Create a VPN server using Orange-pi, Ubuntu and SoftEther VPN software

SoftEther VPN, which stands for “Software Ethernet,” is one of the world’s most powerful and easy-to-use multi-protocol VPN software solutions. It can provide concurrent VPN connections and supports a variety of operating systems, including Windows, Linux, Mac, FreeBSD, and Solaris. Developed as part of Daiyuu Nobori’s Master’s thesis at the University of Tsukuba, SoftEther VPN is open-source and free for both personal and commercial use.

In the past, I had successfully created a VPN server on a Windows PC using SoftEther VPN. However, I encountered issues where I was unable to connect to other VPN servers when my VPN server was running as a service on my PC. Therefore, I have decided to create a dedicated VPN server using a low-cost Orange Pi board running Ubuntu and SoftEther VPN .

In the following paragraphs, step-by-step instructions will be provided on how to set up a VPN server. Believe it or not, this entire process can be completed in just 10 minutes. Let’s roll !

Update the Ubuntu system

Use SSH to open a terminal on the Orange Pi and run the following commands to update the system:

sudo apt-get update
sudo apt-get upgrade

Install SoftEther VPN Server

Go to SoftEther offical website to download the lastest SoftEther VPN server package for Ubuntu. The most updated at 2024 June is

softether-vpnserver-v4.34-9745-rtm-2020.01.17-linux-x64-64bit.tar.gz

Extract the downloaded file and unzip it by the following command

tar xzvf softether-vpnserver-v4.34-9745-rtm-2020.01.17-linux-x64-64bit.tar.gz

Change to the extracted directory and compile the SoftEther VPN Server

cd softether-vpnserver-v4.34-9745-rtm-2020.01.17-linux-x64-64bit
make

Create a new directory for VPN server and copy all files into it.

sudo mkdir -p /usr/local/vpnserver
sudo cp -r * /usr/local/vpnserver/

Grant the necessary permissions.

sudo chmod 755 /usr/local/vpnserver
sudo chmod 755 /usr/local/vpnserver/*

This sets the appropriate permissions for the VPN server files and directories.

Firewall Configuration

Make sure to open the necessary ports on your Orange Pi’s firewall to allow VPN connections. The default ports used by SoftEther VPN Server are:

sudo ufw disable

Configure VPN server

You can now configure the VPN server using the vpncmd tool:

sudo /usr/local/vpnserver/vpncmd

When prompted, choose ‘1’ to connect to the VPN Server. Then enter the IP address of the Orange-Pi and the port 1194

Hostname of IP Address of Destination: 192.168.2.200:1194

When the port number is unspecified, 443 is used. If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (Orange-pi).

When you are asked for Virtual Hub Name, just press Enter key and you are going into the VPN server shell. There are several settings needs to be added within the shell.

1. Create a hub called “myhub”

VPN Server > HubCreate myhub

Response:

HubCreate command - Create New Virtual Hub
Please enter the password. To cancel press the Ctrl+D key.

Create a password for the hub.

Password: **********
Confirm input: **********

2. Create a group called “myGroup” and fill in the information

VPN server > GroupCreate
Group Name : myGroup
Group Full Name: myGroup
Group Description: myGroup

3. Set an administrator password

VPN server > VPNServerPasswordSet

Response:

ServerPasswordSet command - Set VPN Server Administrator Password
Please enter the password. To cancel press the Ctrl+D key.

Create an administrator password

Password: **********
Confirm input: **********

4. Switch to the virtual hub context

VPN server > Hub myhub

5. Enable SecureNAT

VPN server > SecureNatEnable

6. Create user account named “myuser”

VPN server > UserCreate myuser 
UserCreate command - Create User
Assigned Group Name: myGroup
User Full Name: FelixTang
User Description: admin

7. Set the user password

VPN server > UserPasswordSet FelixTang

Response:

UserPasswordSet command – Set Password Authentication for User Auth Type and Set Password, Please enter the password. To cancel press the Ctrl+D key.

Create a user password

Password: **********
Confirm input: **********

8. Configure IPsec for L2TP/IPsec connections

VPN server >IpsecEnable
IpsecEnable command – Enable or Disable Ipsec VPN Server Function
Enable L2TP over Ipsec Server Function (yes / no) y
Enable Raw L2TP Server Function (yes / no) y
Enable EtherIP / L2TPv3 over Ipsec Server Function  (yes / no) n
Pre Shared Key for Ipsec  (Recommended: 9 letters at maximum): myuser@2024
Default Virtual HUB in a case of ommitting the HUB on the Username: myhub

9. Enable OpenVPN protocol

OpenVpnEnable yes /PORTS:1194

Congratulation !!! A VPN server has been successfully built. You can check the VPN connection and status using following two commands.

VPN server > ConnectionList
VPN Server > ServerStatusGet

There are still two steps before the VPN server can be released. First configure the port forward in the broadband router.

Name	Protocol External Port	Internal ipaddess Internal port
VPN	TCP	 1194	        192.168.2.200	  1194
IKE	TCP+UDP	 500	        192.168.2.200	  500
NAT-T	UDP	 4500	        192.168.2.200	  4500

To start the SoftEther VPN Server automatically on system boot, add the following line to your `/etc/rc.local` file:

sudo /usr/local/vpnserver/vpnserver start

Create an VPN connection in my iphone:

1. Tap on your “Settings” app on the Home Screen of your iPhone. 
2. Press “VPN.” 
3. Tap “Add VPN Configuration.”  
4. Press “Type” and pick the type of VPN protocol you’re using. Choose L2TP.  
5. Type IP address of your router in the “server”.  (visit related post below to find how to get the IP address)
6. Type in your username and password.  
7. Type in the IPsec Key
8. Press “Done” at the right top corner. 

To make your VPN active: 

1. Go to the “Settings” app on your phone.  
2. Choose “VPN.”  
3. Tap the status switch on your VPN to turn it on.  

See, setting up a VPN server is straightforward and easy. Go ahead and try it! You can watch your Netflix in different regions now.