Softether VPN을 docker로 구성

이전에 softether vpn이라는 오픈소스를 설치하고 구성을 해보았는데, 이번에는 이 오픈소스를 docker로 설치하고 설정을 해본다. 해당 구성은 구글 클라우드에서 ubuntu 20.04를 기반으로 구성해본다.

 

1. 준비사항

$ sudo apt update
$ sudo apt install docker.io

google cloud 방화벽 설정

500, 4500, 1701, 1194, 5555 포트를 오픈해준다.

 

2. Softether config 생성

softether vpn configuration을 생성하기 위해서 아래 명령어로 softether vpn config를 생성한다. 

$ sudo  docker run --name vpnconf -e SPW=<serverpw> -e HPW=<hubpw> siomiz/softethervpn echo
# [!!] This image requires --cap-add NET_ADMIN
# ========================
# user6853
# 5573.5105.3807.9263.9466
# ========================
# Version 4.34 Build 9745   (English)
dev tun
proto udp
remote vpn747230641.v4.softether.net 1194
;http-proxy-retry
;http-proxy [proxy server] [proxy port]
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
MIIDpjCCAo6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBSMRUwEwYDVQQDDAxlMjI5
ODQ4ZTgyOGMxFTATBgNVBAoMDGUyMjk4NDhlODI4YzEVMBMGA1UECwwMZTIyOTg0
OGU4MjhjMQswCQYDVQQGEwJVUzAeFw0yMDA3MjcwNjM4MDJaFw0zNzEyMzEwNjM4
MDJaMFIxFTATBgNVBAMMDGUyMjk4NDhlODI4YzEVMBMGA1UECgwMZTIyOTg0OGU4
MjhjMRUwEwYDVQQLDAxlMjI5ODQ4ZTgyOGMxCzAJBgNVBAYTAlVTMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA139/PjDq9qzk5/WjovhAiKiJcN10AP7P
wz5lgeBsP5tgRR1/WAqwLxXQnN0w572nHLQRe0ZokVadRYx9xrMUrP799AuSRH3G
oe6x/EwsmdnYm2O2DkvmLdyod3IZT3B1tNFOLI7fzbAKjQmf1GszPQQGMlxZp37I
xcF6oVcTA+BADYOkbBUFl65E7pNFwchzP0FoPyqKgk6uHluoKuSFNNTjGt0+S6pG
DafEM/XtvpdrUdGoQkDZgs6rvCB8PJ4LU667lL0HSKaLQ1zHtVXlcbHs3MFSWzxy
qkkSrJ5dMq9cWkr3Yq3OeDiB/yzA3v5gHgGzMuTApOIvBbgl+RbHiQIDAQABo4GG
MIGDMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgH2MGMGA1UdJQRcMFoGCCsG
AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDBQYI
KwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcN
AQELBQADggEBACrqI1xpVGMao1JYpPBJCQuXj7QbblqZvrUDTXktmSta4ZoeXclf
wU6zonyJgpwfhyFsGIRcxeSHhAcFBYgpgBr17t1xToNWmpUszFHAIfI0sVq1Med4
jWWZJV95bCCrUbd0vIkwk+dTNw92d7gi1psf3lowLpgdmI9FV2+65F+7YCcAUNln
JbC2j46yTvZRscPt19dPkTF9ZzfNLomoXJwYHrUpct5CsVDP8730yTM/dWJr5abA
vBeG+boMiGpV60vjCOEHzByazOW+s8sP9Q2RGIbvllp9Y4FB5lbk410KJAgIrWzS
kEUeiSEGsmNdQHvJ7wjttmQ6pJ57vThiWK4=
-----END CERTIFICATE-----
</ca>
;<cert>
;-----BEGIN CERTIFICATE-----
;
;-----END CERTIFICATE-----
;</cert>
;<key>
;-----BEGIN RSA PRIVATE KEY-----
;
;-----END RSA PRIVATE KEY-----
;</key>
# Creating user(s): user6853
# [initial setup OK]

생성된 config를 복사를 해준다. 

$ sudo docker cp vpnconf:/usr/vpnserver/vpn_server.config ./vpn_server.config
$ sudo docker rm vpnconf

생성된 vpn설정을 가지고 softether vpn을 docker로 실행한다. 서버 비번과 Hub비번은 위에 vpnconf docker를 생성할 때 사용한 비번이다. 

$ sudo docker run -d --cap-add NET_ADMIN -p 500:500/udp -p 4500:4500/udp -p 1701:1701/tcp -p 1194:1194/udp -p 5555:5555/tcp -v /home/vpn_server.config:/usr/vpnserver/vpn_server.config siomiz/softethervpn

 

3. Softether 서버 설정

위에서 생성한 비밀번호를 가지고 softether vpn 설정을 한다. 

