Install softether VPN server on Ubuntu 22.04

 mkdir src

mkdir src/softether

cd src/softether

 wget --no-check-certificate https://www.softether-download.com/files/softether/v4.43-9799-beta-2023.08.31-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.43-9799-beta-2023.08.31-linux-x64-64bit.tar.gz

tar xf softether-vpnserver-v4.43-9799-beta-2023.08.31-linux-x64-64bit.tar.gz

cd vpnserver

make

cd ..

sudo mv vpnserver/ /usr/local

cd /usr/local/vpnserver/

chmod 600 *

chmod 700 vpncmd vpnserver

cd ..

sudo chown root.root vpnserver

sudo /usr/local/vpnserver/vpncmd

3

VPN Tools>check

exit

sudo vi /etc/systemd/system/vpnserver.service

------

[Unit]

Description=SoftEther VPN Server

After=network.target

[Service]

Type=forking

ExecStart=/usr/local/vpnserver/vpnserver start

ExecStop=/usr/local/vpnserver/vpnserver stop

[Install]

WantedBy=multi-user.target

------

sudo systemctl start vpnserver

sudo systemctl enable vpnserver

sudo systemctl status vpnserver

sudo /usr/local/vpnserver/vpncmd

Select 1, 2 or 3: 1

Hostname of IP Address of Destination: [Enter]

Specify Virtual Hub Name: [Enter]

VPN Server>ServerPasswordSet

Password: [Enter password]

Confirm input: [Enter password]

VPN Server>Hub DEFAULT

VPN Server/DEFAULT>UserCreate username

VPN Server/DEFAULT>UserPasswordSet username

Password: [Enter password]

Confirm input: [Enter password]

VPN Server/DEFAULT>SecureNatEnable

VPN Server/DEFAULT>DynamicDnsSetHostname hostname

VPN Server/DEFAULT>VpnAzureSetEnable yes

exit

Uninstall Win10Pcap.sys

Uninstall Win10Pcap.sys to enable Memory Integerity

Win10Pcap.sys is installed by Win10Pcap, however, it may cause Win11 unable to enable "Core Isolation and Memory Integerity". 

Uninstall Win10Pcap will not unistall Win10Pcap.sys.

To uninstall Win10Pcap.sys, open "Device Manager", choose View device by driver, find the driver that contains  "Win10Pcap.sys" and right-click it to uninstall "Win10Pcap.sys".

Done. You may enable Memory Integerity now.

Install Softether for vpnazure.net on Raspberry Pi 3B+

 A. Download VPN server souce code from Softether web site:

1. Browser https://www.softether-download.com/files/softether/
2. Choose the latest version
3. Choose Linux
4. Choose SoftEther_VPN_Server
5. Choose 64bit_-_ARM_64bit
6. Copy the link and download it by wget

wget https://www.softether-download.com/files/softether/v4.44-9807-rtm-2025.04.16-tree/Source_Code/softether-src-v4.44-9807-rtm.tar.gz -O vpnserver.tgz

B. Install VPN server

1. Install required library
   
   sudo apt install libreadline-dev libssl-dev
   
   
2. Untar the source code and make it
   
   tar zxf vpnserver.tgz
   cd vpnserver
   ./configure
   make
   make install
   
   
3. After make install, the vpnserver and vpncmd can be found in the follwing directories
   
   /usr/vpnserver
   /usr/vpncmd
   /usr/bin

C. Configure VPN server

1. Create /etc/init.d/vpnserver for vpnserver to auto start at boot time
   
   sudo vi /etc/init.d/vpnserver
   
   #!/bin/sh
   
   ### BEGIN INIT INFO
   
   # Provides:          vpnserver
   
   # Required-Start:    $local_fs $network
   
   # Required-Stop:     $local_fs $network
   
   # Default-Start:     2 3 4 5
   
   # Default-Stop:      0 1 6
   
   # Short-Description: VPN Server
   
   # Description:       SoftEther VPN Server
   ### END INIT INFO
   
   
   DAEMON=/usr/bin/vpnserver
   LOCK=/var/lock/subsys/vpnserver
   
   . /lib/lsb/init-functions
   
   test -x $DAEMON || exit 0
   case "$1" in
   start)
           $DAEMON start
           touch $LOCK
           ;;
   stop)
           $DAEMON stop
           rm $LOCK
           ;;
   restart)
           $DAEMON stop
           sleep 3
           $DAEMON start
           ;;
   *)
           echo "Usage: $0 {start|stop|restart}"
           exit 1
   esac
   exit 0
   
   
2. Link vpnserver to appropriate boot level
   
   sudo mkdir -p /var/lock/subsys
   sudo chmod 755 /etc/init.d/vpnserver
   sudo update-rc.d vpnserver defaults
   
   
3. Enable ipv4 forwarding by uncomment the following line in /etc/sysctl.conf
   
   sudo vi /etc/sysctl.conf
   
   # Uncomment the next line to enable packet forwarding for IPv4
   net.ipv4.ip_forward=1
   
   
4. Enable vpnserver in systemd
   
   sudo systemctl enable vpnserver
   
   
5. Star vpnserver to create user for vpnserver configuration
   
   sudo /etc/init.d/vpnserver start
   
   

D. Configure VPN server 

    Use vpncmd to do initial configure for VPN server (step 1 to 3) and following configuration may be done by vpncmd command line or through the GUI of SoftEther VPN Server Manager for Windows.

1. Check installation status
   
   Execute vpncmd command, select 1. Management of VPN Server or VPN Bridge, press [Enter] for the first two hostname and virtual hub name question.
   
   sudo /usr/bin/vpncmd
   
   After VPN Server command prompt is shown, use check command to check server status.
   
