openvpn

Cara Autostart OpenVPN waktu Booting

Last Updated on 6 March 2021 By tommy Leave a Comment

Di distro Linux yang sudah menggunakan systemd (Ubuntu, Fedora, ArchLinux, Debian), untuk membuat autostart openvpn sangat-sangat mudah. Pertama anda harus sudah memiliki akses ke OpenVPN, bila belum punya bisa di install dengan mengikuti tutorial di sini.

File Konfig OpenVPN

File openvpn yang saya miliki saya berinama ca-cimen.ovpn, copy file tersebut ke /etc/openvpn/ca-cimen.conf, ingat ekstension di /etc/openvpn harus .conf kalo tidak, file konfigurasi OpenVPN tidak akan terdeteksi.

Setting Auto Start

Buka file /etc/default/openvpn tambahkan baris

AUTOSTART="ca-cimen"

ingat untuk mengganti ca-cimen dengan nama yang anda gunakan diatas.

restart daemon systemd

systemctl daemon-reload

jalankan service openvpn ca-cimen

systemctl start openvpn@ca-cimen

cek status client openvpn

systemctl status openvpn@ca-cimen

coba restart system anda, openvpn akan otomatis terhubung.

Bila service VPN tidak berjalan setelah booting, aktifkan dengan systemd

systemctl enable openvpn@ca-cimen

OpenVPN IPv6 RTNETLINK answers: Permission denied

Last Updated on 14 March 2017 By tommy Leave a Comment

Saat mengkonfigurasi IPv6 di OpenVPN disalah satu client, muncul error

Tue Mar 14 18:45:44 2017 ROUTE_GATEWAY 192.168.100.1/255.255.255.0 IFACE=wlp2s0 HWADDR=h0:43:00:00:0a:8d
Tue Mar 14 18:45:44 2017 ROUTE6: default_gateway=UNDEF
Tue Mar 14 18:45:44 2017 TUN/TAP device tun0 opened
Tue Mar 14 18:45:44 2017 TUN/TAP TX queue length set to 100
Tue Mar 14 18:45:44 2017 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Tue Mar 14 18:45:44 2017 /usr/sbin/ip link set dev tun0 up mtu 1500
Tue Mar 14 18:45:44 2017 /usr/sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
Tue Mar 14 18:45:44 2017 /usr/sbin/ip -6 addr add 2600:xxx:xx:1f6::1001/64 dev tun0
RTNETLINK answers: Permission denied
Tue Mar 14 18:45:44 2017 Linux ip -6 addr add failed: external program exited with error status: 2
Tue Mar 14 18:45:44 2017 Exiting due to fatal error

Solusi atas masalah OpenVPN diatas adalah mengaktifkan support IPv6 di komputer Linux anda.

Dibagian paling bawah /etc/sysctl.conf tambahkan

net.ipv6.conf.all.disable_ipv6 = 0 
net.ipv6.conf.default.disable_ipv6 = 0 
net.ipv6.conf.lo.disable_ipv6 = 0

aplikasikan perubahan tersebut

sysctl -p

lalu konek ulang ke OpenVPN.

Mengakses Komputer Rumah/Kantor dengan IPv6

Last Updated on 12 February 2016 By tommy 2 Comments

Cara dibawah ini sedikit susah diaplikasikan, jadi baca baik-baik sebelum mencoba. Mengapa menggunakan IPv6? Bila anda menggunakan NAT dan tidak memiliki akses ke router hal ini kurang membuat remote akses ke komputer anda menjadi lebih sulit. Bisa saja menggunakan private IPv4 dari VPN ;) tapi dengan IPv6 lebih gampang dan bisa diakses dari mana saja asalkan anda memiliki akses IPv6 dari tunnel point (komputer yang digunakan untuk mengakses komputer remote).

Kebutuhan

Server
Linux (Debian/CentOS/Fedora/Ubuntu)
OpenVPN server dengan IPv6

Komputer Kantor/Rumah
Linux (Debian/CentOS/Fedora/Ubuntu)
OpenVPN client

Untuk menginstall OpenVPN dengan IPv6 ikuti tutorial ini, disini kita hanya membahas cara kerjanya, jadi pastikan IPv6 OpenVPN anda sudah berjalan dengan lancar baik di client maupun server.

