Системный Администратор




SiteMap


VPN: Softether VPN Server на CentOS 6



# vi /etc/hosts

192.168.1.11 server.localdomain server
192.168.1.12 client.localdomain client

Server и Client


# yum groupinstall -y "Development Tools"

# yum install -y \
readline-devel \
ncurses-devel \
openssl-devel

# yum install -y git


# cd /tmp

# git clone https://github.com/SoftEtherVPN/SoftEtherVPN/

# cd /tmp/SoftEtherVPN/



#  ./configure && make && make install





Server


# vpnserver start

# vpncmd

1

Enter

Enter


-- задать рутовый пароль сервера
VPN Server>ServerPasswordSet

-- отключаем keepalive-пакеты.
VPN Server>KeepDisable


-- создаем виртуальный хаб командой HubCreate <имя виртуального хаба> 
VPN Server>hubcreate vpnserver

-- перейти в режим администрирования хаба 
VPN Server>Hub vpnserver





-- Автоматом вместе с NAT включается и DHCP.
VPN Server/vpnserver>SecureNATEnable



VPN Server/vpnserver> UserCreate username1

VPN Server/vpnserver> UserPasswordSet username1


VPN Server/vpnserver>IPsecEnable
IPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes

Enable Raw L2TP Server Function (yes / no): no

Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): no

Pre Shared Key for IPsec (Recommended: 9 letters at maximum): __________________

Default Virtual HUB in a case of omitting the HUB on the Username: vpn

The command completed successfully.


-- посмотреть статус хаба
VPN Server/vpnserver>StatusGet
StatusGet command - Get Current Status of Virtual Hub
Item                         |Value
-----------------------------+-------------------
Virtual Hub Name             |vpnserver
Status                       |Online
Type                         |Standalone
SecureNAT                    |Enabled
Sessions                     |1
Access Lists                 |0
Users                        |1
Groups                       |0
MAC Tables                   |1
IP Tables                    |1
Num Logins                   |0
Last Login                   |2014-04-07 05:46:57
Last Communication           |2014-04-07 05:50:37
Created at                   |2014-04-07 05:46:57
Outgoing Unicast Packets     |28 packets
Outgoing Unicast Total Size  |1,176 bytes
Outgoing Broadcast Packets   |0 packets
Outgoing Broadcast Total Size|0 bytes
Incoming Unicast Packets     |28 packets
Incoming Unicast Total Size  |1,176 bytes
Incoming Broadcast Packets   |60 packets
Incoming Broadcast Total Size|3,660 bytes
The command completed successfully.




Хаб можно выключить командой Offline и вернуть обратно командой Online.


VPN Server/vpnserver>exit

# lsof -i4 -n -P|grep vpnserver
vpnserver 1624 root   10u  IPv4  22869      0t0  UDP *:33638 
vpnserver 1624 root   20u  IPv4  22885      0t0  TCP *:443 (LISTEN)
vpnserver 1624 root   21u  IPv4  24073      0t0  UDP 192.168.1.12:55703->192.168.1.1:53 
vpnserver 1624 root   24u  IPv4  22889      0t0  TCP *:992 (LISTEN)
vpnserver 1624 root   29u  IPv4  22895      0t0  TCP *:1194 (LISTEN)
vpnserver 1624 root   33u  IPv4  22899      0t0  TCP *:5555 (LISTEN)
vpnserver 1624 root   37u  IPv4  22906      0t0  UDP *:57852 
vpnserver 1624 root   44u  IPv4  22930      0t0  UDP 192.168.1.12:1194 
vpnserver 1624 root   45u  IPv4  22931      0t0  UDP 127.0.0.1:1194 
vpnserver 1624 root   59u  IPv4  23752      0t0  UDP 192.168.1.12:500 
vpnserver 1624 root   60u  IPv4  23753      0t0  UDP 192.168.1.12:4500 
vpnserver 1624 root   63u  IPv4  23756      0t0  UDP 127.0.0.1:500 
vpnserver 1624 root   64u  IPv4  23757      0t0  UDP 127.0.0.1:4500 





Client


# vpnclient start

# vpncmd


2

Enter


VPN Client>AccountList
AccountList command - Get List of VPN Connection Settings
Item|Value
----+-----
The command completed successfully.




