You should download softether from www.softether.org, it's freeware!


Based on CentOS 6.5 x86_64

需要在外部防火墙上建立tcp 443,udp 500/4500/1701的映射


1. disable selinux and iptables

service iptables stop

chkconfig iptables off; chkconfig ip6tables off


setenforce 0

vi /etc/selinux/config

SELINUX=disabled


yum -y install gcc

2. tar zxf softether-***server-v4.10-9505-beta-2014.10.03-linux-x64-64bit.tar.gz


3. cd ***server
make i_read_and_agree_the_license_agreement

cd ..
mv ***server /usr/local/ (考虑到日志,建议安装到独立的挂载分区,不小于30G;或者配置syslog send function)
cd /usr/local/***server/
chmod 600 *
chmod 700 ***server
chmod 700 ***cmd

4. vi /etc/init.d/***server
#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther *** Server 4.10
DAEMON=/usr/local/***server/***server
LOCK=/var/lock/subsys/***server
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

chmod 755 /etc/init.d/***server
chkconfig --add ***server
service ***server start

cd /usr/local/***server

./***cmd

3

check


netstat -ltunp | grep ***server


5. Install SoftEther *** Server Manager

wKiom1PrY0ixKO9oAAJOTVL15Ok885.jpg


config *** setting (see below for using MS-SSTP)

wKioL1PsEizTlh9IAAP1tWy6NnU164.jpg

wKiom1PsESPRTQjZAATeQsXwL8A264.jpg

wKioL1PsDQiwgo2iAAPOmQzwffM885.jpg

wKiom1PsC_CRTXX_AAN0INzQJAI186.jpg

wKioL1PtazvwR-q7AAL44MggwIc415.jpg

wKiom1PsDCXxru3ZAASmK308Ht0763.jpg


Notes: how to disable dynamic dns function

wKiom1PsJzbgU66YAAOZfoDxf3I985.jpg

wKioL1PsKE_yFh_lAAQohcQDjKA324.jpg

wKiom1PsJzewVP8_AAEHpxorcZw097.jpg


6. Install SoftEther *** Client

wKioL1PsJGPxUBabAAIQtxn4uck064.jpg


Windows L2TP Client Setup

需要在外部防火墙上建立udp 500/4500/1701的映射

建立一个***拨号连接,参数如下:

wKiom1PnHgrSKlG-AAEwBf69PcQ217.jpg

wKiom1Ppz9SglSmfAAE80Un1rjU446.jpg

wKioL1PnHyPimUV3AAGZB1ksfsc980.jpg

wKioL1Pp0P3hk8orAAF16-WXkLY328.jpg

wKioL1Pp0Q3R-P0FAAFE_WpG2mA630.jpg


Android L2TP Client Setup

建立一个***拨号连接,参数如下:

wKiom1PsIaeAabm1AAC-a9DQrFU078.jpg

wKiom1PsIaeAZWRBAABWfLRKY2M950.jpg

wKioL1PsIsDxWA_0AAD7u0Y-Ihw184.jpg


Using MS-SSTP:

wKiom1PwItuQwcXvAAPMZpsTfZQ525.jpg

wKioL1PwI_TSahE5AAUDPkFFVws434.jpg

wKioL1PwKZCx5aF6AAKUDpjYqdY629.jpg

wKiom1PwItyxxbrAAAJ0X_IiBT0780.jpg

wKioL1PwKcaDhkzXAATBf1rhLd4100.jpg


Windows SSTP Client Setup

需要在外部防火墙上建立tcp 443的映射

mmc > 添加计算机账号的证书

wKioL1PwJSmCyIhQAAPeHZzlVVA154.jpg

wKiom1PwJBGQYy7DAARqRjugw1o908.jpg

C:\Windows\System32\drivers\etc\hosts

wKiom1PwJJGCXtUfAAIti1sBivQ889.jpg


wKioL1PwJijA8DOQAAE-JPYsODo502.jpg

wKiom1PwJRCzRlTWAAFz0vYDUOE708.jpg



***cmd连接远程*** server:

./***cmd host-ip:443 /SERVER /PASSWORD:password /ADMINHUB:*** /CMD:SessionList


启用FreeRadius认证:

you must disable "Dynamic DNS Setting/*** Azure Setting" first to enable Radius authentication

wKioL1QkH16DKFHSAA0ufJX6Qj0442.jpg

wKiom1QkHzrAWIR0AAiOCpyduTc766.jpg


IP 访问控制列表用于拒绝或允许客户端的连接,使用「AcList」、「AcAdd」以及「AcDel」指令

wKiom1QlcBagcyRuAAoX4Jur5Tk235.jpg