Persiapan :
Cloud Server (OVH, DigitalOcean, VULTR, DigitalOcean atau Scaleway)
Computer Client -> OS bebas, disini saya menggunakan Fedora 23
Tahap 1 : Install Dependency
apt-get update; apt-get install build-essential; apt-get install apache2
Tahap 2 : Download Softether Server
Download Softether VPN Server dari situs www.softether-download.com. Untuk tutorial ini kita akan menggunakan SoftEther VPN Server (Ver 4.19). Atau bisa download dengan wget
wget http://www.softether-download.com/files/softether/v4.19-9605-beta-2016.03.06-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.19-9605-beta-2016.03.06-linux-x64-64bit.tar.gz
Tahap 3 : Install Softether
Untuk memudahkan, kita akan meletakkan file-file Softether di /opt/
tar zxvf softether-vpnserver-*.tar.gz -C /opt/
Install Softether
cd /opt/vpnserver/; make
Untuk pilihan
Do you want to read the License Agreement for this software ? Did you read and understand the License Agreement ? Did you agree the License Agreement ?
ketik 1 lalu tekan enter di keyboard. Lalu jalankan service Softether
/opt/vpnserver/vpnserver start
Konfigurasi SoftEther VPN Server
Semua fungsi SoftEther bisa dikelola dari vpncmd. Untuk memulai konfigurasi jalankan vpncmd
/opt/vpnserver/vpncmd
Sebelum memulai konfigurasi, cek terlebih dahulu apakah server anda bisa menjalankan SoftEther dengan sempurna atau tidak. Setelah menjalankan vpncmd pilih 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
lalu eksekusi perintah Check
VPN Tools>Check Check command - Check whether SoftEther VPN Operation is Possible --------------------------------------------------- SoftEther VPN Operation Environment Check Tool Copyright (c) SoftEther VPN Project. All Rights Reserved. If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait... Checking 'Kernel System'... Pass Checking 'Memory Operation System'... Pass Checking 'ANSI / Unicode string processing system'... Pass Checking 'File system'... Pass Checking 'Thread processing system'... Pass Checking 'Network system'... Pass All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system. The command completed successfully.
Bila anda mendapatkan All checks passed berarti SoftEther VPN Server bisa dijalankan dengan sempurna. Bila terdapat error silahkan kontak provider anda, bila menggunakan VPS (OpenVZ/XEN/KVM).
Membuat password Admin
Jalankan vpncmd. Pada pilihan
By using vpncmd program, the following can be achieved. 1. Management of VPN Server or VPN Bridge 2. Management of VPN Client 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool) Select 1, 2 or 3:
pilih angka 1 lalu tekan enter. Pada bagian Hostname of IP Address of Destination masukkan localhost:5555 . Dibagian Specify Virtual Hub Name: tidak perlu diisi apapun, tekan enter, nanti akan muncul
VPN Server>eksekusi ServerPasswordSet, lalu masukkan password anda.
Membuat VirtualHub
Sebelum menambahkan user, terlebih dahulu buat VirtualHub. Sebagai contoh kita akan membuat VirtualHub bernama VirHub, pada vpncmd eksekusi
HubCreate VirHub
log perintah diatas
VPN Server>HubCreate VirHub HubCreate command - Create New Virtual Hub Please enter the password. To cancel press the Ctrl+D key. Password: ********** Confirm input: ********** The command completed successfully.
Sekarang gunakan VirtualHub yang baru dibuat, untuk menambah user baru.
Hub VirHub
### log
Hub command - Select Virtual Hub to Manage
The Virtual Hub "VirHub" has been selected.
The command completed successfully.
VPN Server/VirHub>
Cara paling mudah untuk menghubungkan client dengan SoftEther server adalah dengan SecureNAT, maka kita akan menggunakan SecureNAT disini. Untuk mengaktifkannya jalankan
SecureNatEnable
### log
VPN Server/VirHub>SecureNatEnable
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.
