In Linux, The SoftEther server is set up to interconnect the two Intranets.

In Linux, The SoftEther server is set up to interconnect the two Intranets-Linux Enterprise Application-Linux server application information. The following is a detailed description. By: wheel

Linux environment requirements, installation method, startup method, Operation/Management Method
1) work environment requirements
Linux SoftEther runs in the following environment:

Pthread Library
OpenSSL library (<--- http://www.openssl.org can download the latest version)

It also needs to be able to identify the Linker of *. a file format (compressed static library)

Verify and confirm it on RedHat 7.1, RedHat 9.0, and Vine Linux 2.6. The pthread library and OpenSSL Library are also available for other Linux releases.


2) Installation Method
Se_100_linux.zip contains the following three files:

Libse_hub.a
Ca. crt
Ca. key

Expand anywhere. For ease of description, suppose you have expanded to a directory named se_hub.

The SoftEther Linux V-HUB program is not an executable form, but stored in libse_hub.a as a static library. Therefore, you must link the pthread library and OpenSSL library files to this static library to generate executable files.

For example, when using gcc as the linker

Gcc libse_hub.a-lpthread-lssl-lcrypt-o se_hub

If no error is displayed, the link is successful. This directory generates such a file named "se_hub ".


The running method is being translated.

3) Startup Method

We know that the Windows version of SoftEther V-HUB is by logging on to the System Service to achieve background work. The V-HUB for Linux is started through Shell like a normal program. The V-HUB has not yet been executed in the Daemon Process mode

The SoftEther V-HUB needs to listen to TCP 443 port (HTTPS), because this is the Well-Know port, so the root permission is required for execution. (But SoftEther V-HUB itself can be executed without the root permission !)

In the Terminal mode, The SoftEther V-HUB program (the se_hub file just generated) can start running like other programs, but when Terminal is closed, the running V-HUB will also be killed. In this case, you need to execute the nohup command described below so that Terminal can continue to run even if it is disabled.

# Nohup./se_hub &

In this way, as long as the use of nohup to execute a se_hub, you can put the V-HUB process in the background.
(However, when Linux is restarted, it cannot be started automatically because it is not Deamon Process. To make it automatically executed when the system is restarted, you need other methods)
4) Management-Application Method

4-1) Linux edition V-HUB management menu and Its Usage
To manage the SoftEther V-HUB, just telnet to the TCP port 8023 of the computer that runs the V-HUB. Whether it's from the local machine running the V-HUB, telnet your own 8023 port or from remote telnet to the 8023 port of the machine running the V-HUB, there's no problem.
　

4-2) Stop the V-HUB Method

Because once the V-HUB is started, it will continue to run. If you want to stop the service, run the Kill command.
Process ID, which can be investigated using the following ps command

(Example)

Code:

1. # ps auxf
2.

3. root 12988 0.0 1.3 21576 1708 pts/2 S | \ _./se_hub
4. root 12989 0.0 1.3 21576 1708 pts/2 S | \ _./se_hub
5. root 12990 0.0 1.3 21576 1708 pts/2 S | \ _./se_hub
6. root 12991 0.0 1.3 21576 1708 pts/2 S | \ _./se_hub
7. root 12993 0.0 1.3 21576 1708 pts/2 S | \ _./se_hub
8. root 12994 0.0 1.3 21576 1708 pts/2 S | \ _./se_hub


If you see this result, you can kill the process at the top of the se_hub process tree.

Code:

1. # kill-KILL 12988


Use this command to send the KILL Signal, which can forcibly stop the process of the V-HUB


4-3) Considerations for the default port number 7777/443

The default listening protocol port for The SoftEther V-HUB is TCP port 7777 and port 443. If your system is in use, or you do not want to use these two default ports for other reasons, especially if the Web Server such as Apache has used port 443 for HTTPS, softEther displays the following information, indicating that listening to port 443 failed.

(Example)

Code:

1. [root @ gateway se_hub] #./se_hub
2. LOG: SoftEther Virtual HUB Service Version 1.00 for UNIX System
3. LOG: Copyright (c) 1997-2004 Daiyuu Nobori, All Rights Reserved.
4. LOG: SoftEther Started.
5. LOG: TCP/IP inited.
6. LOG: Service Process Begin.
7. LOG: SSL Library Inited.
8. LOG: Protocol [Direct TCP/IP Connection] Init Succeed. Protocol ID: 0
9. LOG: Protocol [Proxy Connection] Init Succeed. Protocol ID: 1
10. LOG: Protocol [Proxy Connection] (1) Listen Failed. Port = 443.


In this case, go to the V-HUB management menu and change the default port.
For more information about how to use the management menu for the V-HUB, see the tutorials on Windows release (available in the online vernal)

4-4) about Server Authentication ca. key and ca. crt (old servers strongly draw attention to this part from packages attempting to use Linux V-HUB)

The communication between the SoftEther V-HUB and the client (Virtual Nic on the PC) is encrypted with SSL.
At this time, the Server certificate used by the V-HUB is ca. crt, the password file is ca. key

Of course, you can use the pair of ca. crt/ca. key files included in the downloaded package. But for security reasons, it is best to create ca. key and ca. crt by yourself.

You can use the openssl command to generate your own Dedicated ca. crt (Certificate file)/ca. key (key file ).
See the following example.

■ Ca. key (generate the key file)
(Example)

Code:

1. # openssl genrsa-out ca. key-des3 1024
2. Generating RSA private key, 1024 bit long modulus
3 ...... ++
4 ....................................... ++
5. e is 65537 (0x10001)
6. Enter pass phrase for ca. key: softether <--- this is what we are talking about.
7. Verifying-Enter pass phrase for ca. key: softether <--- here


NOTE: For the key Pass Pharse, Enter nine letters "softether. Do not discard this key file and strictly manage it!
Old server Note: I don't feel very comfortable here. I fixed "softether" as the password of the key file. Isn't it a great reduction in security? Of course, if the V-HUB does not know the password, it will not be able to communicate. But I always think that the problem here is not small ...... who knows, let's talk about your thoughts.

■ Ca. crt (generate authentication file)
(Example)

Code:

1. # openssl req-new-x509-key ca. key-out ca. crt
2. Enter pass phrase for ca. key: softether <--- here?
3. You are about to be asked to enter information that will be ininitialized
4. into your certificate request.
5. What you are about to enter is what is called a Distinguished Name or a DN.
6. There are quite a few fields but you can leave some blank
7. For some fields there will be a default value,
8. If you enter '.', the field will be left blank.
9 .-----
10. Country Name (2 letter code) [AU]: JP <--- here, do we enter CN?
11. State or Province Name (full name) [Some-State]: Ibaraki-ken <--- Name of the Province/Municipality/Autonomous Region
12. Locality Name (eg, city) []: Tsukuba-city <--- city Name
13. Organization Name (eg, company) [Internet Widgits Pty Ltd]: Univ of Tsukuba <--- company/institution/school/Organization Name
14. Organizational Unit Name (eg, section) []: Coins <--- Department Name
15. Common Name (eg, YOUR name) [] aiyuu Nobori <--- what do you call?
16. Email Address []: yagi@coins.tsukuba.ac.jp <--- Mail Address Bai


　
After the ca. key and ca. crt files are completed, copy them to the se_hub directory (overwrite the old one ). Stop the running V-HUB, and then start it, just fine.