#author("2018-08-27T18:12:37+09:00","","")
[[CentOS7]]

*SoftEther VPN Client でVPN接続をする [#a282268b]
''SoftEther VPN'' を使用して''CentOS 7'' を''VPN''クライアントとして''VPN''サーバーに接続することを目的としたインストール手順、および、設定。



*ダウンロード [#b323f0b2]
[[SoftEther ダウンロード センター>http://www.softether-download.com/ja.aspx?product=softether]]からダウンロードします。

-ダウンロードするソフトウェア:SoftEther VPN (Freeware)
-コンポーネント:SoftEther VPN Client
-プラットフォーム:Linux
-CPU:Intel x64 / AMD 64 (64bit)



*パッケージの解凍 [#te8fd928]
tarで解凍します。

|BGCOLOR(black):COLOR(white):|c
|[root@localhost ~]# tar zxvf softether-vpnclient-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gz|



*実行可能ファイルの生成 [#leef1590]
''make''を実行して、使用権許諾契約書を読むために1を選択します。

|BGCOLOR(black):COLOR(white):|c
|[root@localhost ~]# cd vpnserver/|
|[root@localhost ~]# make|
|-------------------------------------------------------------------- &br;  &br; SoftEther VPN Client (Ver 4.22, Build 9634, Intel x64 / AMD64) for Linux Install Utility &br; Copyright (c) SoftEther Project at University of Tsukuba, Japan. All Rights Reserved. &br;  &br; -------------------------------------------------------------------- &br;  &br;  &br; Do you want to read the License Agreement for this software ? &br;  &br;  1. Yes &br;  2. No &br;  &br; Please choose one of above number: &br;  &br; &color(lightpink){1}; &color(lime){「1」を入力してEnterキー};|
|&color(lime){使用権許諾契約書を読んで承諾したら、それぞれ1をクリックします。};|
|Did you read and understand the License Agreement ? &br; (If you couldn't read above text, Please read 'ReadMeFirst_License.txt' &br;  file with any text editor.) &br;  &br;  1. Yes &br;  2. No &br;  &br; Please choose one of above number: &br; &color(lightpink){1}; &color(lime){「1」を入力してEnterキー}; &br;  &br;  &br; Did you agree the License Agreement ? &br;  &br; 1. Agree &br; 2. Do Not Agree &br;  &br; Please choose one of above number: &br; &color(lightpink){1}; &color(lime){「1」を入力してEnterキー}; &br;  &br; make[1]: Entering directory `/home/ec2-user/Installer/vpnclient' &br; Preparing SoftEther VPN Client... &br; ranlib lib/libcharset.a &br; ranlib lib/libcrypto.a &br; ranlib lib/libedit.a &br; ranlib lib/libiconv.a &br; ranlib lib/libintelaes.a &br; ranlib lib/libncurses.a &br; ranlib lib/libssl.a &br; ranlib lib/libz.a &br; ranlib code/vpnclient.a &br; gcc code/vpnclient.a -O2 -fsigned-char -pthread -m64 -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -o vpnclient &br; ranlib code/vpncmd.a &br; gcc code/vpncmd.a -O2 -fsigned-char -pthread -m64 -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -o vpncmd &br;  &br; -------------------------------------------------------------------- &br; The preparation of SoftEther VPN Client is completed ! &br;  &br;  &br; *** How to switch the display language of the SoftEther VPN Client Service *** &br; SoftEther VPN Client supports the following languages: &br;   - Japanese &br;   - English &br;   - Simplified Chinese &br;  &br; You can choose your prefered language of SoftEther VPN Client at any time. &br; To switch the current language, open and edit the 'lang.config' file. &br;  &br;  &br; *** How to start the SoftEther VPN Client Service *** &br;  &br; Please execute './vpnclient start' to run the SoftEther VPN Client Background Service. &br; And please execute './vpncmd' to run the SoftEther VPN Command-Line Utility to configure SoftEther VPN Client. &br;  &br; Of course, you can use the VPN Server Manager GUI Application for Windows / Mac OS X on the other Windows / Mac OS X computers in order to configure the SoftEther VPN Client remotely. &br;  &br;  &br; *** For Windows users *** &br; You can download the SoftEther VPN Server Manager for Windows &br; from the http://www.softether-download.com/ web site. &br; This manager application helps you to completely and easily manage the VPN server services running in remote hosts. &br;  &br;  &br; *** For Mac OS X users *** &br; In April 2016 we released the SoftEther VPN Server Manager for Mac OS X. &br; You can download it from the http://www.softether-download.com/ web site. &br; VPN Server Manager for Mac OS X works perfectly as same as the traditional Windows versions. It helps you to completely and easily manage the VPN server services running in remote hosts. &br;  &br; -------------------------------------------------------------------- &br;  &br; make[1]: Leaving directory `/home/ec2-user/Installer/vpnclient'|



