A few prerequisites

  • Router must have at least ~8MB free space (preferrably extroot)
  • Must have at least 32MB of RAM and swap on

In my case I’m running

  • OpenWRT Barrier Breaker 14.07 x86 on Virtaulbox with 256MB RAM.

This configuration has been tested on these routers

  • TP-Link TL-WR842N/ND v2 (3GB extroot, 512MB swap) ar71xx
  • Asus RT-N14U (1,5GB extroot, 512MB swap) RAMIPS

I assume that you have met the prerequisites stated above, therefore in this guide I will not tell how to configure your router with extroot and swap.

Softether needs a few packages to work correctly, therefore we have to install them

opkg update
opkg install zlib libpthread librt libreadline libncurses libiconv-full kmod-tun libopenssl

The packages take up approximately 2,5MB of free space.

002

After the depending packages have been installed there are two ways to install softether

  • Using precompiled binary packages from mikmoe or my webpage, please note that only ar71xx and brcm47xx is available from mikmoe and atheros, ramips, brcm63xx, x86 is available from my webpage , therefore if your router has any other chipset such as lantiq you have to compile the packages yourself. If you have ar71xx, brcm47xx, ramips, brcm63xx, atheros feel free to skip PART 2a of this guide and continue with installing the package by following PART 2b.
  • Compiling the packages yourself.

PART 2a – Compiling Softether for your router
Prerequisites: PC or VM with Debian based distribution, ~5GB of space.
Connect to the PC on which you are going to compile.
To compile packages on Debian based distribution you have to install specific packages.

sudo apt-get update
sudo apt-get install -y subversion make gcc g++ libncurses5-dev libghc-zlib-dev libreadline-dev libssl-dev gawk bzip2 patch xz-utils git unzip

Clone OpenWRT Buildroot
git clone git://git.openwrt.org/14.07/openwrt.git ./barrier_breaker
cd barrier_breaker

Add Softether for OpenWRT repository to OpenWRT Buildroot feeds file
echo "src-git softethervpn https://github.com/el1n/OpenWRT-package-softether.git" >> feeds.conf.default

Update OpenWRT SDK feeds and install softether into OpenWRT SDK.
./scripts/feeds update
./scripts/feeds install softethervpn

Make default configuration for OpenWRT SDK
make defconfig

Configure architecture and which packages to compile
make menuconfig

Choose the target system by clicking enter while on “Target System”, in my case it is x86.
003
Choose the architecture and press ENTER
005
After choosing architecture head to Network->VPN. Navigate to “softethervpn” and press space two times, to enable the compilation of package.
006
Now press ESC until you’ve arrived to the screen below.
007
Press ENTER.
It should exit the OpenWRT SDK configuration and you should be ready to compile.
NB! The compilation on Intel Xeon E3-1225v2 with 4 cores takes approximately 20 minutes. So plan your time accordingly.
When you are ready to compile the packages replace the X with the amount of cores you have access to. In my case four, this will speed up things immensely.
make prepare -jX

i.e
make prepare -j4

Build the softether package, once again replace X with number of cores. This process took approximately 5 minutes on my setup.
make package/softethervpn/compile V=99 -jX

i.e
make package/softethervpn/compile V=99 -j4

The compiled package should be available at
./bin/[ARCHITECTURE]/packages/softethervpn/softethervpn_4.15-9538_[ARCHITECTURE].ipk

in my case
./bin/x86/packages/softethervpn/softethervpn_4.15-9538_x86.ipk

Connect to the server where you compiled the firmware and download it, in my case I will use scp.
scp [USERNAME]@[IP_ADDRESS]:~/barrier_breaker/bin/[ARCHITECTURE]/packages/softethervpn/softethervpn* /tmp/

010

Now install the package
opkg install /tmp/sfotethervpn*
If everything went correctly it should look like this.

012

PART 2b – Downloading the precompiled packages and installing them
I will use ar71xx as an example here.
NB! Yo do not need to do this if you already did Part 2a
Head to mikmoe or my webpage and look for corresponding package, in my case “softethervpn_4.14-9529_ar71xx.ipk”
Download the package
cd /tmp/ && wget [HYPERLINK]
In my case
cd /tmp/ && wget http://b.mikomoe.jp/download/1423519871/attach/softethervpn_4.14-9529_ar71xx.ipk

Install the package
opkg install softethervpn*

PART 3 – Configuring Softether administration password
Start the server
/usr/bin/env LANG=en_US.UTF-8 /usr/bin/vpnserver start

