MVNOで運用すると,SSHも大変だよね.ということでさくらのVPSをServerにして,現場においた OpenBlocksBX1 とおはなしすることにした.それの記録.
インストール
参考
uname -a で i686 とでてくるけど,x86 の 32bit でOKです.
https://ja.softether.org/4-docs/1-manual/7/7.3
注意点
まず,/etc/network/interface に NIC の設定を書くけど,停止または再起動すると消えます.
ということで,vpnclient を自動起動させるのと,VPN の NIC を設定するタイミングがめんどうです.
そこで,webui の「拡張」-「スクリプト編集」の「起動スクリプト」を設定して,必ず最後に動作するようにしました.
たぶん,これでいいかなと.問題なくできているので.
パッケージの導入
makeしないといけません. とりあえず,これだけいれました.必要ないものもあるけど.
root@obsiot:/root# apt-get install gcc binutils libc6-dev make zlib1g-dev libssl-dev libreadline-dev ncurses-dev autoconf automake
動作確認
/usr/local に mv してから確認しました.make は何もなかったので,書きません.
root@obsiot:/usr/local/vpnclient# ./vpncmd vpncmd command - SoftEther VPN Command Line Management Utility SoftEther VPN Command Line Management Utility (vpncmd command) Version 4.30 Build 9696 (English) Compiled 2019/07/08 12:48:32 by yagi at pc33 Copyright (c) SoftEther VPN Project. All Rights Reserved. By using vpncmd program, the following can be achieved. 1. Management of VPN Server or VPN Bridge 2. Management of VPN Client 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool) Select 1, 2 or 3: 3 VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used. VPN Tools>check Check command - Check whether SoftEther VPN Operation is Possible --------------------------------------------------- SoftEther VPN Operation Environment Check Tool Copyright (c) SoftEther VPN Project. All Rights Reserved. If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait... Checking 'Kernel System'... Pass Checking 'Memory Operation System'... Pass Checking 'ANSI / Unicode string processing system'... Pass Checking 'File system'... Pass Checking 'Thread processing system'... Pass Checking 'Network system'... Pass All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system. The command completed successfully. VPN Tools>
起動設定
/etc/init.d/vpnclient を下記にして,insserv します. よくわからないけど,nginx ととりあえず一緒にして,Default-Start はしないように.
#!/bin/sh ### BEGIN INIT INFO # Provides: vpnclient # Required-Start: $local_fs $remote_fs $network $syslog $named # Required-Stop: $local_fs $remote_fs $network $syslog $named # Default-Start: # Default-Stop: 0 1 6 # Short-Description: SoftEther VPN Client ### END INIT INFO DAEMON=/usr/local/vpnclient/vpnclient LOCK=/var/lock/subsys/vpnclient test -x $DAEMON || exit 0 case "$1" in start) $DAEMON start touch $LOCK ;; stop) $DAEMON stop rm $LOCK ;; restart) $DAEMON stop sleep 3 $DAEMON start ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 esac exit 0
起動スクリプト
interfaces に追記してから,起動させるように記載. 固定IPにしたかったので,下記のようにしました.
echo 'auto vpn_vpn' >> /etc/network/interfaces echo 'allow-hotplug vpn_vpn' >> /etc/network/interfaces echo 'iface vpn_vpn inet static' >> /etc/network/interfaces echo 'address aa.bb.cc.dd' >> /etc/network/interfaces echo 'netmask 255.255.255.xxx' >> /etc/network/interfaces echo 'gateway aa.bb.cc.dd' >> /etc/network/interfaces /etc/init.d/vpnclient start
vpnclient の設定
参考
https://ja.softether.org/4-docs/1-manual/6/6.5ja.softether.org
作業メモ
Windows から Remote できるかと思ったらできない.ポートは9500だけど,Windowsのほうをいじってもダメみたいだし.RemoteEnable してもダメ.
しかたないので,普通にCUIにする.
いたずらされないように,Disable.
VPN Client>RemoteDisable RemoteDisable command - Deny Remote Management of VPN Client Service The command completed successfully.
NIC をつくる.
VPN Client>NicCreate VPN NicCreate command - Create New Virtual Network Adapter The command completed successfully. VPN Client>NicList NicList command - Get List of Virtual Network Adapters Item |Value ----------------------------+----------------------------------- Virtual Network Adapter Name|VPN Status |Enabled MAC Address |aabbccddeeff Version |Version 4.30 Build 9696 (English) The command completed successfully.
アカウントをつくってパスワードの設定.
いまはLANからなので,443 しか通らなかった.
名前はなんでもよくて,この設定の名前ということです.もう一台設定しようと思ったら,忘れていたので追記.
VPN Client>AccountCreate 名前 /SERVER:aa.bb.cc.dd:443 /HUB:VPN /USERNAME:obsbx1 /NICNAME:VPN AccountCreate command - Create New VPN Connection Setting The command completed successfully. VPN Client>AccountList AccountList command - Get List of VPN Connection Settings Item |Value ----------------------------+--------------------------------------------- VPN Connection Setting Name |名前 Status |Offline VPN Server Hostname |aa.bb.cc.dd:443 (Direct TCP/IP Connection) Virtual Hub |VPN Virtual Network Adapter Name|VPN The command completed successfully. VPN Client>AccountPasswordSet 名前 /PASSWORD:パスワード /TYPE:standard AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication The command completed successfully. VPN Client>
つくったアカウントで起動するように.
VPN Client>AccountStartupSet 名前 AccountStartupSet command - Set VPN Connection Setting as Startup Connection The command completed successfully.
接続確認
接続して,vpncmd で AccountStatusGet すると確認できる.
VPN Client>AccountStatusGet AccountStatusGet command - Get Current VPN Connection Setting Status Name of VPN Connection Setting: 名前 Item |Value ------------------------------------------+----------------------------------------------------- VPN Connection Setting Name |名前 Session Status |Connection Completed (Session Established) VLAN ID |- Server Name |aa.bb.cc.dd Port Number |TCP Port 443 Server Product Name |SoftEther VPN Server (64 bit) Server Version |4.30 Server Build |Build 9696 Connection Started at |2019-10-26 (Sat) 14:15:31 First Session has been Established since |2019-10-26 (Sat) 14:15:32 Current Session has been Established since|2019-10-26 (Sat) 14:15:32 Number of Established Sessions |1 Times Half Duplex TCP Connection Mode |No (Full Duplex Mode) VoIP / QoS Function |Enabled Number of TCP Connections |2 Maximum Number of TCP Connections |2 Encryption |Enabled (Algorithm: AES128-SHA) Use of Compression |No (No Compression) Physical Underlay Protocol |Standard TCP/IP (IPv4) |IPv4 UDPAccel_Ver=2 ChachaPoly_Self UDPAccel_MSS=1309 UDP Acceleration is Supported |Yes UDP Acceleration is Active |No Session Name | Connection Name | Session Key (160 bit) | Bridge / Router Mode |No Monitoring Mode |No Outgoing Data Size |52,875 bytes Incoming Data Size |52,917 bytes Outgoing Unicast Packets |1 packets Outgoing Unicast Total Size |42 bytes Outgoing Broadcast Packets |163 packets Outgoing Broadcast Total Size |51,462 bytes Incoming Unicast Packets |10 packets Incoming Unicast Total Size |420 bytes Incoming Broadcast Packets |152 packets Incoming Broadcast Total Size |50,860 bytes The command completed successfully.