Install SoftEther VPN Server on CentOS

This is a guide for installing SoftEther VPN Server on CentOS. SoftEther VPN is a good choice for accessing your local network from a computer outside, or overcoming blocking on your local network. It works much faster than other VPN services but you need a client tool for all advanced features.

 

Preparing

The server requirement:

  • Hardware:
    • A not so bad CPU. Intel Atom CPU is good enough.
    • 256MB RAM, 512MB will be better.
    • 2GB free disk space after OS installed.
  • CentOS
  • A Windows client for running configuration tool.

For who want to choose Ubuntu as server side: The recommended Linux for SoftEther is RHEL, Fedora and CentOS. I’ve tried to install SoftEther VPN Server on Ubuntu Server 14. Some technique problem about firewall (iptables) may occur.

 

For the people in China: A working VPN is required for installing SoftEther server. Some friends said the server will be blocked by GFW while installing oversea. But working with a configured SoftEther VPN Server is allowed.

 

For the people who need to install on Windows Azure: This server cannot support protocols other than TCP and UDP. PPTP (not supported by SoftEther either) and L2TP cannot be supported due to protocol GRE support is lacked. SSTP and SoftEther client software are supported well. And don’t forget to open the port 443 on the management webpage.

 

We will create a VPN server using a subnet 192.168.250.0/24. If this is not acceptable, you need to change all related IP addresses below.

The network interface name should be eth0. If not, you need to change related device name below.

 

CentOS environment adjusting

We need some tools to build and install SoftEther VPN Server.

First, please make sure all components are up to date.

yum update -y

Tools for building executable files are required:

yum groupinstall "Development Tools" -y

Some services for VPN clients should be installed:

yum install dhcp dnsmasq -y

Data forwarding should be enabled by set net.ipv4.ip_forward to 1 in /etc/sysctl.conf.

in file: /etc/sysctl.conf

net.ipv4.ip_forward = 1

Edit dhcpd configuration file to start dhcpd only for VPN clients. In CentOS 7, this step can be skipped.

in file: /etc/sysconfig/dhcpd

DHCPDARGS=tap_vpn

Don’t worry. The tap_vpn will be created by following steps soon.

Adjust dhcpd configuration file like this:

in file: /etc/dhcp/dhcpd.conf

option domain-name "myvpndomain.com";
option domain-name-servers 192.168.250.1, 8.8.8.8;

default-lease-time 600;
max-lease-time 7200;

subnet 192.168.250.0 netmask 255.255.255.0 {
range 192.168.250.10 192.168.250.100;
option routers 192.168.250.1;
}

This dhcpd.conf should be edited carefully. Make sure all semicolons and quotes are written in the right position. The domain-name should be changed into your name specified. If you don’t want to change the default gateway for VPN clients, delete the option routers line. You may want to check the conf file provided by user sigma in the comment area of this article.

For CentOS 7 user: this document is prepared with iptables which is replaced by firewalld in CentOS 7 by default. You can follow this article to make the iptables back. Main commands are listed here.

yum install -y iptables-services
systemctl mask firewalld
systemctl enable iptables
systemctl stop firewalld
systemctl start iptables

If required, add these commands to the end of /etc/sysconfig/iptables to open the ports for SoftEther. You need to change the port numbers below. Each line is for one port. Lines of port 53 are for DNS. You can remove all lines with REJECT and DROP if you want to make it easier.

in file: /etc/sysconfig/iptables

-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

SoftEther VPN Server installing

First, you need to get the address for the right release. Navigate to SoftEther Download Center by your client computer, select the SoftEther VPN Server and your CPU type to get the URL of the latest release.

Download the file into your server by using wget or some other tool you like.

! For example only. You should choose the right CPU version. !

wget http://www.softether-download.com/files/softether/v4.10-9473-beta-2014.07.12-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.10-9473-beta-2014.07.12-linux-x64-64bit.tar.gz

Decompress the downloaded file by using tar.

! For example only. File name should be changed. !

tar zxvf softether-vpnserver-v4.10-9473-beta-2014.07.12-linux-x64-64bit.tar.gz

A folder named vpnserver will be created after decompressing. Let’s make the executable files and change the permissions.

cd vpnserver/
make
cd ..
mv vpnserver /usr/local
cd /usr/local/vpnserver/
chmod 600 *
chmod 700 vpnserver
chmod 700 vpncmd

By making process in current version, you need to answer 1 three times.

