Softether VPN install in Ubuntu 18.04

By | 2020년 3월 31일

사내 VPN이 필요하여 검색하던중 괜찮은 VPN프로그램을 찾았다.

Softether – https://www.softether.org

OpenSource 기반으로 Apache License 정책을 가지고 있다.

Window / Linux / Mac 등 다양한 OS를 지원한다.

무엇보다 L2TP/IPSec을 지원하여 mac, iphone 등에서 별도의 프로그램 설치없이 사용가능하다.

LDAP 연동의 되지 않지만 Radius를 지원하여 FreeRadius-Ldap을 설치하여 연동 가능함

설치하면서 작성한것이 아니고 설치 후 기억을 토대로 작성하여 정확하지 않을 수 있음.

- 필요한 라이브러리 설치
$ sudo apt install -y build-essential openssl wget vim

- 프로그램 다운로드
$ wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.29-9680-rtm/softether-vpnserver-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz

- 압축 해제
$ tar xvzf softether-vpnserver-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz

$ sudo -i
# mv vpnserver /etc
# cd /etc/vpnserver && make (라이선스 관련 메시지가 나오는데 모두 1번 yes)

- 실행 중지 스크립트 생성
# vi /etc/init.d/vpnserver

#!/bin/sh
DAEMON=/etc/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

- 권한주기
# chmod 755 /etc/init.d/vpnserver
- subsys 폴더 생성
# mkdir -p /var/lock/subsys/vpnserver
- 서비스 실행
# /etc/init.d/vpnserver start
- 자동실행 등록
# update-rc.d vpnserver defaults

이제부터 설정 시작

# ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.29 Build 9680   (English)
Compiled 2019/02/28 19:22:54 by yagi at pc33
Copyright (c) SoftEther VPN Project. All Rights Reserved.

By using vpncmd program, the following can be achieved. 

1. Management of VPN Server or VPN Bridge 
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 1
Specify the host name or IP address of the computer that the destination VPN Server or VPN Bridge is operating on. 
By specifying according to the format 'host name:port number', you can also specify the port number. 
(When the port number is unspecified, 443 is used.)
If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer).
Hostname of IP Address of Destination: (엔터)

If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name. 
If connecting by server admin mode, please press Enter without inputting anything.
Specify Virtual Hub Name: (엔터)
Connection has been established with VPN Server "localhost" (port 443).

You have administrator privileges for the entire VPN Server.

VPN Server>

ADMIN 비밀번호 설정

VPN Server>ServerPasswordSet
ServerPasswordSet command - Set VPN Server Administrator Password
Please enter the password. To cancel press the Ctrl+D key.

Password: ********
Confirm input: ********


The command completed successfully.
VPN Server>

HUB 생성

VPN Server>HubCreate Office
HubCreate command - Create New Virtual Hub
Please enter the password. To cancel press the Ctrl+D key.

Password: ********
Confirm input: ********


The command completed successfully.

VPN Server>

HUB 설정

VPN Server>hub Office
Hub command - Select Virtual Hub to Manage
The Virtual Hub "Office" has been selected.
The command completed successfully.

VPN Server/Office>

NAT 설정 – NAT Enable

VPN Server/Office>SecureNatEnable
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.

VPN Server/Office>

NAT 설정 – NAT 대역 설정

VPN Server/Office>SecureNatHostSet
SecureNatHostSet command - Change Network Interface Setting of Virtual Host of SecureNAT Function
MAC Address: 5E-B2-07-94-2E-5F

IP Address: 172.16.10.1

Subnet Mask: 255.255.255.0

The command completed successfully.

VPN Server/Office>
VPN Server/Office>DhcpSet
DhcpSet command - Change Virtual DHCP Server Function Setting of SecureNAT Function
Start Point for Distributed Address Band: 172.16.10.10

End Point for Distributed Address Band: 172.16.10.200

Subnet Mask: 255.255.255.0

Lease Limit (Seconds): 7200

Default Gateway ('none' to not set this): 172.16.10.1

DNS Server 1 ('none' to not set this): 172.16.10.1

DNS Server 2 ('none' to not set this): 8.8.8.8

Domain Name: 

Save Log (yes / no): yes

The command completed successfully.

사용자 생성

VPN Server/Office>UserCreate mars
UserCreate command - Create User 
Assigned Group Name: 

User Full Name: David Choi

User Description: David

The command completed successfully.

VPN Server/Office>
VPN Server/Office>UserPasswordSet mars
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
Please enter the password. To cancel press the Ctrl+D key.

Password: ********
Confirm input: ********


The command completed successfully.

VPN Server/Office>

L2TP / IPSEC 설정

VPN Server/Office>IPsecEnable
IPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes

Enable Raw L2TP Server Function (yes / no): yes

Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): no

Pre Shared Key for IPsec (Recommended: 9 letters at maximum): 123456789 (공유키)

Default Virtual HUB in a case of omitting the HUB on the Username: Office

The command completed successfully.

VPN Server/Office>

이제 맥에서 접속해보면 된다.

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다