Are you concerned about your online privacy and security? Do you find the process of setting up a VPN server intimidating? You're not alone. Many users, from beginners to IT professionals, struggle with the complexities of VPN setup. But what if I told you that you could have your own secure VPN server up and running in just a few simple steps?
In this blog post, we'll guide you through the process of setting up a SoftEther VPN server on an Amazon EC2 instance. SoftEther is a powerful, multi-protocol VPN software that's both free and open-source. Combined with the reliability and scalability of Amazon's cloud infrastructure, you'll have a robust VPN solution at your fingertips.
Before we dive into the setup, let's clarify what a VPN is, the purpose of a VPN, why we need to use a VPN, different types of VPNs, and why we chose softether vpn.
What is a VPN?
A Virtual Private Network (VPN) creates a secure, encrypted connection over the internet, acting as a tunnel to protect your data from external threats and prying eyes.
Purpose of a VPN
- Security: Encrypts your data, making it difficult for hackers to access.
- Privacy : Masks your IP address, preventing tracking of your online activities.
- Access Control: Enables secure remote access to corporate networks.
- Bypassing Geo-restrictions: Allows access to content restricted in your region.
Why We Need to Use a VPN
- Public Wi-Fi Security: Protects your data on insecure public Wi-Fi networks.
- Data Privacy from ISPs: Prevents ISPs from monitoring and selling your browsing data.
- Safe Remote Work: Secures remote access to company resources.
- Avoid Censorship: Bypasses government-imposed internet restrictions.
Different Types of VPNs
- Remote Access VPN: Securely connects individual users to a private network.
- Site-to-Site VPN: Links entire networks, useful for businesses with multiple locations.
- Client-to-Site VPN: Connects remote users to a company's VPN server.
- SSL VPN: Provides secure remote access to specific applications.
- IPsec VPN: Secures internet communications with high-level encryption.
Why We Chose SoftEther VPN
- Versatility and Compatibility: Supports multiple VPN protocols like SSL-VPN, L2TP/IPsec, and OpenVPN.
- Performance: Offers fast and stable connections even under heavy traffic.
- Cost-Effectiveness: Free and open-source.
- Ease of Use: User-friendly graphical interface.
- Security: Robust encryption and advanced security features.
- Cross-Platform Support: Available on Windows, Linux, macOS, and mobile devices.
SoftEther VPN is a powerful, reliable, and versatile VPN solution that meets diverse security and connectivity needs, making it ideal for both personal and professional use.
Whether you're looking to secure your internet connection, access geo-restricted content, or set up a remote access solution for your business, this guide has got you covered. We'll walk you through each step, from launching your EC2 instance to configuring your SoftEther VPN server. By the end of this tutorial, you'll have your very own VPN server running in the cloud, providing you with enhanced privacy and security wherever you go.
Ready to take control of your online privacy? Let's dive in and get your SoftEther VPN server up and running on AWS!
Prerequisites
Before starting the setup of your SoftEther VPN server on an Amazon EC2 instance, ensure you have the following prerequisites in place:
- AWS Account: You need an Amazon Web Services (AWS) account. If you don't have one, you can sign up for a free account at AWS Free Tier Account.
- AWS Knowledge: Familiarity with AWS services, especially EC2, VPC, and Security Groups, is essential for this setup. Understanding how to navigate the AWS Management Console and basic network configuration will be helpful.
- Linux Commands: Knowledge of Linux commands will be necessary for updating the system, installing packages, and navigating the file system.
Absolutely! Here's an overview of what this blog contains, outlining the steps you'll be taking after ensuring the prerequisites:
Overview of Steps:
- Launch an Amazon EC2 Instance & Associate Elastic IP
- Connect to Your EC2 Instance Using Putty
- Install the Necessary Packages in the EC2 Instance
- Download and Install SoftEther VPN
- Create and Configure Startup Script
- Run SoftEther VPN Command-Line Management Utility
- Configure SoftEther VPN Server Using GUI
- Install SoftEther VPN Client Tool and Establish Connection
This blog will guide you through each of these steps in detail, ensuring you can successfully set up and configure your SoftEther VPN server on an Amazon EC2 instance.
Now, let's get started with the setup process.
Step 1: Launch an Amazon EC2 Instance & Associate Elastic IP
Login to AWS Management Console using sign-in
Navigate to the EC2 Dashboard.
Launch Instance: Click the "Launch Instance" button and Specify the Name
Press enter or click to view image in full size
Press enter or click to view image in full size
Choose an Amazon Machine Image (AMI): Select "Amazon Linux 2 AMI"
Press enter or click to view image in full size
Choose an Instance Type: Select the instance type (e.g., t2.micro for the free tier).