Check the NIC name of this server by typing ifconfig. It the name is not eth0, correct it in script below.

Create a script file named vpnserver for handling server instance start and stop.

new file: /etc/init.d/vpnserver

#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
sleep 3
ifconfig tap_vpn 192.168.250.1
iptables -t nat -A POSTROUTING -s 192.168.250.0/24 -o eth0 -j MASQUERADE
service dhcpd restart
service dnsmasq restart
;;
stop)
iptables -t nat -D POSTROUTING -s 192.168.250.0/24 -o eth0 -j MASQUERADE
$DAEMON stop
rm $LOCK
;;
restart)
iptables -t nat -D POSTROUTING -s 192.168.250.0/24 -o eth0 -j MASQUERADE
$DAEMON stop
sleep 3
$DAEMON start
sleep 3
ifconfig tap_vpn 192.168.250.1
iptables -t nat -A POSTROUTING -s 192.168.250.0/24 -o eth0 -j MASQUERADE
service dhcpd restart
service dnsmasq restart
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

Make sure the folder for lock is created.

mkdir /var/lock/subsys

Grant the permission of the file created.

chmod 755 /etc/init.d/vpnserver

Set vpnserver to auto start. There are two hyphens before “add”.

chkconfig --add vpnserver

Start the vpnserver.

service vpnserver start

Some errors will occur related to tap_vpn and dhcp. Don’t worry about that.

Now we set a password for remote management.

cd /usr/local/vpnserver
./vpncmd
... press 1 and press enter ...
... press 2 enters to get the prompt "VPN Server>" ...
ServerPasswordSet
exit

Let’s turn to Windows now. Don’t close the shell or reboot the server.

 

SoftEther VPN Remote Managing

Install SoftEther VPN Server Manager for Windows from SoftEther Download Center.

Create a new server by entering the remote server IP address.

After connected, delete the hub named DEFAULT and create a new one. Check “No Enumerate to Anonymous Users” to protect and hide your server.

Create at least one user account for the Hub created.

Click “Local Bridge Setting” button below. Select the Hub you’ve created, “Bridge with New Tap Device” and type the New Tap Device Name “vpn” (lowercase, without quotes) to create the “tap_vpn” we’ve mentioned twice above. Never use SecureNAT for this hub because it’s not compatible with bridge and sucks currently.

Now you need to go back to the server shell to reboot the whole system.

 

SoftEther VPN Client Optimizing

To make the VPN connection fast and stable, you may want to change some advanced settings in client side.

  • Number of TCP Connections: Set to 8 or above for broadband.
  • Set Connection Lifetime for Each TCP Connection: Check and set to 300.
  • Use Half-Duplex Mode: Check if you can.
  • Disable UDP Acceleration: Check.

 

Future Upgrading

When you need to update the server side, you need to:

Stop the service.

service vpnserver stop

Download the latest version of SoftEther VPN Server and build it.

wget brabrabrabra
tar zxvf brabrabrabra
cd vpnserver
make
chmod 600 *
chmod 700 vpnserver
chmod 700 vpncmd
cp -r * /usr/local/vpnserver/

And start the service again.

service vpnserver start

Choosing server for internet accessing

I’ve tested this on Linode (CentOS x64) and Windows Azure (OpenLogic).

Azure is faster but quite expensive. Linode is a better choice in most cases.

If you want to try Linode, you can choose the cheapest server (Linode 1024). 2TB transferring (output only, input is free) is included in price (10 USD /mo). If you buy Linode for more than 90 days from this link, I’ll get a credit. Thanks for your help lol.

72 thoughts on “Install SoftEther VPN Server on CentOS

  1. Would this work if the VPS server was a bridge to another VPN server? I.e. if on Azure you want a bridge to your headquarters so that the computers at HQ can see all your Azure VLAN machines?

  2. I setup everything as per guide with no problems and can connect to my softether VPS from my Windows home PC using both Softether Server Manager and Client Manager. However, i am now at a loss how to connect my IOS device to the bridge-setup we created, can you assist?

