Quick Summary

SoftEther VPN Server is an exceptionally powerful, open-source, multi-protocol VPN software architecture developed by the University of Tsukuba. The server has the defining capability to simultaneously support multiple encryption protocols (L2TP/IPsec, OpenVPN, SSTP, and the proprietary SoftEther protocol) on a single connection port, combined with advanced NAT Traversal and traffic obfuscation (VPN over HTTPS/ICMP).

Installing a SoftEther VPN Server on a Linux VPS provides administrators with a highly flexible networking platform. It allows the creation of Virtual Hubs (virtual switches) and SecureNAT (virtual routers) to securely connect remote devices into a unified corporate internal network, all manageable via an intuitive GUI tool on Windows.

While modern solutions like WireGuard focus entirely on minimalist speed, the SoftEther VPN Server is designed for absolute versatility and compatibility. Often likened to a "Swiss Army knife" of virtual private networks, it allows legacy devices utilizing IPsec or OpenVPN to connect to the exact same server system as modern SoftEther clients. Especially in heavily censored network environments (Deep Packet Inspection), SoftEther stands out as one of the very few VPN servers capable of disguising packets to maintain continuous connectivity.

1. What is SoftEther VPN Server?

SoftEther VPN Server (short for "Software Ethernet") is an open-source, cross-platform VPN software engine. Distinct from most VPN systems that support only a single native protocol, the SoftEther server acts as a comprehensive hub capable of emulating and accepting connections from endpoints using OpenVPN, L2TP/IPsec, MS-SSTP, EtherIP, and its proprietary SoftEther (HTTPS) protocol.

By camouflaging VPN traffic as standard HTTP/HTTPS packets (SSL/TLS), the SoftEther VPN Server can effectively penetrate corporate firewalls and proxies that actively block VPN connections, making it an invaluable infrastructure tool for multinational enterprises.

2. How SoftEther VPN Server Works

The core computational strength of the SoftEther server lies in its ability to software-virtualize all physical network components:

  • Virtual Hub: Functions exactly like a physical Layer 2 network switch. It maintains an internal MAC address table and forwards packets between virtually connected devices. A single VPS can run multiple independent Virtual Hubs for various enterprise departments.
  • Virtual Network Adapter: Installed on the end-user's device (Client). It communicates securely with the Virtual Hub on the server over the Internet.
  • SecureNAT: A breakthrough feature of the SoftEther VPN Server integrating a Virtual DHCP and a Virtual NAT router. It allows the VPS to assign local IP addresses and route internet traffic for Clients without requiring the system administrator to configure complex iptables routing on Linux.

3. SoftEther VPN Server Architecture

The following diagram illustrates how the SoftEther VPN Server accepts diverse protocol streams and processes them through the SecureNAT feature on a Linux VPS:

[Client Devices]
(Windows, macOS, iOS, Android, Linux)
       │
       │  (Multi-Protocol: SoftEther, L2TP/IPsec, OpenVPN, SSTP)
       ▼
[Encrypted VPN Tunnel]
(Bypassing Deep Packet Inspection via HTTPS 443)
       │
       ▼
[VPS Linux (SoftEther VPN Server)]
 ├─ [Virtual Hub] (Manages Users & MAC Tables)
 └─ [SecureNAT] (Integrated Virtual DHCP & Virtual Router)
       │
       │  (Software-based NAT & Routing)
       ▼
[Public Internet] / [Private Cloud LAN]
  • Client Devices: End-user endpoints. Users can utilize the SoftEther App or native OS VPN protocols (L2TP/IPsec) on their smartphones to connect.
  • Encrypted VPN Tunnel: The data encryption channel. The proprietary SoftEther protocol can aggregate multiple TCP connections to vastly boost throughput.
  • VPS Linux (SoftEther Server): The central server acting as the authenticator and virtual switch.
  • SecureNAT: A software module replacing iptables, routing packets directly from the Virtual Hub out to the VPS physical network interface (eth0).

