Changes

1,192 bytes added , 14 April

→‎Installation

Line 5: Line 5:

{{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }}

{{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }}

{{Infobox contribs

Line 17: Line 18:

}}

−

{{Level|2=The instructions on this page may require deviations from default procedures. A good understanding of linux and SME is recommended|type=~~Advanced~~}}

{{Level|Advanced|The instructions on this page may require deviations from default procedures. A good understanding of linux and SME is recommended}}

−

{{Warning box|This contrib will help you to do the basic integration but you will still need to do most of the configuration needed and take some decision}}

{{Box|Information

| content = This page was inspired form this how-to : [[SoftEther_VPN]]

| type = information

}}{{Warning box|This contrib will help you to do the basic integration but you will still need to do most of the configuration needed and take some decision}}

===Maintainer===

[[User:Unnilennium|JP Pialasse]]

−

=== Version ===

===Version===

{{#smeversion: {{#var:smecontribname}} }}

−

=== Description ===

===Description===

SoftEther VPN ("SoftEther" means "Software Ethernet") is one of the world's most powerful and easy-to-use multi-protocol VPN software. It runs on Windows, Linux, Mac, FreeBSD and Solaris. SoftEther VPN is open source. You can use SoftEther for any personal or commercial use for free charge. SoftEther VPN is an optimum alternative to OpenVPN andMicrosoft's VPN servers. SoftEther VPN has a clone-function of OpenVPN Server. You can integrate from OpenVPN to SoftEther VPN smoothly. SoftEther VPN is faster than OpenVPN. SoftEther VPN also supports Microsoft SSTP VPN for Windows Vista / 7 / 8 / 10. No more need to pay expensive charges for Windows Server license for Remote-Access VPN function. SoftEther VPN can be used to realize BYOD (Bring your own device) on your business. If you have smartphones, tablets or laptop PCs, SoftEther VPN's L2TP/IPsec server function will help you to establish a remote-access VPN from your local network. SoftEther VPN's L2TP VPN Server has strong compatible withWindows, Mac, iOS and Android.

[[Image:SoftEther_Schematic.jpg|link=https://wiki.contribs.org/File:SoftEther_Schematic.jpg]]

−

=== Installation ===

===Installation===

−

yum install smeserver-bridge --enablerepo=smecontribs

yum install smeserver-bridge-interface --enablerepo=smecontribs

yum --enablerepo=smecontribs,smedev install {{#var:smecontribname}}

−

config setprop bridge tap0,tap_soft

config setprop bridge tapInterface tap0,tap_soft

# following has been found to effect some eth cards if or when removing bridge, caution

config setprop ExternalInterface MTU 2000

config setprop InternalInterface MTU 2000

config setprop bridge MTU 2000

service bridge restart

signal-event smeserver-softethervpn-server-update

if you plan to use softether VPN on port 443 (works only if you are in server and gateway mode). Yes you have to stop and then start, restart will fail. You also need a static IP to use port 443

config setprop httpd-e-smith httpsOnlyLocal enabled

expand-template /etc/httpd/conf/httpd.conf

service httpd-e-smith stop

service httpd-e-smith start

service vpnserver start

service vpnserver stop

then edit the configuration

vim /usr/vpnserver/vpn_server.config

to set in place of 0.0.0.0<syntaxhighlight lang="bash">

string ListenIP ip.ip.ip.ip

</syntaxhighlight>

</tab><tab name="For SME 9">

yum install smeserver-bridge-interface --enablerepo=smecontribs

yum --enablerepo=smecontribs,smedev install {{#var:smecontribname}}

config setprop bridge tapInterface tap0,tap_soft

config setprop ExternalInterface MTU 2000

config setprop InternalInterface MTU 2000

Line 59: Line 90:

Then, for all to finish:

service vpnserver start

</tab>

</tabs>

−

==== Finishing configuration using windows ====

====Finishing configuration using windows====

Note: the windows utility works great with wine under Linuc.

Line 117: Line 150:

[[Image:SoftEther_WIN_11.png|link=https://wiki.contribs.org/File:SoftEther_WIN_11.png]]

−

~~Create Local Bridge~~{{Warning box|Ensure Listener List TCP 443 is stopped or deleted, otherwise loss of access to server manager and apache will be lost on some occasions.

{{Warning box|Ensure Listener List TCP 443 is stopped or deleted, otherwise loss of access to server manager and apache will be lost on some occasions.

−

If you have chosen in the first part of the install to force httpd to only listen on Local interface, then you can start the 443 Listener}}Create Local Bridge~~{{Warning box|Ensure Listener List TCP 443 is stopped or deleted, otherwise loss of access to server manager and apache will be lost on reboot.}}~~[[Image:SoftEther_WIN_14.png|link=https://wiki.contribs.org/File:SoftEther_WIN_14.png]]

If you have chosen in the first part of the install to force httpd to only listen on Local interface, then you can start the 443 Listener}}Create Local Bridge

[[Image:SoftEther_WIN_14.png|link=https://wiki.contribs.org/File:SoftEther_WIN_14.png]]

Choose Virtual Hub, Choose Bridge With Tap Device, Set Tap Device Name : soft

Line 125: Line 160:

[[Image:SoftEther_WIN_15.png|link=https://wiki.contribs.org/File:SoftEther_WIN_15.png]]

−

==== Finishing configuration with windows using the SME radius to auth users ====

====Finishing configuration with windows using the SME radius to auth users====

one must set the Radius server credentials in the Softether VPN server manager (thus the info of SME Server itself)

host: localhost or 127.0.0.1

Line 149: Line 184:

If you want to deny VPN access to some SME Server users one must create separate user accounts in VPN manager with the username of SME Server, set authentication to Radius and enable security policy. Then edit the security policy and set it to disabled. The SME Server user is no longer allowed to create a VPN.

−

==== Finishing configuration using CLI ====

====Finishing configuration using CLI====

'''TODO'''

Line 162: Line 197:

vpncmd `config get ExternalIP`:5555 /SERVER

−

=== Configuration ===

===Configuration===

you can list the available configuration with the followinf command :

config show vpnserver

Line 195: Line 230:

config getprop httpd-e-smith httpsOnlyLocal

−

=== Uninstall ===

===Uninstall===

yum remove {{#var:smecontribname}} {{#var:contribname}}

config delprop httpd-e-smith httpsOnlyLocal

signal-event remoteaccess-update

−

=== Bugs ===

===Bugs===

Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]

and select the {{#var:smecontribname}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{#var:smecontribname}}|title=this link}}

Line 214: Line 249:

[[Category: Contrib]]

−

~~~~

==Other articles in this category==

[[Category:VPN]]

Trex

Administrators

1,574

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/38555...42912"

Changes

Softethervpn-server (view source)

Revision as of 07:27, 14 April 2024

Navigation menu

Search