    1. I don’t know there is a client for IOS device. No matter your meaning of IOS device, CISCO or APPLE. Please clear your issue first and let’s try to figure it out.

      1. It is an Apple iPhone 5 that I want to connect (enable VPN). Originally I had setup my server using these instructions (https://www.digitalocean.com/community/tutorials/how-to-setup-a-multi-protocol-vpn-server-using-softether) however, when I connected my iPhone and ran a speedtest it was very slow (1MB D/L speeds). Therefore, I wanted to test your config setup to see if I could get better speeds, but I don’t how to connect my iPhone. On the digital ocean setup it was simple to connect my iphone – I just went into Settings on my iPhone and added a VPN connection using L2TP and it worked. so i just want to get to that stage > connect to iphone > then test speeds.

      2. First, the only possible way for connecting iOS to SoftEther is L2TP currently. The speed is limited coz there is only one active link can be made for each device parallelly. I don’t have any better idea to deal with that.

        For connecting iOS device to SoftEther Server, you need to enable the L2TP from server side by the management client. You will be prompted to input the default switch name for L2TP client (should be VPN if you follow the guide). On the client side, it’s quite same like you did before. PS, you cannot do that without GRE support on your server side, like server in Microsoft Azure.

      3. Ok I turned LT2P on management client server and Enabled SecureNat (it wouldn’t work wtih this disabled). I went back into iphone and setup the VPN. The VPN connected so it is now working. However, yeh the D/L speeds are still 1Mb which is not good! I have been trying to find good resources on the web to help with this prob as I should be getting speeds of at least 8-10Mb D/L (that is the speed i got when I setup and used OpenVPN server).. but wanted to try Softether because it is free

      4. First, SecureNAT should be disabled, or you will may face on high CPU usage and other related issues. Using internal IP package forwarding instead.

        Network speed is limited by server’s and your ISP, as well as the technic you’ve chosen. OpenVPN is not supported on iOS officially.

  3. On a previous build I did try your suggestion and disabled SecureNAT and setup IP package forwarding.. however, when I got it all to work the speeds were still around 1Mb — so it seems something is throttling my speed with the softether solution . I am still using the same ISP and VPS server when i was getting those faster speeds on OpenVPN. It would be good to resolve as I really like using the front-end apps for S/Ether.

  4. HI,
    i’ve a problem with Azure(openlogic), when i run “chkconfig –add vpnserver” the result is “service vpnserver does not support chkconfig”.
    I followed all the steps.

    Can you help me?
    Regards,
    Daniel

    1. Hi. Please make sure the file vpnserver is created in /etc/init.d. The file should be started with # without any empty line above.
      Function of “chkconfig -add” is add the service to auto start only. You can do that by adding a command for starting service in rc.local.

      1. I can connect to the vpn normally using l2tp from my mac , but i can’t use the internet while i am on the vpn .

      2. 1 Have you choose to “Send all traffic over VPN connection” in “Advanced…” of that VPN connection setting?
        2 Have you enable IPv4 Routing on VPN server? “net.ipv4.ip_forward = 1”

  5. hi
    I have a Problem.I’ve followed all the steps on the server part,and there was no problem.
    but when I try to coonect to my server for remote managing through server manager program,it says connection to server fails…
    what should i do?

    1. You can try to test the network connectivity first, like a ping test if it’s not blocked. Or, if you can use SSH to connect your server, this step can be skipped.

      If your server is protected with firewall, you may check your firewall rules.

  6. Helo, I have a physical TP-Link TL-WDR4300 router wich allocates private ips 172.16.0.100-200. to the clients.

    Router ip is 172.16.0.1 ofc.

    In the network behind this router I have:
    -a desktop computer 172.16.0.100
    -a laptop 172.16.0.101
    -a centos 6.5 x64 server 172.16.0.102 where I installed the latest build of

    Softether VPN server. There in only one physical NIC: eth0.
    On this server there is a hard drive with some documents and music. I have

    installed also Samba server on centos to be able to share the hard drive

    content into LAN. I can connect very easy from my desktop and laptop(windows 7

    and 8 respectivelly), just point to \\172.16.0.102 and I can access the content

    very easy, works like a charm.

    All these stations behind the router gets the private ips from router’s DHCP.

    I want to access the samba content from outside my LAN and that’s why I want to

    set the Softether IPSEC VPN server to be able to do that.

