FreeBSD最常見的VPN應用大多是利用PPP為基礎而建構的MPD5,其實還有更好的選擇 - SoftEther。這是一套由日本東京附近的筑波大學所研發的開源免費軟體,除了提供學術研究外,並也開放給外界使用,功能非常強大。
筑波大學離東京很近
SoftEather 具備以下特色,所以推薦能與大家一起學習如何運用它。
- 免費使用。
- 提供開放源碼。
- 而SoftEther的應用更廣泛免費的,日本學術,功能強大。
- VPN連線功能。
- 安全性高。
- 連接速度快。
- 易於管理。(更提供Windows管理介面)
本篇是以FreeBSD為Server端,也可以參考Windows端的SoftEther安裝方式。
有興趣可看看官網介紹
環境參數:
- OS:FreeBSD i386 , 10.3-RELEASE-p11
- CPU:Intel(R) Pentium(R) 4 CPU 1.80GHz
- RAM:1152 MB
- IP:fxp0:10.11.11.1
- 工作目錄:/root
官方建議的CPU是 2.0 GH以上。
安裝 SoftEther 之前準備
SoftEther 操作並不困難,安裝也簡便,花點時間多瞭解它,無妨。
特色簡介
跨平台支援
VPN架構(Virtual Hub & Local Bridge)
OpenVPN V.S. SoftEther
彈性應用,範圍廣泛
環境需求
作業系統
筑波大學真的很用心,幾乎囊括了所有的作業系統,這列表其實有等於無。
- Windows (32bit, 64bit)
Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Server 2003 SP2 / Vista SP1, SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / 7 SP1 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / 8 / Server 2012 / Hyper-V Server 2012 / 8.1 / Server 2012 R2 / 10 / Server 2016
- Linux (32bit, 64bit)
Linux 2.4, 2.6, 3.x, 4.x
- Mac OS X (32bit, 64bit)
Mac OS X 10.4 Tiger / 10.5 Leopard / 10.6 Snow Leopard / 10.7 Lion / 10.8 Mountain Lion
- FreeBSD (32bit, 64bit) (Server and Bridge only)
FreeBSD 5, 6, 7, 8, 9
- Solaris (32bit, 64bit) (Server and Bridge only)
Solaris 8, 9, 10, 11
官網規格說明
硬體需求
- CPU: 2.0 GHz以上
- HD:30G~100G硬碟空間 -
系統環境
請檢查系統的防火牆是否有相衝突的設定規則:例如iptables、ipfw或pw等防火牆是否有阻擋IP或Port的規則?
所需的軟體及程式庫
- gccbinutils utilities
- libc (glibc)
- zlib
- openssl
- readline
- ncurses development library
檢查系統是否有以上的條件,缺少的就進行安裝,底下是筆者的環境缺少所新增的套件安裝過程:
$ sudo pkg install gcc6-6.3.0
$ sudo pkg install libressl-devel-2.5.0_1
$ sudo pkg install binutils-2.27_5
$ sudo pkg install ncurses-6.0_3
$ sudo pkg install glib-2.46.2_4下戴伺服端 Server
SoftEther在FreeBSD環境下的Server安裝方式有二種:原始檔編譯與pkg 安裝,先介紹編譯方式:
請依照自己的系統環境下載對應的原始碼後,進行解壓縮。
FreeBSD SoftEther 原始碼
下載客戶端 Client
下載管理介面(Windows)
在FreeBSD環境下載Server端檔案後,解壓縮:
$ wget http://www.softether-download.com/files/softether/v4.20-9608-rtm-2016.04.17-tree/FreeBSD/SoftEther_VPN_Server/32bit_-_Intel_x86/softether-vpnserver-v4.20-9608-rtm-2016.04.17-freebsd-x86-32bit.tar.gz
$ tar zxvf softether-vpnserver-v4.20-9608-rtm-2016.04.17-freebsd-x86-32bit.tar.gz編譯執行檔 Compile
$ cd vpnserver/
$ make
--------------------------------------------------------------------
SoftEther VPN Server (Ver 4.20, Build 9608, Intel x86) for FreeBSD Install Utility
Copyright (c) SoftEther Project at University of Tsukuba, Japan. All Rights Reserved.
--------------------------------------------------------------------
Do you want to read the License Agreement for this software ?
1. Yes
2. No
Please choose one of above number:
1 # 選擇 Yes,不要偷懶想選2(立即會被中斷安裝)
Did you read and understand the License Agreement ?
