사내 VPN이 필요하여 검색하던중 괜찮은 VPN프로그램을 찾았다.
Softether – https://www.softether.org
OpenSource 기반으로 Apache License 정책을 가지고 있다.
Window / Linux / Mac 등 다양한 OS를 지원한다.
무엇보다 L2TP/IPSec을 지원하여 mac, iphone 등에서 별도의 프로그램 설치없이 사용가능하다.
LDAP 연동의 되지 않지만 Radius를 지원하여 FreeRadius-Ldap을 설치하여 연동 가능함
설치하면서 작성한것이 아니고 설치 후 기억을 토대로 작성하여 정확하지 않을 수 있음.
- 필요한 라이브러리 설치
$ sudo apt install -y build-essential openssl wget vim
- 프로그램 다운로드
$ wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.29-9680-rtm/softether-vpnserver-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz
- 압축 해제
$ tar xvzf softether-vpnserver-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz
$ sudo -i
# mv vpnserver /etc
# cd /etc/vpnserver && make (라이선스 관련 메시지가 나오는데 모두 1번 yes)
- 실행 중지 스크립트 생성
# vi /etc/init.d/vpnserver
#!/bin/sh
DAEMON=/etc/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
- 권한주기
# chmod 755 /etc/init.d/vpnserver
- subsys 폴더 생성
# mkdir -p /var/lock/subsys/vpnserver
- 서비스 실행
# /etc/init.d/vpnserver start
- 자동실행 등록
# update-rc.d vpnserver defaults
이제부터 설정 시작
# ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.29 Build 9680 (English)
Compiled 2019/02/28 19:22:54 by yagi at pc33
Copyright (c) SoftEther VPN Project. All Rights Reserved.
By using vpncmd program, the following can be achieved.
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 1
Specify the host name or IP address of the computer that the destination VPN Server or VPN Bridge is operating on.
By specifying according to the format 'host name:port number', you can also specify the port number.
(When the port number is unspecified, 443 is used.)
If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer).
Hostname of IP Address of Destination: (엔터)
If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name.
If connecting by server admin mode, please press Enter without inputting anything.
Specify Virtual Hub Name: (엔터)
Connection has been established with VPN Server "localhost" (port 443).
You have administrator privileges for the entire VPN Server.
VPN Server>
ADMIN 비밀번호 설정
VPN Server>ServerPasswordSet
ServerPasswordSet command - Set VPN Server Administrator Password
Please enter the password. To cancel press the Ctrl+D key.
Password: ********
Confirm input: ********
The command completed successfully.
VPN Server>
HUB 생성
VPN Server>HubCreate Office
HubCreate command - Create New Virtual Hub
Please enter the password. To cancel press the Ctrl+D key.
Password: ********
Confirm input: ********
The command completed successfully.
VPN Server>
HUB 설정
VPN Server>hub Office
Hub command - Select Virtual Hub to Manage
The Virtual Hub "Office" has been selected.
The command completed successfully.
VPN Server/Office>
NAT 설정 – NAT Enable
VPN Server/Office>SecureNatEnable
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.
VPN Server/Office>
NAT 설정 – NAT 대역 설정
VPN Server/Office>SecureNatHostSet
SecureNatHostSet command - Change Network Interface Setting of Virtual Host of SecureNAT Function
MAC Address: 5E-B2-07-94-2E-5F
IP Address: 172.16.10.1
Subnet Mask: 255.255.255.0
The command completed successfully.
VPN Server/Office>
VPN Server/Office>DhcpSet
DhcpSet command - Change Virtual DHCP Server Function Setting of SecureNAT Function
Start Point for Distributed Address Band: 172.16.10.10
End Point for Distributed Address Band: 172.16.10.200
Subnet Mask: 255.255.255.0
Lease Limit (Seconds): 7200
Default Gateway ('none' to not set this): 172.16.10.1
DNS Server 1 ('none' to not set this): 172.16.10.1
DNS Server 2 ('none' to not set this): 8.8.8.8
Domain Name:
Save Log (yes / no): yes
The command completed successfully.
사용자 생성
VPN Server/Office>UserCreate mars
UserCreate command - Create User
Assigned Group Name:
User Full Name: David Choi
User Description: David
The command completed successfully.
VPN Server/Office>
VPN Server/Office>UserPasswordSet mars
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
Please enter the password. To cancel press the Ctrl+D key.
Password: ********
Confirm input: ********
The command completed successfully.
VPN Server/Office>
L2TP / IPSEC 설정
VPN Server/Office>IPsecEnable
IPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes
Enable Raw L2TP Server Function (yes / no): yes
Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): no
Pre Shared Key for IPsec (Recommended: 9 letters at maximum): 123456789 (공유키)
Default Virtual HUB in a case of omitting the HUB on the Username: Office
The command completed successfully.
VPN Server/Office>
이제 맥에서 접속해보면 된다.
NAT 설정 – NAT 대역 설정에서
MAC Address는 서버로 사용하고자 하는 컴퓨터의 주소를 입력하는 건가요?
IP Address는 아무거나 사용하면 되나요?
서버에서 외부와 통신하고자 하는 주소를 재 맘대로 설정하면 되는건가요?
vpn이나 네트워크 관련해서 자세하게는 잘 몰라서 질문이 맞는지 모르겠네요 .. ㅎ
답변 기다리겠습니다.
기억이 가물가물 하긴 한데요.. 가상의 네트워크를 만드는 거라 적당한 mac address를 임의로 입력하시면 될꺼예요.
IP는 사설IP대역을 사용하시는게 좋습니다. 외부 아이피랑 겹치면 문제가 발생할 수 있기때문에 보통 사설 아이피 대역을 씁니다.
사설 IP 대역
10.0.0.0~10.255.255.255
172.16.0.0~172.31.255.255
192.168.0.0~192.168.255.255