    The installation process of the Softether server looks fine but I have problems

    with the configuration. I’ve tried using secureNAT and LocalBridge also. Once

    connected from outside, I can access shared folders from desktop (100) and

    laptop (101) but NOT from the server (102) doesn’t matter the server

    configuration. Also, there is no problem with the samba server!

    After the server installation and some tests I have followed the intruction

    from https://www.scribd.com/doc/187770965/Local-Bridge-Setup-Softether-on-

    CENTOS to configure the server. Unfortunately, is not working and the server is

    not responsive, sometimes is freezing….

    The latest chance is to use this tutorial from here where the Softether server

    is set to RUN USING localbridge but I have some problems understanding stuff:

    First I can see that I have to install a dhcp server (I suppose for getting an

    ip for the vpn client, I don’t understand WHY is needed as long as on a Windows

    Softether server you don’t need)

    -in file: /etc/dhcp/dhcpd.conf



    subnet 192.168.250.0 netmask 255.255.255.0 {
    range 192.168.250.10 192.168.250.100;
    option routers 192.168.250.1;
    }

    # Do I have to replace this class written here with mine? (172.16.0.0) ??????
    # Also range? The range have to be the same with physical TPlink router, or different ??????

    -new file: /etc/init.d/vpnserver



    ifconfig tap_vpn 192.168.250.1
    #also here this ip must be replaceD with 172.16.0.1 ????
    iptables -t nat -A POSTROUTING -s 192.168.250.0/24 -o eth0 -j MASQUERADE
    #also here this /24 class must be replaced with 172.16.0.0/24 ????

    Please Sir you are my last hope, I just want to access the centos resources securely.

    Any advise will be VERY HIGH APPRECIATED.

    THANKS IN ADVANCE!!!!!!!!!!!!!!11

    1. The IP address and range is for the virtual network created by SoftEther only. It should not be the same as your network. In fact, I choose 192.168.250.x just for getting avoid of common IP addresses.

      If you can get the IP from SoftEther, which should be 192.168.250.x, nothing is wrong with the DHCP server setting. BTW, some settings may block your access to the same computer with a IP from LAN. In your case, you may not able to access 172.16.0.102 from the SoftEther client. Instead, you can try to navigate 192.168.250.1 instead from client. 192.168.250.1 is the IP address set to SoftEther Server as a virtual IP, which should be accessed by VPN clients.

  7. Thank you very much Mister Allen, it works very smooth. On the client side I get 192.168.250.10 from the virtual dhcp and then I can access samba share \\192.168.250.1. Also, is working very well also by real private ip \\172.16.0.102 and there are no problems from the LAN, from 100 and 101 samba share is working like before.

    What can I say, your tutorial here is VERY GOOD, thank you VERY MUCH from your very fast reply and for the additional explanations!
    I asked also on Official Softether forums, nobody answered, them support is ZERO.

    Really appreciated,

    Best regards,

    sigma

    1. You’re welcome.

      BTW, if you don’t want all traffics from your VPN clients go though your server, you can delete the line “option routers 192.168.250.1;” in dhcp configuration file and restart the VPN service.

  8. Thanks so much for the tip. I already solved this problem by pushing a high manual metric to the virtual adapter because once connected, I want to keep my internet connection on the client side:
    http://qs.lc/sigma/8yx.png
    I’ll try this way also.
    Still, I prefer to use this metric trick because sometimes I connect to the server using my Lumia 520 and in that case, I want the public server IP (true VPN)
    Thanks again!

    1. You may ask the author directly for this lol.
      SoftEther supports sstp & l2tp for compatible reason. You should consider to use the native protocol as well.

  9. Me again mister Allen. I deleted option routers 192.168.250.1 on a different server because I want just an access VPN type. The problem is once connected, I can direct access only the server but not the other machines from that network.
    Every time the windows clients have to add the route t be able to access all the network resources.
    route add 172.16.0.0 mask 255.255.255.0 192.168.250.1 (just an example)

    I tried different solutions to push routes in the softether configuration even in dnsmasq configuration as well. Nothing works from what I’ve tested, no effect at all….
    There is a “Static routing table to push” very clear option on SecureNAT configuration which probably works but I DON’T WANT to use SecureNAT instead of local bridge……

    Any advise is highly appreciated.

