有时需要从外网访问到家庭内网的资源,方法很多,这里说一下用 SoftEther 如何实现。
SoftEther 是日本筑波大学的一个研究项目,是一套开源的跨平台 VPN 软件,包括服务端、客户端、管理工具等组件。它可以虚拟几种网络设备:Hub、 网络适配器(Ethernet Adapter,客户端中支持)、网桥(Bridge )、三层交换机(Switch,支持DHCP)等。支持 SSL-VPN (HTTPS)、OpenVPN、IPsec、L2TP、MS-SSTP、L2TPv3、EtherIP 等协议,并且安装简单,方便易用。
网络原理拓扑
将服务端部署在家庭内网的群晖 NAS 服务器,将客户端安装在外网的笔记本电脑。
客户端与服务端建立连接后会通过内网路由器提供的 DHCP 服务器获取到内网 IP 地址,然后就可以像身处内网一样来使用内网的所有网络资源了。
服务端
下载安装
wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.39-9772-beta/softether-vpnserver-v4.39-9772-beta-2022.04.26-linux-x64-64bit.tar.gz
tar xvf softether-vpnserver-v4.39-9772-beta-2022.04.26-linux-x64-64bit.tar.gz -C /opt
cd /opt/vpnserver
./.install.sh #安装过程需要用到 gcc 和 make,要提前装好
配置
配置前先启动服务
./vpnserver start #若 stop 参数为停止服务
进入 Server 配置
./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility Developer Edition
SoftEther VPN Command Line Management Utility (vpncmd command)
Developer Edition
Version 5.02 Build 0 (English)
Compiled 2021/05/25 01:25:35 by buildd at lgw01-amd64-034
Copyright (c) all contributors on SoftEther VPN project in GitHub.
Copyright (c) Daiyuu Nobori, SoftEther Project at University of Tsukuba, and SoftEther Corporation.
All rights reserved.
By using vpncmd program, the following can be achieved.
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 1
Specify the host name or IP address of the computer that the destination VPN Server or VPN Bridge is operating on.
By specifying according to the format 'host name:port number', you can also specify the port number.
(When the port number is unspecified, 443 is used.)
If nothing is input and the Enter key is pressed, the connection will be made to the port number 443 of localhost (this computer).
Hostname of IP Address of Destination: localhost:5555(注意此处)
If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name.
If connecting by server admin mode, please press Enter without inputting anything.
Specify Virtual Hub Name:
Connection has been established with VPN Server "localhost" (port 5555).
You have administrator privileges for the entire VPN Server.
VPN Server>
设置 Server 密码
VPN Server>ServerPasswordSet
ServerPasswordSet command - Set VPN Server Administrator Password
Please enter the password. To cancel press the Ctrl+D key.
Password: *********
Confirm input: *********
The command completed successfully.
动态域名配置(可选)
有了动态域名就不怕外网 IP 地址经常变了。
VPN Server>DynamicDnsSetHostname
DynamicDnsSetHostname command - Set the Dynamic DNS Hostname
Dynamic DNS Hostname (3 - 31 letters): test666
VPN Server>DynamicDnsGetStatus
DynamicDnsGetStatus command - Show the Current Status of Dynamic DNS Function
Item |Value
----------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------
Assigned Dynamic DNS Hostname (Full) |test666.softether.net
Assigned Dynamic DNS Hostname (Hostname)|test666
DNS Suffix |.softether.net
Global IPv4 Address |121.16.111.12
Global IPv6 Address |Connection to the server failed. Check network connection and make sure that address and port number of destination server are correct.
The command completed successfully.
启用 VPN Azure(可选)
这功能是用来做内网穿透的。假设你没有权限配置你的路由器做端口映射,你的 NAS 没有外网端口,外边的客户端是不能连到内网服务器的。这时可以使用这个功能。使用了它就相当于在你客户端和你的服务器间搭建了一个跳板,通常跳板的带宽很有限,所以网速可能变得很慢!要知道,白嫖是要有代价的。
VPN Server>VpnAzureSetEnable yes
VpnAzureSetEnable command - Enable / Disable VPN Azure Function
The command completed successfully.