Check if everything works correctly

/usr/bin/env LANG=en_US.UTF-8 /usr/bin/vpncmd

  1. Choose 3
  2. Write check
  3. Write exit

If everything works it should look like this
015

Setup password for administering server
/usr/bin/env LANG=en_US.UTF-8 /usr/bin/vpncmd

  1. Choose 1
  2. Press ENTER
  3. Press ENTER
  4. Write ServerPasswordSet
  5. Input your password
  6. Repeat your password
  7. Write exit

016

Enable Softether VPN to start on boot

/etc/init.d/softethervpnserver enable

PART 4 – Port forwarding

To use Softether you have to open below listed ports.
TCP 443, TCP 992, TCP 1194, TCP 5555
There are two ways to do this

1)Automatically by using commands written below
NB! You will disconnect after executing firewall restart command, it is Ok and should not be feared.

wget http://vpslv.tirlins.com/openwrt/portforward.txt -q -O - >> /etc/config/firewall
/etc/init.d/firewall restart &

2)Manually by inputting the ports in LUCI
Open your routers webinterface and head to Network–>Firewall–>Traffic Rules
Add your traffic rules
Example
024
After you’ve added them click Save & Apply

PART 5 – Configuring Softether
Download Softether server manager from Softether downloads page

022

For the Linux enthusiasts out there: There is no native Linux client, but the server manager works very well if you run it through wine.

Launch the Server manager.

Click New setting

Enter the server IP and administration password, press OK
023

Double click on the created server.

Check “Remote Access VPN Server” and click “Next”
025
Click Yes
026
Click OK
027
Click Exit
028

Now you can configure L2TP support, in my case I will use l2TP, but you can choose as you like, it is always possible to enable it later.

Check what you need and set the connection Pre-Shared key.
030
Click Ok

Choose if you want to use VPN Azure, in my case I will not use it, because it is just too slow.
031
Click Ok

Here we can add users, just for the sake of testing we create one here.
Click Create Users and input username and password.
When done click exit.
033

Now we will set up local bridge since SecureNAT is slow by itself and will be even slower on a router.
Select “Local bridge setting”
036

PART 6 – Setting up Local bridge
I will provide two different ways to configure your network
a) All VPN clients are in the same subnet as local DHCP clients of your router
I.E if your computer has IP 192.168.1.2 then if someone connects to your VPN he will be assigned 192.168.1.3

b) VPN clients will have their own subnet
I.E Your computer has IP 192.168.1.2, if someone connects to your VPN he will have 192.168.50.2

PART 6a – VPN Clients are in the same subnet as your local clients

  1. Select “Virtual Hub” “VPN”
  2. Check “Bridge with New Tap device”
  3. Write into “New Tap device name “soft”
  4. Click “Create Local-Bridge”

044
Click OK
045
If everything went well the bridge status should be “Operating”
046

Now open up Luci (Webinterface) and head to Network->Interfaces
Click on Edit
047
Head to “Physical settings” and check “Ethernet Adapter: “tap_soft” ”
048
Click “Save & Apply” At the buttom of page.

We are done! Now every client who connects will be given IP address of your lan subnet and everything should work out of the box.

Part 6b – VPN clients are in different subnet than local clients

  1. Select “Virtual Hub” “VPN”
  2. Check “Bridge with New Tap device”
  3. Write into “New Tap device name “soft”
  4. Click “Create Local-Bridge”

049
Click Ok
050
If everything went well the bridge status should be “Operating”

Now open Luci (Webinterface) and head to Network->Interfaces
Down below interfaces click “Add new interface”
Name the interface “vpn”
And under “Cover the following interface” select “tap_soft”
When done click “Submit”
051
In next page under “General setup”

  1. Write IPv4 address 192.168.50.1
  2. Choose IPv4 netmask 255.255.255.0

052
Click “Save & Apply”
Now scroll down and click on “Setup DHCP Server”
Click “Save & Apply”

Now head to Network->Firewall
Find the lan->wan zone and click edit
053
Scroll down to “Covered networks” and check “vpn”
054
Click “Save & Apply”

Everything is ready! Clients who connect to your VPN will be assigned 192.168.50.x addresses.

Thank you for reading this guide!
Thanks to Lincoln Lee. Without his easily understandable Softether guides I would have never started using Softether and made this guide.
Also thanks to el1n for building the makefile, without his repository and webpage we would not be able to download precompiled packages or compile ones ourselves!

Guide made by Alberts Saulitis. If you intend to translate or copy it, please, ask for permission by e-mailing me to 055