Ubuntu 22.04 LTS Minimal Install and Netplan

[dsholm]

I spent a little time on this and I figured I would share the experience.

I built a few controllers and edge servers using Ubuntu 22.04 LTS (latest updates as of this date) minimal install.

Through the help of another site (https://www.linuxbabe.com/ubuntu/set-up ... vpn-server), I adapted the install (it was missing some small and big steps), and I will share here:

This is the apt install command needed before installing on Ubuntu 22.04 LTS minimal:

Code: Select all

apt -y install make gcc binutils gzip libreadline-dev libssl-dev libncurses5-dev libncursesw5-dev libpthread-stubs0-dev

Script to make the systemctl file:

Code: Select all

echo "[Unit]" > /etc/systemd/system/softether-vpnserver.service
echo "Description=SoftEther VPN server" >> /etc/systemd/system/softether-vpnserver.service
echo "After=network-online.target" >> /etc/systemd/system/softether-vpnserver.service
echo "After=dbus.service" >> /etc/systemd/system/softether-vpnserver.service
echo "" >> /etc/systemd/system/softether-vpnserver.service
echo "[Service]" >> /etc/systemd/system/softether-vpnserver.service
echo "Type=forking" >> /etc/systemd/system/softether-vpnserver.service
echo "ExecStart=/opt/softether/vpnserver/vpnserver start" >> /etc/systemd/system/softether-vpnserver.service
echo 'ExecReload=/bin/kill -HUP $MAINPID' >> /etc/systemd/system/softether-vpnserver.service
echo "" >> /etc/systemd/system/softether-vpnserver.service
echo "[Install]" >> /etc/systemd/system/softether-vpnserver.service
echo "WantedBy=multi-user.target" >> /etc/systemd/system/softether-vpnserver.service

Enable:

Code: Select all

systemctl enable softether-vpnserver

Start now:

Code: Select all

systemctl start softether-vpnserver

Check status:

Code: Select all

systemctl status softether-vpnserver

Check current listening ports:

Code: Select all

ss -tulpan | grep vpnserver

IMPORTANT: If you plan to use local bridging (very recommended), you need to adjust your netplan or better yet, make a stand alone yaml file just dealing with the local bridge interfaces. Netplan will not bring up an interface unless it has a config. It will keep the interface in the down state. You will search around with everyone telling you its a promiscuous mode issue when it's just a downed interface issue. Even if it is connected to the network, the interface will be admin/down.

How to create a sample yaml file for local bridges:

Code: Select all

echo "network:" > /etc/netplan/localbridges.yaml
echo "  ethernets:" >> /etc/netplan/localbridges.yaml
echo "    ens224:" >> /etc/netplan/localbridges.yaml
echo "      link-local: []" >> /etc/netplan/localbridges.yaml
echo "    ens193:" >> /etc/netplan/localbridges.yaml
echo "      link-local: []" >> /etc/netplan/localbridges.yaml
echo "    ens161:" >> /etc/netplan/localbridges.yaml
echo "      link-local: []" >> /etc/netplan/localbridges.yaml
echo "    ens256:" >> /etc/netplan/localbridges.yaml
echo "      link-local: []" >> /etc/netplan/localbridges.yaml
echo "#    ens225:" >> /etc/netplan/localbridges.yaml
echo "#      link-local: []" >> /etc/netplan/localbridges.yaml
echo "  version: 2" >> /etc/netplan/localbridges.yaml

Replace with your interfaces.

The link-local: [] setting is disabling ipv4 and ipv6 for that interface (which is what you want for bridged interfaces)

Code: Select all

netplan generate

IF netplan doesn't complain then reboot (netplan apply may lock up if you have a lot of interfaces and I don't know why)

[shakibamoshiri]

Thank you sharing it - there where some pointers on that tutorial you mentioned.

More enhancement.
For service you can do

Code: Select all

#!/bin/bash

declare -r service_path=/etc/systemd/system/softether-vpnserver.service

echo "\
[Unit]
Description=SoftEther VPN server
After=network-online.target
After=dbus.service

[Service]
Type=forking
ExecStart=/opt/softether/vpnserver start
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target" > $service_path;

And you can apply the same for netplan as well. Repetitive CMDs is discouraged

[dsholm]

Thank you, the reason I did it line by line is a scripting tool I have will not properly send it with line continuation. That definitely makes it more readable, thanks for adding that.

I recommend to others to read the link I posted as the reference as it goes into using Let Encrypt. You will need to use a cron job and get familiar with vpncmd as well.

One mistake made was the exclusion of make with apt install in his example.