SoftEther VPN オープンソース版をCentOS7に30分でインストールしてみた。

環境

OS:   CentOS Linux 7 (Core)
VCPU: 1
MEM:  512MB
VPS:  ConoHa

手順

1.パッケージを追加
2.SoftEtherソースコードをダウンロード
3.SoftEtherのシステムチェック
4.Firewalldにサービスを追加

1.パッケージを追加

# yum install -y gcc make wget

2.SoftEtherソースコードをダウンロード

作業ディレクトに移動

# cd /usr/local/src

ソースコードをダウンロード

# wget http://jp.softether-download.com/files/softether/v4.22-9634-beta-2016.11.27-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gz

ダウンロードしたソースコードを展開

# tar -zxvf softether-vpnserver-v4.22-9634-beta-2016.11.27-linux-x64-64bit.tar.gz

展開したディレクトリの場所を変更

# mv vpnserver/ /usr/local/

変更先に移動

# cd /usr/local/vpnserver/

SoftEtherコンパイル

# make

コマンドに実行権限を付与

# chmod 600 ./* && chmod 700 vpncmd && chmod 700 vpnserver

3.SoftEtherのシステムチェック

vpncmdを利用してシステムチェックを実施

# ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.22 Build 9634   (English)
Compiled 2016/11/27 15:23:56 by yagi at pc30
Copyright (c) SoftEther VPN Project. All Rights Reserved.

By using vpncmd program, the following can be achieved.

1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 3

VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used.

VPN Tools>Check
Check command - Check whether SoftEther VPN Operation is Possible
---------------------------------------------------
SoftEther VPN Operation Environment Check Tool

Copyright (c) SoftEther VPN Project.
All Rights Reserved.

If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait...

Checking 'Kernel System'...
              Pass
Checking 'Memory Operation System'...
              Pass
Checking 'ANSI / Unicode string processing system'...
              Pass
Checking 'File system'...
              Pass
Checking 'Thread processing system'...
              Pass
Checking 'Network system'...
              Pass

All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system.

The command completed successfully.

VPN Tools>exit

3.vpnserverの起動と設定

vpnserverを起動

# /usr/local/vpnserver/vpnserver start

Hubの一覧を確認し、Hubに接続。
下記の場合、Hub defaultに接続した。

# ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.22 Build 9634   (English)
Compiled 2016/11/27 15:23:56 by yagi at pc30
Copyright (c) SoftEther VPN Project. All Rights Reserved.

By using vpncmd program, the following can be achieved.

1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 1

Specify the host name or IP address of the computer that the destination VPN Server or VPN Bridge is operating on.
By specifying according to the format 'host name:port number', you can also specify the port number.
(When the port number is unspecified, 443 is used.)
If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer).
Hostname of IP Address of Destination:

If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name.
If connecting by server admin mode, please press Enter without inputting anything.
Specify Virtual Hub Name:
Connection has been established with VPN Server "localhost" (port 443).

You have administrator privileges for the entire VPN Server.

VPN Server>hublist
HubList command - Get List of Virtual Hubs
Item              |Value
------------------+-------------------
Virtual Hub Name  |DEFAULT
Status            |Online
Type              |Standalone
Users             |0
Groups            |0
Sessions          |0
MAC Tables        |0
IP Tables         |0
Num Logins        |0
Last Login        |2017-05-28 15:22:13
Last Communication|2017-05-28 15:22:13
Transfer Bytes    |0
Transfer Packets  |0
The command completed successfully.

VPN Server>Hub default
Hub command - Select Virtual Hub to Manage
The Virtual Hub "DEFAULT" has been selected.
The command completed successfully.

VPN Server/DEFAULT>

ユーザを作成。
下記の場合、hogehogeユーザを作成した。

VPN Server/DEFAULT>UserCreate
UserCreate command - Create User
User Name: hogehoge

Assigned Group Name:

User Full Name:

User Description:

The command completed successfully.

作成したユーザを確認。

VPN Server/DEFAULT>UserList
UserList command - Get List of Users
Item            |Value
----------------+-----------------------
User Name       |hogehoge
Full Name       |
Group Name      |-
Description     |
Auth Method     |Password Authentication
Num Logins      |0
Last Login      |(None)
Expiration Date |No Expiration
Transfer Bytes  |0
Transfer Packets|0
The command completed successfully.

作成したユーザにパスワードを設定。

VPN Server/DEFAULT>UserPasswordSet
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
User Name: hogehoge

Please enter the password. To cancel press the Ctrl+D key.

Password: ********
Confirm input: ********


The command completed successfully.

IPsecを有効化。
Pre Shared Keyは、適時変更すること。

VPN Server/DEFAULT>IPsecEnable
IPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes

Enable Raw L2TP Server Function (yes / no): no

Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): no

Pre Shared Key for IPsec (Recommended: 9 letters at maximum): vpn

Default Virtual HUB in a case of omitting the HUB on the Username: DEFAULT

The command completed successfully.

仮想 NAT および DHCP サーバー機能の有効化。

VPN Server/DEFAULT>SecureNatEnable
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.

4.Firewalldにサービスを追加

# firewall-cmd --add-service=ipsec --permanent
# firewall-cmd --reload

参考サイト

iPhoneからの接続方法などは、下記サイトを参考にどうぞ RaspberryPi1でSoftEther設定してみた