SoftEther VPN l2tp/ipsec on Turris Omnia

I wrote a manual to install and setup SoftEther VPN on the Turris Omnia router in order to establish a l2tp/ipsec VPN connection to the router. You can find it here:
https://www.turris.cz/doc/en/public/softethervpn

1 Like

Are You able to connect to VPN also from Android? I followed Your guide and I can access VPN only from Windows, not from Android 5.1.

Hello Quba,

I’m sorry, I don’t own any android device so I can’t help you.

Kind regards,

Marc

before starting your android connection (via 3g/4G !!!) open the log and monitor the connection error:
root@LXC-omnia:~# tail -f /usr/local/vpnserver/server_log/vpn_20170712.log

vpn_20170712.log is for today log - tomorrow you’ll have vpn_20170713.log etc…

after you see the error post it here

Thanks for replies. It seems that problem is in my Android phone. It is not able to connect to my VPN but another one can.

Anyone tried compile it for Turris 1.0/1.1 which source code should I get ? For Omnia there is arm version but which one is right for Freescale processor ?

I tried somehow follow your great guide and tried compile on Turris 1.0 in debian LXC container that I have already build for previous experiments. For Turris 1.0. I downloaded softether-vpnserver-v4.22-9634-beta-2016.11.27-linux-powerpc-32bit.tar.gz as Freescale P2020 processor should be PowerPC architecture. After make command I get errors but files vpncmd and vpnserver were build by gcc compiler.

-rwxr-xr-x 1 root root 3976468 Aug 1 16:12 vpncmd
-rwxr-xr-x 1 root root 3976528 Aug 1 16:12 vpnserver
root@debian:~/vpnserver#

make[1]: Entering directory '/root/vpnserver’
Preparing SoftEther VPN Server…
ranlib lib/libcharset.a
ranlib lib/libcrypto.a
ranlib lib/libedit.a
ranlib lib/libiconv.a
ranlib lib/libncurses.a
ranlib lib/libssl.a
ranlib lib/libz.a
ranlib code/vpnserver.a
gcc code/vpnserver.a -O2 -fsigned-char -pthread -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a -o vpnserver
ranlib code/vpncmd.a
gcc code/vpncmd.a -O2 -fsigned-char -pthread -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a -o vpncmd
./vpncmd /tool /cmd:Check
"vpncmd": Command not found.
You can use the HELP command to view a list of the available commands.
Makefile:18: recipe for target ‘i_read_and_agree_the_license_agreement’ failed
make[1]: *** [i_read_and_agree_the_license_agreement] Error 117
make[1]: Leaving directory '/root/vpnserver’
root@debian:~/vpnserver#

Hello Twinkie,

I’m not familiar with the Turris 1.0, so I can’t help yoy with your problem.

I was able to compile both essential binaries vpncmd and vpnserver and seems that vpnserver could run as following your guide i get log file entries like this :

2017-08-01 21:17:29.376 ------------------------------------------------------
2017-08-01 21:17:29.376 SoftEther VPN Server Version 4.22 Build 9634 (English)
2017-08-01 21:17:29.376 Compiled 2016/11/27 15:23:56 by yagi at pc30
2017-08-01 21:17:29.376 Log Messages are written with UTF-8 Encoding Format.
2017-08-01 21:17:29.376 The SoftEther VPN Server has been started.
2017-08-01 21:17:29.376 IPsec Module: The IPsec ver 2.0 (ISAKMP/IKEv1) processing module is started.
2017-08-01 21:17:29.376 OpenVPN Module: The OpenVPN Server Module is starting.
2017-08-01 21:17:29.406 Loading the configuration file.
2017-08-01 21:17:29.436 Monitoring the directory “/usr/local/vpnserver”. If the amount of available free disk space becomes less than 138241687546550617897109934511212682467025811621259479569483307, the backup files for log files and configurations that are saved on the sub-directories of this directory will be automatically deleted in the order of oldest first. The amount of free disk space that determines when to start deletion can be modified by changing the “AutoDeleteCheckDiskFreeSpaceMin” item in the configuration file.
2017-08-01 21:17:29.436 Virtual Hub “DEFAULT” has been started.
2017-08-01 21:17:29.436 The MAC address of Virtual Hub “DEFAULT” is “00-AE-DC-44-DD-E2”.
2017-08-01 21:17:29.436 [HUB “DEFAULT”] The Virtual Hub is now online.
2017-08-01 21:17:29.436 TCP Listener (port 443) is starting.
2017-08-01 21:17:29.436 TCP Listener (port 443) has started. Now listening for connection from client.
2017-08-01 21:17:29.436 TCP Listener (port 992) is starting.
2017-08-01 21:17:29.436 TCP Listener (port 992) has started. Now listening for connection from client.
2017-08-01 21:17:29.436 TCP Listener (port 1194) is starting.
2017-08-01 21:17:29.446 TCP Listener (port 1194) has started. Now listening for connection from client.
2017-08-01 21:17:29.446 TCP Listener (port 5555) is starting.
2017-08-01 21:17:29.446 TCP Listener (port 5555) has started. Now listening for connection from client.
2017-08-01 21:17:29.446 The configuration file has been loaded.
2017-08-01 21:17:29.446 Starting the automatically saving background task. The interval between auto-saves is 300 seconds. You can change the interval by changing the parameter AutoSaveConfigSpan in the configuration file.

but I am unable to run vpncmd tool properly somehow as instead console it just give error

root@debian:/usr/local/vpnserver# ./vpncmd
"vpncmd": Command not found.
You can use the HELP command to view a list of the available commands.
root@debian:/usr/local/vpnserver#

So the ./vpncmd is run but then end up somehow. Or to me it looks like vpncmd call some other command, that is not present in my debian LXC

root@debian:/usr/local/vpnserver# ps -x
PID TTY STAT TIME COMMAND
1 ? Ss 0:06 /lib/systemd/systemd --system --deserialize 17
67 ? Ss 0:00 /usr/sbin/cron -f
75 ? Ss 0:00 /lib/systemd/systemd-logind
94 console Ss+ 0:00 /sbin/agetty --noclear --keep-baud console 115200,384
3692 ? Ss 0:00 /lib/systemd/systemd-journald
6120 ? Ss 0:00 /lib/systemd/systemd-udevd
11189 ? Ssl 0:02 /usr/sbin/rsyslogd -n
11262 ? S 0:00 nginx: master process /usr/sbin/nginx -g daemon on; m
13154 ? Ss 0:00 /usr/sbin/sshd -D
13332 ? Ss 0:00 /usr/sbin/vsftpd /etc/vsftpd.conf
13490 ? S<s 0:00 /usr/local/vpnserver/vpnserver execsvc
13491 ? S<l 0:10 /usr/local/vpnserver/vpnserver execsvc
13751 ? S 0:00 /bin/bash
14139 ? R+ 0:00 ps -x

Okay so it seems that on blue Turris 1.0 i was able to make softether daemon work in debian LXC container by following marck48 guide. Unfortunatelly softether console command vpncmd is not usable even it was compiled and built. It is still possible to configure server settings much more comfortably from Softether VPN Server Manager for windows application which is great. It will be even better if turris team make softether as standalone turris openwrt package for both blue turrises and omnias so more people can use it easily and it should not be much difficult as softether was already ported to openwrt according to this https://wordpress.tirlins.com/2015/03/setting-up-softether-vpn-on-openwrt/ If someone ask why and what is this good for, bear in mind that softether allow you to interconnect various networks over VPN which could be handy if you work for some company with hostile network security. Even when all ports except 80 and 443 are closed on company firewal proxy, softether can pass traffic through which is something not easily doable with other VPN software.

1 Like