Comparing Multi-Protocol Architecture with Other VPN Servers

  • SoftEther VPN Server: An "All-in-One" platform where a single server runs multiple protocols simultaneously, emulating Layer 2 Ethernet with built-in DHCP/NAT.
  • WireGuard / Tailscale / ZeroTier: Next-generation VPN protocols focusing on pure performance or automated mesh networking, but lacking direct support for older (Legacy) network devices.
  • OpenVPN Server: Operates independently with complex certificate deployments, generally slower speeds, and lacks a built-in dynamic DHCP function as flexible as SecureNAT.

4. VPN Server Deployment Models

The Virtual Hub architecture enables the SoftEther server to simulate any physical network topology:

  • Remote Access VPN (PC-to-LAN): Employees utilize the VPN client software to remotely connect to the Virtual Hub on the VPS for secure internet browsing or accessing enterprise database systems.
  • LAN-to-LAN Bridge (Layer 2): Bridging the physical LANs of two distinct offices via a Cascade Connection between two Virtual Hub servers. Both offices transparently share a common IP range and broadcast domain.
  • Ad-Hoc VPN: Connecting multiple computers across various locations directly into a single virtual network range for secure peer-to-peer file sharing.

5. Key Advantages & Real-World Use Cases

SoftEther VPN Server is widely acknowledged as a lifesaver in complex network administration environments:

  • Outstanding Firewall Penetration: The encryption protocol obfuscates data as standard HTTP/HTTPS (Port 443), seamlessly bypassing strict corporate NAT systems and Deep Packet Inspection (DPI) censorship.
  • Intuitive GUI Administration: Although running on a headless Linux VPS, administrators can use the SoftEther VPN Server Manager on Windows to graphically configure new users and features rather than typing complex CLI commands.
  • Maximum Compatibility: iPhone and Android smartphones require no third-party apps; users can just utilize the OS's native L2TP/IPsec configs to connect securely to the Server system.

6. Real-World Architecture Deployment

The power of the SoftEther VPN Server is most apparent when integrated into traditional IT infrastructures:

  • Legacy System Management: An enterprise possesses numerous older network printers and legacy OS servers supporting only L2TP/IPsec. The admin deploys SoftEther VPN Server on a VPS to allow both modern SoftEther clients and legacy L2TP devices to communicate seamlessly within the same Virtual Hub.
  • Bypassing Corporate Network Censorship: Office employees face strict firewalls blocking traditional VPN UDP ports. They configure SoftEther to route traffic over TCP Port 443 (HTTPS standard) to penetrate the corporate firewall.

7. SoftEther VPN Server vs. Traditional VPNs

SoftEther's comprehensiveness makes comparing it to standalone protocols somewhat asymmetrical, but we can contrast the core server capabilities:

Feature Standalone OpenVPN / IPsec Server SoftEther VPN Server
Protocol Support Runs only its native protocol. Runs concurrently: SoftEther, L2TP, OpenVPN, SSTP.
Firewall Evasion (DPI) Easily detected and blocked (DPI). Excellent (VPN over HTTPS, TCP obfuscation).
NAT/DHCP Integration Requires manual Linux iptables & external DHCP configuration. Built-in SecureNAT (Enabled with 1 click).
Management Interface Primarily Command Line (CLI). Features a highly professional Server Manager GUI.

8. Performance & Security Benchmark

Below is a comprehensive performance comparison of today's most prominent VPN server platforms:

VPN Server System Throughput Speed Server CPU Consumption Firewall Evasion (Bypass)
WireGuard Server Highest Very Low Poor (Easily blocked UDP)
Tailscale Server Very High Very Low Excellent (Via DERP Relay)
ZeroTier Server High Low Very Good (UDP Hole Punching)
SoftEther VPN Server Very High Medium-High (Due to Virtual Hub) Perfect (HTTPS 443 Obfuscation)
OpenVPN Server Moderate High Moderate

9. When to Use SoftEther VPN Server?

The flexible architecture of SoftEther makes it ideal for specific server deployment challenges:

