SoftEther VPN是岛国某大学的一个开源项目,基于这个项目又有一个名为VPN GATE的项目。SoftEther VPN支持VPN桥接,可以轻易的搭建集群式的VPN满足多用户高流量需求,同时也能通过在各地部署VPN中继服务器来做成VPN Gate这类的全球分布式公共 VPN 中继服务器,设置非常方便。在OpenVPN已经彻底被GFW照顾的现在,是一个非常好的替代方案。
SoftEther VPN的特点就是设置非常方便,不用像OpenVPN那样进行在命令行下进行繁琐的证书生成、配置文件更改的工作,SoftEther VPN安装完成后,只需启动服务即可在任意一台Windows电脑上利用图形化的界面进行完整的配置工作。
SoftEther VPN Server的安装
在Windows服务器上的安装我就不介绍了,直接双击安装下一步就OK了,安装完成会添加系统服务:SoftEther VPN Server,开机自动运行,此时执行管理工具即可配置,这个在下一节介绍.
这里重点介绍在Linux服务器下的编译、安装、启动,以Ubuntu为例。
先安装编译环境:
apt-get update -y
apt-get install -y build-essential gcc g++ automake autoconf
(先要安装libcurl4,然后才能成功安装curl)
(注意:从debian8起,才默认有libgnutls28-dev libseccomp-dev libhttp-parser-dev这些包)
debian7下,
# yum -y install gcc gcc-c++ autoconf automake wget libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel git unzip zip nano
SoftEther VPN的特点就是设置非常方便,不用像OpenVPN那样进行在命令行下进行繁琐的证书生成、配置文件更改的工作,SoftEther VPN安装完成后,只需启动服务即可在任意一台Windows电脑上利用图形化的界面进行完整的配置工作。
SoftEther VPN Server的安装
在Windows服务器上的安装我就不介绍了,直接双击安装下一步就OK了,安装完成会添加系统服务:SoftEther VPN Server,开机自动运行,此时执行管理工具即可配置,这个在下一节介绍.
这里重点介绍在Linux服务器下的编译、安装、启动,以Ubuntu为例。
先安装编译环境:
apt-get update -y
apt-get install -y build-essential gcc g++ automake autoconf
libtool
make re2c wget cron bzip2 libzip-dev file flex bison m4 original-awk less cpp binutils tar bzip2 p7zip
libncurses5 libevent-dev libev-dev libperl-dev openssl libssl-dev libsasl2-dev libxml2 libxml2-dev libltdl-dev libltdl-dev
libmcrypt-dev libbz2-1.0 libbz2-dev libglib2.0-0
libglib2.0-dev libfreetype6 libfreetype6-dev libjpeg62 libxslt1-dev libpspell-dev libmhash2 libmhash-dev libpq-dev libpq5
gettext libncurses5-dev libldap2-dev libreadline-dev git unzip zip nano pkg-config libpam0g-dev libwrap0-dev gnutls-bin libgnutls28-dev libseccomp-dev libhttp-parser-dev libnl-nf-3-dev libdbus-1-dev libprotobuf-c-dev libpcl1-dev libopts25-dev lsof psmisc libcurl4 libcurl4-gnutls-dev curl(先要安装libcurl4,然后才能成功安装curl)
(注意:从debian8起,才默认有libgnutls28-dev libseccomp-dev libhttp-parser-dev这些包)
debian7下,
E: 未发现软件包 libgnutls28-dev
E: 未发现软件包 libseccomp-dev
E: 未发现软件包 libprotobuf-c-dev
E: 未发现软件包 libhttp-parser-dev
如果是CENTOS/FEDORA系统,则:
# yum update -y如果是CENTOS/FEDORA系统,则:
# yum -y install gcc gcc-c++ autoconf automake wget libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel git unzip zip nano
readline-devel
pam-devel libev-devel pam binutils lsof psmisc ncurses
ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel libidn openssl openssl-devel openldap openldap-devel
nss_ldap make patch tar
libtool
libtool-ltdl-devel
krb5-devel 在LINUX VPS上编译SoftEther VPN Server:
git clone https://github.com/SoftEtherVPN/SoftEtherVPN cd SoftEtherVPN
./configure
make make install
编译成功后,会提示:
Installation completed successfully. Execute 'vpnserver start' to run the SoftEther VPN Server background service. Execute 'vpnbridge start' to run the SoftEther VPN Bridge background service. Execute 'vpnclient start' to run the SoftEther VPN Client background service. Execute 'vpncmd' to run SoftEther VPN Command-Line Utility to configure VPN Server, VPN Bridge or VPN Client.下载客户端程序:
http://www.softether-download.com/?product=softether,
You can download the GUI Tools from http://www.softether-download.com/.
