{"id":16775687,"url":"https://github.com/siomiz/softethervpn","last_synced_at":"2025-04-07T14:11:13.864Z","repository":{"id":22376889,"uuid":"25713398","full_name":"siomiz/SoftEtherVPN","owner":"siomiz","description":"A Docker Automated Build Repository for SoftEther VPN","archived":false,"fork":false,"pushed_at":"2024-09-06T01:16:48.000Z","size":144,"stargazers_count":471,"open_issues_count":31,"forks_count":175,"subscribers_count":15,"default_branch":"master","last_synced_at":"2025-03-31T13:15:36.771Z","etag":null,"topics":["docker","docker-automated-build","docker-image","vpn","vpn-server"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/siomiz/softethervpn/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/siomiz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-10-24T23:48:46.000Z","updated_at":"2025-03-12T13:32:16.000Z","dependencies_parsed_at":"2024-01-14T16:09:46.632Z","dependency_job_id":"87f57546-2bc4-4757-8c4b-45603544f8c2","html_url":"https://github.com/siomiz/SoftEtherVPN","commit_stats":{"total_commits":123,"total_committers":11,"mean_commits":"11.181818181818182","dds":0.1382113821138211,"last_synced_commit":"6b68c5922e56b2cd519b2fbb54398cf9f91ab9cb"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/siomiz%2FSoftEtherVPN","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/siomiz%2FSoftEtherVPN/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/siomiz%2FSoftEtherVPN/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/siomiz%2FSoftEtherVPN/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/siomiz","download_url":"https://codeload.github.com/siomiz/SoftEtherVPN/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247666008,"owners_count":20975787,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-automated-build","docker-image","vpn","vpn-server"],"created_at":"2024-10-13T07:06:59.111Z","updated_at":"2025-04-07T14:11:13.841Z","avatar_url":"https://github.com/siomiz.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# A simple\u003csup\u003e*\u003c/sup\u003e [SoftEther VPN][1] server Docker image\n\n[![Docker Image CI/CD](https://github.com/siomiz/SoftEtherVPN/actions/workflows/dockerimage.yml/badge.svg)](https://github.com/siomiz/SoftEtherVPN/actions/workflows/dockerimage.yml)\n\n\u003csup\u003e*\u003c/sup\u003e \"Simple\" as in no configuration parameter is needed for a single-user SecureNAT setup.\n\n| :warning: **Notice** `:latest` image is now based on `alpine`. [CentOS (`centos`) image is deprecated](https://hub.docker.com/_/centos). |\n| ---- |\n\n## Image Tags\n\nBase OS Image | Latest Bata ([v4.43-9799-beta](https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/tree/v4.43-9799-beta)) | Latest Stable ([v4.42-9798-rtm](https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/tree/v4.42-9798-rtm)) |\n------------- | -- | --\n`alpine:3.16` | **`:latest`**, `:alpine`, `:9799`, `:4.43`, `:9799-alpine`, `:4.43-alpine` | `:9798-alpine`, `:4.42-alpine`\n`debian:11-slim` | `:debian`, `:9799-debian`, `:4.43-debian` | `:9798-debian`, `:4.42-debian`\n`ubuntu:22.04` | `:ubuntu`, `:9799-ubuntu`, `:4.43-ubuntu` | `:9798-ubuntu`, `:4.42-ubuntu`\n`opensuse/tumbleweed` | `:opensuse`, `:9799-opensuse`, `:4.43-opensuse` | `:9798-opensuse`, `:4.42-opensuse`\n\n## Setup\n - L2TP/IPSec PSK + OpenVPN\n - SecureNAT enabled\n - Perfect Forward Secrecy (DHE-RSA-AES256-SHA)\n - make'd from [the official SoftEther VPN GitHub Stable Edition Repository][2].\n\n`docker run -d --cap-add NET_ADMIN -p 500:500/udp -p 4500:4500/udp -p 1701:1701/tcp -p 1194:1194/udp -p 5555:5555/tcp siomiz/softethervpn`\n\nConnectivity tested on Android + iOS devices. It seems Android devices do not require L2TP server to have port 1701/tcp open.\n\nThe above example will accept connections from both L2TP/IPSec and OpenVPN clients at the same time.\n\nMix and match published ports: \n- `-p 500:500/udp -p 4500:4500/udp -p 1701:1701/tcp` for L2TP/IPSec\n- `-p 1194:1194/udp` for OpenVPN.\n- `-p 443:443/tcp` for OpenVPN over HTTPS.\n- `-p 5555:5555/tcp` for SoftEther VPN (recommended by vendor).\n- `-p 992:992/tcp` is also available as alternative.\n\nAny protocol supported by SoftEther VPN server is accepted at any open/published port (if VPN client allows non-default ports).\n\n## Credentials\n\nAll optional:\n\n- `-e PSK`: Pre-Shared Key (PSK), if not set: \"notasecret\" (without quotes) by default.\n- `-e USERS`: Multiple usernames and passwords may be set with the following pattern: `username:password;user2:pass2;user3:pass3`. Username and passwords are separated by `:`. Each pair of `username:password` should be separated by `;`. If not set a single user account with a random username (\"user[nnnn]\") and a random weak password is created.\n- `-e SPW`: Server management password. :warning:\n- `-e HPW`: \"DEFAULT\" hub management password. :warning:\n\nSingle-user mode (usage of `-e USERNAME` and `-e PASSWORD`) is still supported.