SoftEther VPN (“SoftEther”意为“软件以太网”)是世界上最强大和易于使用的多协议 VPN 软件之一。它可以在 Windows、Linux、Mac、FreeBSD 和 Solaris 上运行。
SoftEther VPN不仅是现有VPN产品(OpenVPN、IPsec 和 MS-SSTP)的替代VPN服务器,同时还具有独创的强大SSL-VPN协议,可以穿透任何类型的防火墙。
SoftEther VPN 的特点:
- 免费和开源软件。
- 轻松建立远程访问 和站点到站点 VPN。
- SSL-VPN 隧道在 HTTPS 上 通过 NAT 和防火墙。
- 革命性的VPN over ICMP 和VPN overDNS 功能。
- 抵抗高度限制的防火墙。
- VPN 上的以太网桥接 (L2) 和 IP 路由 (L3) 。
- 嵌入式 动态 DNS 和 NAT 遍历 ,因此不需要静态或固定 IP 地址。
- AES 256 位和 RSA 4096 位 加密。
- 足够的安全功能,例如日志记录 和防火墙 内部 VPN 隧道。
- 1Gbps 级高速吞吐量性能 ,内存和CPU占用率低。
- 支持Windows、Linux、Mac、Android、iPhone、iPad 和 Windows Mobile 。
- SSL-VPN (HTTPS) 和 6 种主要的 VPN 协议(OpenVPN、 IPsec、 L2TP、 MS-SSTP、 L2TPv3 和 EtherIP)都支持作为 VPN 隧道底层协议。
- OpenVPN 克隆功能 支持旧版 OpenVPN 客户端。
- IPv4 / IPv6 双栈。
- VPN服务器可以在Windows、Linux、FreeBSD、Solaris 和 Mac OS X 上运行 。
- 可以在GUI上配置所有设置 。
- 多语言 (英语、日语和简体中文)。
- 没有内存泄漏。高质量稳定代码,适合长期运行。
- RADIUS/NT域用户认证功能
- RSA证书认证功能
- 深度检测数据包日志记录功能
- 源IP地址控制列表功能
- 系统日志传输函数
SoftEther VPN提供了FreeBSD平台的运行程序,可以在pfSense和OPNsense上运行。本文介绍在pfSense和OPNsense上安装和配置SoftEther VPN的方法。
pfSense安装SoftEther VPN
使用的防火墙软件版本:pfSense plus 23.01中文定制版。
安装SoftEther VPN
进入防火墙shell环境,运行以下命令安装:
pkg add -f https://pkg.freebsd.org/FreeBSD:13:amd64/latest/All/softether-4.41.9787.pkg后续版本升级,可以在这里搜索softether下载地址。下面为运行安装命令后显示的内容:
[23.01-RELEASE][[email protected]]/root: pkg add -f https://pkg.freebsd.org/FreeBSD:13:amd64/latest/All/softether-4.41.9787.pkg
Fetching softether-4.41.9787.pkg: 100% 3 MiB 16.1kB/s 03:10
Installing softether-4.41.9787...
pkg: wrong architecture: FreeBSD:13:amd64 instead of FreeBSD:14:amd64
package softether is already installed, forced install
Extracting softether-4.41.9787: 100%
=====
Message from softether-4.41.9787:
--
To run SoftEtherVPN client from startup, run
sysrc softether_client_enable=yes
To run SoftEtherVPN server from startup, run
sysrc softether_server_enable=yes
To run SoftEtherVPN bridge from startup, run
sysrc softether_bridge_enable=yes
To run SoftEtherVPN traffic server from startup, run
sysrc softether_trafficserver_enable=yes
Initial and further configuration of all softether services can be
done either by using a Windows client to connect to the running
services or by vpncmd from command line.
Please note client functionality is not supported on FreeBSD right now.
When removing SoftEther VPN without the desire to reinstall, please
ensure to remove the following directories as well:
- /var/db/softether
- /var/log/softether
- /var/run/softether根据提示,需要添加不同类型程序的启动项,我们可以把所有的程序启动项都添加上:
[23.01-RELEASE][[email protected]]/root: sysrc softether_trafficserver_enable=yes
softether_trafficserver_enable: -> yes
[23.01-RELEASE][[email protected]]/root: sysrc softether_client_enable=yes
softether_client_enable: -> yes
[23.01-RELEASE][[email protected]]/root: sysrc softether_bridge_enable=yes
softether_bridge_enable: -> yes
[23.01-RELEASE][[email protected]]/root: sysrc softether_server_enable=yes
softether_server_enable: yes -> yes运行命令后,会在/etc/rc.conf文件添加以下参数:
softether_server_enable="yes"
softether_trafficserver_enable="yes"
softether_client_enable="yes"
softether_bridge_enable="yes"SoftEther VPN程序安装以后,安装文件会存放在以下不同目录:
/usr/local/etc/rc.d/softether_bridge |
/usr/local/etc/rc.d/softether_client |
/usr/local/etc/rc.d/softether_server |
/usr/local/etc/rc.d/softether_trafficserver |
/usr/local/libexec/softether/hamcore.se2 |
/usr/local/libexec/softether/vpnbridge |
/usr/local/libexec/softether/vpnclient |
/usr/local/libexec/softether/vpncmd |
/usr/local/libexec/softether/vpnserver |
/usr/local/sbin/vpncmd |
/usr/local/share/doc/softether/AUTHORS.TXT |
/usr/local/share/doc/softether/ChangeLog |
/usr/local/share/doc/softether/LICENSE |
/usr/local/share/doc/softether/README |
/usr/local/share/doc/softether/THIRD_PARTY.TXT |
/usr/local/share/doc/softether/WARNING.TXT |
/usr/local/share/licenses/softether-4.41.9787/APACHE20 |
/usr/local/share/licenses/softether-4.41.9787/LICENSE |
/usr/local/share/licenses/softether-4.41.9787/catalog.mk |
运行SoftEther VPN 服务器
输入以下命令,启动SoftEther VPN 服务器:
/usr/local/libexec/softether/vpnserver start停止SoftEther VPN 服务器运行命令:
/usr/local/libexec/softether/vpnserver stop输入启动命令以后,会出现以下提示:
[23.01-RELEASE][[email protected]]/root: /usr/local/libexec/softether/vpnserver start
The SoftEther VPN Server service has been started.