VPN Server>VpnAzureGetStatus
VpnAzureGetStatus command - Show the current status of VPN Azure function
Item |Value
---------------------------------------------------+------------------
VPN Azure Function is Enabled |Yes
Connection to VPN Azure Cloud Server is Established|Yes
Hostname of this VPN Server on VPN Azure Service |test666.vpnazure.net
The command completed successfully.
以后可以用客户端通过 test666.vpnazure.net 来穿透内网直接访问服务端了,不需要服务端拥有外网IP和端口。
创建虚拟 Hub
#先删除默认创建的 Hub:(非必须)
VPN Server>HubDelete Default
HubDelete command - Delete Virtual Hub
The command completed successfully.
#创建 Hub:
VPN Server>HubCreate
HubCreate command - Create New Virtual Hub
Name of Virtual Hub to be created: vpn
Please enter the password. To cancel press the Ctrl+D key.
Password: **********
Confirm input: **********
The command completed successfully.
创建网桥,连接虚拟 Hub 与 物理网卡
#先查看桥设备:
VPN Server>BridgeDeviceList
BridgeDeviceList command - Get List of Network Adapters Usable as Local Bridge
docker0
eth0
eth1
The command completed successfully.
#创建网桥:
VPN Server>BridgeCreate
BridgeCreate command - Create Local Bridge Connection
Virtual Hub Name to Create Bridge: vpn #指定网桥要连接的虚拟 Hub
Bridge Destination Device Name: eth0 #指定网桥要连接的物理网卡
While in the condition that occurs immediately after a new bridge connection is made when bridging to a physical network adapter, depending on the type of network adapter, there are cases where it will not be possible to communicate using TCP/IP to the network adapter using a bridge connection from a computer on the virtual network.
(This phenomenon is known to occur for Intel and Broadcom network adapters.)
If this issue arises, remedy the situation by restarting the computer on which VPN Server / Bridge is running. Normal communication will be possible after the computer has restarted.
Also many wireless network adapters will not respond to the sending of packets in promiscuous mode and when this occurs you will be unable to use the Local Bridge. If this issue arises, try using a regular wired network adapter instead of the wireless network adapter.
Instructions for Local Bridge on VM
It has been detected that the VPN Server might be running on a VM (Virtual Machine) suchlike VMware or Hyper-V. Read the following instructions carefully. If you are not using a VM, please ignore this message.
Some VMs prohibit the "Promiscuous Mode" (MAC Address Spoofing) on the network adapters by default.
If the Promiscuous Mode (MAC Address Spoofing) is administratively disabled, the Local Bridge function between a Virtual Hub on the VPN Server and a physical network adapter on the physical computer does not work well. You should allow the Promiscuous Mode (MAC Address Spoofing) by using the configuration tool of the VM.
For details please refer the documents of your VM. If it is a shared-VM and administrated by other person, please request the administrator to permit the use of the Promiscuous (MAC Address Spoofing) Mode to your VM.
The command completed successfully.
配置 Hub
#进入 Hub
VPN Server>Hub vpn
Hub command - Select Virtual Hub to Manage
The Virtual Hub "vpn" has been selected.
The command completed successfully.
#为 Hub 创建一个用户
VPN Server/vpn>UserCreate
UserCreate command - Create User
User Name: xxx
Assigned Group Name:
User Full Name:
User Description:
The command completed successfully.
#给用户设置密码:
VPN Server/vpn>UserPasswordSet
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
User Name: xxx
Please enter the password. To cancel press the Ctrl+D key.
Password: *********
Confirm input: *********
The command completed successfully.
配置群晖开机启动服务
开机自启动方法:
控制面板 -> 计划任务 -> 新增 -> 触发的任务 -> 用户定义的脚本
注意,这里要选择 root,如果普通管理员账户则客户端连上服务器后不能正常获得 IP 地址。
任务设置选项卡,用户定义脚本填入:/opt/vpnserver/vpnserver start
客户端
安装
没什么好说的,下载一个 Windows 客户端并安装。
配置
生成网络适配器
可以虚拟出多个网卡,一般只需要一个就够了。
创建连接
连接服务端
双击刚创建的连接,顺利的话就可以连上服务端并获得内网 IP 了。
其他
服务端口并非只能使用默认提供的 4 个,完全可以禁用他们并使用别的端口。在关闭服务的情况下修改文件 vpn_server.config。
粤公网安备44030002003510号 )
发表于 2023-12-26 00:23:09