Press enter or click to view image in full size
Select or Create a Key Pair: Choose an existing key pair or create a new one. Download the key pair file as you will need it to connect to your instance.
Press enter or click to view image in full size
Enter the key pair name, key pair type as RSA, private key file format and select the create
key pair.
- .pem: Used for SSH connections on Unix/Linux systems.
- .ppk: Used by PuTTY on Windows.
Press enter or click to view image in full size
Network Setting: Click on Edit.
- Select the VPC: Choose the appropriate VPC from the dropdown menu.
- Select the Subnet: Pick the desired subnet for your instance.
- Auto-assign Public IP: Set this option to Disable.
Press enter or click to view image in full size
Configure Security Group:
- Allow SSH (port 22): Enables secure remote access to the instance from my Ip
Press enter or click to view image in full size
Press enter or click to view image in full size
Note: When configuring your security group for SSH access, set the source type to your IP address. This ensures that only your specific IP can access the instance via SSH. This enhances security by restricting SSH access to only your IP address.
Leave the Remaining Settings as Default and Review and Launch the Instance:
- After configuring your network settings, security group, and other specifications, review your instance details.
- Ensure all settings, such as instance type, storage, and tags, meet your requirements.
- Once satisfied, proceed to launch your instance by clicking the Launch Instance.
Press enter or click to view image in full size
Instance Successfully Launched
- Congratulations! Your instance has been successfully launched Up and Running.
Press enter or click to view image in full size
Allocate Elastic IP Address
- In the left navigation menu, navigate to Network and Security.
- Select Elastic IPs from the options
- Click on Allocate Elastic IP Address.
Press enter or click to view image in full size
Public IPv4 Address Pool: Choose "Amazon's Pool of IPv4 Addresses" from the dropdown menu.
Network Border Group: Select "us-east-1" from the available options.
Press enter or click to view image in full size
Press enter or click to view image in full size
Add Necessary Tags and Allocate: Once tags are added, click on Allocate to complete the process.
Press enter or click to view image in full size
Congratulations! Your Elastic IP address has been allocated successfully.
Now, click on Associate this Elastic IP Address to link it with your EC2 instance
Press enter or click to view image in full size
In the dialog box, under Resource Type, select Instance.
Press enter or click to view image in full size
Press enter or click to view image in full size
Select the Instance ID and Private IP Address of your SoftEtherVpnServer EC2 instance from the respective dropdown menus.
Click on Associate to finalize the association of the allocated Elastic IP address with your instance.
Press enter or click to view image in full size
Congratulations! The Elastic IP address has been successfully associated with the SoftEtherVPN Server EC2 instance.
Press enter or click to view image in full size
Confirm Elastic IP Association:
- Navigate back to the EC2 dashboard and locate your instance.
- Check the Public IP address displayed for instance.
- You should see that the Elastic IP address has been successfully associated with the EC2 instance.
- This confirms that SoftEtherVPN Server is now accessible via the static Elastic IP address, providing stable and predictable connectivity for VPN services.
Press enter or click to view image in full size
Security groups play a crucial role in securing your SoftEther VPN setup. To ensure proper functionality, configure the following ports within your security group settings:
- TCP Ports: Allow traffic on ports 443, 992, and 5555 from anywhere:
- TCP 443: Enables HTTPS traffic, securing web connections.
- TCP 992: Facilitates VPN over SSL, ensuring encrypted VPN sessions.
- TCP 5555: Used by SoftEther VPN clients for establishing connections.
- UDP Ports: Allow traffic on ports 500 and 4500 from anywhere.
- UDP 500: Essential for IKE (Internet Key Exchange) used in VPN tunnel establishment.
- UDP 4500: Facilitates NAT traversal, enabling VPN traffic to pass through NAT devices.
Press enter or click to view image in full size
Step 2: Connect to Your EC2 Instance Using Putty.
Note: I am using Windows to connect to my EC2 instance through PuTTY. If you are using macOS or a Linux terminal, you can refer to the AWS EC2 SSH User Guide for connecting via SSH.
Open PuTTY.
In the "Host Name" field, enter the public IP address of your EC2 Instance, port 22.
Under "Connection" -> "SSH" -> "Auth", browse and select your .ppk file and Click "Open" to connect. Once prompted click on Accept.
Login as ec2-user and enter
Login as Root User and Use the Following Command :
sudo suThis command allows you to switch to the root user, granting full administrative access to perform system-level tasks and configurations on your EC2 instance.
