Hello there! I’m Corels from Emmanuel Corels Creatives. Today, we’re going to focus on one of SoftEther VPN’s most popular and versatile features: OpenVPN support. SoftEther VPN Server can run multiple VPN protocols simultaneously, and by enabling OpenVPN, you can connect clients using the well-known OpenVPN client software across Linux, Windows, macOS, and more. In this guide, I’ll walk you through the process of enabling OpenVPN on SoftEther VPN Server, generating a client configuration file, and getting your clients connected—all explained in a clear, step-by-step manner.
What Is OpenVPN on SoftEther?
SoftEther VPN Server includes built-in support for OpenVPN, allowing you to provide VPN access using the OpenVPN protocol. This means you can leverage the robust encryption and wide compatibility of OpenVPN while taking advantage of SoftEther’s multi-protocol capabilities. With SoftEther, you can offer OpenVPN connections without needing to set up a separate OpenVPN server—everything is handled within the same environment.
Step 1: Prepare Your SoftEther VPN Server
Before you begin, ensure that:
- Your SoftEther VPN Server is installed and running on your preferred platform (Linux, Windows, etc.).
- You have administrative access via vpncmd or the SoftEther VPN Server Manager.
- You’ve already created a Virtual Hub (for example, named “MyVPNHub”) and set an administrator password.
To access your SoftEther VPN Server’s command-line management tool, run:
sudo /usr/local/softether/vpncmd
At the welcome prompt, select 1 for VPN Server mode and connect locally.
Once connected, enter your Virtual Hub:
Hub MyVPNHub
Step 2: Enabling the OpenVPN Server
With your Virtual Hub active, you’re ready to enable the OpenVPN feature.
-
Enable OpenVPN Protocol: At the vpncmd prompt (while connected to MyVPNHub), type:
OpenVpnEnableYou’ll be prompted to:
- Enter the Virtual Hub Administrator Password: Provide the password you set earlier.
- Choose the Protocol Mode: SoftEther will ask if you want to enable OpenVPN over TCP or UDP. (For simplicity and compatibility, TCP is often chosen, but you can select UDP if you prefer lower latency.)
-
Review the Settings: Once enabled, SoftEther VPN Server configures the OpenVPN server on a default port (often TCP 1194) and automatically prepares the necessary internal settings for handling OpenVPN connections.
-
Confirm the Feature is Enabled: You can use:
OpenVpnStatusGetto display the current status of the OpenVPN server within your Virtual Hub. This confirms that OpenVPN is active and listening for connections.
Step 3: Generating an OpenVPN Configuration File
To simplify client setup, SoftEther VPN Server can generate an OpenVPN configuration file that includes all required settings (server address, port, encryption parameters, and certificate details if applicable).
-
Generate the Configuration: At the vpncmd prompt within your hub, run:
OpenVpnMakeConfig vpnuserReplace
vpnuserwith the username you intend to use for VPN connections. This command creates a file that contains the OpenVPN client configuration. -
Review the Configuration File: The generated
.ovpnfile will typically include:- Client Mode: Specified by the
clientdirective. - Device Type: Such as
dev tunfor a TUN device. - Protocol:
proto tcp(orudpif you selected UDP during enabling). - Server Address and Port: The public IP (or DDNS hostname) of your SoftEther VPN Server and the port number (e.g., 1194).
- Encryption and Authentication Settings: Such as
cipher AES-256-CBCandauth SHA1(these should match the server’s configuration). - TLS Settings: If certificates are used, lines for
ca,cert, andkeywill be included. - Keepalive and Persistence Options: Such as
persist-keyandpersist-tun.
Open the file in a text editor to confirm these details. Make any necessary modifications for your environment (for example, adjusting the remote address if you use a DDNS hostname).
- Client Mode: Specified by the
Step 4: Setting Up the OpenVPN Client
Clients can use the generated configuration file to connect to your SoftEther VPN Server using any OpenVPN client.
For Windows:
- Download the OpenVPN Client:
Visit OpenVPN Community Downloads and install the client. - Import the Configuration File:
Place the generated.ovpnfile in the OpenVPN configuration folder (typicallyC:\Program Files\OpenVPN\config\). - Connect:
Launch the OpenVPN GUI, right-click the icon in the system tray, and select “Connect.” Monitor the log window to confirm a successful connection.
For Linux:
- Install OpenVPN:
sudo apt update && sudo apt install openvpn -y - Run the OpenVPN Client:
sudo openvpn --config /path/to/client.ovpn - Monitor the Output:
The terminal will display connection logs. Look for “Initialization Sequence Completed” to confirm a successful connection.
For macOS:
- Download Tunnelblick:
Tunnelblick is a free OpenVPN client for macOS; download it from Tunnelblick’s website. - Import the Configuration File:
Open Tunnelblick and import your.ovpnfile. - Connect:
Use Tunnelblick to establish the VPN connection and verify that the connection is stable.
Step 5: Testing and Verification
Once your client is connected:
- Verify IP Assignment:
Check that the client receives an IP address from the VPN’s IP pool. - Test Connectivity:
Ping the VPN server’s gateway (the internal IP assigned by SoftEther) or access internal resources. - Review Logs:
In SoftEther’s vpncmd, type:
to see active connections. Also, review client logs for any errors or warnings.UserList
Final Thoughts
Enabling the OpenVPN feature on SoftEther VPN Server is a powerful way to provide secure, multi-platform VPN access using a familiar protocol. By following these steps, you can quickly set up an OpenVPN server, generate a ready-to-use configuration file, and get your clients connected securely. This solution is ideal for diverse environments, whether you’re supporting Windows, Linux, or macOS clients.
If you have any questions or need further assistance with your SoftEther VPN OpenVPN setup, feel free to reach out. Enjoy secure, reliable VPN connectivity, and happy networking!
Explained with clarity by
Corels – Admin, Emmanuel Corels Creatives
