Configuring L2TP/IPsec VPN on SoftEther VPN Server Print

Hello there! I’m Corels from Emmanuel Corels Creatives, and today we’re going to set up a secure L2TP/IPsec VPN using SoftEther VPN Server. This guide will walk you through every step—from installation and configuration to testing the connection—so that even if you’re new to SoftEther, you can create a robust VPN solution that supports Windows, Linux, macOS, and more.

What is L2TP/IPsec on SoftEther?

L2TP (Layer 2 Tunneling Protocol) combined with IPsec (Internet Protocol Security) creates a secure VPN by encrypting data as it travels between your device and the VPN server. SoftEther VPN Server supports L2TP/IPsec alongside other protocols, offering flexibility while maintaining strong security. This configuration is ideal for remote access, as it’s supported by most operating systems without the need for additional client software.

Requirements

Before you begin, ensure you have:

• A SoftEther VPN Server installed and running on your preferred platform (Linux or Windows).
• Administrative access to the SoftEther VPN Server via vpncmd or the Server Manager.
• A Virtual Hub created (e.g., “MyVPNHub”) with an administrator password set.
• A public IP address or DDNS hostname for your VPN server.
• A shared secret for IPsec (choose a strong, unique value, e.g., MyStrongIPsecSecret!).

Step 1: Accessing the SoftEther VPN Server Management Console

1. Launch vpncmd
   Open your terminal (or command prompt) and run:

   sudo /usr/local/softether/vpncmd
   

   When prompted, choose option 1 for VPN Server mode and connect locally.

2. Enter Your Virtual Hub
   At the vpncmd prompt, type:

   Hub MyVPNHub
   

   This switches you into the context of your virtual hub where VPN settings are managed.

Step 2: Enabling L2TP/IPsec on SoftEther VPN Server

1. Enable L2TP Server
   At the vpncmd prompt, type:

   L2tpEnable
   

   You will be prompted to enter the Virtual Hub Administrator password. After that, you’ll be asked whether to enable IPsec encryption. Answer “yes” to enforce IPsec.

2. Set the IPsec Secret
   When prompted for the IPsec pre-shared key, enter your chosen shared secret:

   MyStrongIPsecSecret!
   

   This secret must match on both the server and client sides.

3. Confirm Protocol Settings
   SoftEther will enable the L2TP server with IPsec. You can verify the configuration by typing:

   L2tpStatusGet
   

   This command shows the current status of L2TP/IPsec settings, including the enabled state and the pre-shared key (hidden for security).

Step 3: Creating a PPP Profile for VPN Clients

A PPP profile defines the parameters for VPN sessions, such as the VPN IP address range and DNS settings.

1. Create a New PPP Profile
   At the vpncmd prompt, enter:

   PPPProfileCreate L2TP_Profile
   

   Then, configure the profile with:

   • Local Address: This is the VPN server’s gateway (e.g., 10.10.10.1).
   • Remote Address Pool: Define a range for client IPs (e.g., 10.10.10.2-10.10.10.254).
   • DNS Servers: Optionally, set DNS servers such as 8.8.8.8 and 8.8.4.4.

   You can do this with commands like:

   PPPProfileSet L2TP_Profile /LOCALADDRESS:10.10.10.1 /REMOTEADDRESS:10.10.10.2-10.10.10.254 /DNSSERVER:8.8.8.8,8.8.4.4
   

2. Save the Profile
   This profile will be applied to all L2TP/IPsec connections, ensuring consistent IP assignment and network settings.

Step 4: Creating User Accounts for VPN Access

Each VPN user needs credentials to connect. With L2TP/IPsec, these credentials are managed through PPP.

1. Add a VPN User
   In vpncmd, enter the following commands to create a user:

   UserCreate vpnuser1 /GROUP:none /REALNAME:"VPN User"
   UserPasswordSet vpnuser1
   

   When prompted, set a strong password for vpnuser1.

2. Assign the PPP Profile
   Associate the newly created user with the PPP profile by typing:

   UserPolicySet vpnuser1 /PPPPROFILE:L2TP_Profile
   

   This ensures that when vpnuser1 logs in, they receive an IP from the VPN pool and the specified DNS settings.

Step 5: Configuring Client Connections

Now, set up your client devices to connect using L2TP/IPsec. The configuration is similar across platforms:

1. Server Address:
   Enter your VPN server’s public IP address or DDNS hostname.

2. VPN Type:
   Select L2TP/IPsec.

3. Username and Password:
   Use the credentials you created (e.g., vpnuser1 and its password).

4. IPsec Pre-Shared Key:
   Enter the shared secret MyStrongIPsecSecret!.

For Windows, macOS, and most mobile devices, these settings are available in the built-in VPN client configuration menus. Make sure to save your settings and then initiate a connection.

Step 6: Testing the VPN Connection

1. Connect from a Client Device:
   Launch your device’s VPN client and attempt to connect using the L2TP/IPsec configuration.

2. Verify IP Assignment:
   Once connected, check that the client is assigned an IP from the range defined in your PPP profile (e.g., an IP between 10.10.10.2 and 10.10.10.254).

3. Test Connectivity:
   Use ping or access internal resources to confirm that the VPN tunnel is routing traffic correctly:

   ping 10.10.10.1
   

4. Review Active Sessions:
   In vpncmd, type:

   UserList
   

   This displays active VPN sessions, so you can confirm that your connection is established.

Final Thoughts

By following these steps, you have now configured an L2TP/IPsec VPN on your SoftEther VPN Server. This setup provides a secure way to connect remote users to your network using a widely supported VPN protocol. With clear certificate handling, PPP profile configuration, and proper user management, your VPN environment is both robust and flexible.

If you encounter any issues or have questions as you test your configuration, feel free to reach out. Enjoy secure remote connectivity and the power of SoftEther VPN!

Explained with clarity by
Corels – Admin, Emmanuel Corels Creatives