Introduction to virtual private network

For details, see Virtual private network learning notes
Virtual private network classification
Classification by agreement ：
Virtual private network There are three main types of tunneling protocols ,PPTP、L2TP and IPSec,
among PPTP and L2TP The agreement works in OSI The second layer of the model , Also known as the layer 2 Tunneling Protocol ;IPSec It's layer 3 tunneling protocol .
PPTP（Point to Point Tunneling Protocol）, Point to point tunneling protocol
L2TP It is an industrial standard Internet Tunnel protocol , The function is similar to PPTP The agreement is similar to , For example, the network data stream can also be encrypted .

• PPTP The network is required to be IP The Internet ,L2TP Requires packet oriented point-to-point connectivity ;
• PPTP Use a single tunnel ,L2TP Use multiple tunnels ;
• L2TP Provide header compression 、 Tunnel verification , and PPTP I won't support it

IPSec（InternetProtocolSecurity） It is an open standard security communication protocol cluster , By using encrypted security services, ensure that Internet agreement (IP) Conduct confidential and secure communication on the network .

By use ：

• Access （ Remote access ）： Client to gateway , Use the public network as the backbone network to transmit between devices Encrypt data traffic ;
• Intranet （ Intranet ）： Gateway to gateway , Connect resources from the same company through the company's network architecture ;
• Extranet （ extranets ）： Form a network with partners Extranet, Connect one company with the resources of another company

Linux Next commonly used Virtual private network Software
1、OpenV Spell it ：
OpenV Spell is a product in Linux The gateway server uses open source Virtual private network Software , It is used to open a safe virtual and use channel , Realize user process office , Get intranet resources .
The software can cross platform in Linux、xBSD、Mac OS X No Windows Inter use , And make use of openssl As an encryption library , Use encryption certificate or user name / Password to achieve authentication , Is a rare open source VPN Solution .
2、SoftEther ：
SoftEther It is a research project of Tsukuba University in Japan , Is an open source cross platform multi protocol Virtual private network program , It includes server side 、 client 、 Server side management tools and other software , Support SSL agreement 、 L2TP/IPsec agreement 、 Open Spell it The protocol and Microsoft SSTP agreement ,Windows、linux、Android and IOS And other operating systems can be connected to SoftEther The server

Deployment configuration server side

Prepare a virtual machine
Prepare a virtual machine Here we use vmware Installed centos7.8 Memory 3G Hard disk 20G

Install dependency library

[[email protected] ~]# yum -y install gcc zlib-devel openssl-devel readline-devel ncurses-devel

Installed:
  ncurses-devel.x86_64 0:5.9-14.20130511.el7_4  openssl-devel.x86_64 1:1.0.2k-25.el7_9  readline-devel.x86_64 0:6.2-11.el7 

Dependency Installed:
  keyutils-libs-devel.x86_64 0:1.5.8-3.el7  krb5-devel.x86_64 0:1.15.1-54.el7_9   libcom_err-devel.x86_64 0:1.42.9-19.el7 
  libkadm5.x86_64 0:1.15.1-54.el7_9         libselinux-devel.x86_64 0:2.5-15.el7  libsepol-devel.x86_64 0:2.5-10.el7      
  libverto-devel.x86_64 0:0.2.5-4.el7       pcre-devel.x86_64 0:8.32-17.el7      

Updated:
  zlib-devel.x86_64 0:1.2.7-20.el7_9                                                                                       

Dependency Updated:
  e2fsprogs.x86_64 0:1.42.9-19.el7         e2fsprogs-libs.x86_64 0:1.42.9-19.el7    krb5-libs.x86_64 0:1.15.1-54.el7_9   
  libcom_err.x86_64 0:1.42.9-19.el7        libss.x86_64 0:1.42.9-19.el7             openssl.x86_64 1:1.0.2k-25.el7_9     
  openssl-libs.x86_64 1:1.0.2k-25.el7_9    zlib.x86_64 0:1.2.7-20.el7_9            

Complete!

