For some unspeakable reasons, this article can not expose too many details about every steps to setup and configure the VPN server, but the key steps and scripts will all be listed.
So you will need basic Linux command knowledge and some Azure experience in order to complete the operation.
The reason for choosing Linux over Windows is because the cost is way less then Windows machines, so that you can create multiple VPN servers across the data centers and have many fun.
First thing first, the Azure I am talking about is the global version of Microsoft Azure (azure.com), not the fake one in China (azure.cn), if you try to deploy any type of VPN services in Azure China, you will get a "friendly reminder" phone call right away!
1. Server Instance
You need to create an Ubuntu 16.04 LST VM, and only 16.04 works, do not try 17.10 or upgrade to 18.04, it won't compile the VPN server's source code!
There are few reminders:
a) Minimal hardware configuration is: 1 vCPU / 2 GB RAM (B1MS Standard)
This will cost you around 17 USD per month based on which data center you are choosing.
b) You need to bind a custom domain ([name].[datacenter].cloudapp.azure.com) to your VM, you can do this in your VM's DNS name settings
c) In Network Security Group (NSG Firewall), allow these ports:
2. SSH into the VM
First, you need to perform an update by executing these commands:
sudo apt-get update sudo apt-get upgrade sudo apt-get dist-upgrade
and then, install the compiler used to compile the VPN server source code
sudo apt-get install gcc sudo apt-get install make
Then, download the VPN server source code, in order to get the download URL, you can visit:
find the VPN server download address for Linux, then download and unzip the package:
wget [Softether VPN Server Linux X64 URL] tar -zxvf [Softether VPN Server Downloaded FileName]
Now, compile the code and start the VPN server.
This is where Ubuntu 17.10 or 18.04 will fail. The make command will blow up on C++ compiler. I am not a Linux guy, hopefully someone could help on this?
cd vpnserver sudo ./.install.sh sudo ./vpnserver start
3. Install VPN Server Manager on Windows / Mac Client
This is the most easy way that use a GUI to configure the VPN Server rather than using Linux command line. You can find the server manager download address here: http://www.softether-download.com/en.aspx?product=softether
4. Connect to Linux Host and Setup VPN
Use your VPN Server Manager GUI to connect to your server, if the NSG Firewall is correctly configured, you should not have problem connecting to the server.
The configuration item should be executed in these order:
- Make Certificate for public DNS name
- Enable L2TP over IPSec
- Enable SSTP
- Enable NAT in VPN Hub
- Create User Account
- Restart VPN Hub
You can connect and use your VPN in L2TP/SSTP now on your PC/Mac or phone.
5. Auto Start VPN Service on the Server
By default, the vpn server will not start with the OS, so if your server restarted without your notice, you will need to manually SSH into the server and restart the vpn service. However, we can configure it to be auto start.
1. Execute these commands
sudo mv vpnserver /usr/local cd /usr/local/vpnserver/ sudo chmod 600 * sudo chmod 700 vpnserver sudo chmod 700 vpncmd cd /usr/local/vpnserver/
2. Use vpncmd
3. Respond the echo by
CTRL+Z to exit the vpncmd util.
4. Create the service configuration
sudo nano /lib/systemd/system/vpnserver.service
File content is:
[Unit] Description=SoftEther VPN Server After=network.target [Service] Type=forking ExecStart=/usr/local/vpnserver/vpnserver start ExecStop=/usr/local/vpnserver/vpnserver stop [Install] WantedBy=multi-user.target
5. Finally enable the vpnserver and restart the VM
sudo systemctl enable vpnserver sudo reboot
6. After the system restart, you can SSH into it and verify the vpn service status using:
systemctl status vpnserver
You should see the "active (running)" that indicates the auto start is successfully configured.