Line 1: |
Line 1: |
| + | {{Warning box|This How-to while still working in March 2020, is outdated. |
| + | Please note that a contribs is now available here [[Softethervpn-server]] to configure a Softethernet server on a SME as Server Gateway. |
| + | You can still use as reference this page for the windows client configuration and for the configuration on a server only.}} |
| + | |
| ==Maintainer== | | ==Maintainer== |
| This howto has been developed by [[User:beckynet|Olivier Beeckmans]] | | This howto has been developed by [[User:beckynet|Olivier Beeckmans]] |
Line 26: |
Line 30: |
| In SME Server Manager set the following rules under Security -> Port Forwarding: | | In SME Server Manager set the following rules under Security -> Port Forwarding: |
| | | |
− | {| border="1" cellspacing="0" | + | {| cellspacing="0" border="1" |
| |Protocol | | |Protocol |
| |Source Port(s) | | |Source Port(s) |
Line 288: |
Line 292: |
| | | |
| ==Radius authentication== | | ==Radius authentication== |
− | {{Note box|Softether VPN by default accepts a maximum of 9 charachters as the Pre-shared Key due to possible issues with Android. The default key length of SME Server is 31, thus this may be too much for Softether VPN when used with Andorid clients. Since the PSK of SME Server is automatically generated at the time of template expansion (e.g. signal-event remoteaccess-update) and NOT stored in a db key (as it probably should), one can not set the pre-saherd key manually by a db property setting. Testing of the below has been done by manually custom templates limiting the PSK length to 9. A NFR for SME Server has been submitted via bug #10358.}}
| |
− |
| |
− | PSK lengths greater than 9 characters ARE able to be entered and saved, See following post from Softhere forums and English lang dialog box that is referenced in that post: http://www.vpnusers.com/viewtopic.php?f=7&t=8405 it requires the answering of the following dialog box with '''No''' to set a PSK length greater than 9, beware of issues with Android when length is greater than 10
| |
− |
| |
− | [[Image:Softether-psk.png|500px]]
| |
− |
| |
− | To overcome the limitation of Softether to accept more then 9 characters as a PSK we need to create custom templates that limit the SME Server PSK to 9 characters only:
| |
− | mkdir -p /etc/e-smith/templates-custom/etc/raddb/clients.conf
| |
− | nano -w /etc/e-smith/templates-custom/etc/raddb/clients.conf/10localhost
| |
− | with the following content:
| |
− | {
| |
− | use esmith::util;
| |
− | $pw = esmith::util::LdapPassword;
| |
− | $pw =~ s/^(.{9}).*$/$1/;
| |
− | "";
| |
− | }
| |
− | client localhost \{
| |
− | {
| |
− | } secret = { $pw }
| |
− | {
| |
− | } shortname = localhost
| |
− | {
| |
− | } nastype = other
| |
− | {
| |
− | }\}
| |
− |
| |
− | and
| |
− | mkdir -p /etc/e-smith/templates-custom/etc/radiusclient-ng/servers
| |
− | nano -w /etc/e-smith/templates-custom/etc/radiusclient-ng/servers/10localhost
| |
− | with the following content:
| |
− | {
| |
− | use esmith::util;
| |
− | $pw = esmith::util::LdapPassword;
| |
− | $pw =~ s/^(.{9}).*$/$1/;
| |
− | "";
| |
− | }
| |
− | localhost { $pw; }
| |
− |
| |
| | | |
| A custom template fragment is required to force ldap authentication for Radius. Create the template fragment: | | A custom template fragment is required to force ldap authentication for Radius. Create the template fragment: |
| mkdir -p /etc/e-smith/templates-custom/etc/raddb/users/ | | mkdir -p /etc/e-smith/templates-custom/etc/raddb/users/ |
− | nano -w /etc/e-smith/templates-custom/etc/raddb/users/40ldap | + | echo "DEFAULT Auth-Type := LDAP" > /etc/e-smith/templates-custom/etc/raddb/users/40ldap |
− | and enter the following content and save:
| |
− | DEFAULT Auth-Type := LDAP
| |
| Then we need to expand the template fragments and restart radiusd: | | Then we need to expand the template fragments and restart radiusd: |
| signal-event remoteaccess-update | | signal-event remoteaccess-update |
Line 404: |
Line 368: |
| rm -f /etc/e-smith/templates-custom/etc/raddb/users/40ldap | | rm -f /etc/e-smith/templates-custom/etc/raddb/users/40ldap |
| signal-event post-upgrade; signal-event reboot | | signal-event post-upgrade; signal-event reboot |
− |
| |
− | ==TODO==
| |
− | Create a rpm with softether vpnserver RTM<BR>
| |
− | Create a rpm with a bridge for softether (The smeserver-bridge-interface can do this)<BR>
| |
− | <s>Use SME Radius</s>
| |
| | | |
| ==Hints and tips== | | ==Hints and tips== |