# Docker안으로 진입
$ sudo docker exec -it 90e6e06bfce7 bash

# softether vpn 관리 명령 실행
[root@90e6e06bfce7 vpnserver]# ./vpncmd 
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.34 Build 9745   (English)
Compiled 2020/04/05 23:20:52 by buildsan at crosswin
Copyright (c) SoftEther VPN Project. All Rights Reserved.
By using vpncmd program, the following can be achieved. 
1. Management of VPN Server or VPN Bridge 
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 1 (1번을 선택)
Specify the host name or IP address of the computer that the destination VPN Server or VPN Bridge is operating on. 
By specifying according to the format 'host name:port number', you can also specify the port number. 
(When the port number is unspecified, 443 is used.)
If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer).
Hostname of IP Address of Destination: <엔터를 입력>
If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name. 
If connecting by server admin mode, please press Enter without inputting anything.
Specify Virtual Hub Name: <엔터를 입력>
Password: ********* <config생성시 사용했던 비번 입력>
Connection has been established with VPN Server "localhost" (port 443).
You have administrator privileges for the entire VPN Server.

Hub와 NAT를 설정한다.

# hub list확인. 기본적으로 DEFAULT라는 HUB가 생성되어 있다. 
VPN Server>HubList
HubList command - Get List of Virtual Hubs
Item              |Value
------------------+-------------------
Virtual Hub Name  |DEFAULT
Status            |Online
Type              |Standalone
Users             |1
Groups            |0
Sessions          |1
MAC Tables        |1
IP Tables         |1
Num Logins        |0
Last Login        |2020-07-27 06:38:02
Last Communication|2020-07-27 06:53:07
Transfer Bytes    |13,138
Transfer Packets  |254
The command completed successfully.

# DEFAULT HUB를 선택한다.
VPN Server>hub DEFAULT
Hub command - Select Virtual Hub to Manage
The Virtual Hub "DEFAULT" has been selected.
The command completed successfully.

# Network을 NAT로 설정한다.
VPN Server/DEFAULT>SecureNatEnable
SecureNatEnable command - Enable the Virtual NAT and DHCP Server Function (SecureNat Function)
The command completed successfully.

# NAT를 설정하면 기본적인 설정이 나오게 된다. 
VPN Server/DEFAULT>SecureNatHostGet
SecureNatHostGet command - Get Network Interface Setting of Virtual Host of SecureNAT Function
Item       |Value
-----------+-----------------
MAC Address|5E-93-8E-D8-2A-AC
IP Address |192.168.30.1
Subnet Mask|255.255.255.0
The command completed successfully.

# 해당 NAT의 DHCP 설정 역시 자동으로 설정된다. 
VPN Server/DEFAULT>DhcpGet
DhcpGet command - Get Virtual DHCP Server Function Setting of SecureNAT Function
Item                           |Value
-------------------------------+--------------
Use Virtual DHCP Function      |Yes
Start Distribution Address Band|192.168.30.10
End Distribution Address Band  |192.168.30.200
Subnet Mask                    |255.255.255.0
Lease Limit (Seconds)          |7200
Default Gateway Address        |192.168.30.1
DNS Server Address 1           |192.168.30.1
DNS Server Address 2           |None
Domain Name                    |
Save NAT and DHCP Operation Log|No
Static Routing Table to Push   |
The command completed successfully.

User를 생성하고 비밀번호를 설정한다. 

# User를 생성한다.
VPN Server/DEFAULT>UserCreate thkang0
UserCreate command - Create User 
Assigned Group Name: 
User Full Name: Alex Kang
User Description: Alex
The command completed successfully.

# 생성된 유저에 대해 비밀번호를 설정한다. 
VPN Server/DEFAULT>UserPasswordSet thkang0
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
Please enter the password. To cancel press the Ctrl+D key.
Password: *********
Confirm input: *********
The command completed successfully.

 

4. IPSEC VPN설정

#아래와 같이 설정하고 IPSEC에서 사용할 Shared Key를 설정하면 된다
VPN Server/DEFAULT>IPsecEnable
IPsecEnable command - Enable or Disable IPsec VPN Server Function
Enable L2TP over IPsec Server Function (yes / no): yes
Enable Raw L2TP Server Function (yes / no): yes
Enable EtherIP / L2TPv3 over IPsec Server Function (yes / no): no
Pre Shared Key for IPsec (Recommended: 9 letters at maximum): 사용할키
Default Virtual HUB in a case of omitting the HUB on the Username: DEFAULT
The command completed successfully.

 

이제 아이폰이나 아이패드에서 설정 -> VPN -> L2TP 로 들어가서 위에서 생성한 서버 ip와 계정, shared key를 입력하면 사용할 수 있다.