    Best regards,

    sigma

  10. Doesn’t matter how I open the softether client (as admin or not), I have to manually route add all the routes I need after connected to server.
    So my question is where exactly do I have to declare those routes (in softether vpn server config or in dnsmasq config??) in order to work. Once connected to server, all the routes must work without to add them manually on the client side…..
    Many thanks in advance!

    sigma

    1. And, from a documentation of DDWRT, i found a piece of word about “Extra DNSMasq” options may useful for you:

      dhcp-option=121,x.x.x.x/yy,z.z.z.z
      Where x.x.x.x is the destination LAN, yy is the CIDR notation (usually /24), and z.z.z.z is the host which will do the routing.

  11. Yes I already tried that option

    dhcp-option=121,x.x.x.x/yy,z.z.z.z
    I added the above line in the following files and then I have restarted the vpn service
    /etc/dhcp/dhcpd.conf – DHCP is not starting anymore, failed on start
    /etc/dnsmasq.conf DHCP is starting with no effect

    I was hopping that I can find a solution but unfortunately it doesn’t exists.

    Thanks.

    1. Dhcp failed to start due to a wrong conf file. You may need to check it carefully. The command for dnsmasq is different than dhcpd.

  12. in file: /etc/dhcp/dhcpd.conf

    #
    # DHCP Server Configuration file.
    # see /usr/share/doc/dhcp*/dhcpd.conf.sample
    # see ‘man 5 dhcpd.conf’
    option domain-name “gigel.eu”;
    option domain-name-servers 192.168.250.1, 8.8.8.8;

    default-lease-time 600;
    max-lease-time 7200;

    option ms-classless-static-routes code 249 = array of integer 8;
    #option rfc3442-classless-static-routes code 121 = array of integer 8;

    subnet 192.168.250.0 netmask 255.255.255.0 {
    range 192.168.250.10 192.168.250.100;

    option ms-classless-static-routes 24, 172, 17, 18, 192, 168, 250,1;
    #route add 172.17.18.0/24 192.168.250.1 above line pushes this route to the client
    }

    Well, after so many spent hours over the Internet I finally found the trick. This config pushes the route to the client FOR REAL, there is no need anymore to manually route add on the client side.
    As you can see it is very easy, two more lines over your original file. I’ve tried also using 121 RFC3442 option but is not working at all.

    I am using win 8.1 x64 update 1 on the client side but I suppose is working on Win 7 as well.

    You may edit your tutorial based on my tests.

    Best regards from Romania,

    sigma

  13. hello every one 1st this is very easy thank you author. next i want know how i can i know the people who using my free vpn . is not doing some crime using my vpn please help

    thank you

    1. Softether doesn’t provide you a tool to trace network flow from your clients. You need to use another solution for that.

  14. Can you use all of this to bypass isp login page so you could get free internet by sending all the traffic to the vpn server

      1. If you need to create a new one, you need to select one Hub in SoftEther VPN Server Manager, click Manage Virtual Hub, click Manage Users, click New to create one.

  15. HELLO FRIENDS
    CAN ANYONE HELP ME TO GET USERNAME AND PASSWORD OR HOW TO CREATE AN ACCOUNT WITH SoftEther VPN Server …. thank you

    1. There is no way to get the password of users stored in SoftEther VPN Server. If you need to create a new one, you need to select one Hub in SOftEther VPN Server Manager, click Manage Virtual Hub, click Manage Users, click New to create one.

      1. Allen Please can you help me , creating username and password for me?
        any user name please …

      2. To create a user, the operator need the SoftEther management password. It’s unwise to tell it to irrelevant people. And I don’t provide such a service.

      3. I don’t know what you mean. Why you are interested in internal networking of my company and want to login into it remotely? If you are our staff from oversea branch, you’d better submit your request directly to the Operating & Maintenance division in your branch, who will route your request to me internally.

      4. Please i install SoftEther VPN on my PC , the software now asking me user and password, please where can i create that ..?

      5. On the target server you want to connect, which should be controlled by Operating & Maintenance division of your company or the owner of that server.

      6. i thought SoftEther VPN belong to your company,nd i was just asking you to create username and password for me, on the SoftEther VPN software setup….