(If you couldn't read above text, Please read 'ReadMeFirst_License.txt'
file with any text editor.)
1. Yes
2. No
Please choose one of above number:
1 # 選擇 Yes
Did you agree the License Agreement ?
1. Agree
2. Do Not Agree
Please choose one of above number:
1 # 選擇 Yes
--------------------------------------------------------------------
The preparation of SoftEther VPN Server is completed !
*** How to switch the display language of the SoftEther VPN Server Service ***
SoftEther VPN Server supports the following languages:
- Japanese
- English
- Simplified Chinese
You can choose your prefered language of SoftEther VPN Server at any time.
To switch the current language, open and edit the 'lang.config' file.
*** How to start the SoftEther VPN Server Service ***
Please execute './vpnserver start' to run the SoftEther VPN Server Background Service.
And please execute './vpncmd' to run the SoftEther VPN Command-Line Utility to configure SoftEther VPN Server.
Of course, you can use the VPN Server Manager GUI Application for Windows on the other Windows PC in order to configure the SoftEther VPN Server remotely.
--------------------------------------------------------------------
# 看到這段信息,安裝就成功了。將 vpncmd 、vpnserver、hamcore.se2以及lang.config 這4個檔案複製到執行目錄(例:/root/sbin或/usr/local/sbin)下即可。
$ sudo cp vpncmd /root/sbin
$ sudo cp vpnserver /root/sbin
$ sudo cp hamcore.se2 /root/sbin
$ sudo cp lang.config /root/sbin
$ sudo chmod +x /usr/local/sbin/vpn*以 pkg 安裝
$ pkg search softethervpn
softethervpn-4.21.9613 Cross-platform Multi-protocol VPN Software
$ sudo pkg install softethervpn-4.21.9613以pkg install安裝方式的執行檔存放在:/usr/local/sbin,這與自行編譯的方式不同,要留意此點,本篇的工作目錄在/root/sbin。
開啟自動執行檔
自行Compile原始檔後,缺少了開機script.,有需要請自行下載後,老動作別忘了:
$ sudo vi /etc/rc.conf
# SoftEther
vpnserver_enable="YES"/usr/local/etc/rc.d/vpnserver
/usr/local/etc/rc.d/vpnclient
啟動 vpnserver
語系檔
編輯lang.config設定語系(日、簡中、英):
$ sudo vi /root/sbin/lang.config
# Available Language IDs are:
# ja: Japanese (日本語)
# en: English (English)
# cn: Simplified Chinese (简体中文)
envpncmd 檢測環境
$ sudo /root/sbin/vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.20 Build 9608 (English)
Compiled 2016/04/17 21:59:35 by yagi at pc30
Copyright (c) SoftEther VPN Project. All Rights Reserved.
By using vpncmd program, the following can be achieved.
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 3
VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used.
VPN Tools>check
Check command - Check whether SoftEther VPN Operation is Possible
---------------------------------------------------
SoftEther VPN Operation Environment Check Tool
Copyright (c) SoftEther VPN Project.
All Rights Reserved.
If this operation environment check tool is run on a system and that system pass es, it is most likely that SoftEther VPN software can operate on that system. Th is check may take a while. Please wait...
Checking 'Kernel System'...
Pass
Checking 'Memory Operation System'...
Pass
Checking 'ANSI / Unicode string processing system'...
Pass
Checking 'File system'...
Pass
Checking 'Thread processing system'...
Pass
Checking 'Network system'...
Pass
All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system.
The command completed successfully.
VPN Tools>exit通過檢查後,就進行下一步。
啟動 SoftEther VPN 服務
使用啟動指令來啟用vpnserver:
$ sudo /usr/local/etc/rc.d/vpnserver start
The SoftEther VPN Server service has been started.若是試驗性質,也可以直接執行vpnserver命令:
$ sudo /root/sbin/vpnserver start檢查是否有在運行:
$sudo ps ax|grep vpnserver
50381 - S<s 0:00.01 /usr/local/softethervpn/vpnserver/vpnserver execsvc
50382 - S< 0:00.36 /usr/local/softethervpn/vpnserver/vpnserver execsvc
50386 0 S+ 0:00.01 grep vpnserver管理 vpnserver
要管理 SoftEther 所建立的 vpnserver,可經由* vpncmd* 來達成而毋需重啟服務,除了下列情況才需要重啟 vpnserver:
- 作業系統(O.S.)重開機。
- 更新(升級)SoftEther VPN Server 程式。
- 硬體發生問題而導致 VPN Server 無法正常運行。
- 手動更動 VPN Server 設定或回復前一次設定時。
- 變更 VPN Server 叢集時。
-
目前的圖形化管理介面只有支援 Windows或Mac OS。
進入vpnserver 管理介面
重點觀念:要先建立 Virtual Hub,再依序建立 Local Bridge。
利用vpmcmd指令建立 Virtual Hub,先選1建立VPN Bridge,再按2次Enter:
$ sudo /root/sbin/vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.20 Build 9608 (English)
Compiled 2016/04/17 21:59:35 by yagi at pc30
Copyright (c) SoftEther VPN Project. All Rights Reserved.