Konfigurasi Komputer Kantor

Jalankan openvpn, contoh file konfiguras saya bernama kantor.ovpn

su -c "openvpn --config kantor.ovpn"

cek IPv6 yang anda dapatkan dengan ifconfig

$ ifconfig
enp5s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 14:da:e9:ac:0a:54  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 82  bytes 10582 (10.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 82  bytes 10582 (10.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.9  netmask 255.255.255.0  destination 10.8.0.9
        inet6 2001:df2:900:a100:7::1007  prefixlen 112  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 5999  bytes 716089 (699.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10792  bytes 3815145 (3.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

catat di bagian tun0 > inet6. IPv6 komputer kantor anda adalah 2001:df2:900:a100:7::1007.

Akses Remote

Disini bisa menggunakan Windows/Linux/MacOS ataupun IOS/Android yang penting anda memiliki IPv6. Karena di Indonesia belum ada ISP umum yang memberikan IPv6, saya akan mengakses komputer kantor tersebut dari VPS yang memiliki IPv6 (Linode)
Disini saya contohkan menggunakan Linux.

ssh username@2001:df2:900:a100:7::1007

ganti 2001:df2:900:a100:7::1007 dengan IPv6 yang anda miliki, dan username dengan user anda.

Keuntungan Menggunakan IPv6

Keuntungan menggunakn cara ini :
1. Dapat diakses darimana saja
2. Tidak perlu melakukan port forwarding (tanpa akses ke modem pun bisa)
3. Dapat digunakan dimana saja, baik anda menggunakan android (tunnel)/broadband/4G/wifi tidak ada bedanya, yang penting anda bisa terhubung ke server VPN.
4. Akses lebih cepat, karena tidak perlu ada pihak ketiga (vpn/tunnel tambahan)

OpenVPN dengan IPv6 di Linux Server

Last Updated on 10 May 2016 By tommy Leave a Comment

Sebelum menggunakan IPv6 pastikan OpenVPN anda sudah bisa terhubung lewat IPv4, ini untuk mempermudah troubleshooting bila ada masalah baik di server ataupun di client.

Kebutuhan untuk eksperimen ini :
1. Server dengan OS Linux (Native/Tunneled IPv6 minimal /112)
2. Client (OS Linux atau Windows 7/10).

Server OpenVPN

Disini kita menggunakan TUN, konfigurasi OpenVPN server (server.conf) sebelum ditambah untuk IPv4

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"

Tambahkan dibaris paling bawah. Bila anda memiliki /64 IPv6 dari provider anda, /64 juga bisa digunakan disini. Karena menurut saya sangat sia-sia menggunakan /64 maka saya menggunakan subnet yang lebih kecil yaitu /112 (65536 host). Untuk menghitung subnet gunakan aplikasi online yang bertebaran.

server-ipv6 2001:df1:XXX:XXX:XXX::/112
push "route-ipv6 2000::/3"

Edit file /etc/sysctl.conf tambahkan dibaris paling bawah

net.ipv6.conf.all.proxy_ndp=1
net.ipv6.conf.all.forwarding=1

aktifkan perubahan dengan perintah

sysctl -p

Setting Client

Di client sendiri tidak perlu ditambah apapun, cukup gunakan yang sudah ada. Di Linux cara untuk konek ke server OpenVPN

su -c "openvpn client.conf"

untuk Windows 10 download openvpn client dari openvpn.net saya menggunakan yang 64 Bit (openvpn-install-2.3.9-I601-x86_64.exe). Copy file configurasi anda (contoh client.conf) ke folder C:\Program Files\OpenVPN\config. Jalankan aplikasi OpenVPN.

