For some unspeakable reasons, this article can not expose too many details about every steps to setup and configure the VPN server, but the key steps and scripts will all be listed. 

So you will need basic Linux command knowledge and some Azure experience in order to complete the operation. 

The reason for choosing Linux over Windows is because the cost is way less then Windows machines, so that you can create multiple VPN servers across the data centers and have many fun.

First thing first, the Azure I am talking about is the global version of Microsoft Azure (azure.com), not the fake one in China (azure.cn), if you try to deploy any type of VPN services in Azure China, you will get a "friendly reminder" phone call right away!

1. Server Instance

You need to create an Ubuntu 16.04 LST VM, and only 16.04 works, do not try 17.10 or upgrade to 18.04, it won't compile the VPN server's source code!

There are few reminders:

a) Minimal hardware configuration is: 1 vCPU / 2 GB RAM (B1MS Standard)

This will cost you around 17 USD per month based on which data center you are choosing.

b) You need to bind a custom domain ([name].[datacenter].cloudapp.azure.com) to your VM, you can do this in your VM's DNS name settings

c) In Network Security Group (NSG Firewall), allow these ports:

TCP: 443,992,1194,5555

UDP: 500,1701,4500

2. SSH into the VM 

First, you need to perform an update by executing these commands:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

and then, install the compiler used to compile the VPN server source code

sudo apt-get install gcc
sudo apt-get install make

Then, download the VPN server source code, in order to get the download URL, you can visit:

http://www.softether-download.com/en.aspx?product=softether

find the VPN server download address for Linux, then download and unzip the package:

wget [Softether VPN Server Linux X64 URL]
tar -zxvf [Softether VPN Server Downloaded FileName]

Now, compile the code and start the VPN server.

This is where Ubuntu 17.10 or 18.04 will fail. The make command will blow up on C++ compiler. I am not a Linux guy, hopefully someone could help on this?

cd vpnserver
sudo ./.install.sh
sudo ./vpnserver start

3. Install VPN Server Manager on Windows / Mac Client

This is the most easy way that use a GUI to configure the VPN Server rather than using Linux command line. You can find the server manager download address here: http://www.softether-download.com/en.aspx?product=softether

4. Connect to Linux Host and Setup VPN

Use your VPN Server Manager GUI to connect to your server, if the NSG Firewall is correctly configured, you should not have problem connecting to the server. 

The configuration item should be executed in these order:

  1. Make Certificate for public DNS name
  2. Enable L2TP over IPSec
  3. Enable SSTP
  4. Enable NAT in VPN Hub
  5. Create User Account
  6. Restart VPN Hub

You can connect and use your VPN in L2TP/SSTP now on your PC/Mac or phone.

5. Auto Start VPN Service on the Server

By default, the vpn server will not start with the OS, so if your server restarted without your notice, you will need to manually SSH into the server and restart the vpn service. However, we can configure it to be auto start.

1. Execute these commands

sudo mv vpnserver /usr/local
cd /usr/local/vpnserver/
sudo chmod 600 *
sudo chmod 700 vpnserver
sudo chmod 700 vpncmd
cd /usr/local/vpnserver/

2. Use vpncmd

sudo ./vpncmd

3. Respond the echo by

3
check

and press CTRL+Z to exit the vpncmd util.

4. Create the service configuration

sudo nano /lib/systemd/system/vpnserver.service

File content is:

[Unit]
Description=SoftEther VPN Server
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop

[Install]
WantedBy=multi-user.target

5. Finally enable the vpnserver and restart the VM

sudo systemctl enable vpnserver
sudo reboot

6. After the system restart, you can SSH into it and verify the vpn service status using:

systemctl status vpnserver

You should see the "active (running)" that indicates the auto start is successfully configured.