![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
SoftEther VPN を使用してCentOS 7 をVPNクライアントとしてVPNサーバーに接続することを目的としたインストール手順、および、設定。
SoftEther ダウンロード センターからダウンロードします。
tarで解凍します。
| [root@localhost ~]# tar zxvf softether-vpnclient-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gz |
makeを実行して、使用権許諾契約書を読むために1を選択します。
| [root@localhost ~]# cd vpnserver/ |
| [root@localhost ~]# make |
| -------------------------------------------------------------------- SoftEther VPN Client (Ver 4.22, Build 9634, Intel x64 / AMD64) for Linux Install Utility Copyright (c) SoftEther Project at University of Tsukuba, Japan. All Rights Reserved. -------------------------------------------------------------------- Do you want to read the License Agreement for this software ? 1. Yes 2. No Please choose one of above number: 1 「1」を入力してEnterキー |
| 使用権許諾契約書を読んで承諾したら、それぞれ1をクリックします。 |
| Did you read and understand the License Agreement ? (If you couldn't read above text, Please read 'ReadMeFirst_License.txt' file with any text editor.) 1. Yes 2. No Please choose one of above number: 1 「1」を入力してEnterキー Did you agree the License Agreement ? 1. Agree 2. Do Not Agree Please choose one of above number: 1 「1」を入力してEnterキー make[1]: Entering directory `/home/ec2-user/Installer/vpnclient' Preparing SoftEther VPN Client... ranlib lib/libcharset.a ranlib lib/libcrypto.a ranlib lib/libedit.a ranlib lib/libiconv.a ranlib lib/libintelaes.a ranlib lib/libncurses.a ranlib lib/libssl.a ranlib lib/libz.a ranlib code/vpnclient.a gcc code/vpnclient.a -O2 -fsigned-char -pthread -m64 -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -o vpnclient ranlib code/vpncmd.a gcc code/vpncmd.a -O2 -fsigned-char -pthread -m64 -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -o vpncmd -------------------------------------------------------------------- The preparation of SoftEther VPN Client is completed ! *** How to switch the display language of the SoftEther VPN Client Service *** SoftEther VPN Client supports the following languages: - Japanese - English - Simplified Chinese You can choose your prefered language of SoftEther VPN Client at any time. To switch the current language, open and edit the 'lang.config' file. *** How to start the SoftEther VPN Client Service *** Please execute './vpnclient start' to run the SoftEther VPN Client Background Service. And please execute './vpncmd' to run the SoftEther VPN Command-Line Utility to configure SoftEther VPN Client. Of course, you can use the VPN Server Manager GUI Application for Windows / Mac OS X on the other Windows / Mac OS X computers in order to configure the SoftEther VPN Client remotely. *** For Windows users *** You can download the SoftEther VPN Server Manager for Windows from the http://www.softether-download.com/ web site. This manager application helps you to completely and easily manage the VPN server services running in remote hosts. *** For Mac OS X users *** In April 2016 we released the SoftEther VPN Server Manager for Mac OS X. You can download it from the http://www.softether-download.com/ web site. VPN Server Manager for Mac OS X works perfectly as same as the traditional Windows versions. It helps you to completely and easily manage the VPN server services running in remote hosts. -------------------------------------------------------------------- make[1]: Leaving directory `/home/ec2-user/Installer/vpnclient' |
makeしたファイルをそのまま移動させます。
| [root@localhost ~]# cd .. |
| [root@localhost ~]# mv vpnclient /usr/local |
| 権限を変更しておきます。 |
| [root@localhost ~]# chown -R root:root /usr/local/vpnclient/ |
| [root@localhost ~]# cd /usr/local/vpnclient/ |
| [root@localhost ~]# chmod 600 * |
| [root@localhost ~]# chmod 700 vpncmd |
| [root@localhost ~]# chmod 700 vpnclient |
vpncmdを実行して、VPN Toolsで動作チェックを行います。
| [root@localhost ~]# ./vpncmd |
| vpncmd command - SoftEther VPN Command Line Management Utility SoftEther VPN Command Line Management Utility (vpncmd command) Version 4.22 Build 9634 (English) Compiled 2016/11/27 15:23:56 by yagi at pc30 Copyright (c) SoftEther VPN Project. All Rights Reserved. By using vpncmd program, the following can be achieved. 1. Management of VPN Server or VPN Bridge 2. Management of VPN Client 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool) Select 1, 2 or 3: 3 「3」を入力してEnterキー VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used. |
| VPN Tools>check ←「check」コマンド入力 |
| Check command - Check whether SoftEther VPN Operation is Possible --------------------------------------------------- SoftEther VPN Operation Environment Check Tool Copyright (c) SoftEther VPN Project. All Rights Reserved. If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait... Checking 'Kernel System'... Pass Checking 'Memory Operation System'... Pass Checking 'ANSI / Unicode string processing system'... Pass Checking 'File system'... Pass Checking 'Thread processing system'... Pass Checking 'Network system'... Pass All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system. The command completed successfully. |