Disini kita masih harus manual untuk mengaktifkan IPv6 tersebut. Cek IPv6 yang dimiliki oleh client, di Linux gunakan ifconfig di Windows ipconfig /all. Contoh
Fedora Linux

tun0: flags=4305  mtu 1500
        inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2
        inet6 2001:df1:XXXX:XXXX:XXXX::1000  prefixlen 112  scopeid 0x0
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 63537  bytes 46897845 (44.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 61295  bytes 19438143 (18.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Windows 10

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-53-75-A6-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:df1:XXXX:XXXX:7::1004(Preferred)
   Link-local IPv6 Address . . . . . : fe80::40a3:b66f:342f:d2b7%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, December 21, 2015 3:00:45 PM
   Lease Expires . . . . . . . . . . : Tuesday, December 20, 2016 3:00:45 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.8.0.254
   DHCPv6 IAID . . . . . . . . . . . : 100728658
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-02-1F-04-B1-E9-00-1C-29-45-86-10
   DNS Servers . . . . . . . . . . . : 8.8.4.4
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Copy IPv6 tersebut lalu di server OpenVPN jalankan perintah

ip neigh add proxy 2001:df1:XXXX:XXXX:7::1004 dev eth0
### atau
ip neigh add proxy 2001:df1:XXXX:XXXX:7::1000 dev eth0

Percobaan IPv6

Untuk mengetahui IPv6 anda berjalan lancar, buka situs ipv6-test.com

atau situs www.kame.net bila anda mengakses situs tersebut menggunakan IPv6 kura-kuranya akan menari-nari.

bisa juga dengan ping6, di Windows ping -6

$ ping6 -c6 google.com
PING google.com(sa-in-x65.1e100.net) 56 data bytes
64 bytes from sa-in-x65.1e100.net: icmp_seq=1 ttl=52 time=32.6 ms
64 bytes from sa-in-x65.1e100.net: icmp_seq=2 ttl=52 time=32.8 ms
64 bytes from sa-in-x65.1e100.net: icmp_seq=3 ttl=52 time=32.5 ms
64 bytes from sa-in-x65.1e100.net: icmp_seq=4 ttl=52 time=32.2 ms
64 bytes from sa-in-x65.1e100.net: icmp_seq=5 ttl=52 time=32.8 ms
64 bytes from sa-in-x65.1e100.net: icmp_seq=6 ttl=52 time=32.9 ms
 
$ ping6 -c6 facebook.com
PING facebook.com(edge-star-mini6-shv-07-frc3.facebook.com) 56 data bytes
64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=1 ttl=40 time=279 ms
64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=2 ttl=40 time=280 ms
64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=3 ttl=40 time=279 ms
64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=4 ttl=40 time=279 ms
64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=5 ttl=40 time=279 ms
64 bytes from edge-star-mini6-shv-07-frc3.facebook.com: icmp_seq=6 ttl=40 time=279 ms
 
$ ping6 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) 56 data bytes
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=46 time=104 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=46 time=105 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=3 ttl=46 time=104 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=4 ttl=46 time=105 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=5 ttl=46 time=105 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=6 ttl=46 time=104 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=7 ttl=46 time=105 ms

Instalasi dan Konfigurasi OpenVPN di CentOS 6

Last Updated on 7 May 2015 By tommy 1 Comment

OpenVPN belum terdapat di repository bawaan CentOS, jadi untuk menginstallnya harus ditambah repo EPEL

wget http://fedora.dionipe.web.id/epel/6/i386/epel-release-6-8.noarch.rpm
yum localinstall epel-release-6-8.noarch.rpm

Install OpenVPN

Install OpenVPN dengan cara

yum install openvpn easy-rsa bridge-utils

Generate Certificate

Agar client dan server OpenVPN bisa berkomunikasi, dibutuhkan sertifikat di kedua pihak, maka kita akan menggenerate sertifikat untuk client dan server.
Buat folder tempat menyimpan keys

mkdir -p /etc/openvpn/easy-rsa/keys
cp -r /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

Untuk mempersingkat waktu tanpa perlu menginput Negara, Email, dll edit file vars (/etc/openvpn/easy-rsa/vars) sesuaikan bagian dibawah ini sesuai dengan keinginan anda

export KEY_COUNTRY="ID"
export KEY_PROVINCE="Jakarta"
export KEY_CITY="Jakarta"
export KEY_ORG="Jaranguda Simalem"
export KEY_EMAIL="[email protected]"
export KEY_OU="DevSSL"

file diatas sebenarnya tidak terlalu berpengaruh, jadi bisa saja dibiarkan default.

inisialisasi awal

cd /etc/openvpn/easy-rsa/
source ./vars
./clean-all

build ca dan key

./build-ca

output perintah diatas

Generating a 2048 bit RSA private key
...................................+++
....+++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [ID]:
State or Province Name (full name) [Jakarta]:
Locality Name (eg, city) [Jakarta]:
Organization Name (eg, company) [Jaranguda Simalem]:
Organizational Unit Name (eg, section) [DevSSL]:
Common Name (eg, your name or your server's hostname) [Jaranguda Simalem CA]:
Name [EasyRSA]:
Email Address [[email protected]]:

Country Name, State, Locality semua pertanyaan diatas cukup di tekan tombol Enter di keyboard, karena sudah kita setting sebelumnya.

build certificate server

./build-key-server server

output perintah diatas

Generating a 2048 bit RSA private key
.......+++
.....................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [ID]:
State or Province Name (full name) [Jakarta]:
Locality Name (eg, city) [Jakarta]:
Organization Name (eg, company) [Jaranguda Simalem]:
Organizational Unit Name (eg, section) [DevSSL]:
Common Name (eg, your name or your server's hostname) [server]:
Name [EasyRSA]:
Email Address [[email protected]]:
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'ID'
stateOrProvinceName   :PRINTABLE:'Jakarta'
localityName          :PRINTABLE:'Jakarta'
organizationName      :PRINTABLE:'Jaranguda Simalem'
organizationalUnitName:PRINTABLE:'DevSSL'
commonName            :PRINTABLE:'server'
name                  :PRINTABLE:'EasyRSA'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Apr 18 07:07:36 2025 GMT (3650 days)
Sign the certificate? [y/n]:y
 
 
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

Generate certificate untuk Client
Contoh kita akan membuat user OpenVPN dengan nama jaranguda01

./build-key jaranguda01

output perintah diatas

Generating a 2048 bit RSA private key
..................................+++
.....................................................................................................+++
writing new private key to 'jaranguda01.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [ID]:
State or Province Name (full name) [Jakarta]:
Locality Name (eg, city) [Jakarta]:
Organization Name (eg, company) [Jaranguda Simalem]:
Organizational Unit Name (eg, section) [DevSSL]:
Common Name (eg, your name or your server's hostname) [jaranguda01]:
Name [EasyRSA]:
Email Address [[email protected]]:
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'ID'
stateOrProvinceName   :PRINTABLE:'Jakarta'
localityName          :PRINTABLE:'Jakarta'
organizationName      :PRINTABLE:'Jaranguda Simalem'
organizationalUnitName:PRINTABLE:'DevSSL'
commonName            :PRINTABLE:'jaranguda01'
name                  :PRINTABLE:'EasyRSA'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Apr 18 07:11:45 2025 GMT (3650 days)
Sign the certificate? [y/n]:y
 
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

Generate DH

./build-dh

Semua file untuk client dan server sudah di-generate, sekarang bagian konfigurasi.
Copy semua file dari folder keys ke openvpn

cd /etc/openvpn/easy-rsa/keys/
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn/

File konfigurasi Server OpenVPN

Copy file server.conf dari file doc bawaan OpenVPN

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn/

buka file server.conf, edit bagian

;proto tcp
proto udp
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

menjadi

proto tcp
;proto udp
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

Aktifkan Port Forwarding
buka file /etc/sysctl.conf
edit

net.ipv4.ip_forward = 0

menjadi

net.ipv4.ip_forward = 1

aktifkan perubahan diatas dengan

sysctl -p

aktifkan fitur routing trafic di iptables

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to-source 107.xx.xx.xxx

ganti 107.xx.xx.xxx dengan IP server anda.

jalankan OpenVPN

service openvpn start

Client OpenVPN

Tahap instalasi OpenVPN di server sudah selesai, sekarang masuk bagian client. Disini file yang harus diambil dari server adalah ca.crt, client.crt dan client.key. Bisa di copy lewat FTP, SSH atau lainnya. Kalo mau gampangnya install apache
login ke server OpenVPN

yum install httpd -y
service httpd start

kompress file server.crt jaranguda01.crt jaranguda01.key ke jaranguda.tar.gz

cd /etc/openvpn/easy-rsa/keys
tar zcvf jaranguda.tar.gz jaranguda01.crt jaranguda01.key server.crt