Practical Scenario Recommendation
Enterprise networks requiring VPN server connectivity from various OS platforms and legacy hardware. Recommended Highly Recommended
Need a VPN Server to bypass national firewalls or hotel networks blocking standard UDP Ports. Recommended Highly Recommended
Administrators configuring a Linux Server but who exclusively prefer Windows GUI operations. Recommended Highly Recommended
Deploying a fully automated peer-to-peer Mesh network without a central server. Not Recommended Use Tailscale or ZeroTier instead

10. System Requirements & Supported Platforms

SoftEther VPN Server possesses flawless operating system compatibility:

  • Server OS: Linux (Ubuntu, Debian, CentOS), Windows Server, FreeBSD, Solaris. Linux environments require compilation tools (GCC/Make) to build the source code.
  • Client Devices: SoftEther VPN Client (Windows/Linux/Mac), or utilizing built-in OS VPN configurations (via L2TP/IPsec, OpenVPN Connect).

11. How to Install SoftEther VPN Server on a Linux VPS

The manual installation process requires downloading the source code and compiling it directly on the server. Follow these commands on an Ubuntu/Debian VPS:

Step 1: Install Build Tools
apt update -y && apt upgrade -y
apt install build-essential gcc make wget tar -y
Step 2: Download SoftEther VPN Server Source
wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.38-9760-rtm/softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz
Step 3: Extract & Compile
tar -xvzf softether-vpnserver-*.tar.gz
cd vpnserver
# The system will prompt for License agreement. Type "1" for all questions.
make
Step 4: Move Directory & Grant Permissions
cd ..
mv vpnserver /usr/local/
cd /usr/local/vpnserver/
chmod 600 *
chmod 700 vpnserver vpncmd
Step 5: Start the VPN Server
./vpnserver start

12. SoftEther Server Configuration (via vpncmd)

Unlike servers configured with text files, SoftEther utilizes an interactive command-line tool called vpncmd. Execute the setup steps below sequentially:

Access the CLI management tool
/usr/local/vpnserver/vpncmd
# Choose "1" for Management of VPN Server
# Hostname: Press Enter to connect to localhost
# Virtual Hub: Press Enter
Enable SecureNAT (Auto IP & Internet)
ServerPasswordSet
Hub DEFAULT
SecureNatEnable
Enable IPsec/L2TP for mobile connectivity
IPsecEnable
# Enable L2TP over IPsec: Type "yes"
# Target Hub: Type "DEFAULT"
# Pre-Shared Key: Set a secure password (e.g., secretkey)
Create a VPN Client Account
UserCreate admin /GROUP:none /REALNAME:none /NOTE:none
UserPasswordSet admin
# Input a connection password for the admin user
exit

13. VPN Client Setup

Thanks to the multi-protocol capability of the VPN Server, users have multiple connection choices:

  • SoftEther Client (Windows): Install the SoftEther VPN Client software. Create a connection setting, input the VPS IP, select the Virtual Hub (DEFAULT), and enter the User/Password. This protocol offers the strongest firewall bypassing.
  • Native L2TP/IPsec (Mobile/Mac): No third-party app required. Navigate to OS Settings -> VPN, add an L2TP configuration. Input the VPS IP, User/Pass, and place the Pre-Shared Key into the Secret field configured during the IPsec step.
  • Server Manager GUI (For Administrators): Install the SoftEther VPN Server Manager on your Windows PC. Input the VPS IP and Server Password to manage the entire server system using a graphical interface.

14. Monitoring VPN Server Connections

Continue utilizing the vpncmd tool on your Linux server to inspect the operational status of the VPN system:

Check Server Information
/usr/local/vpnserver/vpncmd
ServerInfoGet
Monitor Users & Network Status
Hub DEFAULT
SessionList
SecureNatStatusGet

15. Server Performance Tuning & Troubleshooting

SoftEther's highly virtualized architecture requires administrators to optimize logically to prevent severe VPS resource drain:

  • High CPU Usage Issues: The SecureNAT feature is extremely convenient but runs entirely in User-space, consuming massive CPU on heavy traffic. To achieve 100% network hardware performance, disable SecureNAT and utilize a Local Bridge (connecting the Virtual Hub directly to the eth0 interface), followed by manually configuring a DHCP server and iptables on Linux.
  • Opening Firewall Ports: The L2TP/IPsec protocol dictates opening UDP ports 500 and 4500. The proprietary SoftEther VPN protocol requires opening TCP port 443 or 5555. Ensure your VPS firewall is configured to allow inbound traffic on these specific ports.