Let's get started by accessing to the following URL from your PC:
https://202.101.151.20:5555/
or
https://202.101.151.20/
Note: IP address may vary. Specify your server's IP address.
A TLS certificate warning will appear because the server uses self signed certificate by default. That is natural. Continue with ignoring the TLS warning.根据提示使用https://202.101.151.20:5555 或 https://202.101.151.20地址访问SoftEther VPN的配置界面。
该地址为防火墙的WAN接口地址,在进行后续配置之前,还需要添加防火墙规则才能访问。
注意:如果要运行SoftEther VPN的客户端或网桥程序,请参照上面的命令格式即可。
添加防火墙规则
导航到防火墙>规则策略,WAN选项卡,添加放开防火墙5555和443端口的规则。由于国内443端口都已被运营商禁用,本示例未添加。
放开后就可以使用https://202.101.151.20:5555 地址访问SoftEether VPN的Web界面。
设置开机启动
使用shellcmd插件,添加以下两条开机启动命令。
1、创建程序运行的临时目录
mkdir /var/run/softether2、启动softether服务
/usr/local/etc/rc.d/softether_server start
注意两条命令的Shellcmd类型,这决定了命令的启动顺序,不能弄错。
配置SoftEther VPN
由于SoftEether VPN的Web配置界面功能过于简单,建议下载客户端程序进行配置。以SoftEther VPN Server配置程序为例,运行以后,点击左下角的新设置,新建一个连接。
输入连接的信息,注意密码为空:
点击确定后返回主程序。点击连接(c)按钮,第一次连接时,会提示创建管理员密码。使用新的密码登录以后,就可以配置SoftEther VPN了。
OPNsense安装SoftEther VPN
所使用的防火墙软件版本:OPNsense 23.1.5_4。
安装SoftEther VPN
导航到系统>固件>插件选项卡,找到os-softether-devel插件,点击右侧的安装按钮进行安装。或运行以下命令来安装SoftEther VPN:
pkg install os-softether-devel下面来运行安装命令后显示的内容:
root@OPNsense:~ # pkg install os-softether-devel
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 2 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
os-softether-devel: 0.3 [OPNsense]
softether: 4.41.9787 [OPNsense]
Number of packages to be installed: 2
The process will require 10 MiB more space.
Proceed with this action? [y/N]: y
[1/2] Installing softether-4.41.9787...
[1/2] Extracting softether-4.41.9787: 100%
[2/2] Installing os-softether-devel-0.3...
[2/2] Extracting os-softether-devel-0.3: 100%
Stopping configd...done
Starting configd.
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/Softether: OK
=====
Message from softether-4.41.9787:
--
To run SoftEtherVPN client from startup, run
sysrc softether_client_enable=yes
To run SoftEtherVPN server from startup, run
sysrc softether_server_enable=yes
To run SoftEtherVPN bridge from startup, run
sysrc softether_bridge_enable=yes
To run SoftEtherVPN traffic server from startup, run
sysrc softether_trafficserver_enable=yes
Initial and further configuration of all softether services can be
done either by using a Windows client to connect to the running
services or by vpncmd from command line.
Please note client functionality is not supported on FreeBSD right now.
When removing SoftEther VPN without the desire to reinstall, please
ensure to remove the following directories as well:
- /var/db/softether
- /var/log/softether
- /var/run/softether根据提示,添加不同类型的程序启动项:
[23.01-RELEASE][[email protected]]/root: sysrc softether_trafficserver_enable=yes
softether_trafficserver_enable: -> yes
[23.01-RELEASE][[email protected]]/root: sysrc softether_client_enable=yes
softether_client_enable: -> yes
[23.01-RELEASE][[email protected]]/root: sysrc softether_bridge_enable=yes
softether_bridge_enable: -> yes
[23.01-RELEASE][[email protected]]/root: sysrc softether_server_enable=yes
softether_server_enable: yes -> yes命令运行后会在/etc/rc.conf文件添加以下参数:
softether_server_enable="yes"
softether_trafficserver_enable="yes"
softether_client_enable="yes"
softether_bridge_enable="yes"运行SoftEther VPN
导航到防火墙的VPN>SoftEther菜单,选中启用SoftEther选项。
配置SoftEther VPN
运行SoftEther VPN Server客户端配置程序,点击左下角的新设置,新建一个连接。
默认地址为防火墙的LAN地址,端口为443,密码为空。如果端口与你的防火墙web访问端口冲突,可以使用vpncmd命令修改默认端口,当然也可以更改防火墙的Web访问端口。
点击确定后返回主程序。点击连接(c)按钮,第一次连接时,会提示创建管理员密码。使用新的密码登录以后,就可以配置SoftEther VPN了。
SoftEther VPN 各项功能的详细配置,请参考网络上的其他相关文章,不再赘叙。
标签:enable,OPNsense,softether,SoftEther,yes,VPN,usr From: https://blog.51cto.com/fxn2025/6202724