  16. I have set up softether vpn with virtual hub that I am able to use to bypass my ISP portal for free internet using the “vpn over DNS” feature. This works fine sometimes but the problem is that I mostly need to connect to a working internet connection and then disconnect it before I connect to the ISP internet that I want to bypass.
    A friend has a similar set up which works fine, he is able to connect straight away anytime he wants to, he does not want to enlighten me on what I am doing wrong. I wish there’s a way you can take a look at my set up and see if there’s something I’m doing wrong.

    Everything works when I connect with a few minutes interval of a connection but after about 5 minutes of disconnection, if I try to connect again, I get “protocol Error”, if this happens, I connect to a working internet connection and then disconnect and connect directly to my ISP blocked connection before the connection works.

    I really need help with this, I set up the server exactly as you outlined above.

  17. Hello again. I have several problems with a new installation on centos 7.1 minimal this time. On centos 6 was working like a charm but on centos7 can’t make HDCP server to work. It is just not starting because in file: /etc/sysconfig/dhcpd you can not put anymore DHCPDARGS=tap_vpn. First time I ignore it, then I have followed the instructions provided in file to edit /etc/systemd/system/dhcpd.service where i put tap_vpn as interface name. Doesn’t matter what I do the dhcp service doesn’t want to start:

    # journalctl -xn
    Sep 15 23:04:08 localhost.localdomain dhcpd[17418]: have been made to the base software release in order to make
    Sep 15 23:04:08 localhost.localdomain dhcpd[17418]: it work better with this distribution.
    Sep 15 23:04:08 localhost.localdomain dhcpd[17418]:
    Sep 15 23:04:08 localhost.localdomain dhcpd[17418]: Please report for this software via the CentOS Bugs Database
    Sep 15 23:04:08 localhost.localdomain dhcpd[17418]: http://bugs.centos.org/
    Sep 15 23:04:08 localhost.localdomain dhcpd[17418]:
    Sep 15 23:04:08 localhost.localdomain dhcpd[17418]: exiting.
    Sep 15 23:04:08 localhost.localdomain systemd[1]: dhcpd.service: main process exited, code=exited, status=1/FAIL
    Sep 15 23:04:08 localhost.localdomain systemd[1]: Failed to start DHCPv4 Server Daemon.
    — Subject: Unit dhcpd.service has failed
    — Defined-By: systemd
    — Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

    — Unit dhcpd.service has failed.

    — The result is failed.
    Sep 15 23:04:08 localhost.localdomain systemd[1]: Unit dhcpd.service entered failed state.

    # cat /var/log/messages
    Sep 15 23:06:38 localhost systemd: Starting DHCPv4 Server Daemon…
    Sep 15 23:06:38 localhost dhcpd: Internet Systems Consortium DHCP Server 4.2.5
    Sep 15 23:06:38 localhost dhcpd: Copyright 2004-2013 Internet Systems Consortium.
    Sep 15 23:06:38 localhost dhcpd: All rights reserved.
    Sep 15 23:06:38 localhost dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Sep 15 23:06:38 localhost dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
    Sep 15 23:06:38 localhost dhcpd: Wrote 0 leases to leases file.
    Sep 15 23:06:38 localhost dhcpd:
    Sep 15 23:06:38 localhost dhcpd: No subnet declaration for tap_vpn (no IPv4 addresses).
    Sep 15 23:06:38 localhost dhcpd: ** Ignoring requests on tap_vpn. If this is not what
    Sep 15 23:06:38 localhost dhcpd: you want, please write a subnet declaration
    Sep 15 23:06:38 localhost dhcpd: in your dhcpd.conf file for the network segment
    Sep 15 23:06:38 localhost dhcpd: to which interface tap_vpn is attached. **
    Sep 15 23:06:38 localhost dhcpd:
    Sep 15 23:06:38 localhost dhcpd:
    Sep 15 23:06:38 localhost dhcpd: Not configured to listen on any interfaces!
    Sep 15 23:06:38 localhost dhcpd:
    Sep 15 23:06:38 localhost dhcpd: This version of ISC DHCP is based on the release available
    Sep 15 23:06:38 localhost dhcpd: on http://ftp.isc.org. Features have been added and other changes
    Sep 15 23:06:38 localhost dhcpd: have been made to the base software release in order to make
    Sep 15 23:06:38 localhost dhcpd: it work better with this distribution.
    Sep 15 23:06:38 localhost dhcpd:
    Sep 15 23:06:38 localhost dhcpd: Please report for this software via the CentOS Bugs Database:
    Sep 15 23:06:38 localhost dhcpd: http://bugs.centos.org/
    Sep 15 23:06:38 localhost dhcpd:
    Sep 15 23:06:38 localhost dhcpd: exiting.
    Sep 15 23:06:38 localhost systemd: dhcpd.service: main process exited, code=exited, status=1/FAILURE
    Sep 15 23:06:38 localhost systemd: Failed to start DHCPv4 Server Daemon.
    Sep 15 23:06:38 localhost systemd: Unit dhcpd.service entered failed state.

