Install Softether di Debian 8 Cloud Server

Persiapan :
Cloud Server (OVH, DigitalOcean, VULTR, DigitalOcean atau Scaleway)
Computer Client -> OS bebas, disini saya menggunakan Fedora 23

Tahap 1 : Install Dependency

apt-get update; apt-get install build-essential; apt-get install apache2

Tahap 2 : Download Softether Server

Download Softether VPN Server dari situs www.softether-download.com. Untuk tutorial ini kita akan menggunakan SoftEther VPN Server (Ver 4.19). Atau bisa download dengan wget

wget http://www.softether-download.com/files/softether/v4.19-9605-beta-2016.03.06-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.19-9605-beta-2016.03.06-linux-x64-64bit.tar.gz

Tahap 3 : Install Softether
Untuk memudahkan, kita akan meletakkan file-file Softether di /opt/

tar zxvf softether-vpnserver-*.tar.gz -C /opt/

Install Softether

cd /opt/vpnserver/; make

Untuk pilihan

Do you want to read the License Agreement for this software ?
Did you read and understand the License Agreement ?
Did you agree the License Agreement ?

ketik 1 lalu tekan enter di keyboard. Lalu jalankan service Softether

/opt/vpnserver/vpnserver start

Konfigurasi SoftEther VPN Server

Semua fungsi SoftEther bisa dikelola dari vpncmd. Untuk memulai konfigurasi jalankan vpncmd

/opt/vpnserver/vpncmd

Sebelum memulai konfigurasi, cek terlebih dahulu apakah server anda bisa menjalankan SoftEther dengan sempurna atau tidak. Setelah menjalankan vpncmd pilih 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
lalu eksekusi perintah Check

VPN Tools>Check
Check command - Check whether SoftEther VPN Operation is Possible
---------------------------------------------------
SoftEther VPN Operation Environment Check Tool
Copyright (c) SoftEther VPN Project.
All Rights Reserved.
If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait...
Checking 'Kernel System'... 
              Pass
Checking 'Memory Operation System'... 
              Pass
Checking 'ANSI / Unicode string processing system'... 
              Pass
Checking 'File system'... 
              Pass
Checking 'Thread processing system'... 
              Pass
Checking 'Network system'... 
              Pass
 
All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system.
The command completed successfully.

Bila anda mendapatkan All checks passed berarti SoftEther VPN Server bisa dijalankan dengan sempurna. Bila terdapat error silahkan kontak provider anda, bila menggunakan VPS (OpenVZ/XEN/KVM).

Membuat password Admin

Jalankan vpncmd. Pada pilihan

By using vpncmd program, the following can be achieved. 
1. Management of VPN Server or VPN Bridge 
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3:

pilih angka 1 lalu tekan enter. Pada bagian Hostname of IP Address of Destination masukkan localhost:5555 . Dibagian Specify Virtual Hub Name: tidak perlu diisi apapun, tekan enter, nanti akan muncul

VPN Server>

eksekusi ServerPasswordSet, lalu masukkan password anda.

Membuat VirtualHub

Sebelum menambahkan user, terlebih dahulu buat VirtualHub. Sebagai contoh kita akan membuat VirtualHub bernama VirHub, pada vpncmd eksekusi

HubCreate VirHub

log perintah diatas

VPN Server>HubCreate VirHub
HubCreate command - Create New Virtual Hub
Please enter the password. To cancel press the Ctrl+D key.
 
Password: **********
Confirm input: **********
 
 
The command completed successfully.

Sekarang gunakan VirtualHub yang baru dibuat, untuk menambah user baru.

Hub VirHub### log
Hub command - Select Virtual Hub to Manage
The Virtual Hub "VirHub" has been selected.
The command completed successfully.
 
VPN Server/VirHub>

Cara paling mudah untuk menghubungkan client dengan SoftEther server adalah dengan SecureNAT, maka kita akan menggunakan SecureNAT disini. Untuk mengaktifkannya jalankan

SecureNatEnable### log
VPN Server/VirHub>SecureNatEnable
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.
Menambah User VPN

Format untuk menambah user

UserCreate user

sebagai contoh kita akan membuat user vpn01, pilihan lainnya biarkan kosong

UserCreate vpn01### log
UserCreate command - Create User 
Assigned Group Name: 
User Full Name: 
User Description: 
The command completed successfully.