By using vpncmd program, the following can be achieved.
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 1
Specify the host name or IP address of the computer that the destination VPN Server or VPN Bridge is operating on.
By specifying according to the format 'host name:port number', you can also specify the port number.
(When the port number is unspecified, 443 is used.)
If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer).
Hostname of IP Address of Destination:
If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name.
If connecting by server admin mode, please press Enter without inputting anything.
Specify Virtual Hub Name:
Connection has been established with VPN Server "localhost" (port 443).
You have administrator privileges for the entire VPN Server.
VPN Server>建立 VPN Virtual Hub
此時進入VPN管理模式,建立一個名為vpn1,密碼空白的 Virtual Hub:
vpncmd指令:
- HubCreate:建立Virtual Hub。
- Hub 名稱:查詢所要管理的Virtual Hub。
- Online:啟動Virtual Hub。
VPN Server>Hub VPN
Hub command - Select Virtual Hub to Manage
Error occurred. (Error code: 8)
The specified Virtual Hub does not exist on the server.
VPN Server>HubCreate
HubCreate command - Create New Virtual Hub
Name of Virtual Hub to be created: hub1
Please enter the password. To cancel press the Ctrl+D key.
Password:
Confirm input:
The command completed successfully.確認是否成功建立名稱為:vpn1 的Virtual Hub
VPN Server>Hub vpn1
Hub command - Select Virtual Hub to Manage
The Virtual Hub "vpn1" has been selected.
The command completed successfully.將vpn1啟動為上線狀態
VPN Server/vpn1>Online
Online command - Switch Virtual Hub to Online
The command completed successfully.建立 VPN Local Bridge
建立完Hub後,接著建立一個新的 Local Bridge:Virtual Hub名稱為hub1(上一個步驟所建立),網路卡裝置為fxp0(網路卡裝置名稱):
vpncmd指令:
- BridgeList:Local Bridge列表。
- BridgeCreate:建立 Local Bridge。
- ServerPasswordSet:變更系統管理密碼。
- SetHubPassword:變更 Virtual Hub 管理密碼。
VPN Server/vpn1>BridgeList
BridgeList command - Get List of Local Bridge Connection
Number|Virtual Hub Name|Network Adapter or Tap Device Name|Status
------+----------------+----------------------------------+------
The command completed successfully.
VPN Server/vpn1>BridgeCreate
BridgeCreate command - Create Local Bridge Connection
Virtual Hub Name to Create Bridge: hub1
Bridge Destination Device Name: fxp0
While in the condition that occurs immediately after a new bridge connection is made when bridging to a physical network adapter, depending on the type of network adapter, there are cases where it will not be possible to communicate using TCP/IP to the network adapter using a bridge connection from a computer on the virtual network.
(This phenomenon is known to occur for Intel and Broadcom network adapters.)
If this issue arises, remedy the situation by restarting the computer on which VPN Server / Bridge is running. Normal communication will be possible after the computer has restarted.
Also many wireless network adapters will not respond to the sending of packets in promiscuous mode and when this occurs you will be unable to use the Local Bridge. If this issue arises, try using a regular wired network adapter instead of the wireless network adapter.
The command completed successfully.變更管理密碼
VPN Server>ServerPasswordSet
ServerPasswordSet command - Set VPN Server Administrator Password
Please enter the password. To cancel press the Ctrl+D key.
Password: **********
Confirm input: **********
The command completed successfully.變更Hub管理密碼
SetHubPassword
SetHubPassword command - Set Virtual Hub Administrator Password
Please enter the password. To cancel press the Ctrl+D key.
Password: **********
Confirm input: **********
The command completed successfully.這樣就大致完成了 SoftEther VPN Server 的安裝,接著只要利用的 Windows 管理介面來管理即可,非常方便。
EmoticonEmoticon