SoftEther VPN Ubuntu/Linux Client Configuration behind HTTP Proxy.

SoftEther VPN is one of the alternatives of OpenVPN. The SoftEther Project is maintained by University of Tsukuba.

Why not OpenVPN?

I started using SoftEther VPN because of the poor performance of OpenVPN over TCP especially when you are behind a http proxy. The reason for this is OpenVPN's use of single TCP connection. The http proxy load balances the TCP connections so basically you get a poor speed on a single TCP connection as compared to others who are browsing without a VPN and using 6-8 parallel connections.

SoftEther can use multiple TCP connections to boost the overall speed. I got a 3x speed boost by using multiple TCP connections ( 32 Mbps Down & 12 Mbps Up ).

I used to reside in a university campus where my only access to Internet was through a proxy server which was listening on port 3128. All other ports were blocked.

The problem with the Linux VPN client of SoftEther is that it does the minimal that it should do i.e. only connecting to the server and setting up a virtual network interface. You will have to configure your routing tables and DNS settings appropriately to make it work properly.
I assume that you are having the Domain Name/IP address of a Soft Ether VPN Server( you can get one from http://www.vpngate.com ). I will use the vpn613096262.opengw.net:443 for this post.

So Lets Start.

  1. Download the vpn client package from SoftEther website for your distribution.

  2. Extract the package
    $ tar -xvf softether-vpnclient-v4.14-9529-beta-2015.02.02-linux-x64-64bit.tar.gz

  3. Run Make and then run the VPN client.

    $ cd vpnclient
    $ make
    $ sudo ./vpnclient start
    
  4. Run vpncmd, create a new NIC.
    • Select 2 “Management of VPN Client”.
    • Don’t enter anything in the hostname, just press enter, it will take the default value “localhost”
    • Enter $ VPNCLIENT> niccreate se
  5. Enter $ VPNCLIENT > AccountCreate server1
    • Enter the server’s host name and port in the format : For eg. vpn613096262.opengw.net:443
    • Enter the Virtual Hub Name as "VPNGATE" if you are using * Vpngate or as configured on the server.
    • Enter the username : "vpn" for VPNGATE or as configured on the server.
    • Enter the Virtual Network Adapter name : se
  6. Set the password by
    • $ VPNCLIENT>AccountPasswordSet server1 /PASSWORD:vpn /TYPE:standard
    • If you are behind an HTTP Proxy, you need to set the proxy for the account. $ VPNCLIENT> AccountProxyHttp server1 /SERVER:202.141.80.19:3128 /USERNAME:user /PASSWORD:pass
  7. Connect to the server

    • $ VPNCLIENT> AccountConnect server1
    • You can check the status of the connection by $ VPNCLIENT> accountlist. You should see Connected in the status field.

    Now that you are connected, you will need to get the ip address from the server and set the routes appropriately.

  8. Getting the IP address.
    • $ sudo dhclient vpn_se (Yes it is “vpn_se” not “se”)
    • You can check the alloted ip address by $ ip addr show vpn_se
  9. Get the local ip of the VPN server by $ ip neigh
    It will have the interface vpn_se. If you don’t find any entry with vpn_se. Try the first or last ip address of your local ip range. For eg. if by $ ip addr show vpn_se you got that your ip is 10.211.1.7/16, then first ip in the subnet is 10.211.0.1, the last is 10.211.254.254. For most of the vpngate servers, last ip is the local ip of the vpn server. Now that you have the local ip of the vpn server call it vpn_server_local_ip.
  10. Now we have to add a route to VPN server via your original gateway, and modify the default route to use the VPN NIC and VPN gateway( vpn_server_local_ip ).
  11. Before we tweak the routing table, enable ip forward in "/etc/sysctl.conf" by adding line net.ipv4.ip_forward=1 to the file and load it by and load it by $ sysctl -p
  12. Now we are going to change the routing table.
    • To get your default gateway $ route-n. The gateway corresponding to 0.0.0.0 is the default gateway.
    • Now we have default gateway, vpn_server_local_ip. We need the remote_ip to which vpn client connects to. If you are not behind proxy, get the ip address of the remote vpn server, you can get this by using this site and this will be your remote_ip
    • If you are behind proxy, your proxy server address is your remote_ip
  13. Now we are set to setup routing tables, replace the fields appropriately.

    $ ip route add remote_ip via default_gateway dev wlan0 proto static
    $ ip route del default
    $ ip route add default via vpn_server_local_ip dev vpn_se
    

    For my case these commands were

    $ ip route add 202.141.80.19 via 192.168.1.1 dev wlan0 proto static
    $ ip route del default
    $ ip route add default via 10.211.254.254 dev vpn_se
    
  14. Final step, configure the DNS.

    $ sudo su
    $ echo "nameserver 8.8.8.8" >> "/etc/resolv.conf"
    

Note - To get back your default routing table i.e. after you disconnect from vpn, restart the network service

sudo service network-manager restart

The tedious way of doing this is to delete all the routes that you have setup.

comments powered by Disqus