VPN 建置操作手冊

# VPN 建置操作手冊 ###### tags: `服務建置安裝手冊` ## 第一部分 : 建立 EC2 機器 * VPC : center-vpc * SUBNET : center-public-a * 配置外部 IP ## 第二部分 : 機器內設定 (For ARM CPU Device) ### 安裝 ``` # yum -y groupinstall "Development Tools" # yum -y install readline-devel ncurses-devel openssl-devel # wget http://www.softether-download.com/files/softether/v4.38-9760-rtm-2021.08.17-tree/Linux/SoftEther_VPN_Server/64bit_-_ARM_64bit/softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-arm64-64bit.tar.gz # tar -zxvf softether-vpnserver-v4.38-9760-rtm-2021.08.17-linux-arm64-64bit.tar.gz ``` ### 調整檔案位置和權限 ``` # cd vpnserver/ # make # ./vpnserver start # cd .. # mv vpnserver /usr/local/ # cd /usr/local/vpnserver/ # chmod 600 * # chmod 700 vpnserver # chmod 700 vpncmd ``` ### VPNCMD 設定 ``` # ./vpncmd By using vpncmd program, the following can be achieved. 1. Management of VPN Server or VPN Bridge 2. Management of VPN Client 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool) Select 1, 2 or 3: 3 VPN Tools> check The command completed successfully. # ./vpncmd By using vpncmd program, the following can be achieved. 1. Management of VPN Server or VPN Bridge 2. Management of VPN Client 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool) Select 1, 2 or 3: 1 Hostname of IP Address of Destination: <Enter> Specify Virtual Hub Name: <Enter> VPN Server> HubCreate center-vpn Password: ********** Confirm input: ********** VPN Server> ServerPasswordSet Password: ********** Confirm input: ********** VPN Server>Hub center-vpn VPN Server/center-vpn> SecureNatEnable SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function) The command completed successfully. ``` ### 創建系統服務 ``` # vim /lib/systemd/system/vpnserver.service [Unit] Description=SoftEther VPN Server After=network.target [Service] Type=forking ExecStart=/usr/local/vpnserver/vpnserver start ExecStop=/usr/local/vpnserver/vpnserver stop [Install] WantedBy=multi-user.target # systemctl start vpnserver # systemctl status vpnserver ``` ## 第三部分 : SoftEther Server 設置 * 新設置 ![](https://i.imgur.com/8tk6Jx3.png) * 填入 "設置名"、"主機名"、"端口號:613"、"密碼" ![](https://i.imgur.com/d0LJOLw.png) * 連接進入，點選 "管理虛擬 HUB" ![](https://i.imgur.com/SSaTo7R.png) * "管理用戶" 新增使用者 ![](https://i.imgur.com/cKyLSRk.png) * 創建新用戶 ![](https://i.imgur.com/uuVAaRB.png) ## 第四部分 : SoftEther Client 設置 * 添加新的 VPN 連接 ![](https://i.imgur.com/z9S6Mb0.png) ## 第五部分 : 確認功能是否正常 * [檢查網址](https://www.whatismyip.com.tw/tw/) * 檢查其他服務在 VPN 環境下是否可以連線 (EX. Zabbix、Jenkins...) * [SoftEther VPN 架設記錄](https://noter.tw/4524/softether-vpn-%E6%9E%B6%E8%A8%AD%E8%A8%98%E9%8C%84/)