SoftEther mudah untuk di install tetapi agak ribet konfigurasinya dengan hanya mengandalkan Linux server, kalau mengelolanya menggunakan Windows sangat mudah. Tutorial ini hanya akan menggunakan CLI (Command Line Interface) baik untuk konfigurasi dan instalasi SoftEther Server.
Server :
Debian 7
IP : 192.168.1.10

Client :
Fedora 20
IP : 192.168.1.11

Tahap 1 : Instalasi di Server Debian 7

Dibawah ini akan dijelaskan tahap pertahap instalasi SoftEther VPN Server di Debian 7 (sisi server). Bagian ini dibedakan dengan tahap 2 yang khusus untuk koneksi ke SoftEther VPN Server. Install aplikasi-aplikasi (dependencies) yang dibutuhkan untuk menginstall SoftEther.

apt-get update; apt-get install build-essential

Untuk memudahkan download file konfigurasi yang akan kita buat nantinya, kita akan menginstall Apache Web Server

apt-get install apache2

Instalasi SoftEther VPN Server

Download SoftEther di SoftEther Download Center. Untuk 32 Bit pilih Intel X86 (32 Bit) dibagian CPU.
Pilih 64 atau 32 SoftEther
Saat ini versi terbaru adalah v4.08-9449.
64 Bit

wget http://www.softether-download.com/files/softether/v4.08-9449-rtm-2014.06.08-tree/Linux/SoftEther%20VPN%20Server/64bit%20-%20Intel%20x64%20or%20AMD64/softether-vpnserver-v4.08-9449-rtm-2014.06.08-linux-x64-64bit.tar.gz

32 Bit

wget http://www.softether-download.com/files/softether/v4.08-9449-rtm-2014.06.08-tree/Linux/SoftEther%20VPN%20Server/32bit%20-%20Intel%20x86/softether-vpnserver-v4.08-9449-rtm-2014.06.08-linux-x86-32bit.tar.gz

pilih yang sudah stabil (stable). Karena versi beta kemungkinan masih banyak bug.
Ekstrak file yang baru di download ke folder /opt

tar zxvf softether-vpnserver-*.tar.gz -C /opt/

hasil ekstrak diatas menghasilkan folder bernama vpnserver di /opt (/opt/vpnserver/). Pindah ke folder vpnserver lalu install SoftEther

cd /opt/vpnserver/; make

Untuk pilihan

Do you want to read the License Agreement for this software ?
Did you read and understand the License Agreement ?
Did you agree the License Agreement ?

pilih 1. Yes. Jalankan SoftEther server

/opt/vpnserver/vpnserver start

Konfigurasi SoftEther VPN Server

Semua fungsi SoftEther bisa dikelola dari vpncmd. Untuk memulai konfigurasi jalankan vpncmd

/opt/vpnserver/vpncmd

Sebelum memulai konfigurasi, cek terlebih dahulu apakah server anda bisa menjalankan SoftEther dengan sempurna atau tidak. Setelah menjalankan vpncmd pilih 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
lalu eksekusi perintah Check

VPN Tools>Check
Check command - Check whether SoftEther VPN Operation is Possible
---------------------------------------------------
SoftEther VPN Operation Environment Check Tool
Copyright (c) SoftEther VPN Project.
All Rights Reserved.
If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait...
Checking 'Kernel System'... 
              Pass
Checking 'Memory Operation System'... 
              Pass
Checking 'ANSI / Unicode string processing system'... 
              Pass
Checking 'File system'... 
              Pass
Checking 'Thread processing system'... 
              Pass
Checking 'Network system'... 
              Pass
 
All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system.
The command completed successfully.

Bila anda mendapatkan All checks passed berarti SoftEther VPN Server bisa dijalankan dengan sempurna. Bila terdapat error silahkan kontak provider anda, bila menggunakan VPS (OpenVZ/XEN/KVM).