download softether Installation package
Here we use the downloaded software package , Click on softether download
You can also download it from the official website ：
http://www.softether-download.com/files/softether/v4.23-9647-beta-2017.10.18-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.23-9647-beta-2017.10.18-linux-x64-64bit.tar.gz

Upload the package to the virtual machine

[[email protected] ]# ll
total 29120
-rw-r--r--. 1 root root 23550997 Mar  7 12:18 softether-vpn_admin_tools-v4.22-9634-beta-2016.11.27-win32.zip
-rw-r--r--. 1 root root  6264293 Mar  7 12:18 softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit.tar.gz

decompression vpnserver Package

[[email protected] ]# tar -zvxf softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit.tar.gz 
......
[[email protected] vpn]# ll
total 29120
-rw-r--r--. 1 root root 23550997 Mar  7 12:18 softether-vpn_admin_tools-v4.22-9634-beta-2016.11.27-win32.zip
-rw-r--r--. 1 root root  6264293 Mar  7 12:18 softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit.tar.gz
drwxrwxrwx. 4 root root      265 Apr 17  2016 vpnserver

Start installation

[[email protected] vpn]# cd vpnserver/
[[email protected] vpnserver]# ll
total 1456
-rwxrwxrwx. 1 root root    1881 Apr 17  2016 Authors.txt
drwxrwxrwx. 2 root root      41 Apr 17  2016 code
-rwxrwxrwx. 1 root root 1295106 Apr 17  2016 hamcore.se2
drwxrwxrwx. 2 root root     170 Apr 17  2016 lib
-rwxrwxrwx. 1 root root    2138 Apr 17  2016 Makefile
-rwxrwxrwx. 1 root root   30801 Apr 17  2016 ReadMeFirst_Important_Notices_cn.txt
-rwxrwxrwx. 1 root root   36297 Apr 17  2016 ReadMeFirst_Important_Notices_en.txt
-rwxrwxrwx. 1 root root   50695 Apr 17  2016 ReadMeFirst_Important_Notices_ja.txt
-rwxrwxrwx. 1 root root   58932 Apr 17  2016 ReadMeFirst_License.txt
[[email protected] vpnserver]# make
.....
 During this period, all options are entered 1
......
*** How to switch the display language of the SoftEther VPNServer Service ***
SoftEther VPN Server supports the following languages:
  - Japanese
  - English
  - Simplified Chinese

You can choose your prefered language of SoftEther VPN Server at any time.
To switch the current language, open and edit the 'lang.config' file.


*** How to start the SoftEther Server Service ***

Please execute './vpnserver start' to run the SoftEther Server Background Service.
And please execute './vpncmd' to run the SoftEther Command-Line Utility to configure SoftEther Server.
Of course, you can use the VPN Server Manager GUI Application for Windows on the other Windows PC in order to configure the SoftEther Server remotely.
--------------------------------------------------------------------

make[1]: Leaving directory `/root/vpn/server'

start-up vpnserver

[[email protected] server]# ./server start
The SoftEther Server service has been started.

Set up vpn Administrator password

[[email protected] server]# ./vpncmd 
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.20 Build 9608   (English)
Compiled 2016/04/17 21:59:35 by yagi at pc30
Copyright (c) SoftEther Project. All Rights Reserved.

By using vpncmd program, the following can be achieved. 

1. Management of Server or VPN Bridge 
2. Management of Client
3. Use of Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 1   ------------- Choose here 1  enter 

Specify the host name or IP address of the computer that the destination Server or Bridge is operating on. 
By specifying according to the format 'host name:port number', you can also specify the port number. 
(When the port number is unspecified, 443 is used.)
If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer).
Hostname of IP Address of Destination:  -- --------- Directly enter 

If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name. 
If connecting by server admin mode, please press Enter without inputting anything.
Specify Virtual Hub Name: ----------- Directly enter 
Connection has been established with  Server "localhost" (port 443).

You have administrator privileges for the entire Server.

Server>ServerPasswordSet
ServerPasswordSet command - Set  Server Administrator Password
Please enter the password. To cancel press the Ctrl+D key.

Password: ******        ---------------- Enter password twice   You can set it successfully 
Confirm input: ******


The command completed successfully.

Create virtual HUB

Server>HubCreate MOB   -------- establish MOB  This virtual hub
HubCreate command - Create New Virtual Hub
Please enter the password. To cancel press the Ctrl+D key.
---------- After entering the administrator password, it is created successfully 
Password: ******
Confirm input: ******
The command completed successfully.

Exit management program

 Server>exit
You have new mail in /var/spool/mail/root
[[email protected] server]# 

fictitious HUB Functional specifications
fictitious HUB It's our virtual LAN
"softether" It is a virtual network card and hub （HUB） Tools for , As long as you can access the Internet , You can use it to build a virtual LAN . All operations on the physical LAN can be carried out on this virtual LAN . Can access each other , You can play online games that support the Bureau Network （TCP/IP）.
The software can break through the firewall , Packets are encrypted , There is no problem in security .
SoftEther It is divided into virtual hubs (HUB) And virtual network card , Use the server / When the client works , A virtual hub is a server , Virtual network card is the client . When the client connects SoftEther The connection management tool provided connects the virtual network card to the virtual hub on the server , In this way, your computer is equivalent to accessing the LAN built by the virtual hub , You can access other computers in the virtual LAN .

Use management software to manage vpn The server

Prepare one win7 virtual machine

Upload the software in the screenshot to win7 In the virtual machine , And extract the Find and run vpnsmgr.exe file

Double-click on the run

Configure link information

Click on 【 New settings 】
In the target VPN Server Enter the hostname of the server IP, Port number default 443, Relay proxy server selection TCP/IP Connect , If there is an agent , You can choose your corresponding proxy service type , Fill in the relevant server IP, port , user name , password ;
Select the management mode and enter the password , Click on 【 fictitious HUB management model 】, fictitious HUB Name select the name created on the server above ,MOB, Then input vpn Administrator management password , Click on 【 determine 】

Select the new configuration Click on 【 Connect 】 You can enter the configuration page

A new user
Connect successfully and enter the management interface , Select virtual hub Click on 【 Manage virtual HUB】 Pop up the management page , Click again 【 Manage users 】 The user management interface pops up

Click on 【 newly build 】 enter one user name user1 password 123456 spot 【 determine 】

Prompt the user to create successfully , And the user can be seen in the user list . Click on 【 close 】 Close the user management interface .

start-up SecyreNAT, Turn on NAT Conversion and DHCP service
Before logging in with the client , We still need enlightenment SecyreNAT service .
Managing virtual HUB-MOB Interface , Click on 【 fictitious NAT And the virtual DHCP The server 】, Click... In the pop-up setting interface 【 Enable secyreNAT】 that will do .

After enabling, the interface is as follows

You can see secureNAT The configuration information of is as follows

When the configuration is completed, close the configuration page

Install the client and test the connection

Upload client software
The downloaded client software (softether-vpnclient-v4.20-9608-rtm-2016.04.17-windows-x86_x64-intel.exe) Upload to win7 virtual machine , And install

Client installation
Double click to start installation , choice install client next step

Agree to the relevant agreement and keep clicking 【 next step 】 You can complete the installation

function client Management tools
After installation , Double click the shortcut to run the client tool .

double-click 【 Add new VPN Connect 】 Click on 【 determine 】 A new network adapter will be automatically created

Right click in the blank , choice 【 new VPN Connection setup wizard 】 Configure as follows , Click on 【 determine 】

After setting up Double click the connection Can then Establishing a connection . At the same time, prompt the assigned ip

If vin7 and softether server The time of is out of sync , Then the connection will fail .
Just synchronize the time of the two ,windows Direct synchronization internet Time
centos Execute the following command

[[email protected] vpnserver]#  service ntpd stop
Redirecting to /bin/systemctl stop ntpd.service
You have new mail in /var/spool/mail/root
[[email protected] vpnserver]# ntpdate time.windows.com
21 Jul 00:13:20 ntpdate[2372]: step time server 52.231.114.183 offset 4447363.047880 sec
[[email protected] vpnserver]# date
Thu Jul 21 00:13:23 +08 2022