pidahkan file jaranguda.tar.gz ke folder /var/www/html

cp jaranguda.tar.gz /var/www/html/

sekarang kembali ke client, disini kita akan menggunakan Linux juga :D download file jaranguda.tar.gz yang ada di IP.Server/jaranguda.tar.gz

wget 107.xxx.xxx.xxx/jaranguda.tar.gz

ekstrak file tersebut

tar zxvf jaranguda.tar.gz

Client Config
jaranguda.ovpn

client
remote IP.Server 1194
dev tun
proto tcp
comp-lzo
ca ca.crt
cert perkis01.crt
key perkis01.key
route-delay 2
route-method exe
redirect-gateway def1
verb 3
 
cert jaranguda01.crt
key jaranguda01.key

jalankan openvpn dengan root

openvpn --config jaranguda.ovpn

Install dan Konfigurasi Softether di Debian 7

Last Updated on 22 July 2014 By tommy Leave a Comment

SoftEther mudah untuk di install tetapi agak ribet konfigurasinya dengan hanya mengandalkan Linux server, kalau mengelolanya menggunakan Windows sangat mudah. Tutorial ini hanya akan menggunakan CLI (Command Line Interface) baik untuk konfigurasi dan instalasi SoftEther Server.
Server :
Debian 7
IP : 192.168.1.10

Client :
Fedora 20
IP : 192.168.1.11

Tahap 1 : Instalasi di Server Debian 7

Dibawah ini akan dijelaskan tahap pertahap instalasi SoftEther VPN Server di Debian 7 (sisi server). Bagian ini dibedakan dengan tahap 2 yang khusus untuk koneksi ke SoftEther VPN Server. Install aplikasi-aplikasi (dependencies) yang dibutuhkan untuk menginstall SoftEther.

apt-get update; apt-get install build-essential

Untuk memudahkan download file konfigurasi yang akan kita buat nantinya, kita akan menginstall Apache Web Server

apt-get install apache2

Instalasi SoftEther VPN Server

Download SoftEther di SoftEther Download Center. Untuk 32 Bit pilih Intel X86 (32 Bit) dibagian CPU.

Saat ini versi terbaru adalah v4.08-9449.
64 Bit

wget http://www.softether-download.com/files/softether/v4.08-9449-rtm-2014.06.08-tree/Linux/SoftEther%20VPN%20Server/64bit%20-%20Intel%20x64%20or%20AMD64/softether-vpnserver-v4.08-9449-rtm-2014.06.08-linux-x64-64bit.tar.gz

32 Bit

wget http://www.softether-download.com/files/softether/v4.08-9449-rtm-2014.06.08-tree/Linux/SoftEther%20VPN%20Server/32bit%20-%20Intel%20x86/softether-vpnserver-v4.08-9449-rtm-2014.06.08-linux-x86-32bit.tar.gz

pilih yang sudah stabil (stable). Karena versi beta kemungkinan masih banyak bug.
Ekstrak file yang baru di download ke folder /opt

tar zxvf softether-vpnserver-*.tar.gz -C /opt/

hasil ekstrak diatas menghasilkan folder bernama vpnserver di /opt (/opt/vpnserver/). Pindah ke folder vpnserver lalu install SoftEther

cd /opt/vpnserver/; make

Untuk pilihan

Do you want to read the License Agreement for this software ?
Did you read and understand the License Agreement ?
Did you agree the License Agreement ?

pilih 1. Yes. Jalankan SoftEther server

/opt/vpnserver/vpnserver start

Konfigurasi SoftEther VPN Server

Semua fungsi SoftEther bisa dikelola dari vpncmd. Untuk memulai konfigurasi jalankan vpncmd

/opt/vpnserver/vpncmd

Sebelum memulai konfigurasi, cek terlebih dahulu apakah server anda bisa menjalankan SoftEther dengan sempurna atau tidak. Setelah menjalankan vpncmd pilih 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
lalu eksekusi perintah Check

VPN Tools>Check
Check command - Check whether SoftEther VPN Operation is Possible
---------------------------------------------------
SoftEther VPN Operation Environment Check Tool
Copyright (c) SoftEther VPN Project.
All Rights Reserved.
If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait...
Checking 'Kernel System'... 
              Pass
Checking 'Memory Operation System'... 
              Pass
Checking 'ANSI / Unicode string processing system'... 
              Pass
Checking 'File system'... 
              Pass
Checking 'Thread processing system'... 
              Pass
Checking 'Network system'... 
              Pass
 
All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system.
The command completed successfully.

