right?
Thank you! Yes, that option is correct.
@@TheITGuyCJ Thanks for the response. Any change to see my other questions as well?
I see for some reason they were marked for review so I'm looking at them now. Thanks!
Since this is the 4rth time I ve viewed and read (on your blog) in parallel, a new question arose. Why you need to create a new network interface soft and not use the default one named eth0? In my already (windows environment) softether vpn, bridge is attached to the default network card and it works. What extra layer of easiness or security or speed or traffic separation or whatever that might be, that extra network creation offers?
That extra network device is a virtual bridge that handles DHCP/DNS that dnsmasq uses instead of SecureNAT.
Why do we need Secure Nat in the first place? Can't we just don't enable it and don't do the Dnsmasq neither? What problem would it cause if we don't use neither of them.
Once your data comes in through that VPN connection, it'll need a way to route the traffic once it gets to the server (Linode in this case). It has to get the network settings from somewhere. It's similar to when you connect to a wireless access point at home or a coffee shop: your home router or the business's router gives your device a private IP address, subnet mask, and find a way out to the internet. That's what SecureNAT and dnsmasq do, just in software instead of a physical router.
I have this vpn for a very much years now. So my question is how to create a gigabit adapter?! The softether is always creates only 10/100 tap drivers... it is too slow this way. I have gigabit cards but only virtual drivers i can use are only 10/100...
Have you speed tested that network interface and verified it? It could be that the interface is reporting 10/100 but in reality, it's much faster as it's just in software. Also, what Linux version are you running?
This error occurs "Connection to the server failed. Check network connection and make sure that address and port number of destination server are correct."
You may have to check if your ISP is blocking access to the needed ports.
I have enabled NAT like what you did in the video and everything was good for several months. These days I have a weird problem. While I connect for 2-3 hours my connection with the VPN will start to high ping latency and many time-outs until I reconnect the VPN connection then the matter will be solved 2-3 hours later and this cycle will be repeated. Would you happen to have any guesses about this matter?
I know other people on the same VPN network as I also have the same problem but this does not happen at the same time for us. I mean if I got the matter then others do not have the matter like me at the moment but they can face it other time than me.
I can't say. It could be that your VPS/server is slowly creeping up to 100% CPU or network utilization then things start dropping. Are you using SecureNAT or dnsmasq? You may need to run some monitoring software to help pinpoint the problem.
@@TheITGuyCJ I'm using dnsmasq as your video and config and everything was good for several months and all things like VPS and ISP of the internet are the same as before. I just checked the VPS CPU graph and 30 days ago the max CPU use was 50% for a short period.
How can I investigate the matter? How to monitor it? I just found when I have a connection problem with the VPS but my ping time from the VPS to my Private device IP address is good without any Time-out.
Should I try SecureNAT instead of dnsmasq?
You shouldn't use SecureNAT at all. It's not worth it. You can use Zabbix or Prometheus with Grafana to monitor the server and have them send custom alerts when things happen.
ty so much sir you help me alot ty ty ty love you/ you are the best
You are most welcome.
@@TheITGuyCJ SIR CAN YOU MAKE VIDEO FOR SOFTETHER+openvpn and how to use softether on the phone too??
@@hamidalipour7897 I'll see what I can do about that.
i am able to connect to vpn but still my IP doesn't change. its weired
What ISP are you using?
thanks that works great
You're welcome!
Hello. How can we change the IP address that we added in IPtables with another IP address?
You can try either either re-running the command with the new IP address or use this Digital Ocean link to help with removing the config in iptables. www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules. I hope this helps.
hello CJ, my office vpn is only accessible via softether and i'm struggling to find ways to install softether client on ubuntu (i'm on 22.04). can you help?
I haven't used the Linux client but I can definitely try to help. Where does the problem seem to be?
In my VPN client for l2tp i need user, user Password and also L2TP password, May You know how can i set it up ;D?
I didn't set up an L2TP password. I only used a IPSec PSK.
The training is wonderful
thanks a lot
As you mentioned, the speed in SecureNAT mode is very low, but now I have a problem, I have 100 users and they can’t connect at the same time with open vpn. Any user who connects earlier, other users can’t connect, please help. ?
Of course, I have no knowledge of Linux at all, and I have set it up step by step with your instruction. Please provide this help for me, which may be needed for others, in the form of a video on RUclips.
