-
-
Save umardx/8c260b996600c09fed9e12420d3aa244 to your computer and use it in GitHub Desktop.
Install softether vpn server on ubuntu 16.04+
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/env bash | |
| # Update system | |
| apt-get update && apt-get -y upgrade | |
| # Get build tools | |
| apt-get -y install build-essential wget curl | |
| # Define softether version | |
| RTM=$(curl http://www.softether-download.com/files/softether/ | grep -o 'v[^"]*e' | grep rtm | tail -1) | |
| IFS='-' read -r -a RTMS <<< "${RTM}" | |
| # Get softether source | |
| wget "http://www.softether-download.com/files/softether/${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-${RTMS[4]}/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-${RTMS[0]}-${RTMS[1]}-${RTMS[2]}-${RTMS[3]}-linux-x64-64bit.tar.gz" -O /tmp/softether-vpnserver.tar.gz | |
| # Extract softether source | |
| tar -xzvf /tmp/softether-vpnserver.tar.gz -C /usr/local/ | |
| # Remove unused file | |
| rm /tmp/softether-vpnserver.tar.gz | |
| # Move to source directory | |
| cd /usr/local/vpnserver | |
| # Build softether | |
| make i_read_and_agree_the_license_agreement | |
| # Change file permission | |
| chmod 0600 * && chmod +x vpnserver && chmod +x vpncmd | |
| # Link binary files | |
| ln -s /usr/local/vpnserver/vpnserver /usr/local/bin/vpnserver | |
| ln -s /usr/local/vpnserver/vpncmd /usr/local/bin/vpncmd | |
| # Add systemd service | |
| cat <<EOF >/lib/systemd/system/vpnserver.service | |
| [Unit] | |
| Description=SoftEther VPN Server | |
| After=network.target | |
| ConditionPathExists=!/usr/local/vpnserver/do_not_run | |
| [Service] | |
| Type=forking | |
| ExecStart=/usr/local/vpnserver/vpnserver start | |
| ExecStop=/usr/local/vpnserver/vpnserver stop | |
| KillMode=process | |
| Restart=on-failure | |
| # Hardening | |
| PrivateTmp=yes | |
| ProtectHome=yes | |
| ProtectSystem=full | |
| ReadOnlyDirectories=/ | |
| ReadWriteDirectories=-/usr/local/vpnserver | |
| CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| # Act as router | |
| echo net.ipv4.ip_forward = 1 | sudo tee -a /etc/sysctl.conf | |
| sysctl -p | |
| # Reload service | |
| systemctl daemon-reload | |
| # Enable service | |
| systemctl enable vpnserver | |
| # Start service | |
| systemctl restart vpnserver | |
| # vpncmd | |
| # ServerPasswordSet yourPassword | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment