This guide will walk you through step-by-step to install and configure SoftEther VPN on your Windows machine hosting the Universal Office server. Developed and maintained by University of Tsukoba, Japan, SoftEther VPN project provides a secure and robust way to remotely connect to your office network.
SoftEther stands for Software Ethernet is one of the world’s most powerful and easy-to-use multi-protocol VPN software.
SoftEther VPN offers support for its proprietary protocol, as well as widely used protocols like L2TP, SSTP, IPsec, and OpenVPN. By the end of this guide, you’ll have a fully operational L2TP/IPsec VPN server configured on your Windows computer.
For additional information about SoftEther VPN, feel free to visit the official SoftEther VPN Project website.
Before we start, it’s essential to ensure that your environment meets the following prerequisites:
- Your server machine must be running Windows 10 Pro 64-bit or later.
- The server machine must be connected to the router via an Ethernet cable (not Wi-Fi).
- Make sure there are no conflicting VPN software applications installed on the server.
Now that we’ve covered the prerequisites, let’s dive in and set up SoftEther VPN on your Windows server.
Install and Configure SoftEther VPN Server
Step 1: Download SoftEther VPN Server
- On the server computer, head to the SoftEhter Download Center.
- From the Select Component drop-down, select SoftEther VPN Server.
- Then, select Windows from the Select Platform drop-down.
- Download the latest build.
Step 2: Run the Installer
- Locate the installation file and double-click to begin.
- Click Next on the Welcome to the SoftEther VPN Setup step.
Note: If User Account Control pops up, click Yes to allow changes to your device.
- Make sure SoftEther VPN Server is selected, then click Next.
- Read the End User License Agreement, check the box to agree, and click Next.
- Read the Important Notices step, then click Next.
- Keep the default directory, C:\Program Files\SoftEther VPN Server, and click Next.
- On the Ready to Install screen, click Next.
Note: When the installation is completed, the SoftEther VPN Server Manager icon will be added to your desktop.
- On the Setup Finished step, keep the Start the SoftEther VPN Server Manager box checked and click Finish.
Initial Configuration
After installation, you will be prompted with the SoftEther VPN Server Manager window. Your first task will be to set the administrator password, and then the system will guide you through the SoftEther VPN Server Easy Setup process.
- Double-click on the localhost (This server), or click Connect.
- Enter a new password twice, then click OK.
- Click OK to close the SoftEther VPN Server Manager prompt and continue.
- On the SoftEther VPN Server/Bride Easy Setup screen, check the Remote Access VPN Server box, then click Next.
- Click Yes on the SoftEther VPN Server Manager prompt to initialize the VPN Server.
- For Virtual Hub Name, enter SoftEtherHub, then click OK.
- On the Dynamic DNS Function screen, change the Dynamic DNS Hostname and click Set to Above Hostname.
Tip: You will want to make it short and descriptive; use an abbreviated company name. For example, healtrehab or bhclinic. You’ll use this Dynamic DNS Hostname later to connect from remote PCs.
- Click OK to confirm, then click Exit.
- On the IPsec / L2TP / EtherIP / L2TPv3 Server Settings step, check the Enable L2TP Server Function (L2TP over IPsec) box, change the IPsec Pre-Shared Key to something short (up to 9 characters) and memorable.
Tip: This option will enable an additional layer of security to your VPN connections.
- Click OK.
- On the VPN Azure Cloud screen, select Disable VPN Azure, then click OK.
- On the VPN Easy Setup Tasks screen, then click Create Users.
- On the Create New User screen, enter a username and set a password, then click OK.
- Click OK on the confirmation prompt, then clic Exit on the Manage Users screen.
- Back on the VPN Easy Setup Tasks screen, select the ethernet device from the Set Local Bridge section and click Close.
- Click Exit to close the localhost (This server) – SoftEther VPN Server Manager screen, then click Exit SoftEther VPN Server Manager.
Tip: To verify the VPN Server is properly installed, launch Windows Services and check to see that the SoftEther VPN Server service is running.
Step 3: Forward Ports on Router and Add firewall rule
To enable the use of the native Windows VPN on client machines, you’ll need to add a firewall rule on the server computer and forward five specific ports on your router. These adjustments are essential for establishing a dependable and stable VPN connection. Let’s start by adding a firewall rule.
Add firewall rule
For traffic to reach an L2TP/IPsec server, you’ll want to open ports 500/udp, 1701/udp, and 4500/udp in your computer’s firewall.
- In the Windows search box (next to Start), type firewall.
- Select Windows Defender Firewall with Advanced Security.
- In the left pane, click Inbound Rules.
- In the Actions pane on the right, click New Rule….
- In the New Inbound Rule Wizard window, select Port, and click Next.
- In the Protocol and Ports window, select UDP, and in the Specific local ports field, type 500, 1701, 4500 and click Next.
- In the Action window, select Allow the connection, and click Next.
- Check all profiles, and click Next.
- Enter a Name such as L2TP/IPsec, and click Finish.
- Close the Windows Defender Firewall with Advanced Security.
Reserve IP address for the VPN Server machine
To ensure that your VPN server connection remains solid, you will have to reserve or assign a static IP address for the server. This can be done in one of two ways, 1) reserve it on the router, or 2) assign static IP Address to PC.
Set Up DHCP Reservation on router
This is the preferred method to assign a permanent IP address to your VPN Server. If it’s possible on your router, then you will want to go this way.
Follow steps described in the How to Set Up DHCP Reservations (and Never Check an IP Address Again) article.
Assign static IP Address to PC (Windows 10)
In case the option to reserve IP addresses on the router is not available, then follow these steps to set a static IP on the VPN Server.
- Open the Network and Sharing Center.
- Click Change adapter settings.
- Right-click on Wi-Fi or Local Area Connection that is currently connected and select Properties.
- Select Internet Protocol Version 4 (TCP/IPv4), then click Properties.
- Select Use the following IP address.
- Enter the IP address, Subnet mask, Default gateway, and DNS server.
- Click OK.
Forward ports on router
In the last step of setting up VPN Server, you will forward five ports on the router.
You will need to forward the following ports to point to your VPN Server.
- UDP 500
- UDP 1701
- UDP 4500
- TCP 443
- TCP 5555
For instructions on how to forward ports, follow the steps described in the Step 2: Login to your router section in the The Ultimate Guide to Port Forwarding Your Router article.
Congratulations! Your setup is completed and the VPN Server is ready to go.
To set up VPN connection on Client PC, follow the instructions described in the Setup VPN Connection on Client article.
References:
- Seakfind, Windows SoftEther VPN Server. Accessed on September 27, 2023.
- SoftEther Project at University of Tsukuba, VPN Azure Cloud: Connect to the Private Network of Your Office from Home without Firewall Permission. Accessed September 27, 2023.
- SoftEther Project at University of Tsukuba, Setup L2TP/IPsec VPN Server on SoftEther VPN Server. Accessed September 27, 2023.
- Kevin Gut, SoftEther VPN Installation and Configuration Guide. Accessed September 27, 2023.
- Port Forward, How To Forward a Port. Accessed September 27, 2023.
- Unknown author, SoftEther DHCP Bridge. Accessed September 27, 2023.
- Douglas Crawford, How to install and configure SoftEther VPN on Windows. Accessed September 27, 2023.
- CactusVPN, How to set up SoftEther VPN on Window. Accessed September 27, 2023.