Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Alternative to OpenVPN: SoftEther VPN

Joined
Oct 19, 2016
Messages
13
Thanks
2
#1
I tried to install OpenVPN and I found the process long and complicated and at the end, I had issues.

I searched on the forum for an alternative like hamachi, neorouter and found nothing useful. I was able to setup Neorouter but I had few issues and I discovered SoftEther so I decided to give it a try.

Here is what you need to do to install a SoftEther VPN that will give you access to the server remotely and securely or you can also create a VPN bridge that will give you access to the complete remote network.
I need feedback from FreeNAS guru for advice regarding the security and/or configuration.

More info here regarding the installation: https://www.softether.org/4-docs/1-...3_Install_on_Linux_and_Initial_Configurations

First, I'll do that in a jail because it's easy to try again or disable if needed.

So create a jail with the FreeNAS GUI, jails, add jail and give a name.

When the jail is created, open a shell inside this jail.

Execute commands:
pkg update (maybe optional)
pkg upgrade (maybe optional)
pkg install wget
pkg install lang/gcc (this one takes a long time).

Then go to http://www.softether-download.com/en.aspx?product=softether, select softether VPN server, FreeBSD, x64 and copy download link:
http://www.softether-download.com/f...9613-beta-2016.04.24-freebsd-x64-64bit.tar.gz

Execute:
cd /tmp
wget http://www.softether-download.com/files/softether/v4.21-9613-beta-2016.04.24-tree/FreeBSD/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.21-9613-beta-2016.04.24-freebsd-x64-64bit.tar.gz
tar zxvf softehter*
cd vpnserver
make
Select 1 for the license agreement, 1 for the understanding of the license agreement, and 1 to agree the license agreement.

Now move everything to /usr/local/
cd ..
mv vpnserver /usr/local

Double check permissions:
cd /usr/local/vpnserver/
chmod 600 *
chmod 700 vpncmd
chmod 700 vpnserver

Now create a startup script at /etc/rc.d/vpnserver with nano (pkg install nano) or ee
Code:
#!/bin/sh
. /etc/rc.subr
name="softether"
rcvar="softether_enable"
start_cmd="softether_start"
stop_cmd="softether_stop"

softether_start(){
cd /usr/local/vpnserver
./vpnserver start
}
softether_stop() {
cd /usr/local/vpnserver
./vpnserver stop
}

load_rc_config $name
run_rc_command "$1"


change permissions:
chmod 755 /etc/rc.d/vpnserver

add in /etc/rc.conf
Code:
softether_enable="YES"


Restart Jail and open shell
execute:
ps aux to see if vpnserver is running.

Now on your computer, download and install the SoftEther VPN Server Manager at : http://www.softether-download.com/en.aspx?product=softether
http://www.softether-download.com/f...613-beta-2016.04.24-windows-x86_x64-intel.exe

Everything else will be made with the server manager.
Start the SoftEther VPN Server Manager,

Connect to the IP address of the jail with no password. At first login, it will ask you to generate the password.

Then select Remote access VPN server


It will propose you to automatically create a DNS address for you at softether.net.

If you don't want to have any configuration to make on your router, you can also setup a VPN Azure cloud address for free. If not, you'll have to open port 442, 500, 4500 and maybe others.

Create your users at this screen and to not forget to setup the local bridge by selecting the epair adapter.


You can create users with password authentication only but certificate is a better idea.

After that, download the SoftEther VPN client, enter the VPN Azure cloud address or your DNS address, username and password and you're ready to go!
 
Last edited by a moderator:
Joined
Nov 12, 2016
Messages
10
Thanks
2
#2
Hey Suprazz,

Great guide, I managed to get everything installed, I got a problem though.

I get everything installed easily, and I can connect using SoftEther Server Manager. I set everything up using the VPN Azure Cloud and try to connect using a certificate, but it keeps saying I can't connect. I'm trying to do this from my Macbook Pro.

I've opened all my ports (all the ones I can find to open) but still can't connect.

Any ideas?
 
Joined
Oct 19, 2016
Messages
13
Thanks
2
#3
I'm not sure. If you're using the Azure cloud, you don't need to open any port at all.
Maybe you can you try with simple password authentification to begin?!
 
Joined
Nov 12, 2016
Messages
10
Thanks
2
#4
Thanks for the reply.

I will try and see if I can connect using just a username and password.

The strange thing is, I can connect to the VPN when I'm inside my own network (from my desktop PC). But when I share my 4G connection from my phone to my Macbook, I can't connect.
 
Joined
Nov 12, 2016
Messages
10
Thanks
2
#5
I connected with a standard username and password (using the Azure cloud), still doesn't work.

I can connect to the VPN from my own network, receive an IP, but I have no access to the internet.



I can however, ping my NAS, my gateway etc.



Any ideas?
 
Joined
Feb 28, 2017
Messages
7
Thanks
0
#6
I have found even with the bridge in place the VIMAGE isn't allow the DHCP traffice of the local net to be routed into the VirtualHub.

With OpenVPN client this was returning an "authentication error" however the server logs we showing "IP address cannot be assigned"

Removing the VIMAGE setting from the jail has resolved the issue and I was able to connect with the above setup.

Update:
Have reactivated the VIMAGE setting and established the bridge between virtual hub and to the jail internal virtual interface (epair0b) .
I can see from the virtual hub all the traffic and IPs from the jail external virtual interface (epair0a)
This time it works so I am not sure why it didn't work the first time.
 
Last edited:
Joined
Mar 31, 2018
Messages
2
Thanks
0
#7
Suprazz, you are the best!
I have tried OpenVPN but it didnt work. I was able to install OpenVPN properly but I had this "TLS Error: cannot locate HMAC in incoming packet" lovely error and any advice didnt work form me. Bud with Soft ether everything works like a charm. THANK YOU!
 
Joined
Oct 4, 2014
Messages
8
Thanks
0
#8
I tried to install OpenVPN and I found the process long and complicated and at the end, I had issues.

.....

After that, download the SoftEther VPN client, enter the VPN Azure cloud address or your DNS address, username and password and you're ready to go!
Suprazz,

thanks for details. I usually use OpenVPN, however it is very temperamental (for me) as far as routing, plus it needs its own client.

Last straw was OpenVPN install for my in-laws, couldn't get routing work properly.

SoftEther, especially based on your guide, worked pretty much right away. Just one hiccup - Comodo blocked ARP packets from FreeNAS to SoftEther VPN Client Manager. Native Windows firewall prompted to add client software to the list.

One more issue - using build-in L2TP client on Android (Galaxy S9) vs OpenVPN on same device, SoftEther is about 100KB/sec slower. Not a dealbreaker, and so far easiness of config outweigh slightly slower link.

Also, need to see how it will behave on 3rd party networks. OpenVPN was easy - just use port 443.
L2TP needs more ports to be open.

From now on adding SoftEther to my arsenal of FreeNas tools.
 
Joined
Feb 16, 2016
Messages
2
Thanks
0
#9
Hey guys,

Just trying this on 11.2. I can't get the bridge online. I've tried enabling tun on the jail with "iocage set allow_tun=1 <jail-name> ". I've also got "allow.raw_sockets" and "allow.socket_af" enabled in the jail settings.

My jail config is I've bound the jail to a spare NIC on the server. Specifying a static IP address, with "VNET" and "Berkeley Packet Filter" both disabled.

Any help would be much appreciated.
 
Top