Configuring SoftEther VPN Server for Multi-Protocol Support Print

Hello there! I’m Corels from Emmanuel Corels Creatives. Today, we’re going to explore how to configure your SoftEther VPN Server to support multiple VPN protocols simultaneously. SoftEther is unique in that it lets you run various protocols—such as OpenVPN, L2TP/IPsec, SSTP, and its native SoftEther protocol—all on the same server. This means you can offer flexible connection options that work across Windows, Linux, macOS, and even mobile devices, all without having to set up separate servers.

In this guide, I’ll walk you through enabling and configuring each protocol using SoftEther’s command-line tool (vpncmd). Let’s get started!

Step 1: Access Your SoftEther VPN Server

1. Open your terminal and run the vpncmd utility:

   sudo /usr/local/softether/vpncmd
   

2. At the welcome prompt, select 1 for VPN Server mode and press Enter.
3. Connect to your Virtual Hub (for example, if your hub is named “MyVPNHub”), type:

   Hub MyVPNHub
   

4. If you haven’t already, set an administrator password:

   ServerPasswordSet
   

   Follow the prompts to choose a strong password.

Step 2: Enabling the OpenVPN Protocol

SoftEther VPN Server includes built-in support for OpenVPN. To enable it:

1. At the vpncmd prompt within your Virtual Hub, type:

   OpenVpnEnable
   

2. You’ll be prompted for the Virtual Hub Administrator password—enter it.
3. Next, choose whether to enable OpenVPN over TCP or UDP. For simplicity, select TCP (type “1” if prompted for options).
4. SoftEther will then configure OpenVPN on its default port (usually TCP 1194). You can verify the status by running:

   OpenVpnStatusGet
   

   This confirms that OpenVPN is enabled and listening for client connections.

Step 3: Enabling L2TP/IPsec

L2TP/IPsec offers robust security and is widely supported on most operating systems.

1. Enable L2TP/IPsec by typing:

   L2tpEnable
   

2. When prompted, enter your Virtual Hub Administrator password.
3. SoftEther will ask if you want to enable IPsec encryption. Answer “yes.”
4. You will then be prompted to enter an IPsec pre-shared key. Type a strong secret (for example, MyStrongIPsecSecret!) and press Enter.
5. To check that L2TP/IPsec is enabled, type:

   L2tpStatusGet
   

Step 4: Enabling SSTP (Secure Socket Tunneling Protocol)

SSTP is particularly useful for Windows clients as it operates over HTTPS (TCP 443).

1. At the vpncmd prompt, enable SSTP by entering:

   SstpEnable
   

2. Provide your Virtual Hub Administrator password when prompted.
3. SoftEther will configure SSTP on its default port (typically TCP 443). Verify by using:

   SstpStatusGet
   

Step 5: Configuring Additional Settings (Optional)

SoftEther lets you tweak additional parameters to optimize multi-protocol support:

• Port Customization:
  If you wish to change any of the default ports, you can do so by using the respective protocol commands in vpncmd. For instance, to change the OpenVPN port:

  OpenVpnSet /PORT:1194
  

• Encryption Settings:
  Each protocol can be configured with specific encryption algorithms. For OpenVPN, you might adjust the cipher and authentication method. Type:

  Help OpenVpnEnable
  

  to see available options.

• User and Group Management:
  The beauty of SoftEther is that all these protocols share the same Virtual Hub. When you add VPN users with:

  UserCreate vpnuser1 /GROUP:none /REALNAME:"User One"
  UserPasswordSet vpnuser1
  

  they will be able to connect using any of the enabled protocols.

Step 6: Testing Your Multi-Protocol VPN Server

Once you’ve enabled all desired protocols, it’s time to test from various client devices:

• For OpenVPN Clients:
  Generate a configuration file with:

  OpenVpnMakeConfig vpnuser1
  

  Import the resulting .ovpn file into your OpenVPN client software.

• For L2TP/IPsec Clients:
  On your client device, set up a VPN connection using L2TP/IPsec, and use the shared secret MyStrongIPsecSecret! along with your username and password.

• For SSTP Clients:
  Windows users can set up an SSTP connection directly in their VPN settings by selecting SSTP as the VPN type and using the appropriate credentials.

Verify that each client can connect, receives an IP address from the VPN’s pool, and can access the network as intended.

Final Thoughts

By enabling multiple VPN protocols on your SoftEther VPN Server, you provide your users with a flexible, secure, and seamless way to connect from virtually any device. This multi-protocol setup means that whether a user prefers OpenVPN, L2TP/IPsec, or SSTP, they can all connect to the same VPN environment with consistent authentication and resource access.

Take some time to experiment with the settings, review logs for each protocol’s status, and fine-tune the configuration as needed. If you have any questions or run into issues, don’t hesitate to reach out. Enjoy the power of a versatile VPN setup, and happy connecting!

Explained with clarity by
Corels – Admin, Emmanuel Corels Creatives