VPN: Softether VPN Server di CentOS 6

Last Updated on Sunday, 08 March 2015 11:46 Written by BiRU Sunday, 08 March 2015 10:49

Print

 

 

# vi /etc/hosts

192.168.1.11 server.localdomain server
192.168.1.12 client.localdomain client

Server и Client

# yum groupinstall -y "Development Tools"

# yum install -y \
readline-devel \
ncurses-devel \
openssl-devel

# yum install -y git


# cd /tmp

# git clone https://github.com/SoftEtherVPN/SoftEtherVPN/

# cd /tmp/SoftEtherVPN/



#  ./configure && make && make install




Server

# vpnserver start # vpncmd 1 Enter Enter -- задать рутовый пароль сервера VPN Server>ServerPasswordSet -- отключаем keepalive-пакеты. VPN Server>KeepDisable -- создаем виртуальный хаб командой HubCreate VPN Server>hubcreate vpnserver -- перейти в режим администрирования хаба VPN Server>Hub vpnserver -- Автоматом вместе с NAT включается и DHCP. VPN Server/vpnserver>SecureNATEnable VPN Server/vpnserver> UserCreate username1 VPN Server/vpnserver> UserPasswordSet username1 VPN Server/vpnserver>IPsecEnable IPsecEnable command - Enable or Disable IPsec VPN Server Function Enable L2TP over IPsec Server Function (yes / no): yes Enable Raw L2TP Server Function (yes / no): no Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): no Pre Shared Key for IPsec (Recommended: 9 letters at maximum): __________________ Default Virtual HUB in a case of omitting the HUB on the Username: vpn The command completed successfully. -- посмотреть статус хаба VPN Server/vpnserver>StatusGet StatusGet command - Get Current Status of Virtual Hub Item |Value -----------------------------+------------------- Virtual Hub Name |vpnserver Status |Online Type |Standalone SecureNAT |Enabled Sessions |1 Access Lists |0 Users |1 Groups |0 MAC Tables |1 IP Tables |1 Num Logins |0 Last Login |2014-04-07 05:46:57 Last Communication |2014-04-07 05:50:37 Created at |2014-04-07 05:46:57 Outgoing Unicast Packets |28 packets Outgoing Unicast Total Size |1,176 bytes Outgoing Broadcast Packets |0 packets Outgoing Broadcast Total Size|0 bytes Incoming Unicast Packets |28 packets Incoming Unicast Total Size |1,176 bytes Incoming Broadcast Packets |60 packets Incoming Broadcast Total Size|3,660 bytes The command completed successfully. Хаб можно выключить командой Offline и вернуть обратно командой Online. VPN Server/vpnserver>exit

buat config untuk menjalankan softether
nano /etc/init.d/vpnserver paste kan code berikut

#!/bin/sh # chkconfig: 2345 99 01 # description: SoftEther VPN Server DAEMON=/usr/vpnserver/vpnserver LOCK=/var/lock/subsys/vpnserver test -x $DAEMON || exit 0 case "$1" in start) $DAEMON start touch $LOCK ;; stop) $DAEMON stop rm $LOCK ;; restart) $DAEMON stop sleep 3 $DAEMON start ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 esac exit 0

 save dengan cara ctrl+x confirm y, enter
 
# lsof -i4 -n -P|grep vpnserver vpnserver 1624 root 10u IPv4 22869 0t0 UDP *:33638 vpnserver 1624 root 20u IPv4 22885 0t0 TCP *:443 (LISTEN) vpnserver 1624 root 21u IPv4 24073 0t0 UDP 192.168.1.12:55703->192.168.1.1:53 vpnserver 1624 root 24u IPv4 22889 0t0 TCP *:992 (LISTEN) vpnserver 1624 root 29u IPv4 22895 0t0 TCP *:1194 (LISTEN) vpnserver 1624 root 33u IPv4 22899 0t0 TCP *:5555 (LISTEN) vpnserver 1624 root 37u IPv4 22906 0t0 UDP *:57852 vpnserver 1624 root 44u IPv4 22930 0t0 UDP 192.168.1.12:1194 vpnserver 1624 root 45u IPv4 22931 0t0 UDP 127.0.0.1:1194 vpnserver 1624 root 59u IPv4 23752 0t0 UDP 192.168.1.12:500 vpnserver 1624 root 60u IPv4 23753 0t0 UDP 192.168.1.12:4500 vpnserver 1624 root 63u IPv4 23756 0t0 UDP 127.0.0.1:500 vpnserver 1624 root 64u IPv4 23757 0t0 UDP 127.0.0.1:4500

Client

# vpnclient start # vpncmd 2 Enter VPN Client>AccountList AccountList command - Get List of VPN Connection Settings Item|Value ----+----- The command completed successfully. VPN Client>AccountCreate myconnection /SERVER:192.168.1.11:443 /HUB:vpnserver /USER:username1 /NICNAME:username1 -- VPN Client>AccountDelete myconnection VPN Client>AccountPasswordSet myconnection AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication Please enter the password. To cancel press the Ctrl+D key. Password: *** Confirm input: *** Specify standard or radius: standard The command completed successfully. VPN Client> AccountConnect myconnection -- VPN Client>AccountDisconnect myconnection VPN Client> AccountStartupSet myconnection VPN Client>AccountStatusGet myconnection VPN Client>AccountGet myconnection ЗАМЕНИТЬ ВЫВОД AccountGet command - Get Setting of VPN Connection Setting Item |Value -----------------------------------------------------+-------------------------------- VPN Connection Setting Name |vpn Destination VPN Server Host Name |192.168.1.11 Destination VPN Server Port Number |443 Destination VPN Server Virtual Hub Name |vpn Proxy Server Type |Direct TCP/IP Connection Verify Server Certificate |Disable Device Name Used for Connection |user1 Authentication Type |Standard Password Authentication User Name |user1 Number of TCP Connections to Use in VPN Communication|1 Interval between Establishing Each TCP Connection |1 Connection Life of Each TCP Connection |Infinite Use Half Duplex Mode |Disable Encryption by SSL |Enable Data Compression |Disable Connect by Bridge / Router Mode |Disable Connect by Monitoring Mode |Disable No Adjustment for Routing Table |Disable Do not Use QoS Control Function |Disable The command completed successfully. VPN Client>exit # dhclient vpn_vpn # ip addr show vpn_vpn 5: vpn_vpn: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether 00:ac:b6:71:14:2b brd ff:ff:ff:ff:ff:ff inet 192.168.30.10/24 brd 192.168.30.255 scope global vpn_vpn inet6 fe80::2ac:b6ff:fe71:142b/64 scope link valid_lft forever preferred_lft forever # ip neigh # ip route 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.11 192.168.30.0/24 dev vpn_vpn proto kernel scope link src 192.168.30.10 169.254.0.0/16 dev eth0 scope link metric 1002 default via 192.168.30.1 dev vpn_vpn # ping -I vpn_vpn ya.ru PING ya.ru (213.180.193.3) from 192.168.30.10 vpn_vpn: 56(84) bytes of data. 64 bytes from www.yandex.ru (213.180.193.3): icmp_seq=1 ttl=55 time=13.9 ms 64 bytes from www.yandex.ru (213.180.193.3): icmp_seq=2 ttl=55 time=13.3 ms 64 bytes from www.yandex.ru (213.180.193.3): icmp_seq=3 ttl=55 time=11.1 ms