How to Set Up a SoftEther VPN over HTTPS Client on Windows and Linux
When it comes to Virtual Private Networks (VPNs), not all protocols are created equal. While OpenVPN and Wireguard are incredibly popular VPN protocols, their popularity has led to an increase in the protocol being blocked by some networks.
With SoftEther VPN, the encrypted tunnel is routed through the HTTPS port (443), effectively disguising the VPN as an SSL connection.
Here’s how to set up a SoftEther VPN over an HTTPS connection client on Windows and Linux.
How Does a SoftEther VPN Work?
SoftEther, which stands for “Software Ethernet,” is an open-source, multi-protocol VPN software. It’s lauded for its flexibility, allowing for a range of VPN protocols, including the increasingly popular VPN over HTTPS.
VPN blocking methods primarily block commonly used VPN ports or the protocols themselves. VPN over HTTPS utilizes the SSL/TLS encryption protocols. This means that the VPN connection is camouflaged as standard HTTP traffic. This allows it to pass through most firewalls and web proxies without detection.
A SoftEther VPN requires both a client and a server. This article deals with the installation and setup of a SoftEther client. For the server setup guide, take a look at how to set up the SoftEther VPN server. You’ll need the hostname or IP address of your SoftEther server to complete the SoftEther client configuration in the next section, so do take a moment to do this.
Before we delve into the installation procedures, it’s important to note that only the Windows and Linux SoftEther clients support VPN over HTTPS. Furthermore, for both Windows and Linux, ensure you have the hostname or IP address of the SoftEther server and username and password.
Installing the SoftEther Client on Windows
- Download the Windows SoftEther client from the SoftEther website. You will need to select SoftEther VPN Client and then Windows from the drop-down menus. Run the installer and follow the on-screen prompts. During the setup, select SoftEther VPN Client when prompted.
- Once installed, launch the VPN client manager. You will need to create a virtual network adapter for the VPN connection. Select Virtual Adapter, then New Virtual Network Adapter. Enter a unique name for your SoftEther VPN network adapter, then select OK.
- Next, select Connect in the top left corner and then New VPN Connection Setting. Enter the following details which correspond to your SoftEther VPN Server:
- Setting Name: Give your VPN client a name.
- Hostname: The hostname or IP address of your SoftEther VPN server.
- Port Number: 443
- Proxy Type: For most, choosing “Direct TCP/IP Connection” will be best. If your connection is behind a web or SOCKS proxy, choose the corresponding option.
- Virtual Client Adapter to Use: Choose the virtual network adapter you created in the previous step.
- User Authentication Settings: Select Standard Password Authentication. Enter your VPN username and password.
- Click “OK” to continue.
- Right-click the new connection and click Connect. If the details have been entered correctly, the VPN should now connect successfully.
Now, if you want to specify your own DNS servers, you must edit the virtual network adapter settings within Windows.
- In the Network and Sharing Center, click Change adapter settings, right-click the virtual adapter (it’ll be named something like VPN## or similar), click Properties, then select Internet Protocol Version 4
- Enter the DNS servers you want to use in the Preferred DNS server section.
To test if the VPN has connected successfully, you can visit WhatIsMyIP and check the displayed IP address. If it matches the IP address of your SoftEther VPN server, then your client is set up correctly.
Installing the SoftEther Client on Linux
To install the SoftEther client on Linux, you need to open a terminal and be logged in as root. Instructions for this installation are given for Debian/Ubuntu. For other distributions of Linux, please adjust your commands accordingly. As the Linux installation process is somewhat longer than the Windows version, we’ve broken it into bite-sized chunks.
1. Update Your Software Repositories and Dependencies
Before you begin the client installation, first update your software repositories using the following command.
apt-get update -y
Next, install the required dependencies for the VPN client.
apt-get install build-essential gnupg2 gcc make -y
2. Download and Install the SoftEther Client for Linux
To do this, install the Lynx terminal-based browser and open the SoftEther download page.
apt-get install lynx -y
lynx http:
Scroll to the bottom of the page to select the latest version or beta. Select Linux, then SoftEther_VPN_Client.
Select your system architecture, select the softether-vpnclient-x file, and press “d” to download. Finally, select Save to disk.
Press q to exit the Lynx browser.
