Scribd
Upload
7K views6 pages

Local Bridge Setup Softether On CENTOS

This document provides instructions for setting up a Softether VPN server on CentOS using a local bridge configuration. The key steps are: 1. Disable SecureNAT and only use a local bridge for better performance. 2. Set up the Softether VPN server and assign the tap device, VPN server IP, and client IP range. 3. Install and configure dnsmasq as the DHCP server, and edit the startup script and firewall rules to integrate the tap interface. 4. Enable IP forwarding and NAT to allow VPN clients internet access over the server's public IP.

Uploaded by

Hisyam Kholid Kleib
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
7K views6 pages

Local Bridge Setup Softether On CENTOS

This document provides instructions for setting up a Softether VPN server on CentOS using a local bridge configuration. The key steps are: 1. Disable SecureNAT and only use a local bridge for better performance. 2. Set up the Softether VPN server and assign the tap device, VPN server IP, and client IP range. 3. Install and configure dnsmasq as the DHCP server, and edit the startup script and firewall rules to integrate the tap interface. 4. Enable IP forwarding and NAT to allow VPN clients internet access over the server's public IP.

Uploaded by

Hisyam Kholid Kleib
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

BEFORE WE START ENSURE THAT SECURE NAT MUST BE DISABLE

On physical server, local bridge will perform better than SecureNAT DO NOT enable BOTH LOCAL BRIDGE and SecureNAT at the same time !! Packets will loop infinitly and make your server 100% CPU usage.
Local bridge Setup Softether On CENTOS ! Network setup VPN Server IP: 192.168.7.1 VPN Client IP Range: 192.168.7.50-192.168.7.90 (40 Clients ) Tap Device name: tap_soft From here we go to the Local Bridge Setting

www.groundmans.tk

First we choose the Virtual Hub. It should be only one for normal setup. Then we check the tap device box. After that we type in the name of the tap device(I use soft here for simplicity). Create Local Bridge

After the creation of the local bridge we jump back to our server. And run cd /usr/local/vpnserver ifconfig tap_soft

It should show you something similar to this

INSTALL DHCP on your VPS ---------------------------------------- yum y install dnsmasq

www.groundmans.tk

now, we have to configure the dhcp server on our vps nano /etc/dnsmasq.conf NOTE : If you have VPN over DNS like picture below, input this lines, to the end of page interface=tap_soft dhcp-range=tap_soft,192.168.7.50,192.168.7.90,12h dhcp-option=tap_soft,3,192.168.7.1 port=0 dhcp-option=option:dns-server,8.8.8.8

IF you have VPN OVER DNS DISABLED please just input this : interface=tap_soft dhcp-range=tap_soft,192.168.7.50,192.168.7.90,12h dhcp-option=tap_soft,3,192.168.7.1

www.groundmans.tk

EDIT STARTUP We Have to edit the start up code, to be syncronized with tap_soft nano /etc/init.d/vpnserver

clear the all the lines on page and insert this following lines : #!/bin/sh ### BEGIN INIT INFO # Provides: vpnserver # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start daemon at boot time # Description: Enable Softether by daemon. ### END INIT INFO DAEMON=/usr/local/vpnserver/vpnserver LOCK=/var/lock/subsys/vpnserver TAP_ADDR=192.168.7.1 test -x $DAEMON || exit 0 case "$1" in start) $DAEMON start touch $LOCK sleep 1 /sbin/ifconfig tap_soft $TAP_ADDR ;; stop) $DAEMON stop rm $LOCK ;; restart) $DAEMON stop sleep 3 $DAEMON start sleep 1 /sbin/ifconfig tap_soft $TAP_ADDR ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 esac exit 0 Then we need to enable NAT on linux server.

www.groundmans.tk

nano /etc/sysctl.conf

See The Picture Below :

======= CHANGE

0 TO 1

Apply the sysctl run sysctl -n -e system

Then we add a POSTROUTING rule to iptables iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j SNAT --to-source [YOUR VPS IP ADDRESS] service iptables save

After all the above setting, restart the vpnserver then we are good to go. service vpnserver restart service dnsmasq restart

DONE !!! ================================================ Original Source for Debian Family from :


http://linc01n.github.io/blog/2013/05/17/softether-on-vps-using-local-bridge/

www.groundmans.tk

join us on : facebook.com/groups/salevz modified by : www.groundmans.tk hisyam kholid kleib // @groundmandive [email protected]

www.groundmans.tk

You might also like