For some unspeakable reasons, this article can not expose too many details about every steps to setup and configure the VPN server, but the key steps and scripts will all be listed. You will need basic Linux command knowledge and some Azure experience in order to complete the operation. The reason for choosing Linux over Windows is because the cost is way less then Windows machines, so that you can create multiple VPN servers across the data centers and have many fun.
First thing first, the Azure I am talking about is the global version of Microsoft Azure (azure.com), not the fake one in China (azure.cn).
If you try to deploy any type of VPN services in Azure China, you will get a "friendly reminder" phone call right away! You may disapper from existance, DO NOT DEPLOY VPN SERVER IN CHINA!!!DO NOT DEPLOY VPN SERVER IN CHINA!!!DO NOT DEPLOY VPN SERVER IN CHINA!!!IMPORTANT THING SAY 3 TIMES!!!
1. Server Instance
You need to create an Ubuntu 18.04 LST VM (16.04 works as well)
There are few reminders:
a. Minimal hardware configuration is: 1 vCPU / 2 GB RAM (B1MS Standard)
This will cost you around 20 USD per month based on which data center you are choosing.
b. You need to bind a custom domain ([name].[datacenter].cloudapp.azure.com) to your VM.
You can do this in your VM's DNS name settings.
c. In Network Security Group (NSG Firewall), allow these ports:
2. SSH into the VM
a. Perform an update by executing these commands
sudo apt-get update sudo apt-get upgrade sudo apt-get dist-upgrade
b. Install the compiler used to compile the VPN server source code
sudo apt-get install gcc sudo apt-get install make
c. Download and compile the VPN server source code
You can get the latest download URL from http://www.softether-download.com/en.aspx?product=softether
Find the VPN server download address for Linux x64, then download and unzip the package:
wget [Softether VPN Server Linux X64 URL] tar -zxvf [Softether VPN Server Downloaded FileName]
Compile the code and start the VPN server.
cd vpnserver sudo ./.install.sh sudo ./vpnserver start
3. Install VPN Server Manager
This is the most easy way that use a GUI to configure the VPN Server rather than using Linux command line. You can find the server manager download address here: http://www.softether-download.com/en.aspx?product=softether
Use your VPN Server Manager GUI to connect to your server, if the NSG Firewall is correctly configured, you should not have problem connecting to the server.
The configuration must be executed in these order:
- Make Certificate for public DNS name
- Enable L2TP over IPSec
- Enable SSTP
- Enable NAT in VPN Hub
- Create User Account
- Restart VPN Hub
You can connect and test your VPN via L2TP/SSTP connection.
4. Auto Start VPN Service on the Server
By default, the vpn server will not start with the OS, so if your server restarted without your notice, you will need to manually SSH into the server and restart the vpn service. However, we can configure it to be auto start.
a. Execute these commands
sudo mv vpnserver /usr/local cd /usr/local/vpnserver/ sudo chmod 600 * sudo chmod 700 vpnserver sudo chmod 700 vpncmd cd /usr/local/vpnserver/
b. Use vpncmd
c. Respond the echo by
CTRL+Z to exit the vpncmd util.
d. Create the service configuration
sudo nano /lib/systemd/system/vpnserver.service
File content is:
[Unit] Description=SoftEther VPN Server After=network.target [Service] Type=forking ExecStart=/usr/local/vpnserver/vpnserver start ExecStop=/usr/local/vpnserver/vpnserver stop [Install] WantedBy=multi-user.target
e. Finally enable the vpnserver and restart the VM
sudo systemctl enable vpnserver sudo reboot
f. After the system restart, you can SSH into it and verify the vpn service status using:
systemctl status vpnserver
You should see the "active (running)" that indicates the auto start is successfully configured.