*VPN Client の配置 [#cf484751]
''make''したファイルをそのまま移動させます。
|[root@localhost ~]# cd ..|
|[root@localhost ~]# mv vpnclient /usr/local|
|&color(lime){権限を変更しておきます。};|
|[root@localhost ~]# chown -R root:root /usr/local/vpnclient/|
|[root@localhost ~]# cd /usr/local/vpnclient/|
|[root@localhost ~]# chmod 600 *|
|[root@localhost ~]# chmod 700 vpncmd|
|[root@localhost ~]# chmod 700 vpnclient|



*vpncmd の check コマンドによる動作チェック [#cc635759]
''vpncmd''を実行して、''VPN Tools''で動作チェックを行います。
|BGCOLOR(black):COLOR(white):|c
|[root@localhost ~]# ./vpncmd|
|vpncmd command - SoftEther VPN Command Line Management Utility &br; SoftEther VPN Command Line Management Utility (vpncmd command) &br; Version 4.22 Build 9634   (English) &br; Compiled 2016/11/27 15:23:56 by yagi at pc30 &br; Copyright (c) SoftEther VPN Project. All Rights Reserved. &br;  &br; By using vpncmd program, the following can be achieved. &br;  &br; 1. Management of VPN Server or VPN Bridge &br; 2. Management of VPN Client &br; 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool) &br;  &br; Select 1, 2 or 3: &color(lightpink){3}; &color(lime){「3」を入力してEnterキー}; &br;  &br; VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used.|
|VPN Tools>&color(lightpink){check}; &color(lime){←「check」コマンド入力};|
|Check command - Check whether SoftEther VPN Operation is Possible &br; --------------------------------------------------- &br; SoftEther VPN Operation Environment Check Tool &br;  &br; Copyright (c) SoftEther VPN Project. &br; All Rights Reserved. &br;  &br; If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait... &br;  &br; Checking 'Kernel System'... &br;               Pass &br; Checking 'Memory Operation System'... &br;               Pass &br; Checking 'ANSI / Unicode string processing system'... &br;               Pass &br; Checking 'File system'... &br;               Pass &br; Checking 'Thread processing system'... &br;               Pass &br; Checking 'Network system'... &br;               Pass &br;  &br; All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system. &br;  &br; The command completed successfully.|
|VPN Tools>&color(lightpink){exit}; &color(lime){←抜ける};|