    The tap_vpn adapter is present because I already created it from softether manager:

    # ifconfig
    enp2s0: flags=4163 mtu 1500
    inet 172.16.0.106 netmask 255.255.255.0 broadcast 172.16.0.255
    inet6 fe80::d250:99ff:fe39:c16a prefixlen 64 scopeid 0x20
    ether d0:50:99:39:c1:6a txqueuelen 1000 (Ethernet)
    RX packets 144901717 bytes 17582386256 (16.3 GiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 236151541 bytes 330051971842 (307.3 GiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    lo: flags=73 mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10
    loop txqueuelen 0 (Local Loopback)
    RX packets 586307 bytes 6013502999 (5.6 GiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 586307 bytes 6013502999 (5.6 GiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    tap_vpn: flags=4163 mtu 1500
    inet 192.168.250.1 netmask 255.255.255.0 broadcast 192.168.250.255
    inet6 fe80::2ac:7bff:fee9:f7ec prefixlen 64 scopeid 0x20
    ether 00:ac:7b:e9:f7:ec txqueuelen 500 (Ethernet)
    RX packets 780 bytes 67080 (65.5 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 1954 bytes 161772 (157.9 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    PLEASE EXCEPT MY APOLOGIES FOR THIS VERY LONG POST, I CAN NOT FIND A SOLUTION AND LIKE ALWAYS THIS IS THE BEST PLACE WHERE I CAN ASK.

    MANY THANKS IN ADVANCE!

  18. it was a local problem with my centos 7 installation. In centos 7 if you open the file: /etc/sysconfig/dhcpd
    you will see some additional explanations which says that anything you want to add to this file like DHCPDARGS=tap_vpn should be added into a different file: you have already written all the commands but are commented #. It is totally bullshit, it is not working. Stick to the old method which is explained into this tutorial and put DHCPDARGS=tap_vpn at the end of the file. In a normal centos 7 install should work. Connect to your server by server manager and create a local bridge adapter called vpn (prefix tap_ will be added automatically).
    You may delete my previous post, it was a mistake and it is not related to this tutorial.

    Best regards.

  19. I followed everything carefully. Softether works fine as I am able to connect to the server from the client machine but I am not being issued an IP and when I run service vpnserver restart to start the Softether on the server side this is the output I get.

    [root@sv3 ~]# service vpnserver restart
    Stopping the SoftEther VPN Server service …
    SoftEther VPN Server service has been stopped.
    The SoftEther VPN Server service has been started.
    Starting dhcpd: [FAILED]
    dnsdomainname: Unknown host
    dnsdomainname: Unknown host

    dnsdomainname: Unknown host
    Starting dnsmasq:
    dnsmasq: failed to create listening socket: Address already in use
    [FAILED]

    1. For the dhcpd error: double check the conf file of dhcpd. Type everything yourself. Don’t copy it from web, especially from Windows.
      For dnsmasq: It seems that your server has some predefined setting about dnsmasq, bind9 or something like that.If you have a working instance of bind9 (or something else), you can remove dnsmasq and change the script of vpnserver to use bind9 (or something else) instead.

  20. ifconfig is NOT installed in CentOS 7 by default, and it’s required to assign IP to tap_vpn.
    Run “yum install net-tools”

    1. There is no release of SoftEther client on Android. But you can use L2TP to connect to the remote SoftEther server.

Leave a Reply

Your email address will not be published. Required fields are marked *