For some unspeakable reasons, this article can not expose too many details about every steps to setup and configure the VPN server, but the key steps and scripts will all be listed. 

So you will need basic Linux command knowledge and some Azure experience in order to complete the operation. 

The reason for choosing Linux over Windows is because the cost is way less then Windows machines, so that you can create multiple VPN servers across the data centers and have many fun.

First thing first, the Azure I am talking about is the global version of Microsoft Azure (azure.com), not the fake one in China (azure.cn).

If you try to deploy any type of VPN services in Azure China, you will get a "friendly reminder" phone call right away! You may disapper from existance, DO NOT DEPLOY VPN SERVER IN CHINA!!!

 

1. Server Instance


You need to create an Ubuntu 18.04 LST VM (16.04 works as well)

There are few reminders:

a. Minimal hardware configuration is: 1 vCPU / 2 GB RAM (B1MS Standard)

This will cost you around 20 USD per month based on which data center you are choosing.

b. You need to bind a custom domain ([name].[datacenter].cloudapp.azure.com) to your VM.

You can do this in your VM's DNS name settings.

c. In Network Security Group (NSG Firewall), allow these ports:

TCP 443,992,1194,5555
UDP 500,1701,4500

 

2. SSH into the VM 


a. Perform an update by executing these commands

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

b. Install the compiler used to compile the VPN server source code

sudo apt-get install gcc
sudo apt-get install make

c. Download and compile the VPN server source code

You can get the latest download URL from http://www.softether-download.com/en.aspx?product=softether

Find the VPN server download address for Linux x64, then download and unzip the package:

wget [Softether VPN Server Linux X64 URL]
tar -zxvf [Softether VPN Server Downloaded FileName]

Compile the code and start the VPN server.

cd vpnserver
sudo ./.install.sh
sudo ./vpnserver start

 

3. Install VPN Server Manager


This is the most easy way that use a GUI to configure the VPN Server rather than using Linux command line. You can find the server manager download address here: http://www.softether-download.com/en.aspx?product=softether

Use your VPN Server Manager GUI to connect to your server, if the NSG Firewall is correctly configured, you should not have problem connecting to the server. 

The configuration must be executed in these order:

  1. Make Certificate for public DNS name
  2. Enable L2TP over IPSec
  3. Enable SSTP
  4. Enable NAT in VPN Hub
  5. Create User Account
  6. Restart VPN Hub

You can connect and test your VPN via L2TP/SSTP connection.

 

4. Auto Start VPN Service on the Server


By default, the vpn server will not start with the OS, so if your server restarted without your notice, you will need to manually SSH into the server and restart the vpn service. However, we can configure it to be auto start.

a. Execute these commands

sudo mv vpnserver /usr/local
cd /usr/local/vpnserver/
sudo chmod 600 *
sudo chmod 700 vpnserver
sudo chmod 700 vpncmd
cd /usr/local/vpnserver/

b. Use vpncmd

sudo ./vpncmd

c. Respond the echo by

3
check

and press CTRL+Z to exit the vpncmd util.

d. Create the service configuration

sudo nano /lib/systemd/system/vpnserver.service

File content is:

[Unit]
Description=SoftEther VPN Server
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop

[Install]
WantedBy=multi-user.target

e. Finally enable the vpnserver and restart the VM

sudo systemctl enable vpnserver
sudo reboot

f. After the system restart, you can SSH into it and verify the vpn service status using:

systemctl status vpnserver

You should see the "active (running)" that indicates the auto start is successfully configured.