Changes

Jump to navigation Jump to search

SoftEther VPN (view source)

Revision as of 07:53, 18 April 2021

319 bytes removed ,  07:53, 18 April 2021
→‎Hints and tips
Line 1: Line 1:  +
{{Warning box|This How-to while still working in March 2020, is outdated.
 +
Please note that a contribs is now available here [[Softethervpn-server]] to configure a Softethernet server on a SME as Server Gateway.
 +
You can still use as reference this page for the windows client configuration and for the configuration on a server only.}}
 +
 
==Maintainer==
 
==Maintainer==
 
This howto has been developed by [[User:beckynet|Olivier Beeckmans]]
 
This howto has been developed by [[User:beckynet|Olivier Beeckmans]]
Line 84: Line 88:  
|-
 
|-
 
|}
 
|}
      
or you can manually add the portforwarding rules:
 
or you can manually add the portforwarding rules:
Line 105: Line 108:     
  cd /opt
 
  cd /opt
  wget http://www.softether-download.com/files/softether/v4.20-9608-rtm-2016.04.17-tree/Linux/SoftEther_VPN_Server/32bit_-_Intel_x86/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x86-32bit.tar.gz
+
  wget http://www.softether-download.com/files/softether/v4.25-9656-rtm-2018.01.15-tree/Linux/SoftEther_VPN_Server/32bit_-_Intel_x86/softether-vpnserver-v4.25-9656-rtm-2018.01.15-linux-x86-32bit.tar.gz
 
  tar zxvf softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x86-32bit.tar.gz
 
  tar zxvf softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x86-32bit.tar.gz
 
  cd vpnserver
 
  cd vpnserver
Line 114: Line 117:     
  cd /opt
 
  cd /opt
  wget http://www.softether-download.com/files/softether/v4.20-9608-rtm-2016.04.17-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit.tar.gz
+
  wget http://www.softether-download.com/files/softether/v4.25-9656-rtm-2018.01.15-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.25-9656-rtm-2018.01.15-linux-x64-64bit.tar.gz
 
  tar zxvf softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit.tar.gz
 
  tar zxvf softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit.tar.gz
 
  cd vpnserver
 
  cd vpnserver
Line 127: Line 130:     
Download Management Interface<BR>
 
Download Management Interface<BR>
http://www.softether-download.com/files/softether/v4.20-9608-rtm-2016.04.17-tree/Windows/SoftEther_VPN_Server_and_VPN_Bridge/softether-vpnserver_vpnbridge-v4.20-9608-rtm-2016.04.17-windows-x86_x64-intel.exe
+
http://www.softether-download.com/files/softether/v4.25-9656-rtm-2018.01.15-tree/Windows/SoftEther_VPN_Server_and_VPN_Bridge/softether-vpnserver_vpnbridge-v4.25-9656-rtm-2018.01.15-windows-x86_x64-intel.exe
    
For the latest versions of SoftEther components please check http://www.softether-download.com/en.aspx
 
For the latest versions of SoftEther components please check http://www.softether-download.com/en.aspx
Line 154: Line 157:  
Enable L2TP/IPSec And Create Pre-Shared Key (No More Of 10 Charactere for compatibility with Android)<BR>
 
Enable L2TP/IPSec And Create Pre-Shared Key (No More Of 10 Charactere for compatibility with Android)<BR>
 
[[Image:SoftEther_WIN_8.png]]
 
[[Image:SoftEther_WIN_8.png]]
 +
 +
PSK lengths greater than 9 characters ARE able to be entered and saved, See following post from Softether forums and English lang dialog box that is referenced in that post:  http://www.vpnusers.com/viewtopic.php?f=7&t=8405 it requires the answering of the following dialog box with No to set a PSK length greater than 9, beware of issues with Android when length is greater than 10
 +
 +
[[Image:Softether-psk.png|500px]]
    