\n\nSee the docker log for username and password (unless `-e USERS` is set), which *would look like*:\n\n    # ========================\n    # user6301\n    # 2329.2890.3101.2451.9875\n    # ========================\nDots (.) are part of the password. Password will not be logged if specified via `-e USERS`; use `docker inspect` in case you need to see it.\n\n:warning: if not set a random password will be set but not displayed nor logged. If specifying read the notice below.\n\n#### Notice ####\n\nIf you specify credentials using environment variables (`-e`), they may be revealed via the process list on host (ex. `ps(1)` command) or `docker inspect` command. It is recommended to mount an already-configured SoftEther VPN config file at `/opt/vpn_server.config`, which contains hashed passwords rather than raw ones. The initial setup will be skipped if this file exists at runtime (in entrypoint script). You can obtain this file from a running container using [`docker cp` command](https://docs.docker.com/engine/reference/commandline/cp/).\n\n## Configurations ##\n\nTo make the server configurations persistent beyond the container lifecycle (i.e. to make the config survive a restart), mount a complete config file at `/usr/vpnserver/vpn_server.config`. If this file is mounted the initial setup will be skipped.\nTo obtain a config file template, `docker run` the initial setup with Server \u0026 Hub passwords, then `docker cp` out the config file:\n\n    $ docker run --name vpnconf -e SPW=\u003cserverpw\u003e -e HPW=\u003chubpw\u003e siomiz/softethervpn echo\n    $ docker cp vpnconf:/usr/vpnserver/vpn_server.config /path/to/vpn_server.config\n    $ docker rm vpnconf\n    $ docker run ... -v /path/to/vpn_server.config:/usr/vpnserver/vpn_server.config siomiz/softethervpn\n\nRefer to [SoftEther VPN Server Administration manual](https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.3_VPN_Server_Administration) for more information.\n\n## Logging ##\n\nBy default SoftEther has a very verbose logging system. For privacy or space constraints, this may not be desirable. The easiest way to solve this create a dummy volume to log to /dev/null. In your docker run you can use the following volume variables to remove logs entirely.\n```\n-v /dev/null:/usr/vpnserver/server_log \\\n-v /dev/null:/usr/vpnserver/packet_log \\\n-v /dev/null:/usr/vpnserver/security_log\n```\n## Server \u0026 Hub Management Commands ##\n\nManagement commands can be executed just before the server \u0026 hub admin passwords are set via:\n- `-e VPNCMD_SERVER`: `;`-separated [Server management commands](https://www.softether.org/4-docs/1-manual/6._Command_Line_Management_Utility_Manual/6.3_VPN_Server_%2F%2F_VPN_Bridge_Management_Command_Reference_(For_Entire_Server)).\n- `-e VPNCMD_HUB`: `;`-separated [Hub management commands](https://www.softether.org/4-docs/1-manual/6._Command_Line_Management_Utility_Manual/6.4_VPN_Server_%2F%2F_VPN_Bridge_Management_Command_Reference_(For_Virtual_Hub)) (currently only for `DEFAULT` hub).\n\nExample: Set MTU via [`NatSet`](https://www.softether.org/4-docs/1-manual/6._Command_Line_Management_Utility_Manual/6.4_VPN_Server_%2F%2F_VPN_Bridge_Management_Command_Reference_(For_Virtual_Hub)#6.4.97_.22NatSet.22:_Change_Virtual_NAT_Function_Setting_of_SecureNAT_Function) Hub management command:\n`-e VPNCMD_HUB='NatSet /MTU:1500'`\n\nNote that commands run only if the config file is not mounted. Some commands (like `ServerPasswordSet`) will cause problems.\n\n## OpenVPN ##\n\n`docker run -d --cap-add NET_ADMIN -p 1194:1194/udp siomiz/softethervpn`\n\nThe entire log can be saved and used as an `.ovpn` config file (change as needed).\n\nServer CA certificate will be created automatically at runtime if it's not set. You can supply _a self-signed 1024-bit RSA certificate/key pair_ created locally OR use the `gencert` script described below. Feed the keypair contents via `-e CERT` and `-e KEY` ([use of `--env-file`][3] is recommended). X.509 markers (like `-----BEGIN CERTIFICATE-----`) and any non-BASE64 character (incl. newline) can be omitted and will be ignored.\n\nExamples (assuming bash; note the double-quotes `\"` and backticks `` ` ``):\n\n* ``-e CERT=\"`cat server.crt`\" -e KEY=\"`cat server.key`\"``\n* `-e CERT=\"MIIDp..b9xA=\" -e KEY=\"MIIEv..x/A==\"`\n* `--env-file /path/to/envlist`\n\n`env-file` template can be generated by:\n\n`docker run --rm siomiz/softethervpn gencert \u003e /path/to/envlist`\n\nThe output will have `CERT` and `KEY` already filled in. Modify `PSK`/`USERS`.\n\nCertificate volumes support (like `-v` or `--volumes-from`) will be added at some point...\n\n## License ##\n\n[MIT License][4].\n\n  [1]: https://www.softether.org/\n  [2]: https://github.com/SoftEtherVPN/SoftEtherVPN_Stable\n  [3]: https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables-e-env-env-file\n  [4]: https://github.com/siomiz/SoftEtherVPN/raw/master/LICENSE\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsiomiz%2Fsoftethervpn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsiomiz%2Fsoftethervpn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsiomiz%2Fsoftethervpn/lists"}