Bila anda mendapatkan All checks passed berarti SoftEther VPN Server bisa dijalankan dengan sempurna. Bila terdapat error silahkan kontak provider anda, bila menggunakan VPS (OpenVZ/XEN/KVM).

Membuat password Admin

Jalankan vpncmd. Pada pilihan

By using vpncmd program, the following can be achieved. 
1. Management of VPN Server or VPN Bridge 
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3:

pilih angka 1 lalu tekan enter. Pada bagian Hostname of IP Address of Destination masukkan localhost:5555 . Dibagian Specify Virtual Hub Name: tidak perlu diisi apapun, tekan enter, nanti akan muncul

VPN Server>

eksekusi ServerPasswordSet, lalu masukkan password anda.

Membuat VirtualHub

Sebelum menambahkan user, terlebih dahulu buat VirtualHub. Sebagai contoh kita akan membuat VirtualHub bernama VirHub, pada vpncmd eksekusi

HubCreate VirHub

log perintah diatas

VPN Server>HubCreate VirHub
HubCreate command - Create New Virtual Hub
Please enter the password. To cancel press the Ctrl+D key.
 
Password: **********
Confirm input: **********
 
 
The command completed successfully.

Sekarang gunakan VirtualHub yang baru dibuat, untuk menambah user baru.

Hub VirHub
### log
Hub command - Select Virtual Hub to Manage
The Virtual Hub "VirHub" has been selected.
The command completed successfully.

VPN Server/VirHub>

Cara paling mudah untuk menghubungkan client dengan SoftEther server adalah dengan SecureNAT, maka kita akan menggunakan SecureNAT disini. Untuk mengaktifkannya jalankan

SecureNatEnable
### log
VPN Server/VirHub>SecureNatEnable
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.

Menambah User VPN

Format untuk menambah user

UserCreate user

sebagai contoh kita akan membuat user vpn01, pilihan lainnya biarkan kosong

UserCreate vpn01
### log
UserCreate command - Create User 
Assigned Group Name: 
User Full Name: 
User Description: 
The command completed successfully.

Agar aman, gunakan password untuk user vpn01. perintahnya UserPasswordSet vpn01

UserPasswordSet vpn01
### log
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
Please enter the password. To cancel press the Ctrl+D key.
Password: **********
Confirm input: **********
The command completed successfully.

Aktifkan IPSec

IPsecEnable
IPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes
Enable Raw L2TP Server Function (yes / no): yes
Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): yes
Pre Shared Key for IPsec (Recommended: 9 letters at maximum): VirHubKey
Default Virtual HUB in a case of omitting the HUB on the Username: VirHub
The command completed successfully.

yang perlu di perhatikan adalah Default Virtual HUB isi dengan VirtualHub yang tadi sudah dibuat. Pre Shared Key bebas di isi maksimal 9.

Setelah semua konfigurasi selesai, sekarang kita akan membuat konfigurasi untuk OpenVPN. Generate sertifikat baru untuk server, perintah dibawah ini masih di jalankan di vpncmd. Contoh saya menggunakan hostname vpn.jaranguda.com

ServerCertRegenerate vpn.jaranguda.com
### log
ServerCertRegenerate command - Generate New Self-Signed Certificate with Specified CN (Common Name) and Register on VPN Server
A new server certificate has been set.
If you are using OpenVPN protocols, please mind that you may have to update the inline certificate data in the OpenVPN configuration file.
The command completed successfully.

Aktifkan OpenVPN di port 1194 (port default OpenVPN), bisa diganti dengan port lainnya.

OpenVpnEnable yes /PORTS:1194
### log 
OpenVpnEnable command - Enable / Disable OpenVPN Clone Server Function
The command completed successfully.