Agar aman, gunakan password untuk user vpn01. perintahnya UserPasswordSet vpn01

UserPasswordSet vpn01### log
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
Please enter the password. To cancel press the Ctrl+D key.
Password: **********
Confirm input: **********
The command completed successfully.

Aktifkan IPSec

IPsecEnableIPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes
Enable Raw L2TP Server Function (yes / no): yes
Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): yes
Pre Shared Key for IPsec (Recommended: 9 letters at maximum): VirHubKey
Default Virtual HUB in a case of omitting the HUB on the Username: VirHub
The command completed successfully.

yang perlu di perhatikan adalah Default Virtual HUB isi dengan VirtualHub yang tadi sudah dibuat. Pre Shared Key bebas di isi maksimal 9.

Setelah semua konfigurasi selesai, sekarang kita akan membuat konfigurasi untuk OpenVPN. Generate sertifikat baru untuk server, perintah dibawah ini masih di jalankan di vpncmd. Contoh saya menggunakan hostname vpn.jaranguda.com

ServerCertRegenerate vpn.jaranguda.com### log
ServerCertRegenerate command - Generate New Self-Signed Certificate with Specified CN (Common Name) and Register on VPN Server
A new server certificate has been set.
If you are using OpenVPN protocols, please mind that you may have to update the inline certificate data in the OpenVPN configuration file.
The command completed successfully.

Aktifkan OpenVPN di port 1194 (port default OpenVPN), bisa diganti dengan port lainnya.

OpenVpnEnable yes /PORTS:1194### log 
OpenVpnEnable command - Enable / Disable OpenVPN Clone Server Function
The command completed successfully.

Generate file konfigurasi untuk user vpn01

OpenVpnMakeConfig ~/vpn01.zip### log
OpenVpnMakeConfig command - Generate a Sample Setting File for OpenVPN Client
The sample setting file was saved as "~/vpn01.zip". You can unzip this file to extract setting files.
The command completed successfully.

sangat disayangkan OpenVpnMakeConfig tidak bisa secara langsung menyimpan file konfigurasi ke (misalkan) /var/www. Pindahkan file vpn01.zip tersebut ke /var/www

mv ~/vpn01.zip /var/www/

Tahap 2 : Instalasi OpenVPN di Fedora 23

Kita akan melakukan koneksi ke SoftEther server dengan menggunakan OpenVPN. Install openvpn di Fedora

dnf install openvpn -y

Download file konfigurasi yang tadi sudah dibuat

wget http://IP.Server/vpn01.zip

ekstrak file tersebut

unzip vpn01.zip### log
Archive:  vpn01.zip
 extracting: readme.txt              
 extracting: readme.pdf              
 extracting: vpn_openvpn_remote_access_l3.ovpn  
 extracting: vpn_openvpn_site_to_site_bridge_l2.ovpn

kita menggunakan vpn_openvpn_remote_access_l3.ovpn :)

su -c "openvpn --config  *openvpn_remote_access_l3.ovpn"

pada

Enter Auth Username:vpn01
### vpn01 adalah user yang tadi dibuat di server
Enter Auth Password:
### password untuk user vpn01

koneksi yang berhasil ada pesan “Initialization Sequence Completed”. Log lengkapnya

su -c "openvpn --config  *openvpn_remote_access_l3.ovpn"
Password: 
Tue Mar 29 10:33:52 2016 OPTIONS IMPORT: timers and/or timeouts modified
Tue Mar 29 10:33:52 2016 OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar 29 10:33:52 2016 OPTIONS IMPORT: route options modified
Tue Mar 29 10:33:52 2016 OPTIONS IMPORT: route-related options modified
Tue Mar 29 10:33:52 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Mar 29 10:33:52 2016 Preserving previous TUN/TAP instance: tun1
Tue Mar 29 10:33:52 2016 Initialization Sequence Completed

Sekian ;).

tommy

Adi bekasta encari e, ja pe la lit renggetna.

Leave a Reply

Your email address will not be published. Required fields are marked *