FreeBSD搭建SoftEther实现异地组网
Virtual Private Network,虚拟专用网络。其功能是在公共网络上建立专用网络,实现跨公网跨地域的网络组件和网络设备接入,在大型企业和公司中被广泛使用。
SoftEther是一个能虚拟网卡和集线器(HUB)的工具,只要可以访问互联网,都可以使用它来组建远程局域网。在此虚拟的局域网上能进行所有物理局域网上的操作。可以互相访问,可以联网玩只支持局网的游戏(TCP/IP)。该软件能够突破防火墙拦截,信息包都经过加密,安全上不存在问题。SoftEther分为虚拟集线器(HUB)和虚拟网卡两部分,使用服务器/客户端的方式工作,虚拟集线器就是服务器,虚拟网卡就是客户端。连接时利用SoftEther提供的连接管理工具将虚拟网卡连接到远端的虚拟集线器上,这样你的计算机就相当于与该虚拟集线器上连接的其他计算机处于同一个局域网之内。
以下是SoftEther服务的搭建,环境基于FreeBSD 12.2
- 执行pkg upgrade
root@freebsdbox:~ # pkg upgrade
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking for upgrades (1 candidates): 100%
Processing candidates (1 candidates): 100%
Checking integrity... done (0 conflicting)
Your packages are up to date.
- 安装softether
root@freebsdbox:~ # pkg install softether5
- 设置开机自启动
root@freebsdbox:~ # sysrc softether_server_enable=yes
softether_server_enable: -> yes
- 开始服务
root@freebsdbox:~ # vpnserver start
The SoftEther VPN Server service has been started.
- 检查一下
root@freebsdbox:~ # vpncmd
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 3
VPN Tools>check
Check command - Check whether SoftEther VPN Operation is Possible
---------------------------------------------------
Checking 'Kernel System'...
Pass
Checking 'Memory Operation System'...
Pass
Checking 'ANSI / Unicode string processing system'...
Pass
Checking 'File system'...
Pass
Checking 'Thread processing system'...
Pass
Checking 'Network system'...
Pass
All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system. The command completed successfully.
- 在“所有检查都通过”后,我们键入“exit”,然后再次使用vpncmd继续配置服务器,这次选择“1”:
root@freebsdbox:~ # vpncmd
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 1
Hostname of IP Address of Destination: -press enter-
Specify Virtual Hub Name: -press enter-
Connection has been established with VPN Server "localhost" (port 443). You have administrator privileges for the entire VPN Server.
VPN Server> _
- 首先,每次我们要配置服务器时,都应该选择一个虚拟hub进行管理。我们没有为hub指定任何名称,因此,它被称为“default”
VPN Server> hub default
Hub command - Select Virtual Hub to Manage
The Virtual Hub "DEFAULT" has been selected.
The command completed successfully.
VPN Server/DEFAULT> _
- 创建一个VPN用户,叫vpntest
VPN Server/DEFAULT>UserCreate
UserCreate command - Create User
User Name: vpntest
Assigned Group Name:
User Full Name:
User Description:
The command completed successfully.
VPN Server/DEFAULT> _
- 设置密码
VPN Server/DEFAULT>UserPasswordSet vpntest
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password. Please enter the password. To cancel press the Ctrl+D key.
Password: ****
Confirm input: ****
The command completed successfully.
- 使用命令“UserList”,您可以获得系统中所有VPN用户的列表,以及他们的流量传输统计信息:
VPN Server/DEFAULT>UserList
UserList command - Get List of Users
Item |Value
----------------+-------------------------
User Name |vpntest
Full Name |
Group Name |-
Description |
Auth Method |Password Authentication
Num Logins |7
Last Login |2023-03-12 (Sun) 10:08:24
Expiration Date |No Expiration
Transfer Bytes |196,930,640
Transfer Packets|367,317
The command completed successfully.
- 开启secureNAT
VPN Server/DEFAULT>SecureNATEnable
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.
- 看一下虚拟MAC地址,SoftEther的SecureNAT/DHCP服务器的IP/子网掩码都可以看到
VPN Server/DEFAULT>SecureNatHostGet
Get Network Interface Setting of Virtual Host of SecureNAT Function
Item |Value
-----------+-----------------
MAC Address|5E-A2-15-FE-61-FF
IP Address |192.168.30.1
Subnet Mask|255.255.255.0
The command completed successfully.
- VPN客户端将获得以192.168.30开头的IP(IP范围为192.168.30.2-192.168.30.254),通过命令SecureNatHostSet,可以更改SoftEther服务器的这些值(包括MAC地址!)
VPN Server/DEFAULT>SecureNatHostSet
Change Network Interface Setting of Virtual Host of SecureNAT Function
MAC Address: DE-AD-BE-EF-BA-BE
IP Address: 10.10.10.1
Subnet Mask: 255.255.255.0
The command completed successfully.
- 安全原因,务必设置管理密码
VPN Server/DEFAULT>ServerPasswordSet
ServerPasswordSet command - Set VPN Server Administrator Password
Please enter the password. To cancel press the Ctrl+D key.
Password: *****************
Confirm input: *****************
The command completed successfully.
- 配置完成,退出
VPN Server/DEFAULT>exit