I will explain to you some information about my architecture that may be necessary
I use 2 vps and users are connected to vps 1 through openvpn
vps 1 is connected to vps 2 through cascade connection
I have implemented your training settings in VPS 2
In both vps, the SecureNAT mode is disabled and the connection is exactly based on your instruction
It works, but there is a problem that I said, please help
Thank you for the compliment! If you set up your VPN exactly like the tutorial, then you'd only have 11 IP addresses. At the 17:29 mark, I edited how many IPs you have to use. Adjust your DCHP range to add more concurrent connections.
@@TheITGuyCJ Is it correct to change it like this?
interface=tap_soft
dhcp-range=tap_soft,192.168.7.2,192.168.7.254,12h
dhcp-option=tap_soft,3,192.168.7.1
server=1.1.1.1
And just enter this code like this and it doesn't need to be changed?
iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j SNAT --to-source [YOUR VPS IP ADDRESS]
Is everything correct with these changes and there is no need for another change?
How many users can connect with these settings?
==================================================================================
Excuse me, I have a second question
Where should I increase the MTU value in the softether config?
The reason for the increased MTU is because my server port speed is 10GB/s
and I want to increase the MTU from 1500 to 4800
That configuration should work and give you 254 available IP addresses. I'm not 100% sure if the MTU increase is needed. It wouldn't hurt to give it a try though as it's easy to revert back.
@@TheITGuyCJ
If I have 4 virtual hubs and have different IP ranges for each one
Should I create (soft 1 for virtual hubs 1 ) , (soft 2 for virtual hubs 2) , (soft 3 for virtual hubs 3) , (soft 4 for
virtual hubs 4) and repeat all commands for each one separately?
What changes should I make in file >> nano /etc/dnsmasq.conf > nano /etc/init.d/vpnserver
@@amlakhamed9545 I'm not 100% sure but I believe a start would be when you type "nano /etc/dnsmasq.conf", you'll have to put each tap device's setting in there. When you type "nano /etc/init.d/vpnserver", you should be able to just add the additional interface names and addresses that you need to that configuration. Lastly would be running the iptables command for each subnet. Let me know how it works.
hey m8 pls pls help me we are in iran and goverment blocking every thing we need your help
at 10:27 i cant conect to my ip im geting this error connection to the server failed.check network connection and make sure that address and port number of destination server are correct :( are they blocked ports? it was working with my other vps but my plan finished so i got new ip vps
It's possible that your ISP has blocked one or more of those ports for connections. Or a blocked IP address if you're being geo-restricted on IP addresses you can access.
hi, with this tutorial, could i use the vpn over dns?
Hi and thank you for checking me out. I'm not exactly sure what you are asking. Can you explain it a different way?
so i did everything u said and followed all the steps, but i seem to have 1 problem. when trying to connect i do seem to get a connection with the vpnserver the only problem is the im not have a ethernet connection whenever im connected. (im not expierenced in any of this) do you know what could be the reason of this problem?
nvm i think this problem is only on my pc, on my phone it works fine, thank you for the great tutorial
@@Zegur Thank you. I hope you get the issue resolved on your PC. Take care!
@@TheITGuyCJ so i setup multiple vpn servers, do u know how i can make a program where you can easily switch inbetween these? Or do u know a guide for making something like this?
@@Zegur Using the official SoftEther VPN client allows you to choose between multiple VPN servers. Else you'll have to set up multiple connections manually in the OS and select between them.
seems to be outdated, not working at all
Hey Carl. What ISP are you using?
Hi, Why i cannot connet to internet by dns dmasq on VPS google? can you help me?
Hi Hoang, can you give me more details about your setup? VPS provider? What are you trying to connect using?
@@TheITGuyCJ or you go to connect my computer by teamview.
@@TheITGuyCJ my VPS is Cloud google
@@TheITGuyCJ i am setup step like you. But i cannot use vpn for internet f. When i enable secure nat, i can go to internet by computer
@@hoanghuytien I'm unfamiliar with working in GCP but if you're running a compute instance, it should work.
Is this me or you keep deleting my answer to your question due to my last paragraph?
I'm not sure what's happening but I'm not seeing it. I don't delete any comments.
Do we need port forwarding to connect?
You will if it's behind a NAT firewall. Where are you installing it and does it have a public static IP address?
@@TheITGuyCJ want to open the port from the server side But I don't know how it works in Linux
@@rezamolavi9239 You shouldn't have to open ports on the server unless you've previously closed the server's port connections manually. Can you describe your setup in detail?