16. Common Server Configuration Errors

A multi-protocol server inherently carries risks of misconfigurations:

  • L2TP Client hangs at "Connecting...": Over 90% of these errors occur because IPSec/L2TP is blocked by the VPS Firewall. Execute ufw allow 500,4500/udp to open the communication stream.
  • DHCP Conflict Error: If you utilize the Local Bridge feature, you must completely disable SecureNAT. Otherwise, SecureNAT broadcasts virtual IPs, overriding the Data Center's physical DHCP server, ultimately crashing your server's network connection.
  • Forgetting the Administrator Password: If you skip the ServerPasswordSet command, unauthorized individuals scanning your IP could use the GUI tool to seize complete control of your VPN Server.

17. Self-hosted VPN Server vs. Public VPN Services

Deploying a SoftEther VPN Server on a VPS grants enterprise-level administrative control, fundamentally contrasting commercial market VPNs:

Comparison Criteria Self-hosted SoftEther VPN Server Commercial Public VPN
Multi-Platform Protocol Support Supports Native IPsec/L2TP/SSTP. No proprietary Mobile App required. Mandates users to download heavily restricted proprietary apps.
Network Customization (Virtual Hub) Allows creating multiple internal LANs, isolating access among groups. Non-existent. Functions solely to hide IPs for web browsing.
Public IP Ownership You own an exclusive Clean Static IP. Immune to Captchas or geo-blocks. Uses a Shared IP with thousands, carrying a high risk of Blacklist status.
Quick SoftEther VPN Server Deployment (1-Command)

Is manual compilation too complex? The SoftEther VPN Server Auto Installer script by VietHosting deploys a high-performance, multi-protocol VPN server in mere minutes.

The system natively supports OpenVPN, L2TP/IPsec, and SSTP with automated NAT, pre-tuned kernel firewalls, and enterprise-grade SSL certificate provisioning.

BASH / TERMINAL
curl -O https://mirrors.viethosting.com/scripts/softether-installer.sh && bash softether-installer.sh

18. Choosing a Reliable VPS for SoftEther VPN Server at VietHosting

Building a multi-protocol platform featuring deep virtualization modules like SoftEther requires a server possessing immense CPU processing capabilities and a robust transmission line. At VietHosting, we perfectly satisfy specialized network engineering standards:

  • Enterprise Hardware: 100% Dell servers utilizing Intel Xeon Platinum CPUs. This guarantees high-density encryption processing performance even when SecureNAT heavily consumes User-space resources.
  • True KVM Virtualization: Ensures CPU, RAM, and I/O resources are exclusively allocated (Zero Overselling). Promiscuous Mode is fully supported, allowing administrators to deploy advanced Ethernet Bridging (Local Bridge) architectures securely.
  • High-Speed Network Connectivity: Domestic connectivity up to 1Gbps, combined with stable international bandwidth and Unmetered Data Transfer, maintaining fluid VPN traffic for entire enterprise departments.
  • Large Clean IPv4 Pool: Offers flexible provisioning of non-blacklisted IPv4 ranges, expandable up to 64 IP addresses per VPS (up to /26 subnet). Ideal for constructing dedicated Firewall-Bypass VPN server clusters evading Deep Packet Inspection (DPI) censorship.
Operate Professional Virtual Private Network Infrastructure with KVM VPS

Deploy a high-performance virtual server and flexibly install multi-protocol VPN Server management systems to establish absolutely secure corporate connections.

Discover KVM VPS Explore Dedicated Servers

Related Guides & Resources

Explore additional tutorials, technical guides, and infrastructure insights to help you deploy, optimize, and manage VPS or server environments efficiently.