Membuat password Admin

Jalankan vpncmd. Pada pilihan

By using vpncmd program, the following can be achieved. 
1. Management of VPN Server or VPN Bridge 
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3:

pilih angka 1 lalu tekan enter. Pada bagian Hostname of IP Address of Destination masukkan localhost:5555 . Dibagian Specify Virtual Hub Name: tidak perlu diisi apapun, tekan enter, nanti akan muncul

VPN Server>

eksekusi ServerPasswordSet, lalu masukkan password anda.

Membuat VirtualHub

Sebelum menambahkan user, terlebih dahulu buat VirtualHub. Sebagai contoh kita akan membuat VirtualHub bernama VirHub, pada vpncmd eksekusi

HubCreate VirHub

log perintah diatas

VPN Server>HubCreate VirHub
HubCreate command - Create New Virtual Hub
Please enter the password. To cancel press the Ctrl+D key.
 
Password: **********
Confirm input: **********
 
 
The command completed successfully.

Sekarang gunakan VirtualHub yang baru dibuat, untuk menambah user baru.

Hub VirHub
### log
Hub command - Select Virtual Hub to Manage
The Virtual Hub "VirHub" has been selected.
The command completed successfully.

VPN Server/VirHub>

Cara paling mudah untuk menghubungkan client dengan SoftEther server adalah dengan SecureNAT, maka kita akan menggunakan SecureNAT disini. Untuk mengaktifkannya jalankan

SecureNatEnable
### log
VPN Server/VirHub>SecureNatEnable
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.
Menambah User VPN

Format untuk menambah user

UserCreate user

sebagai contoh kita akan membuat user vpn01, pilihan lainnya biarkan kosong

UserCreate vpn01
### log
UserCreate command - Create User 
Assigned Group Name: 
User Full Name: 
User Description: 
The command completed successfully.

Agar aman, gunakan password untuk user vpn01. perintahnya UserPasswordSet vpn01

UserPasswordSet vpn01
### log
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
Please enter the password. To cancel press the Ctrl+D key.
Password: **********
Confirm input: **********
The command completed successfully.

Aktifkan IPSec

IPsecEnable
IPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes
Enable Raw L2TP Server Function (yes / no): yes
Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): yes
Pre Shared Key for IPsec (Recommended: 9 letters at maximum): VirHubKey
Default Virtual HUB in a case of omitting the HUB on the Username: VirHub
The command completed successfully.

yang perlu di perhatikan adalah Default Virtual HUB isi dengan VirtualHub yang tadi sudah dibuat. Pre Shared Key bebas di isi maksimal 9.

Setelah semua konfigurasi selesai, sekarang kita akan membuat konfigurasi untuk OpenVPN. Generate sertifikat baru untuk server, perintah dibawah ini masih di jalankan di vpncmd. Contoh saya menggunakan hostname vpn.jaranguda.com

ServerCertRegenerate vpn.jaranguda.com
### log
ServerCertRegenerate command - Generate New Self-Signed Certificate with Specified CN (Common Name) and Register on VPN Server
A new server certificate has been set.
If you are using OpenVPN protocols, please mind that you may have to update the inline certificate data in the OpenVPN configuration file.
The command completed successfully.

Aktifkan OpenVPN di port 1194 (port default OpenVPN), bisa diganti dengan port lainnya.

OpenVpnEnable yes /PORTS:1194
### log 
OpenVpnEnable command - Enable / Disable OpenVPN Clone Server Function
The command completed successfully.

Generate file konfigurasi untuk user vpn01

OpenVpnMakeConfig ~/vpn01.zip
### log
OpenVpnMakeConfig command - Generate a Sample Setting File for OpenVPN Client
The sample setting file was saved as "~/vpn01.zip". You can unzip this file to extract setting files.
The command completed successfully.

sangat disayangkan OpenVpnMakeConfig tidak bisa secara langsung menyimpan file konfigurasi ke (misalkan) /var/www. Pindahkan file vpn01.zip tersebut ke /var/www

mv ~/vpn01.zip /var/www/

Tahap 2 : Instalasi OpenVPN di Fedora 20

Kita akan melakukan koneksi ke SoftEther server dengan menggunakan OpenVPN. Install openvpn di Fedora

yum install openvpn -y

Download file konfigurasi yang tadi sudah dibuat

wget http://192.168.1.10/vpn01.zip

ekstrak file tersebut

unzip vpn01.zip
### log
Archive:  vpn01.zip
 extracting: readme.txt              
 extracting: readme.pdf              
 extracting: vpn_openvpn_remote_access_l3.ovpn  
 extracting: vpn_openvpn_site_to_site_bridge_l2.ovpn  

kita menggunakan vpn_openvpn_remote_access_l3.ovpn :)

su -c "openvpn --config  *openvpn_remote_access_l3.ovpn"

pada

Enter Auth Username:vpn01
### vpn01 adalah user yang tadi dibuat di server
Enter Auth Password:
### password untuk user vpn01

koneksi yang berhasil ada pesan “Initialization Sequence Completed”. Log lengkapnya

[fedora@homeserver]$ su -c "openvpn --config  *openvpn_remote_access_l3.ovpn"
Password: 
Tue Jul 22 23:42:40 2014 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013
Enter Auth Username:vpn01
Enter Auth Password:
Tue Jul 22 23:42:46 2014 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Jul 22 23:42:46 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
Tue Jul 22 23:42:46 2014 UDPv4 link local: [undef]
Tue Jul 22 23:42:46 2014 UDPv4 link remote: [AF_INET]192.168.1.10:1194
Tue Jul 22 23:42:46 2014 TLS: Initial packet from [AF_INET]192.168.1.10:1194, sid=132adec4 1f0413ea
Tue Jul 22 23:42:46 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 22 23:42:47 2014 VERIFY OK: depth=0, CN=lateng.ndikkar.com, O=lateng.ndikkar.com, OU=lateng.ndikkar.com, C=US
Tue Jul 22 23:42:47 2014 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jul 22 23:42:47 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 22 23:42:47 2014 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jul 22 23:42:47 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 22 23:42:47 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jul 22 23:42:47 2014 [lateng.ndikkar.com] Peer Connection Initiated with [AF_INET]192.168.1.10:1194
Tue Jul 22 23:42:49 2014 SENT CONTROL [lateng.ndikkar.com]: 'PUSH_REQUEST' (status=1)
Tue Jul 22 23:42:51 2014 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DNS 192.168.30.1,route-gateway 192.168.30.14,redirect-gateway def1'
Tue Jul 22 23:42:51 2014 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 22 23:42:51 2014 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 22 23:42:51 2014 OPTIONS IMPORT: route options modified
Tue Jul 22 23:42:51 2014 OPTIONS IMPORT: route-related options modified
Tue Jul 22 23:42:51 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jul 22 23:42:51 2014 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlp3s0 HWADDR=74:2f:68:b5:1b:f8
Tue Jul 22 23:42:51 2014 TUN/TAP device tun0 opened
Tue Jul 22 23:42:51 2014 TUN/TAP TX queue length set to 100
Tue Jul 22 23:42:51 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jul 22 23:42:51 2014 /usr/sbin/ip link set dev tun0 up mtu 1500
Tue Jul 22 23:42:51 2014 /usr/sbin/ip addr add dev tun0 local 192.168.30.13 peer 192.168.30.14
Tue Jul 22 23:42:51 2014 /usr/sbin/ip route add 192.168.1.10/32 via 192.168.1.254
Tue Jul 22 23:42:51 2014 /usr/sbin/ip route add 0.0.0.0/1 via 192.168.30.14
Tue Jul 22 23:42:51 2014 /usr/sbin/ip route add 128.0.0.0/1 via 192.168.30.14
Tue Jul 22 23:42:51 2014 Initialization Sequence Completed

Sekian ;).

Leave a comment

Your email address will not be published. Required fields are marked *