Step 3: Install the Necessary Packages in the EC2 Instance
Update the System
Run the following commands to update your system
yum update -yTo install the necessary development tools, execute the following command in your terminal. When prompted, type 'y' and press Enter to proceed with the installation:
yum groupinstall "Development Tools"change the current directory to '/usr/local' which is a common location for user-installed software and packages.
cd /usr/localStep 4: Download and Install SoftEther VPN
Download the linux distribution of SoftEther server at the download link to the ec2 instance and install using the steps
- Select Software: Softether VPN(freeware)
- Select Component: Softether VPN Server
- Select Platform: Linux
- Select CPU: Intel x64 / AMD64 (64 bit)
wget https://www.softether-download.com/files/softether/v4.34-9745-rtm-2020.04.05-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-x64-64bit.tar.gzCheck the Downloaded SoftEther VPN Using command :
llExtract the downloaded file:
tar -xvf softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-x64-64bit.tar.gzNavigate to the extracted directory using the below command:
cd vpnserver/Check the softether vpn files inside the directory using
llCompile SoftEther VPN:
The make command compiles the SoftEther VPN source code into executable binaries by reading and executing instructions from the Makefile.
makeDuring the installation process, you will encounter the license agreement prompt. Type Ƈ', Ƈ', and then Ƈ' again to agree to the terms and proceed with the installation.
Press enter or click to view image in full size
Step 5: Create and Configure Startup Script
Create a startup script to run SoftEther VPN as a service:
nano /etc/init.d/vpnserverAdd the following script to the file:
#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0To save the file, press Ctrl+O followed by Enter, and to close it, press Ctrl+X. Ensure that the VPN server has read and write permissions for the user.
ll /etc/init.d/vpnserverPress enter or click to view image in full size
Set Execution Permissions for the Startup Script:
Change the permissions to ensure only the root user can read, write, and execute the script by using the command :
chmod 700 /etc/init.d/vpnserverPress enter or click to view image in full size
Press enter or click to view image in full size
Start the SoftEther VPN server using below command:
/etc/init.d/vpnserver startPress enter or click to view image in full size
Configure the system to start the VPN server:
chkconfig --add vpnserverPress enter or click to view image in full size
Step 6: Run SoftEther VPN Command-Line Management Utility
To run the SoftEther VPN command-line management utility, use the below command:
./vpncmdThis command allows you to configure and manage your VPN server, create and manage virtual hubs, users, and connections through a comprehensive command-line interface.
Press enter or click to view image in full size
To Set the Server Password for Administrator:
ServerPasswordSetPress enter or click to view image in full size
Step 7: Configure SoftEther VPN Server Using GUI
You can configure the VPN server using the command line, or you can configure it through the graphical user interface (gui) using the Windows SoftEther VPN Manager tool. Here I am using the GUI to configure the vpn server
Download the SoftEther server Manager for Windows at the download link to the Windows operating system
- Select Software: Softether VPN(freeware)
- Select Component: SoftEther VPN Server Manager for Windows
- Select Platform: Windows
- Select CPU: Intel (x86 and x64)
Press enter or click to view image in full size
follow the instructions Windows SoftEther VPN Server Manager Installation guide to setup wizard
After Installation of SoftEther VPN Server Manager, you will see the following, Click on the New Setting
Enter the setting name, use the SoftEther VPN server's public IP address as the hostname, set the port to 992, and provide the administrator password previously set for the SoftEther VPN server. Click "OK" to proceed.
Press enter or click to view image in full size
Click on the Create a Virtual Hub
Press enter or click to view image in full size
Enter the Virtual Hub name and set the administrator password accordingly. Click "OK" to confirm the settings.
Press enter or click to view image in full size
VPN Virtual Hub has been successfully created. Select the VPNVirtualHub and proceed by clicking on "Manage Virtual Hub."
Press enter or click to view image in full size
Select the Manage Users and create the user by clicking on the new for creating the users ( you can repeat the same to create new users)
Press enter or click to view image in full size
Set the username and authentication type to Password Authentication for the VPN user "vpn1," then assign a password. Click "OK" to confirm the settings.
Press enter or click to view image in full size
vpn1 user has been successfully created and can now be viewed in the Manage Users section.
Press enter or click to view image in full size
Select the Virtual NAT and Virtual DHCP Server (SecureNAT) option to enable automatic IP address assignment and network address translation. These features are essential in SoftEther VPN to simplify network management, allowing client devices to connect seamlessly without requiring manual IP configuration.
Press enter or click to view image in full size
Select the Enable SecureNAT and SecureNAT Configuration — Enabling these options ensures efficient handling of IP addresses and smooth communication within the VPN network, enhancing overall user experience and network reliability.