| VPN Tools>exit ←抜ける |
サービスとして起動させる為に、以下のようにスタートアップスクリプトを登録します。
| [root@localhost ~]# vi /etc/init.d/vpnclient |
| #!/bin/sh # # chkconfig: 2345 99 01 # description: SoftEther VPN Client DAEMON=/usr/local/vpnclient/vpnclient LOCK=/var/lock/subsys/vpnclient test -x $DAEMON | exit 0 case "$1" in start) $DAEMON start touch $LOCK ;; stop) $DAEMON stop rm $LOCK ;; restart) $DAEMON stop sleep 3 $DAEMON start ;; *) echo "Usage: $0 {start | stop | restart}" exit 1 esac exit 0 |
| 権限設定をしておきます。 |
| [root@localhost ~]# chmod 755 /etc/init.d/vpnclient |
| 自動起動設定をしておきます。 |
| [root@localhost ~]# chkconfig --add vpnclient |
| [root@localhost ~]# chkconfig --list vpnclient |
| vpnserver 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
以下のコマンドでサービスを開始できます。ただ、自動起動の確認として、サーバを再起動したほうが良いかと思います。
| [root@localhost ~]# /etc/init.d/vpnclient start |
次に、クライアントの設定をvpncmdで行っていきます。
vpncmdについてはこちらに記載されています。
なお、以下の設定は「VPN クライアント接続マネージャ」の「別のコンピュータのSoftEther VPN Clientの管理」からでもできます。
その場合はTCPポート9930を解放しておく必要があります。
| [root@localhost ~]# cd /usr/local/vpnclient/ |
| [root@localhost ~]# ./vpncmd |
| vpncmd command - SoftEther VPN Command Line Management Utility SoftEther VPN Command Line Management Utility (vpncmd command) Version 4.22 Build 9634 (English) Compiled 2016/11/27 15:23:56 by yagi at pc30 Copyright (c) SoftEther VPN Project. All Rights Reserved. By using vpncmd program, the following can be achieved. 1. Management of VPN Server or VPN Bridge 2. Management of VPN Client 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool) Select 1, 2 or 3: 2 「2」を入力してEnterキー Specify the host name or IP address of the computer that the destination VPN Client is operating on. If nothing is input and Enter is pressed, connection will be made to localhost (this computer). Hostname of IP Address of Destination: #リターン Connected to VPN Client "localhost". |
| VPN Client> |
NicCreateコマンドで作成します。ここでは"VPN"という名前で作成します。
| VPN Client>NicCreate VPN |
| NicCreate command - Create New Virtual Network Adapter The command completed successfully. |
| VPN Client>NicList |
| NicList command - Get List of Virtual Network Adapters Item | Value ----------------------------+----------------------------------- Virtual Network Adapter Name | VPN Status | Enabled MAC Address | 00ACDE96CE73 Version | Version 4.22 Build 9634 (English) The command completed successfully. |
| VPN Client> |
AccountCreateコマンドで作成します。ここでは"VPN_Server"という名前で作成します。
サーバのホスト名や、HUB名、ユーザ名はVPNサーバ設定で行った設定を参照して下さい。
NIC名はLAN カードの作成で作成したNIC名です。
| VPN Client>AccountCreate VPN_Server /SERVER:XXX.XXX.XXX.XXX:443 /HUB:VPN /USERNAME:admin /NICNAME:VPN |
| AccountCreate command - Create New VPN Connection Setting The command completed successfully. |
| VPN Client>AccountList |
| AccountList command - Get List of VPN Connection Settings Item | Value ----------------------------+-------------------------------------------- VPN Connection Setting Name | VPN_Server Status | Offline VPN Server Hostname | XXX.XXX.XXX.XXX:443 (Direct TCP/IP Connection) Virtual Hub | VPN Virtual Network Adapter Name | VPN The command completed successfully. |
AccountPasswordSetコマンドで設定します。パスワードはVPNサーバ設定で行った設定を参照して下さい。
| VPN Client>AccountPasswordSet VPN_Server /PASSWORD:Passw0rd /TYPE:standard |
| AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication The command completed successfully. |
| VPN Client> |
AccountPasswordSetコマンドで設定します。パスワードはVPNサーバ設定で行った設定を参照して下さい。
| VPN Client>AccountStartupSet VPN_Server |
| AccountStartupSet command - Set VPN Connection Setting as Startup Connection The command completed successfully. |
| VPN Client>exit |
次に、下記のように設定しNICにDHCPでIPが振られるように設定します。
| [root@localhost ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-vpn_vpn |
| [root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-vpn_vpn |
変更点としてはDEVICE名をNIC名にするのと、PEERDNSをnoに設定する2点となります。
| DEVICE=vpn_vpn BOOTPROTO=dhcp ONBOOT=yes TYPE=Ethernet USERCTL=yes PEERDNS=no DHCPV6C=yes DHCPV6C_OPTIONS=-nw PERSISTENT_DHCLIENT=yes RES_OPTIONS="timeout:2 attempts:5" DHCP_ARP_CHECK=no NM_CONTROLLED=no |
| [root@localhost ~]# ifdown vpn_vpn |
| [root@localhost ~]# ifup vpn_vpn |
| Determining IP information for vpn_vpn... done. Determining IPv6 information for vpn_vpn... done. |
| [root@localhost ~]# ifconfig |
| ~(略)~ vpn_vpn Link encap:Ethernet HWaddr 00:AC:DE:96:CE:73 inet addr:200.1.1.1 Bcast:200.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2ac:deff:fe96:ce73/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1963 errors:0 dropped:0 overruns:0 frame:0 TX packets:1518 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:198576 (193.9 KiB) TX bytes:273806 (267.3 KiB) |
公式ドキュメントで解説されているように、上記と同様にVPN Clientを導入したPCを用意すると、あとはクライアント同士で通信が可能です。
IPアドレスの割り当てに問題がある場合は、更にrouteの設定などが必要かもしれません。
