Install softether vpn server on ubuntu 16.04+

softether.sh

#!/usr/local/env bash
# Register vultr.com with free credit https://www.vultr.com/?ref=9206731-8H
# Create vps
# Tested on Ubuntu 18.04, Debian 10.0
# How to...
# 1. Save this file as softether-installer.sh
# 2. chmod +x softether-installer.sh
# 3. Run bash file
# > ./softether-installer.sh
# Or just
# > bash softether-installer.sh
# 4. Init config vpnserver
# > /usr/local/vpnserver/vpncmd
# Enter into local server/hub config
# > ServerPasswordSet {yourPassword}
# Then use SoftEther VPN Server Manager to mange your server
# If you have own certificate can load into vpnserver by
# > /usr/local/vpnserver/vpncmd \
# localhost:5555 \
# /SERVER \
# /PASSWORD:"${VPN_PWD}" \
# /CMD ServerCertSet \
# /LOADCERT:/etc/ssl/private/${fullcahin}.pem \
# /LOADKEY:/etc/ssl/private/${privkey}.pem

if [ "$(whoami)" != "root" ]; then
    SUDO=sudo
fi

# Update system
${SUDO} apt-get update && ${SUDO} apt-get -y upgrade

# Get build tools
${SUDO} apt-get -y install build-essential wget curl gcc make wget tzdata git libreadline-dev libncurses-dev libssl-dev zlib1g-dev

# Define softether version
VER=$(curl -s https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/ | egrep -o '(v[0-9]).*(linux-x64-64bit.tar.gz)' | grep vpnserver | head -1)
#VER=$(curl -s https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/ | egrep -o '(v[0-9]).*(linux-x64-64bit.tar.gz)' | grep vpnserver | grep rtm | head -1)

# Get softether source
wget "https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/${VER}" -O /tmp/softether-vpnserver.tar.gz

# Stop service
${SUDO} systemctl stop vpnserver

# Extract softether source
${SUDO} mv /usr/local/vpnserver /usr/local/vpnserver_bak
${SUDO} tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/
${SUDO} cat /usr/local/vpnserver_bak/vpn_server.config > /usr/local/vpnserver/vpn_server.config

# Remove unused file
${SUDO} rm /tmp/softether-vpnserver.tar.gz

# Move to source directory
cd /usr/local/vpnserver

# Workaround for 18.04+
#${SUDO} sed -i 's|OPTIONS=-O2|OPTIONS=-no-pie -O2|' Makefile

# Build softether
./configure && make
${SUDO} make main

# Change file permission
${SUDO} chmod 0600 * && ${SUDO} chmod +x vpnserver && ${SUDO} chmod +x vpncmd

# Link binary files
#${SUDO} ln -sf /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver
#${SUDO} ln -sf /usr/local/vpnserver/vpncmd /usr/local/bin/vpncmd

# Add systemd service
${SUDO} bash -c 'cat <<EOF >/lib/systemd/system/vpnserver.service
[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/usr/local/vpnserver/do_not_run

[Service]
Type=forking
EnvironmentFile=-/usr/local/vpnserver
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/usr/local/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID

[Install]
WantedBy=multi-user.target
EOF'

# Act as router
#echo "net.ipv4.ip_forward = 1" | ${SUDO} tee -a /etc/sysctl.conf
# Tune Kernel
#echo "net.ipv4.ip_local_port_range = 1024 65535" | ${SUDO} tee -a /etc/sysctl.conf
#echo "net.ipv4.tcp_congestion_control = bbr" | ${SUDO} tee -a /etc/sysctl.conf
#echo "net.core.default_qdisc = fq" | ${SUDO} tee -a /etc/sysctl.conf
${SUDO} sysctl --system

# Reload service
${SUDO} systemctl daemon-reload
# Enable service
${SUDO} systemctl enable vpnserver
# Start service
${SUDO} systemctl restart vpnserver

exit 0