In the SecureNAT Configuration, Update DNS Server Address 1 to use Google DNS: 8.8.8.8, and set DNS Server Address 2 to 8.8.4.4. Click "OK" to save the changes and then exit the configuration.
Press enter or click to view image in full size
Press enter or click to view image in full size
Select the Local Bridge Setting :
- Virtual Hub : VPNVirtualHub
- Type to create : Bridge with Physical Existing Network Adapter.
- Lan Adapter : eth0
Click on the create Local Bridge.
Press enter or click to view image in full size
Local Bridge has been added successfully.
Press enter or click to view image in full size
Select the IPsec/ L2TP Setting:
Press enter or click to view image in full size
Enable the L2TP Server Function (L2TP Over IPsec) and assign the IPsec pre-shared key as part of the configuration.
Press enter or click to view image in full size
Select the OpenVPN / MS-SSTP Setting:
Press enter or click to view image in full size
Disable the "Enable OpenVPN Clone Server Function" and "MS-SSTP VPN Clone Server Function" options, then click "OK" to confirm.
Press enter or click to view image in full size
Step 8: Install SoftEther VPN Client Tool and Establish Connection
Download and Install SoftEther VPN Client for the Windows, ensure to visit the official website SoftEther's Official Download Page for the latest version of "SoftEther VPN Server and VPN Bridge (Ver 4.38, Build 9760, rtm)"for your download. For Mac users, you can refer to this guide SoftEther VPN Client Setup in Mac
Upon downloading the client tool to your local computer, ensure during setup that you select to install only the "SoftEther VPN Client" option.
Press enter or click to view image in full size
After downloading the tool, during setup, ensure you select the option to install only the "SoftEther VPN Client" tool.
Once installation is complete, you'll encounter a setup window. Proceed by double-clicking on the "Add VPN Connection" option.
During this step, the setup may prompt you to add a Virtual Network Adapter. Confirm by clicking "Yes" to proceed with adding it.
Press enter or click to view image in full size
Next, on the following screen, retain the default name for the Virtual Network Adapter. You will then encounter progress screens as illustrated below:
Press enter or click to view image in full size
Next, double-click on the "Add VPN Connection" option to move forward with setting up your VPN. This step will start the process of configuring your connection, ensuring everything is ready for a smooth and secure VPN setup.
Press enter or click to view image in full size
Open the SoftEther VPN Client Manager.
Create a New VPN Connection:
- A window will pop up to configure the connection.
- Setting Name: Enter SoftEtherVPNServer.
- Host Name: Enter 54.84.52.216 (This is the IP address of your SoftEther VPN server).
- Port Number: Select 992 from the drop-down menu.
- Virtual Hub Name: Select VPNVirtualHub from the drop-down menu.
User Authentication Setting:
- Username: Provide your respective username.
- Password: Provide your respective password.
Click OK to save the settings and establish the connection.
Press enter or click to view image in full size
After clicking "OK," the connection status window will appear, showing the status as "Offline." To connect, either double-click on the connection bar or right-click on it and select "Connect." The status will then update to "Connected," indicating a successful connection to your SoftEther VPN server.
Press enter or click to view image in full size
Press enter or click to view image in full size
Once the status shows "Connected," it confirms that the user has successfully established a connection with the VPN. This indicates that data transmission between the client device and the SoftEther VPN server is now secure and operational.
Press enter or click to view image in full size
To confirm you have successfully connected to the SoftEther VPN, visit whatismyipaddress.com and verify that your IP address is displayed as 54.84.52.216. This will provide assurance that your VPN connection is properly established and secured.
Press enter or click to view image in full size
Conclusion:
You've successfully Set up a SoftEther VPN server on an Amazon EC2 instance opens up powerful possibilities for secure, private networking on a global scale. This setup allows you to establish a reliable infrastructure that prioritizes data privacy and accessibility from any location worldwide. Keeping both your server and client software updated regularly is crucial to maintaining top-notch security and ensuring smooth performance. By taking these proactive steps, you not only bolster your defenses against evolving threats but also optimize the overall efficiency of your VPN setup. With SoftEther VPN running on AWS EC2, you can confidently connect and collaborate across diverse environments while safeguarding your sensitive data effectively.
Ajay Uppu is a cloud engineer and AWS Community Builder passionate about the latest emerging technologies, especially in cloud computing and artificial intelligence. He channels his passion into hands-on expertise in cloud architectures, infrastructure, and seamless integration of cutting-edge AI and cloud solutions. His role demands a deep understanding of both cloud and AI technologies to drive innovative and scalable solutions.