Disable VPN Azure<BR>
 
Disable VPN Azure<BR>
Line 285: Line 292:     
==Radius authentication==
 
==Radius authentication==
{{Note box|Softether VPN only accepts a maximum of 9 charachters as the Pre-shared Key. The default key length of SME Server is 31, thus too much for Softether VPN. Since the PSK of SME Server is automatically generated at the time of template expansion (e.g. signal-event remoteaccess-update) and NOT stored in a db key (as it probably should), one can not set the pre-saherd key manually by a db property setting. Testing of the below has been done by manually custom templates limiting the PSK length to 9. A NFR for SME Server has been submitted via bug #10358.}}
  −
  −
PSK lengths greater than 9 characters ARE able to be entered and saved, See following post from Softhere forums and English lang dialog box that is referenced in that post:  http://www.vpnusers.com/viewtopic.php?f=7&t=8405
  −
  −
[[image:softhether-psk.png]]
  −
  −
To overcome the limitation of Softether to accept more then 9 characters as a PSK we need to create custom templates that limit the SME Server PSK to 9 characters only:
  −
mkdir -p /etc/e-smith/templates-custom/etc/raddb/clients.conf
  −
nano -w /etc/e-smith/templates-custom/etc/raddb/clients.conf/10localhost
  −
with the following content:
  −
{
  −
  use esmith::util;
  −
  $pw = esmith::util::LdapPassword;
  −
  $pw =~ s/^(.{9}).*$/$1/;
  −
  "";
  −
}
  −
client localhost \{
  −
{
  −
} secret = { $pw }
  −
{
  −
} shortname = localhost
  −
{
  −
} nastype = other
  −
{
  −
}\}
  −
  −
and
  −
mkdir -p /etc/e-smith/templates-custom/etc/radiusclient-ng/servers
  −
nano -w /etc/e-smith/templates-custom/etc/radiusclient-ng/servers/10localhost
  −
with the following content:
  −
{
  −
  use esmith::util;
  −
  $pw = esmith::util::LdapPassword;
  −
  $pw =~ s/^(.{9}).*$/$1/;
  −
  "";
  −
}
  −
localhost { $pw; }
  −
      
A custom template fragment is required to force ldap authentication for Radius. Create the template fragment:
 
A custom template fragment is required to force ldap authentication for Radius. Create the template fragment:
 
  mkdir -p /etc/e-smith/templates-custom/etc/raddb/users/
 
  mkdir -p /etc/e-smith/templates-custom/etc/raddb/users/
  nano -w /etc/e-smith/templates-custom/etc/raddb/users/40ldap
+
  echo "DEFAULT Auth-Type := LDAP" > /etc/e-smith/templates-custom/etc/raddb/users/40ldap
and enter the following content and save:
  −
DEFAULT Auth-Type := LDAP
   
Then we need to expand the template fragments and restart radiusd:
 
Then we need to expand the template fragments and restart radiusd:
 
  signal-event remoteaccess-update
 
  signal-event remoteaccess-update
Line 383: Line 350:  
  signal-event remoteaccess-update
 
  signal-event remoteaccess-update
   −
==TODO==
+
==Uninstall==
Create a rpm with softether vpnserver RTM<BR>
+
To completely remove SoftEther from your SME Server you may run the below commands. You may safely ignore any warning if you did not install some of the components.
Create a rpm with a bridge for softether (The smeserver-bridge-interface can do this)<BR>
+
service vpnserver stop
<s>Use SME Radius</s>
+
rm -f /etc/rc7.d/S79vpnserver
 +
rm -f /etc/init.d/vpnserver
 +
rm -fR /opt/vpnserver
 +
db portforward_tcp delete 1194
 +
db portforward_tcp delete 5555
 +
db portforward_udp delete 1194
 +
db portforward_udp delete 500
 +
db portforward_udp delete 1701
 +
db portforward_udp delete 4500
 +
yum remove smeserver-bridge-interface
 +
db configuration delete bridge
 +
rm -f /etc/e-smith/templates-custom/etc/raddb/clients.conf/10localhost
 +
rm -f /etc/e-smith/templates-custom/etc/radiusclient-ng/servers/10localhost
 +
rm -f /etc/e-smith/templates-custom/etc/raddb/users/40ldap
 +
signal-event post-upgrade; signal-event reboot
    
==Hints and tips==
 
==Hints and tips==
Line 392: Line 373:     
----
 
----
[[Category:Contrib]]
   
[[Category:Howto]]
 
[[Category:Howto]]
 
[[Category:Administration:VPN]]
 
[[Category:Administration:VPN]]
 
[[Category:VPN]]
 
[[Category:VPN]]
Unnilennium
Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators
3,250

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/33902...39906"

Navigation menu