   VPN Server>check
   
   If installation is correct, it will show that all check are "Pass".
   
   
   
2. Create password for server configuration connection
   
   Use ServerPasswordSet command to set Set VPN Server Administrator Password.
   
   VPN Server>PasswordSet
   
   
3. Select the DEFAULT hub
   
   VPN Server>Hub DEFAULT
   VPN Server/DEFAULT>
   
   
4. Create a user for the DEFAULT hub and set password for the created user
   
   VPN Server/DEFAULT>UserCreate vpn
   
   VPN Server/DEFAULT>UserPasswordSet vpn
   
   
5. Enable Secure NAT for the DEFAULT hub
   
   VPN Server/DEFAULT>SecureNatEnable
   VPN Server/DEFAULT>SecureNatStatusGet
   
   
6. Enable VPN Azure for the VPN Server
   
   VPN Server/DEFAULT>Hub
   VPN Server>VpnAzureSetEnable yes
   VPN Server>VpnAzureGetStatus
   
   
7. Take a note for the Hostname of this VPN Server on VPN Azure Service.

E. Reboot and try it!

Raspberry Pi 3B+ as a Wired to Wireless Gateway

 A. Setup WiFi

1. Create PASSWORD hash
   

   Use the following command to create password hash for wpa_supplicant.conf 

   read -s -p "Password: " pass && echo -n $pass | iconv -t utf16le | openssl md4 | sed 's/(stdin)= //'
   
   
2. Put the following in /etc/wpa_supplicant/wpa_supplicant.conf
   
   
   ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
   
   update_config=1
   
   country=TW
   
   network={
   
   ssid="eduroam"
   
   scan_ssid=1
   
   key_mgmt=WPA-EAP
   
   eap=PEAP
   
   pairwise=CCMP
   
   group=CCMP
   
   phase1="peaplabel=0"
   
   phase1="auth=MSCHAPV2"
   
   identity="USER"
   password=hash:PASSWORD_HASH
   }
   
   
3. Use iptables to enable SRC-NAT for output interface wla0
   
   sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
   sudo iptables -A FORWARD -i eht0 -o wlan0 -j ACCEPT
   sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE


4. Save iptables rules for rc.local
   
   sudo iptables-save /etc/iptables.ipv4.nat
   
   
5. Put the following in /etc/rc.local
   
   iptables-restore < /etc/iptables.ipv4.nat
   
   
6. Enable ipv4 forwarding by uncomment the following line in /etc/sysctl.conf
   
   sudo vi /etc/sysctl.conf
   
   # Uncomment the next line to enable packet forwarding for IPv4
   net.ipv4.ip_forward=1
   
   
7. You may need to remove the default route for wired interface or increase the metric for wired interface in /etc/dhcpcd.conf
   
   
8. Reboot and try it!

Mikrotik RouterOS OVPN setup

 How to setup OVPN on Mikrotik RouterOS v6 and v7

A. Setup OVPN server in RouterOS

1. /cerfiticate
   add name=CA-root common-name=host.domain.cc key-usage=key-cert-sign,crl-sign
   add name=Server-cert common-name=*.host.domain key-usage=digital-signature,key-encipherment,tls-server,tls-client
   sign CA-root
   sign Server-cert ca=CA-root
   set Server-cert trusted=yes
   export-certificate CA-root 
2. /ip pool
   add name=pool-ovpn ranges=172.16.100.1-172.16.100.10
3. /ppp profile
   add local-address=pool-ovpn name=profile-ovpn remote-address=pool-ovpn
4. /ppp secret
   add name=Username password=Password profile=profile-ovpn service=ovpn
5. /interface ovpn-server server
   set auth=sha1 certificate=Server-cert cipher=aes128 default-profile=profile-ovpn enabled=yes port=443

B. Create OPVN client config file

Create a client.ovpn file as follows and put the contents of cert_export_CA_root.crt (/file) in between <ca>-----BEGIN CERTIFICATE----- and  -----END CERTIFICATE-----</ca>

client

dev tun

proto tcp

remote host.domain 443

resolv-retry infinite

nobind

persist-key

persist-tun

cipher AES-128-CBC

auth SHA1

auth-user-pass

redirect-gateway def1

verb 3

<ca>

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</ca>

C. Use OpenVPN app to connect to host.domain

Import client.ovpn config file and make a connection by input Username and Password.

Line (line.me) Desktop App IPv6 problem

If IPv6 is enable in a Windows computer, the Line desktop application will not able to receive some pictures, videos and files.

Disable IPv6 may solve this problem.

Possible reason is the DNS requeset for Line is answered with AAAA recoreds, but the answered IPv6 addresss cannot be reached.

Mikrotik L2TP/IPsec for Android, iOS, Windows

The most important part is the ipsec profile, ecp256 is required for Windows. Also, the L2TP secret is not supported by iOS. 

Following is the configuration script for ROS 7.7:

/ip pool

add name=l2tp_pool ranges=192.168.100.190-192.168.100.200

/ppp profile

add name=l2tp-profile local-address=l2tp_pool remote-address=l2tp_pool

/ppp secret

add name=sclai profile=l2tp-profile service=l2tp

/ip ipsec profile

set [ find default=yes ] dh-group=ecp256,modp1024 enc-algorithm=\

    aes-256,aes-192,aes-128

/interface l2tp-server server

set authentication=mschap2 default-profile=l2tp-profile enabled=yes use-ipsec=\

    yes