VPN Client>AccountCreate myconnection /SERVER:192.168.1.11:443 /HUB:vpnserver /USER:username1 /NICNAME:username1

-- VPN Client>AccountDelete myconnection



VPN Client>AccountPasswordSet myconnection
AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication
Please enter the password. To cancel press the Ctrl+D key.

Password: ***
Confirm input: ***


Specify standard or radius: standard

The command completed successfully.


VPN Client> AccountConnect myconnection

-- VPN Client>AccountDisconnect myconnection

VPN Client> AccountStartupSet myconnection 


VPN Client>AccountStatusGet myconnection


VPN Client>AccountGet myconnection


ЗАМЕНИТЬ ВЫВОД

AccountGet command - Get Setting of VPN Connection Setting 
Item                                                 |Value
-----------------------------------------------------+--------------------------------
VPN Connection Setting Name                          |vpn
Destination VPN Server Host Name                     |192.168.1.11
Destination VPN Server Port Number                   |443
Destination VPN Server Virtual Hub Name              |vpn
Proxy Server Type                                    |Direct TCP/IP Connection
Verify Server Certificate                            |Disable
Device Name Used for Connection                      |user1
Authentication Type                                  |Standard Password Authentication
User Name                                            |user1
Number of TCP Connections to Use in VPN Communication|1
Interval between Establishing Each TCP Connection    |1
Connection Life of Each TCP Connection               |Infinite
Use Half Duplex Mode                                 |Disable
Encryption by SSL                                    |Enable
Data Compression                                     |Disable
Connect by Bridge / Router Mode                      |Disable
Connect by Monitoring Mode                           |Disable
No Adjustment for Routing Table                      |Disable
Do not Use QoS Control Function                      |Disable
The command completed successfully.




VPN Client>exit


# dhclient vpn_vpn


#  ip addr show vpn_vpn


5: vpn_vpn:  mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether 00:ac:b6:71:14:2b brd ff:ff:ff:ff:ff:ff
    inet 192.168.30.10/24 brd 192.168.30.255 scope global vpn_vpn
    inet6 fe80::2ac:b6ff:fe71:142b/64 scope link 
       valid_lft forever preferred_lft forever


# ip neigh




# ip route
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.11 
192.168.30.0/24 dev vpn_vpn  proto kernel  scope link  src 192.168.30.10 
169.254.0.0/16 dev eth0  scope link  metric 1002 
default via 192.168.30.1 dev vpn_vpn 


# ping -I vpn_vpn ya.ru
PING ya.ru (213.180.193.3) from 192.168.30.10 vpn_vpn: 56(84) bytes of data.
64 bytes from www.yandex.ru (213.180.193.3): icmp_seq=1 ttl=55 time=13.9 ms
64 bytes from www.yandex.ru (213.180.193.3): icmp_seq=2 ttl=55 time=13.3 ms
64 bytes from www.yandex.ru (213.180.193.3): icmp_seq=3 ttl=55 time=11.1 ms


Посомтреть:
-- автозапуск http://creudevel.wordpress.com/2014/02/10/install-softether-client-in-centos/comment-page-1/

http://www.softether.org/4-docs/1-manual
http://www.softether.org/3-screens/3.installer
http://habrahabr.ru/post/211136/
Публичные VPN сервера:
http://www.vpngate.net/en/

http://lukeluo.blogspot.ru/2013/11/how-to-set-up-softehter-vpn-client.html
http://www.vpnusers.com/viewtopic.php?f=7&t=2267&sid=4ca5603f56b0069c3eeac0de4cf6b76a&view=print







Работа над этой версией сайта остановлена. Обновление и добавление материалов планируется делать уже на sysadm.ru.


Системный Администратор


Системный Администратор
SYSADM.RU