*スタートアップスクリプトへの登録 [#ea5b495a]
サービスとして起動させる為に、以下のようにスタートアップスクリプトを登録します。

|BGCOLOR(black):COLOR(white):|c
|[root@localhost ~]# vi /etc/init.d/vpnclient|
|#!/bin/sh &br; # &br; # chkconfig: 2345 99 01 &br; # description: SoftEther VPN Client &br;  &br; DAEMON=/usr/local/vpnclient/vpnclient &br; LOCK=/var/lock/subsys/vpnclient &br;  &br; test -x $DAEMON || exit 0 &br;  &br; case "$1" in &br;   start) &br;     $DAEMON start &br;     touch $LOCK &br;     ;; &br;   stop) &br;     $DAEMON stop &br;     rm $LOCK &br;     ;; &br;   restart) &br;     $DAEMON stop &br;     sleep 3 &br;     $DAEMON start &br;     ;; &br;   *) &br;     echo "Usage: $0 {start|stop|restart}" &br;     exit 1 &br; esac &br;  &br; exit 0|
|&color(lime){権限設定をしておきます。};|
|[root@localhost ~]# chmod 755 /etc/init.d/vpnclient|
|&color(lime){自動起動設定をしておきます。};|
|[root@localhost ~]# chkconfig --add vpnclient|
|[root@localhost ~]# chkconfig --list vpnclient|
|vpnserver       0:off   1:off   2:on    3:on    4:on    5:on    6:off|



*サービスの開始と停止 [#cf726abd]
以下のコマンドでサービスを開始できます。ただ、自動起動の確認として、サーバを再起動したほうが良いかと思います。

|BGCOLOR(black):COLOR(white):|c
|[root@localhost ~]# /etc/init.d/vpnclient start|



*クライアントの設定・管理 [#t6c79560]
次に、クライアントの設定を''vpncmd''で行っていきます。

''vpncmd''については[[こちら>https://ja.softether.org/4-docs/1-manual/6/6.5]]に記載されています。

なお、以下の設定は「''VPN'' クライアント接続マネージャ」の「別のコンピュータのSoftEther VPN Clientの管理」からでもできます。

その場合は''TCP''ポート''9930''を解放しておく必要があります。

|BGCOLOR(black):COLOR(white):|c
|[root@localhost ~]# cd /usr/local/vpnclient/|
|[root@localhost ~]# ./vpncmd|
|vpncmd command - SoftEther VPN Command Line Management Utility &br; SoftEther VPN Command Line Management Utility (vpncmd command) &br; Version 4.22 Build 9634   (English) &br; Compiled 2016/11/27 15:23:56 by yagi at pc30 &br; Copyright (c) SoftEther VPN Project. All Rights Reserved. &br;  &br; By using vpncmd program, the following can be achieved. &br;  &br; 1. Management of VPN Server or VPN Bridge &br; 2. Management of VPN Client &br; 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool) &br;  &br; Select 1, 2 or 3: &color(lightpink){2}; &color(lime){「2」を入力してEnterキー}; &br;  &br; Specify the host name or IP address of the computer that the destination VPN Client is operating on. &br; If nothing is input and Enter is pressed, connection will be made to localhost (this computer). &br; Hostname of IP Address of Destination: &color(lime){#リターン}; &br;  &br; Connected to VPN Client "localhost".|
|VPN Client>|



*新規仮想 LAN カードの作成 [#w3791846]
''NicCreate''コマンドで作成します。ここでは"''VPN''"という名前で作成します。

|BGCOLOR(black):COLOR(white):|c
|VPN Client>NicCreate VPN|
|NicCreate command - Create New Virtual Network Adapter &br; The command completed successfully.|
|VPN Client>NicList|
|NicList command - Get List of Virtual Network Adapters &br; Item                        |Value &br; ----------------------------+----------------------------------- &br; Virtual Network Adapter Name|VPN &br; Status                      |Enabled &br; MAC Address                 |00ACDE96CE73 &br; Version                     |Version 4.22 Build 9634   (English) &br; The command completed successfully.|
|VPN Client>|



*新しい接続設定の作成 [#ked3456a]
''AccountCreate''コマンドで作成します。ここでは"''VPN_Server''"という名前で作成します。