(参考:
http://www.softether.org/5-download/src
http://www.softether.org/5-download/src/2.unix)
上传
如果是远程服务器,可以使用FTP、SFTP等方式上传至服务器中,当然如果是国外服务器,最好直接在终端中,执行:
wget http://www.softether-download.com/files/softether/v4.04-9412-rtm-2014.01.15-tree/Linux/SoftEther%20VPN%20Server/32bit%20-%20Intel%20x86/softether-vpnserver-v4.04-9412-rtm-2014.01.15-linux-x86-32bit.tar.gz
假设当前目录为/root,tar.gz下载到了/root目录下,接着解压缩:
tar zxvf 文件名.tar.gz
此时会在/root下解压出一个vpnserver目录,接下来运行安装脚本:
cd vpnserver
./install.sh
接下来按照提示,按1、1、1同意许可等等操作后,脚本会完成make并在当前目录生成需要的可执行文件vpnserver。
执行以下命令启动vpn服务:
./vpnserver start
当然要确保防火墙打开了VPN所使用的端口,未配置前VPN监听443(HTTPS), 5555等端口,建议先打开这些端口,至少开一个。如果你的VPS运行了Web服务并占用了443接口,那么你需要避开443使用其他端口。
Ubuntu下建议使用ufw来管理防火墙配置,具体安装参照ubuntu官方的中文文档,说的很清楚。
利用ufw执行以下命令打开443端口:
ufw allow https
如果你准备将VPN的端口改到12345端口上,那么执行
ufw allow 12345
Server端的配置
在服务器运行了vpnserver服务的情况下,可以在一台运行了Windows系统的电脑上配置Server端,非常简单,在上面给出的下载页面中,下载SoftEther VPN Server的Windows版本,就包含了了SoftEther Server的配置工具(当然你也可以单独下载SoftEtherVPN Server Manager for Windows,这是单独的Server配置工具)。在Linux下通过命令行配置工具vpncmd也可以,不过稍显麻烦,在这里就不多做介绍。
启动SoftEther VPN Server Manager for Windows,填入主机名(域名或者IP),端口号(第一次配置可以保留默认的443,修改过端口号后记得更改这里),如果通过代理上网,填入代理,否则保持默认,点OK保存后,点击“连接”
接下来的操作,主要就是:
1、配置监听端口
2、建立新的虚拟HUB或者使用默认的DEFAULT
3、添加用户及认证方式(密码认证或者证书认证,证书认证还需生成证书)
4、如果你只是通过VPN Server做代理翻墙上网,你可以直接打开SecureNAT即可完成配置;如果你是通过VPN访问服务器所在的工作网络(其实这才是VPN的本来用途),而且服务器的IP地址是其所在网络的DHCP服务器所分配,那么不需要打开SecureNAT,而是要将Server的物理网卡桥接到虚拟HUB上;如果服务器所在网络属于静态IP,那么你要么手动配置客户端的虚拟网卡的IP,要么就需要配置SecureNAT,这需要你了解IPv4地址的配置方式。
完成以上操作后,服务端就完成了配置工作了,你需要在客户端上运行SoftEther VPN Client管理工具,建议直接使用VPN Gate(它其实就是带有VPN Gate插件的SoftEther VPN Client)。当然如果你不需要VPN Gate,你可以到SoftEther VPN官方下载页面下载不带VPN Gate插件的客户端:http://www.softether-download.com/?product=softether
启动SoftEther VPN Client管理工具,点击创建新的VPN连接,填入服务端的配置确定即可。
然后右击新建的VPN连接,选择连接即可。
---------
首先要在服务器上,下载并解压安装文件,一定注意是32位还是64位(可通过uname -a命令查看)。
32位系统:
wget http://jp.softether-download.com/files/softether/v4.20-9608-rtm-2016.04.17-tree/Linux/SoftEther_VPN_Server/32bit_-_Intel_x86/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x86-32bit.tar.gz
64位系统:
wget http://jp.softether-download.com/files/softether/v4.20-9608-rtm-2016.04.17-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit.tar.gz
以上为截止发布本文时的最新版本,建议从SoftEther官方网站获取最新版本。
tar zxvf softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit.tar.gz
mv vpnserver softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit
cd softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit
make
会显示:
...
