MVNOで運用すると，SSHも大変だよね．ということでさくらのVPSをServerにして，現場においた OpenBlocksBX1 とおはなしすることにした．それの記録．

インストール

参考

uname -a で i686 とでてくるけど，x86 の 32bit でOKです．

https://ja.softether.org/4-docs/1-manual/7/7.3

www.atmarkit.co.jp

qiita.com

注意点

まず，/etc/network/interface に NIC の設定を書くけど，停止または再起動すると消えます．
ということで，vpnclient を自動起動させるのと，VPN の NIC を設定するタイミングがめんどうです． そこで，webui の「拡張」-「スクリプト編集」の「起動スクリプト」を設定して，必ず最後に動作するようにしました． たぶん，これでいいかなと．問題なくできているので．

パッケージの導入

makeしないといけません． とりあえず，これだけいれました．必要ないものもあるけど．

root@obsiot:/root# apt-get install gcc binutils libc6-dev make zlib1g-dev libssl-dev libreadline-dev ncurses-dev autoconf automake

動作確認

/usr/local に mv してから確認しました．make は何もなかったので，書きません．

root@obsiot:/usr/local/vpnclient# ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.30 Build 9696   (English)
Compiled 2019/07/08 12:48:32 by yagi at pc33
Copyright (c) SoftEther VPN Project. All Rights Reserved.

By using vpncmd program, the following can be achieved.

1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 3

VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used.

VPN Tools>check
Check command - Check whether SoftEther VPN Operation is Possible
---------------------------------------------------
SoftEther VPN Operation Environment Check Tool

Copyright (c) SoftEther VPN Project.
All Rights Reserved.

If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait...

Checking 'Kernel System'...
              Pass
Checking 'Memory Operation System'...
              Pass
Checking 'ANSI / Unicode string processing system'...
              Pass
Checking 'File system'...
              Pass
Checking 'Thread processing system'...
              Pass
Checking 'Network system'...
              Pass

All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system.

The command completed successfully.

VPN Tools>

起動設定

/etc/init.d/vpnclient を下記にして，insserv します． よくわからないけど，nginx ととりあえず一緒にして，Default-Start はしないように．

#!/bin/sh

### BEGIN INIT INFO
# Provides:     vpnclient
# Required-Start:   $local_fs $remote_fs $network $syslog $named
# Required-Stop:    $local_fs $remote_fs $network $syslog $named
# Default-Start:
# Default-Stop:     0 1 6
# Short-Description: SoftEther VPN Client
### END INIT INFO

DAEMON=/usr/local/vpnclient/vpnclient
LOCK=/var/lock/subsys/vpnclient
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

起動スクリプト

interfaces に追記してから，起動させるように記載． 固定IPにしたかったので，下記のようにしました．

echo 'auto vpn_vpn' >> /etc/network/interfaces
echo 'allow-hotplug vpn_vpn' >> /etc/network/interfaces
echo 'iface vpn_vpn inet static' >> /etc/network/interfaces
echo 'address aa.bb.cc.dd' >> /etc/network/interfaces
echo 'netmask 255.255.255.xxx' >> /etc/network/interfaces
echo 'gateway aa.bb.cc.dd' >> /etc/network/interfaces
/etc/init.d/vpnclient start

vpnclient の設定

参考

https://ja.softether.org/4-docs/1-manual/6/6.5ja.softether.org

qiita.com

作業メモ

Windows から Remote できるかと思ったらできない．ポートは9500だけど，Windowsのほうをいじってもダメみたいだし．RemoteEnable してもダメ．
しかたないので，普通にCUIにする．

いたずらされないように，Disable．

VPN Client>RemoteDisable
RemoteDisable command - Deny Remote Management of VPN Client Service
The command completed successfully.

NIC をつくる．

VPN Client>NicCreate VPN
NicCreate command - Create New Virtual Network Adapter
The command completed successfully.

VPN Client>NicList
NicList command - Get List of Virtual Network Adapters
Item                        |Value
----------------------------+-----------------------------------
Virtual Network Adapter Name|VPN
Status                      |Enabled
MAC Address                 |aabbccddeeff
Version                     |Version 4.30 Build 9696   (English)
The command completed successfully.

アカウントをつくってパスワードの設定． いまはLANからなので，443 しか通らなかった．
名前はなんでもよくて，この設定の名前ということです．もう一台設定しようと思ったら，忘れていたので追記．

VPN Client>AccountCreate 名前 /SERVER:aa.bb.cc.dd:443 /HUB:VPN /USERNAME:obsbx1 /NICNAME:VPN
AccountCreate command - Create New VPN Connection Setting
The command completed successfully.

VPN Client>AccountList
AccountList command - Get List of VPN Connection Settings
Item                        |Value
----------------------------+---------------------------------------------
VPN Connection Setting Name |名前
Status                      |Offline
VPN Server Hostname         |aa.bb.cc.dd:443 (Direct TCP/IP Connection)
Virtual Hub                 |VPN
Virtual Network Adapter Name|VPN
The command completed successfully.

VPN Client>AccountPasswordSet 名前 /PASSWORD:パスワード /TYPE:standard
AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication
The command completed successfully.

VPN Client>

つくったアカウントで起動するように．

VPN Client>AccountStartupSet 名前
AccountStartupSet command - Set VPN Connection Setting as Startup Connection
The command completed successfully.

接続確認

接続して，vpncmd で AccountStatusGet すると確認できる．

VPN Client>AccountStatusGet
AccountStatusGet command - Get Current VPN Connection Setting Status
Name of VPN Connection Setting: 名前

Item                                      |Value
------------------------------------------+-----------------------------------------------------
VPN Connection Setting Name               |名前
Session Status                            |Connection Completed (Session Established)
VLAN ID                                   |-
Server Name                               |aa.bb.cc.dd
Port Number                               |TCP Port 443
Server Product Name                       |SoftEther VPN Server (64 bit)
Server Version                            |4.30
Server Build                              |Build 9696
Connection Started at                     |2019-10-26 (Sat) 14:15:31
First Session has been Established since  |2019-10-26 (Sat) 14:15:32
Current Session has been Established since|2019-10-26 (Sat) 14:15:32
Number of Established Sessions            |1 Times
Half Duplex TCP Connection Mode           |No (Full Duplex Mode)
VoIP / QoS Function                       |Enabled
Number of TCP Connections                 |2
Maximum Number of TCP Connections         |2
Encryption                                |Enabled (Algorithm: AES128-SHA)
Use of Compression                        |No (No Compression)
Physical Underlay Protocol                |Standard TCP/IP (IPv4)
                                          |IPv4 UDPAccel_Ver=2 ChachaPoly_Self UDPAccel_MSS=1309
UDP Acceleration is Supported             |Yes
UDP Acceleration is Active                |No
Session Name                              |
Connection Name                           |
Session Key (160 bit)                     |
Bridge / Router Mode                      |No
Monitoring Mode                           |No
Outgoing Data Size                        |52,875 bytes
Incoming Data Size                        |52,917 bytes
Outgoing Unicast Packets                  |1 packets
Outgoing Unicast Total Size               |42 bytes
Outgoing Broadcast Packets                |163 packets
Outgoing Broadcast Total Size             |51,462 bytes
Incoming Unicast Packets                  |10 packets
Incoming Unicast Total Size               |420 bytes
Incoming Broadcast Packets                |152 packets
Incoming Broadcast Total Size             |50,860 bytes
The command completed successfully.