Why VPN?
Before reading this article or going through it maybe you want to know why you’re supposed to use VPN wherever you go ?
If you use one of the following on your computer/Phone/Tablet then you must use VPN
- Online Banking?
- Paying Bills?
- Purchasing online Services?
- Checking Private Emails?
- Connecting to work Email?
The list goes on and on and won’t probably end with only those, But the most important thing to acknowledge that nowadays there is absolutely nothing safe on the Internet World. Your data could be exposed, hacked at anytime anywhere and esp if you go to public Internet places e.g. (Starbucks, University, Your Friend’s home even).
So what is SoftEther VPN Server/Client?
As introduced by Softether itself, SoftEther VPN (“SoftEther” means “Software Ethernet”) is one of the world’s most powerful and easy-to-use multi-protocol VPN software. It runs on Windows, Linux, Mac, FreeBSD and Solaris.
SoftEther VPN is open source. You can use SoftEther for any personal or commercial use for free charge.
![clip_image001 clip_image001](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image001_thumb.jpg)
Clients
SoftEther VPN is an optimum alternative to OpenVPN and Microsoft’s VPN servers. SoftEther VPN has a clone-function of OpenVPN Server. You can integrate from OpenVPN to SoftEther VPN smoothly. SoftEther VPN is faster than OpenVPN. SoftEther VPN also supports Microsoft SSTP VPN for Windows Vista / 7 / 8. No more need to pay expensive charges for Windows Server license for Remote-Access VPN function.
Use:
SoftEther VPN can be used to realize BYOD (Bring your own device) on your business. If you have smartphones, tablets or laptop PCs, SoftEther VPN’s L2TP/IPsec server function will help you to establish a remote-access VPN from your local network. SoftEther VPN’s L2TP VPN Server has strong compatible with Windows, Mac, iOS and Android.
Download
Download the Windows Server version of Softether from the following Page:
https://www.softether-download.com/en.aspx?product=softether
Installation Requirements:
- Windows Server/Windows 10
- 4GB RAM
- 100 GB Disk
- 2 VCPU
These resources are estimated and not calculated, It’s only in case of small amount of users (Max 100 User). If you’re going to use more than that you’ll have to check depending on how many concurrent connections are there going to be.
Installation Steps:
As soon as you start Softether VPN – Create new Connection and set the password for the Administrator
![clip_image002 clip_image002](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image002_thumb.png)
![clip_image003 clip_image003](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image003_thumb.png)
Configure Softether as Remote Access VPN Server
I am going to setup new Remote Access VPN Server:
![clip_image004 clip_image004](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image004_thumb.png)
![clip_image005 clip_image005](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image005_thumb.png)
This will create a new Virtual Hub, Give it whatever name you want.
![clip_image006 clip_image006](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image006_thumb.png)
If you have no Static Public IP address
Set a dynamic DNS function name, This is useful in case the IP you have keeps changing like in the case of ADSL connections at home ..etc
![clip_image007 clip_image007](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image007_thumb.png)
VPN Type:
In the IPSEC/L2TP/EtherIP /L2TPv3 Server settings, you’ll need to choose the most secure VPN connection to allow your users to safely and securely browse the internet. This needs L2TP server function to be enabled along with setting the Ipsec Pre-Shared key to provide the most secure VPN connectivity.
![clip_image008 clip_image008](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image008_thumb.png)
AZURE Settings:
If you don’t have access to Firewall to configure NAT, or configure your firewall access to the Softthere VPN Server you must enable this feature (VPN Azure Cloud VPN Service (Free) by the Japanese University of Subuka.
![clip_image009 clip_image009](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image009_thumb.png)
We have set the Azure hostname previously already so no need to change it unless you wanna use something else.
![clip_image010 clip_image010](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image010_thumb.png)
Creating Users
![clip_image011 clip_image011](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image011_thumb.png)
I will create a user, assign it to my admins group, then Create a Certificate for this user to login to make sure I have the maximum security and authentication methods offered.
Creating Certificate
Since I already have created the root certificate, I Am going to create a client certificate for this particular user from the root certificate.
![clip_image012 clip_image012](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image012_thumb.png)
![clip_image013 clip_image013](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image013_thumb.png)
Finally user is created
![clip_image014 clip_image014](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image014_thumb.png)
Choosing the right connection to set as Local Bridge
I need to make sure to choose the NIC which reflects my internet outbound NIC in order to connect properly (In my case it’s going to be Ethernet 2)
![clip_image015 clip_image015](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image015_thumb.png)
![clip_image016 clip_image016](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image016_thumb.png)
![clip_image017 clip_image017](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image017_thumb.png)
Using the most secure Encryption Algorithm for our connection
By default Softether uses AES128-SHA, while this is considered secured and used by most common VPN service providers it’s always better to use something that’s level or more secure. So we are going to change the default changes to AES256-GCM-SHA384
To change those settings, Navigate to the main menu of Softether VPN Server Manager and click on “Encryption and Network”
![clip_image018 clip_image018](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image018_thumb.png)
Change the “Encryption Algorithm Name:” to AES256-GCM-SHA384
AES256-GCM-SHA384 is based on the cipher suite TLSv 1.3 which is considered the most recent and secure cipher suite that’s being used right now.
Default Setting:
![clip_image019 clip_image019](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image019_thumb.png)
Change to
![clip_image020 clip_image020](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image020_thumb.png)
Client Configuration:
- In the setting name: we are going to enter a random name.
- The hostname: will be the name which we created previously for Dynamic IP cases. This will be useful to remember even If you have a static Public IP address.
- User Authentication Setting: We will be using the certificate which I created before (I copied this cert to my client computer where I am going to connect via the VPN client manager).
- Virtual Hub Name: Here you’ll need to copy the exact name of the Virtual Hub name which you have created on the server side.
![clip_image021 clip_image021](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image021_thumb.png)
![clip_image022 clip_image022](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image022_thumb.png)
Connectivity Test:
After settings everything, I am going to try and connect with my user using Certificate and the Password I set.
![clip_image023 clip_image023](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image023_thumb.png)
Ref:
https://www.softether.org/
https://wiki.mozilla.org/Security/Server_Side_TLS
https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.3_VPN_Server_Administration#3.3.6_Listener_Ports
https://www.iplocation.net/encryption