サーバのホスト名や、''HUB''名、ユーザ名は''VPN''サーバ設定で行った設定を参照して下さい。

''NIC''名は''LAN'' カードの作成で作成した''NIC''名です。

|BGCOLOR(black):COLOR(white):|c
|VPN Client>AccountCreate VPN_Server /SERVER:XXX.XXX.XXX.XXX:443 /HUB:VPN /USERNAME:admin /NICNAME:VPN|
|AccountCreate command - Create New VPN Connection Setting &br; The command completed successfully.|
|VPN Client>AccountList|
|AccountList command - Get List of VPN Connection Settings &br; Item                        |Value &br; ----------------------------+-------------------------------------------- &br; VPN Connection Setting Name |VPN_Server &br; Status                      |Offline &br; VPN Server Hostname         |XXX.XXX.XXX.XXX:443 (Direct TCP/IP Connection) &br; Virtual Hub                 |VPN &br; Virtual Network Adapter Name|VPN &br; The command completed successfully.|



*接続設定のユーザー認証の種類をパスワード認証に設定 [#bbb44f1d]
''AccountPasswordSet''コマンドで設定します。パスワードは''VPN''サーバ設定で行った設定を参照して下さい。

|BGCOLOR(black):COLOR(white):|c
|VPN Client>AccountPasswordSet VPN_Server /PASSWORD:Passw0rd /TYPE:standard|
|AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication &br; The command completed successfully.|
|VPN Client>|



*接続設定をスタートアップ接続に設定 [#q3d23c4b]
''AccountPasswordSet''コマンドで設定します。パスワードは''VPN''サーバ設定で行った設定を参照して下さい。

|BGCOLOR(black):COLOR(white):|c
|VPN Client>AccountStartupSet VPN_Server|
|AccountStartupSet command - Set VPN Connection Setting as Startup Connection &br; The command completed successfully.|
|VPN Client>exit|



*NICの設定 [#s585c25a]
次に、下記のように設定し''NIC''に''DHCP''で''IP''が振られるように設定します。

|BGCOLOR(black):COLOR(white):|c
|[root@localhost ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-vpn_vpn|
|[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-vpn_vpn|


変更点としてはDEVICE名をNIC名にするのと、PEERDNSをnoに設定する2点となります。
|BGCOLOR(black):COLOR(white):|c
|DEVICE=vpn_vpn &br; BOOTPROTO=dhcp &br; ONBOOT=yes &br; TYPE=Ethernet &br; USERCTL=yes &br; PEERDNS=no &br; DHCPV6C=yes &br; DHCPV6C_OPTIONS=-nw &br; PERSISTENT_DHCLIENT=yes &br; RES_OPTIONS="timeout:2 attempts:5" &br; DHCP_ARP_CHECK=no  &br; NM_CONTROLLED=no|



*設定したら、NICを立ち上げ直します。 [#wb509d5f]
|BGCOLOR(black):COLOR(white):|c
|[root@localhost ~]# ifdown vpn_vpn|
|[root@localhost ~]# ifup vpn_vpn|
|Determining IP information for vpn_vpn... done. &br;  &br; Determining IPv6 information for vpn_vpn... done.|
|[root@localhost ~]# ifconfig|
|&color(lime){~(略)~}; &br; vpn_vpn   Link encap:Ethernet  HWaddr 00:AC:DE:96:CE:73 &br;           inet addr:200.1.1.1  Bcast:200.1.1.255  Mask:255.255.255.0 &br;           inet6 addr: fe80::2ac:deff:fe96:ce73/64 Scope:Link &br;           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 &br;           RX packets:1963 errors:0 dropped:0 overruns:0 frame:0 &br;           TX packets:1518 errors:0 dropped:0 overruns:0 carrier:0 &br;           collisions:0 txqueuelen:1000 &br;           RX bytes:198576 (193.9 KiB)  TX bytes:273806 (267.3 KiB)|



*クライアント同士の通信について [#y88aeb85]
[[公式ドキュメントで解説されている>https://ja.softether.org/4-docs/1-manual/A/10.3]]ように、上記と同様に''VPN Client''を導入した''PC''を用意すると、あとはクライアント同士で通信が可能です。

IPアドレスの割り当てに問題がある場合は、更に''route''の設定などが必要かもしれません。
トップ   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS