Establish a secure VPN server on AlmaLinux 9 using SoftEther VPN to provide remote access for your network.
In this guide, we will walk you through setting up SoftEther VPN on AlmaLinux 9, a versatile and high-performance VPN solution that supports multiple protocols, including OpenVPN, L2TP/IPsec, and SSTP. SoftEther VPN is known for its flexibility, making it an excellent choice for creating secure remote access solutions.
Step 1: Install Required Dependencies
Before installing SoftEther VPN, ensure your system is up to date and install the necessary dependencies:
sudo dnf update -y
sudo dnf install -y gcc make zlib-devel readline-devel ncurses-devel
Step 2: Download and Install SoftEther VPN
Download the latest version of SoftEther VPN from the official website:
wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.38-9760-beta/softether-vpnserver-v4.38-9760-beta-2021.06.04-linux-x64-64bit.tar.gz
Extract the downloaded tarball:
tar -xvzf softether-vpnserver-*.tar.gz
Navigate to the extracted directory and compile the source code:
cd vpnserver
make
After compiling, move the SoftEther VPN server files to the appropriate directory:
sudo mv vpnserver /usr/local/
Set the necessary permissions:
sudo chmod 600 /usr/local/vpnserver/*
sudo chmod 700 /usr/local/vpnserver/vpncmd
sudo chmod 700 /usr/local/vpnserver/vpnserver
Step 3: Configure SoftEther VPN Server
Start the SoftEther VPN server:
sudo /usr/local/vpnserver/vpnserver start
To configure the server, use the `vpncmd` tool:
sudo /usr/local/vpnserver/vpncmd
Select `1` to manage the VPN server, and then connect to the local server by pressing Enter. Create a new Virtual Hub:
HubCreate MyVPNHub
Set an administrator password for the Virtual Hub:
Hub MyVPNHub
SetHubPassword
Next, enable SecureNAT, which allows the VPN clients to connect to the network:
SecureNatEnable
Step 4: Configure VPN Protocols
SoftEther VPN supports multiple VPN protocols. Here’s how to enable OpenVPN, L2TP/IPsec, and SSTP:
ListenerCreate 1194
ListenerCreate 1701
ListenerCreate 443
Enable L2TP/IPsec:
IPsecEnable /L2TP:yes /L2TPRAW:no /ETHERIP:no /PSK:your_pre_shared_key
Enable SSTP:
SstpEnable yes
Step 5: Set Up User Accounts
Create user accounts for VPN clients:
UserCreate vpnuser
UserPasswordSet vpnuser
Repeat the above steps to create additional users as needed.
Step 6: Configure the Firewall
Ensure the firewall allows traffic on the ports used by SoftEther VPN:
sudo firewall-cmd --add-port=1194/udp --permanent
sudo firewall-cmd --add-port=1701/udp --permanent
sudo firewall-cmd --add-port=443/tcp --permanent
sudo firewall-cmd --reload
Step 7: Start and Enable SoftEther VPN Server
Create a systemd service file to manage the SoftEther VPN server:
sudo nano /etc/systemd/system/vpnserver.service
Add the following content:
[Unit]
Description=SoftEther VPN Server
After=network.target
[Service]
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
Type=forking
[Install]
WantedBy=multi-user.target
Save the file and enable the service:
sudo systemctl daemon-reload
sudo systemctl enable vpnserver
sudo systemctl start vpnserver
Troubleshooting Common SoftEther VPN Issues
Here are some common issues you might encounter and how to resolve them:
- **Cannot connect to the VPN**: Ensure the VPN server is running and that the firewall is configured to allow traffic on the correct ports.
- **Client cannot authenticate**: Verify that the correct username and password are being used, and check the Virtual Hub settings.
- **Slow VPN connection**: This could be due to network latency or insufficient server resources. Consider optimizing the server settings or upgrading hardware.
Supplementary Information
For enhanced security and performance, consider the following supplementary practices:
- **Use strong encryption**: Configure the VPN server to use strong encryption protocols to protect data in transit.
- **Monitor VPN usage**: Set up monitoring to track VPN usage and detect any unusual activity.
- **Regularly update SoftEther**: Keep SoftEther VPN up to date to benefit from the latest security patches and features.
sudo dnf update -y
Conclusion
By following this guide, you have successfully set up SoftEther VPN on AlmaLinux 9, providing secure remote access to your network. Regular monitoring and updates will help ensure the continued security and performance of your VPN server. For more tutorials and guides, visit ECC (Emmanuel Corels Creatives).