*** How to start the SoftEther VPN Server Service ***
Please execute './vpnserver start' to run the SoftEther VPN Server Background Service.
And please execute './vpncmd' to run the SoftEther VPN Command-Line Utility to configure SoftEther VPN Server.
Of course, you can use the VPN Server Manager GUI Application for Windows on the other Windows PC in order to configure the SoftEther VPN Server remotely.
make[1]: Leaving directory `/root/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit'
root@gcv:~/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit#
root@gcv:~/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit# ls
Authors.txt lib ReadMeFirst_License.txt
chain_certs Makefile vpncmd
code ReadMeFirst_Important_Notices_cn.txt vpnserver
hamcore.se2 ReadMeFirst_Important_Notices_en.txt
lang.config ReadMeFirst_Important_Notices_ja.txt
root@gcv:~/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit# ./vpnserver
SoftEther VPN Server service program
Copyright (c) SoftEther VPN Project. All Rights Reserved.
vpnserver command usage:
vpnserver start - Start the SoftEther VPN Server service.
vpnserver stop - Stop the SoftEther VPN Server service if the service has been already started.
root@gcv:~/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit# ./vpnserver start
The SoftEther VPN Server service has been started.
root@gcv:~/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit# ./vpncmd
运行./vpncmd进入VPN的命令行:
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.20 Build 9608 (English)
Compiled 2016/04/17 21:59:35 by yagi at pc30
Copyright (c) SoftEther VPN Project. All Rights Reserved.
By using vpncmd program, the following can be achieved.
Management of VPN Server or VPN Bridge
Management of VPN Client
Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3:
这里我们选择1,然后出现:
Specify the host name or IP address of the computer that the destination VPN Server or VPN Bridge is operating on.
By specifying according to the format ‘host name:port number’, you can also specify the port number.
(When the port number is unspecified, 443 is used.)
If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer).
Hostname of IP Address of Destination:
这里需要选择地址和端口。由于这台VPS我搭了一个网站,用了SSL,占用了443端口,所以默认的443端口是用不了了,所以一定要改。我改用了5555端口,所以在这里输入localhost:5555,然后出现:
If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name.
If connecting by server admin mode, please press Enter without inputting anything.
Specify Virtual Hub Name:
这里就是指定一个虚拟HUB名字,用默认的直接回车就行。
Connection has been established with VPN Server “localhost” (port 5555).
You have administrator privileges for the entire VPN Server.