Extract the archive. Note that your file name might be different if you have downloaded a newer version.
tar -xvzf softether-vpnclient (press tab to complete)
Navigate to the newly created VPN client directory:
cd ./vpnclient
Issue the make command to compile the software and accept the license agreement.
make
Now run the VPN client.
./vpnclient start
Before starting the configuration, test your system’s compatibility with the client. Select Option 3 (Use of VPN Tools).
Next, issue the following command:
check
If all the tests pass without errors, you can move on to configuration. Exit vpncmd by typing exit.
3. Configure the VPN Client
To begin configuration, run vpncmd again and select Option 2 (Management of VPN Client). Press enter to accept localhost as the client.
./vpncmd
Create a new virtual interface to connect to the VPN server. You can use any name you wish.
NicCreate <name of interface>
Create a new client account and give it a name. You will need your SoftEther username and hub name for this step.
AccountCreate <name of account> /server:<IP of VPN server>:443 /HUB:<name of vpn hub> /USERNAME:<vpn username> /NICNAME:<name of virtual network interface>
Set the password and authentication mode for the newly created account.
AccountPasswordSet <name of account> /PASSWORD:<your vpn password> /TYPE:standard
Check the status of the newly created account with the command:
AccountList
4. Enable IP Forwarding
The account is now ready to make a connection to the SoftEther VPN server, but first, you will need to ensure IP forwarding is enabled.
cat /proc/sys/net/ipv4/ip_forward
This will return a value of 1 or 0. If the value is 0, then IP forwarding is not enabled. To enable it, edit the sysctl.conf file using the following command:
nano /etc/sysctl.conf
Find the line “net.ipv4.ip_forward=1” and uncomment it. Now save the file (ctrl-o, ctrl-x).
5. Make Your First SoftEther VPN Connection
Your account is now ready to connect to the VPN server. To do so, issue this command:
AccountConnect <name of account>
At this point, you can confirm the account has connected successfully by issuing the AccountList command:
AccountList
Request an IP address from the VPN server via DHCP. Place the prefix “vpn_” before the virtual interface name. For example: “vpn_sevpn”
dhclient <virtual adapter name>
You will need to view the IP address assigned by the VPN server. Remember this address, as it is important for the next step.
Here, you can see the name of your virtual interface and the IP address that has been assigned. In the image above, it is highlighted in blue.
iconfig <name of interface>
6. Set Up Static Routing
Now, you must specify the static routes so that all traffic is directed through the VPN rather than your default network gateway. To view your current routing table, issue the netstat command:
netstat -rn
In the image above, you can see the IP address allocated by the VPN server (vpn_sevpn), and you can see the default gateway (ens33). Your routing table will look different from the example provided, as every network differs. The default gateway IP will be different from the DHCP IP address you obtained from the VPN server from the previous step.
Once you have your default gateway IP, add a new route to your VPN server’s IP address via your default gateway. Please note that your VPN server IP is the IP of your SoftEther VPN server and NOT the IP issued from the server via DHCP.
ip route add <your VPN server IP>/32 via <your default gateway>
Delete your old default route.
ip route del default via <your default gateway IP>
After performing these route changes, the routing table will look like the table in the image above. Notice that the default gateway has now changed to the IP address issued via DHCP from the VPN server.
Now, test your connection by pinging an external IP, such as the Google DNS server:
ping -c4 8.8.8.8
Finally, check your SoftEther client connection is working correctly by checking your public IP address:
wget -qO- http:
If the IP address returned is the same as your VPN server IP, everything is working correctly.
7. Disconnecting the VPN
To disconnect from the VPN, you need to start the VPN client configuration script again using the following command:
./vpncmd
Now issue the AccountDisconnect command:
AccountDisconnect <name of account>
Now exit the client configuration and release the DHCP lease from the virtual network interface:
dhclient -r <name of virtual interface>
Next, stop the VPN client:
./vpnclient stop
Now, edit your routing table by removing the route to your VPN server:
ip route del <your VPN server IP>/32
Finally, add a default route via your network’s local gateway:
ip route add default via <your local gateway>
Your network connection should now be restored.
Use the SoftEther VPN to Protect Your Online Privacy
Successfully setting up a SoftEther client and establishing a connection to its VPN server enhances your online security. Your SoftEther VPN remains discreet, defying even the most rigorous attempts at VPN detection and blocking.