Menambah User VPN
Format untuk menambah user
UserCreate user
sebagai contoh kita akan membuat user vpn01, pilihan lainnya biarkan kosong
UserCreate vpn01
### log
UserCreate command - Create User
Assigned Group Name:
User Full Name:
User Description:
The command completed successfully.
Agar aman, gunakan password untuk user vpn01. perintahnya UserPasswordSet vpn01
UserPasswordSet vpn01
### log
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
Please enter the password. To cancel press the Ctrl+D key.
Password: **********
Confirm input: **********
The command completed successfully.
Aktifkan IPSec
IPsecEnable
IPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes
Enable Raw L2TP Server Function (yes / no): yes
Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): yes
Pre Shared Key for IPsec (Recommended: 9 letters at maximum): VirHubKey
Default Virtual HUB in a case of omitting the HUB on the Username: VirHub
The command completed successfully.
yang perlu di perhatikan adalah Default Virtual HUB isi dengan VirtualHub yang tadi sudah dibuat. Pre Shared Key bebas di isi maksimal 9.
Setelah semua konfigurasi selesai, sekarang kita akan membuat konfigurasi untuk OpenVPN. Generate sertifikat baru untuk server, perintah dibawah ini masih di jalankan di vpncmd. Contoh saya menggunakan hostname vpn.jaranguda.com
ServerCertRegenerate vpn.jaranguda.com
### log
ServerCertRegenerate command - Generate New Self-Signed Certificate with Specified CN (Common Name) and Register on VPN Server
A new server certificate has been set.
If you are using OpenVPN protocols, please mind that you may have to update the inline certificate data in the OpenVPN configuration file.
The command completed successfully.
Aktifkan OpenVPN di port 1194 (port default OpenVPN), bisa diganti dengan port lainnya.
OpenVpnEnable yes /PORTS:1194
### log
OpenVpnEnable command - Enable / Disable OpenVPN Clone Server Function
The command completed successfully.
Generate file konfigurasi untuk user vpn01
OpenVpnMakeConfig ~/vpn01.zip
### log
OpenVpnMakeConfig command - Generate a Sample Setting File for OpenVPN Client
The sample setting file was saved as "~/vpn01.zip". You can unzip this file to extract setting files.
The command completed successfully.
sangat disayangkan OpenVpnMakeConfig tidak bisa secara langsung menyimpan file konfigurasi ke (misalkan) /var/www. Pindahkan file vpn01.zip tersebut ke /var/www
mv ~/vpn01.zip /var/www/
Tahap 2 : Instalasi OpenVPN di Fedora 23
Kita akan melakukan koneksi ke SoftEther server dengan menggunakan OpenVPN. Install openvpn di Fedora
dnf install openvpn -y
Download file konfigurasi yang tadi sudah dibuat
wget http://IP.Server/vpn01.zip
ekstrak file tersebut
unzip vpn01.zip
### log
Archive: vpn01.zip
extracting: readme.txt
extracting: readme.pdf
extracting: vpn_openvpn_remote_access_l3.ovpn
extracting: vpn_openvpn_site_to_site_bridge_l2.ovpn
kita menggunakan vpn_openvpn_remote_access_l3.ovpn :)
su -c "openvpn --config *openvpn_remote_access_l3.ovpn"
pada
Enter Auth Username:vpn01 ### vpn01 adalah user yang tadi dibuat di server Enter Auth Password: ### password untuk user vpn01
koneksi yang berhasil ada pesan “Initialization Sequence Completed”. Log lengkapnya
su -c "openvpn --config *openvpn_remote_access_l3.ovpn" Password: Tue Mar 29 10:33:52 2016 OPTIONS IMPORT: timers and/or timeouts modified Tue Mar 29 10:33:52 2016 OPTIONS IMPORT: --ifconfig/up options modified Tue Mar 29 10:33:52 2016 OPTIONS IMPORT: route options modified Tue Mar 29 10:33:52 2016 OPTIONS IMPORT: route-related options modified Tue Mar 29 10:33:52 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Mar 29 10:33:52 2016 Preserving previous TUN/TAP instance: tun1 Tue Mar 29 10:33:52 2016 Initialization Sequence Completed
Sekian ;).