VPN Server>
这时我们需要输入ServerPasswordSet命令设置远程管理密码,设置远程管理密码后就可以通过本地机器版的SoftEther VPN Server Manager远程管理了。
VPN管理
首先下载并安装SoftEther VPN Server Manager- http://softether-download.com/en.aspx(居然最近移植了Mac版),其实只用到了管理工具。
mac版:http://softether-download.com/files/softether/v4.21-9613-beta-2016.04.24-tree/Mac_OS_X/Admin_Tools/VPN_Server_Manager_Package/softether-vpnserver_manager-v4.21-9613-beta-2016.04.24-macos-x86-32bit.pkg
win version:
http://softether-download.com/files/softether/v4.22-9634-beta-2016.11.27-tree/Windows/SoftEther_VPN_Server_and_VPN_Bridge/softether-vpnserver_vpnbridge-v4.22-9634-beta-2016.11.27-windows-x86_x64-intel.exe
安装之后运行它,
http://www.shintaku.cc/posts/softether/
--------------------
编译 SoftEther VPN 并在其基础上,搭建OpenVPN
- 由于 SoftEtherVPN 源码在 GitHub, 所以这里使用 lantern 加快下载速度
wget https://coding.net/u/ilanyu/p/lantern/git/raw/master/lantern_linux_amd64_server.tar.gz tar zxvf lantern_linux_amd64_server.tar.gz ./lantern_linux_amd64_server -proxyall > lantern.log & curl -x http://127.0.0.1:8787 myip.ipip.net
- 下载 SoftEtherVPN 源码
yum install git -y export http_proxy=http://127.0.0.1:8787/ git clone https://github.com/SoftEtherVPN/SoftEtherVPN.git unset http_proxy
- 修改 SoftEtherVPN 源码
由于使用 SoftEtherVPN 搭建的 OpenVPN 的默认 ping 值过小, 且这个参数不支持通过配置文件修改, 所以需要手工在源码中将该值改大.
133、134行cd SoftEtherVPN vim src/Cedar/Interop_OpenVPN.h
修改为#define OPENVPN_PING_SEND_INTERVAL 3000 // Transmission interval of Ping #define OPENVPN_RECV_TIMEOUT 10000 // Communication time-out
#define OPENVPN_PING_SEND_INTERVAL 10000 // Transmission interval of Ping #define OPENVPN_RECV_TIMEOUT 120000 // Communication time-out
- 编译并安装 SoftEtherVPN
yum -y groupinstall "Development Tools" yum -y install readline-devel ncurses-devel openssl-devel ./configure make make install
- 搭建 OpenVPN
- 运行 SoftEtherVPN
vpnserver start
- 下载 SoftEther VPN Server Manager for Windows
到 http://www.softether-download.com/cn.aspx?product=softether 下载最新SoftEther VPN Server Manager for Windows
, 我下载到的是 http://www.softether-download.com/files/softether/v4.22-9634-beta-2016.11.27-tree/Windows/Admin_Tools/VPN_Server_Manager_and_Command-line_Utility_Package/softether-vpn_admin_tools-v4.22-9634-beta-2016.11.27-win32.zip - 使用 SoftEther VPN Server Manager 设置 SoftEther VPN
运行压缩包中 vpnsmgr.exe
初始化: 新设置 -> 输入主机名, 密码为空 -> 确定 -> 连接 -> 设置新管理密码 -> 勾上远程访问 VPN Server -> 下一步 -> 是 -> 确定 -> 退出 -> 确定 -> 禁用 VPN Azure -> 确定 -> 创建用户 -> 输入用户名、密码、确认密码 -> 确定 -> 关闭 -> 设置本地网桥 选择 eth0 -> 关闭 -> 确定
开启 OpenVPN: OpenVPN/MS-SSTP 设置 -> 勾选 启用 OpenVPN 克隆 Server 功能, 端口修改为 443 -> 取消勾选 开启 MS-SSTP VPN 克隆 Server 功能 -> 为 OpenVPN Client 生成配置样本文件 -> 确定
删除 监听器列表 992、1194、5555 端口
开启 SecureNAT : 点击 虚拟 HUB 名 VPN -> 管理虚拟 HUB -> 虚拟 NAT 和 虚拟 DHCP 服务器 -> SecureNAT 配置 -> DNS 服务器地址 1、2分别修改为 114.114.114.114、114.114.115.115 -> 确定 -> 启用 SecureNAT -> 确定 -> 关闭
OpenVPN 服务器端配置完毕 - 解压刚才生成的配置样本文件, 以文本文件格式打开
*remote_access*.ovpn
, 删除所有以#
及;
开头的行, 得到下面的文件dev tun proto udp remote *.v4.sedns.cn 443 cipher AES-128-CBC auth SHA1 resolv-retry infinite nobind persist-key persist-tun client verb 3 auth-user-pass <ca> -----BEGIN CERTIFICATE----- MIID3DCCAsSgAwIBAgIBADANBgkqhkiG9w0BAQsFADBtMR4wHAYDVQQDExV2cG43 ... ... ... tOTfZpYbLgwiW22781tG6ocNDsVR3nsVzOeiPbFj5zY= -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- MIID1jCCAr6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBqMR0wGwYDVQQDExQxMzA1 ... ... ... JugWtk4MMuSsC/mWKjqVf1wApLFY+Ic6Gjo= -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCuyq8cqgbhdiwy ... ... ... K40bn0snchyEVhn7ZrKUTSW0tA== -----END PRIVATE KEY----- </key>
修改proto udp
为proto tcp
、remote *.v4.sedns.cn 443
中*.v4.sedns.cn
改为 服务器IP地址。OpenVPN 配置文件修改完成。
- 运行 SoftEtherVPN
为什么用 SoftEther VPN, 不用 OpenVPN: 具体是因为测试时发现 OpenVPN使用 tun 模式, 无法广播 udp 包, 部分不支持直接输入IP的局域网联机游戏无法搜索到对方, 同时 SoftEther VPN 配置起来也比 OpenVPN 方便.
