安装依赖包:
yum update
yum groupinstall "Development Tools"
yum install zlib-devel openssl-devel readline-devel ncurses-devel wget tar dnsmasq net-tools关闭Selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
重启系统
下载安装SoftEther
http://www.softether-download.com/cn.aspx
解压
cd /opt
wget http://www.softether-download.com/files/softether/v4.20-9608-rtm-2016.04.17-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit.tar.gz
tar -zxvf softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit.tar.gz
cd vpnserver
make 回答3个问题,全部选择1,同意协议。
配置SoftEther
(1)启动vpnserver
/opt/vpnserver/vpnserver start
(2) 运行vpncmd
/opt/vpnserver/vpncmd
选择1,按2次回车
(3)设置VPN管理员密码
VPN Server>ServerPasswordSet # 输入密码
创建Virtual Hub(Hub名字为MOB):
VPN Server>HubCreate MOB # 设置密码
(4)创建Local bridge, 它比SecureNAT要高效,但是配置要复杂一点。local bridge还需要DHCP服务,我会在后面安装。
VPN Server>BridgeCreate /DEVICE:"soft" /TAP:yes MOB
切换到MOB:
VPN Server>Hub MOB
创建用户:
VPN Server/MOB>UserCreate test # 全部回车即可
为用户设置密码:
VPN Server/MOB>UserPasswordSet test
设置L2TP/IPSec:
VPN Server/MOB>IPsecEnable
IPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes
Enable Raw L2TP Server Function (yes / no): yes
Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): yes
Pre Shared Key for IPsec (Recommended: 9 letters at maximum): your_shared_key
Default Virtual HUB in a case of omitting the HUB on the Username: MOB
The command completed successfully.
上面设置了IPsec协议。如果要设置OpenVPN,执行:
VPN Server/MOB>ServerCertRegenerate <your_server_IP OR domain>
VPN Server/MOB>ServerCertGet ~/cert.cer
VPN Server/MOB>SstpEnable yes
VPN Server/MOB>OpenVpnEnable yes /PORTS:1194
为OpenVPN客户端生成配置文件:
VPN Server/MOB>OpenVpnMakeConfig ~/openvpn_config.zip
回到管理员提示符:
VPN Server/MOB>Hub
Hub command - Select Virtual Hub to Manage
The Virtual Hub selection has been unselected.
The command completed successfully.
VPN Server>
开启VPN over ICMP和DNS:
VPN Server>VpnOverIcmpDnsEnable /ICMP:yes /DNS:yes
最后,Ctrl+c退出vpn命令提示符。
6 设置DHCP、IP重定向
Softether已经配置完成,前面提到过,local bridge需要DHCP服务。dnsmasq在第一步已经安装,我们只需要配置一下:
cat >> /etc/dnsmasq.conf <<EOF
interface=tap_soft
dhcp-range=tap_soft,192.168.7.50,192.168.7.90,12h
dhcp-option=tap_soft,3,192.168.7.1
port=0
dhcp-option=option:dns-server,8.8.8.8
EOF
开启ip_forward:
echo net.ipv4.ip_forward = 1 >> /etc/sysctl.d/ipv4_forwarding.conf
sysctl -n -e --system
查看设置是否成功:
cat /proc/sys/net/ipv4/ip_forward
应该输出为1;如果为0,执行:
echo 1 >> /proc/sys/net/ipv4/ip_forward
配置防火墙:
/sbin/iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j SNAT --to-source [YOUR_ERVER_IP]
iptables-save >> /etc/sysconfig/iptables
启动DHCP和防火墙:
chkconfig --add dnsmasq
chkconfig --add iptables
chkconfig dnsmasq on
chkconfig iptables on
7.把SoftEther配置为服务
vim /etc/init.d/vpnserver
#!/bin/sh
### BEGIN INIT INFO
# Provides: vpnserver
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start daemon at boot time
# Description: Enable Softether by daemon.
### END INIT INFO
DAEMON=/opt/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
TAP_ADDR=192.168.7.1
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
sleep 1
/sbin/ifconfig tap_soft $TAP_ADDR
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
sleep 1
/sbin/ifconfig tap_soft $TAP_ADDR
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
启动VPNServer
chmod 755 /etc/init.d/vpnserver
chkconfig --add vpnserver
chkconfig vpnserver on- 本文作者: GaryWu
- 本文链接: https://garywu520.github.io/2017/05/27/SoftEther-VPN/
- 版权声明: 本博客所有文章除特别声明外,均采用 MIT 许可协议。转载请注明出处!