Thursday, November 1, 2018

Creating a Fedora 28 Server Linux Router - Part 3

Installing SoftEther

SoftEther is a performant VPN server package that is my preferred VPN software. There are not packages directly available for Fedora, so it is necessary to download it from the SoftEther website. It can be installed by following the steps below.


Install Dependencies


dnf -y install make gcc zlib-devel openssl-devel readline-devel ncurses-devel

Download

wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.25-9656-rtm/softether-vpnserver-v4.25-9656-rtm-2018.01.15-linux-x64-64bit.tar.gz
tar xvfz softether-vpnserver-v4.25-9656-rtm-2018.01.15-linux-x64-64bit.tar.gz

Compile

cd vpnserver
make

Move

cd ..
mv vpnserver /usr/local/

Set Permissions

cd /usr/local/vpnserver
chmod -R 600
chmod 700 vpnserver
chmod 700 vpncmd

Disable SELinux


vi /etc/selinux/config

Update the following line:

SELINUX=disabled

Reboot the computer. Now, create a systemd file:

vi /etc/systemd/system/vpnserver.service

Add the following contents:

[Unit]
Description=SoftEther VPN Server  
After=network.target auditd.service  
ConditionPathExists=!/usr/local/vpnserver/do_not_run

[Service]
Type=forking  
EnvironmentFile=-/usr/local/vpnserver  
ExecStart=/usr/local/vpnserver/vpnserver start  
ExecStop=/usr/local/vpnserver/vpnserver stop  
KillMode=process  
Restart=on-failure

# Hardening
PrivateTmp=yes  
ProtectHome=yes  
ProtectSystem=full  
ReadOnlyDirectories=/  
ReadWriteDirectories=-/usr/local/vpnserver  
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID

[Install]
WantedBy=multi-user.target

Enable and Start the Service

systemctl enable vpnserver
systemctl start vpnserver