---------------------
(build_tools.sh)download
(make.sh)download
(install.sh)download
(vpnserver.sh)download
(service.sh)download
---------------------
SoftEther on VPS
I saw a post on lowendtalk last week introducing a new piece of vpn software call SoftEther.
What is SoftEther
A Free Cross-platform Multi-protocol VPN program, as an academic project from University of Tsukuba.
It is a single server which support SSL-VPN (HTTPS) and 6 major VPN protocols (OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3 and EtherIP).
I would like to also highlight the VPN over ICMP and VPN over DNS feature if you are inside a very strict network.
VPS Setup Guide
This post use SecureNAT. You may want to setup local bridge.
SoftEther author contacted me to highlight serveral points:
- On physical server, local bridge will perform better than SecureNAT
- DO NOT enable both local bridge and SecureNAT at the same time. Packets will loop infinitly and make your server
100%
CPU usage.
Requirement: VPS
I am using vps from buyvm. I got from a year deal which is USD12/year. I would recommendRamnode(affiliated) as a VPS provider. Their VPS is speedy and support is amazing.
- Spec:
- RAM: 128MB
- Burst: 256MB
- Disk Space: 15GB
- Bandwidth: 500GB
- Location: Buffalo, USA
- OS:
- Debian 6.0 64bit (minimal)
Make sure you login root as follow:
login as root
Before installing SoftEther Server let us install some prerequisite.
1 2 |
|
Go to SoftEther to download the server binary.
download selection
I am using Ver 1.00, Build 9029, rc2 in this tutorial.
After download, run
1 2 3 |
|
Read the Agreement and press 1 three times.
Then we move the dir to /usr/local/
1 2 3 4 5 6 7 |
|
paste the following content to nano
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
|
ctrl-o ret ctrl-x
After that we enable the service
1 2 3 4 5 |
|
Then we need to do a checking.
1 2 3 |
|
You should get 4 “Pass”.
We need to set the server admin password
1 2 3 4 5 |
|
Enter the admin password.
I do the setting on a windows client. It is running
server manager
Install it, run it, click New setting. Input ip and password.
input setting
Then connect to it. On successful login, it will pop up Easy Setup
easy setupCheck Remote Access Server and Next
warning
Yes
Virtual Hub name
OK
Setup L2TPCheck Enable L2TP Server Function and input your own pre-share key
OK
AzureWe disable Azure VPN
Create User
Then we need to create a new user. This is trivial.
User
ManagerClick on “Manage Virtual Hub”
Click on “Secure NAT” (If you want a faster connection we can refer to my 2nd post on softether)
Secure NAT
Enable the Virtual NAT
Again DO NOT enable SecureNAT and local bridge at the same time!
Done
You can try to connect to the vpn server through L2TP/IPSec.
from from http://archive.is/oQCgx
-------------------------------------------
from from http://archive.is/oQCgx
-------------------------------------------