Generate file konfigurasi untuk user vpn01

OpenVpnMakeConfig ~/vpn01.zip
### log
OpenVpnMakeConfig command - Generate a Sample Setting File for OpenVPN Client
The sample setting file was saved as "~/vpn01.zip". You can unzip this file to extract setting files.
The command completed successfully.

sangat disayangkan OpenVpnMakeConfig tidak bisa secara langsung menyimpan file konfigurasi ke (misalkan) /var/www. Pindahkan file vpn01.zip tersebut ke /var/www

mv ~/vpn01.zip /var/www/

Tahap 2 : Instalasi OpenVPN di Fedora 20

Kita akan melakukan koneksi ke SoftEther server dengan menggunakan OpenVPN. Install openvpn di Fedora

yum install openvpn -y

Download file konfigurasi yang tadi sudah dibuat

wget http://192.168.1.10/vpn01.zip

ekstrak file tersebut

unzip vpn01.zip
### log
Archive:  vpn01.zip
 extracting: readme.txt              
 extracting: readme.pdf              
 extracting: vpn_openvpn_remote_access_l3.ovpn  
 extracting: vpn_openvpn_site_to_site_bridge_l2.ovpn

kita menggunakan vpn_openvpn_remote_access_l3.ovpn :)

su -c "openvpn --config  *openvpn_remote_access_l3.ovpn"

pada

Enter Auth Username:vpn01
### vpn01 adalah user yang tadi dibuat di server
Enter Auth Password:
### password untuk user vpn01

koneksi yang berhasil ada pesan “Initialization Sequence Completed”. Log lengkapnya

[fedora@homeserver]$ su -c "openvpn --config  *openvpn_remote_access_l3.ovpn"
Password: 
Tue Jul 22 23:42:40 2014 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013
Enter Auth Username:vpn01
Enter Auth Password:
Tue Jul 22 23:42:46 2014 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Jul 22 23:42:46 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
Tue Jul 22 23:42:46 2014 UDPv4 link local: [undef]
Tue Jul 22 23:42:46 2014 UDPv4 link remote: [AF_INET]192.168.1.10:1194
Tue Jul 22 23:42:46 2014 TLS: Initial packet from [AF_INET]192.168.1.10:1194, sid=132adec4 1f0413ea
Tue Jul 22 23:42:46 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 22 23:42:47 2014 VERIFY OK: depth=0, CN=lateng.ndikkar.com, O=lateng.ndikkar.com, OU=lateng.ndikkar.com, C=US
Tue Jul 22 23:42:47 2014 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jul 22 23:42:47 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 22 23:42:47 2014 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jul 22 23:42:47 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 22 23:42:47 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jul 22 23:42:47 2014 [lateng.ndikkar.com] Peer Connection Initiated with [AF_INET]192.168.1.10:1194
Tue Jul 22 23:42:49 2014 SENT CONTROL [lateng.ndikkar.com]: 'PUSH_REQUEST' (status=1)
Tue Jul 22 23:42:51 2014 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DNS 192.168.30.1,route-gateway 192.168.30.14,redirect-gateway def1'
Tue Jul 22 23:42:51 2014 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 22 23:42:51 2014 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 22 23:42:51 2014 OPTIONS IMPORT: route options modified
Tue Jul 22 23:42:51 2014 OPTIONS IMPORT: route-related options modified
Tue Jul 22 23:42:51 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jul 22 23:42:51 2014 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlp3s0 HWADDR=74:2f:68:b5:1b:f8
Tue Jul 22 23:42:51 2014 TUN/TAP device tun0 opened
Tue Jul 22 23:42:51 2014 TUN/TAP TX queue length set to 100
Tue Jul 22 23:42:51 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jul 22 23:42:51 2014 /usr/sbin/ip link set dev tun0 up mtu 1500
Tue Jul 22 23:42:51 2014 /usr/sbin/ip addr add dev tun0 local 192.168.30.13 peer 192.168.30.14
Tue Jul 22 23:42:51 2014 /usr/sbin/ip route add 192.168.1.10/32 via 192.168.1.254
Tue Jul 22 23:42:51 2014 /usr/sbin/ip route add 0.0.0.0/1 via 192.168.30.14
Tue Jul 22 23:42:51 2014 /usr/sbin/ip route add 128.0.0.0/1 via 192.168.30.14
Tue Jul 22 23:42:51 2014 Initialization Sequence Completed

Sekian ;).