KUSANAGIをVPN経由で運用監視したい(インターネット上に平文で監視プロトコルを流したりしたくない場合など)、SoftEtherVPNがラクで良いです。
ここではマネジメントネットワークとして、SoftEtherVPNの仮想NICをCentOS7(KUSANAGI 7.8.2)に追加する方法をまとめます。
ここではマネジメントネットワークとして、SoftEtherVPNの仮想NICをCentOS7(KUSANAGI 7.8.2)に追加する方法をまとめます。
1.SoftEtherVPNのアカウントを用意します。
仮想HUB名:MANAGE
ユーザ名:host2
パスワード:********
IPアドレス:172.16.255.2/24
ゲートウェイ:なし
仮想NIC名:vpn_mgmt0
以上で、ホスト再起動後も該当ホストに対してICMPが復帰するなどすれば、問題なく疎通しています。
https://ja.softether.org/4-docs/1-manual/6/6.2
http://tsuchinoko.dmmlabs.com/?p=1371
2.SoftEtherVPN Clientをダウンロードしコンパイルします。
# make -------------------------------------------------------------------- SoftEther VPN Client (Ver 4.21, Build 9613, Intel x64 / AMD64) for Linux Install Utility Copyright (c) SoftEther Project at University of Tsukuba, Japan. All Rights Reserved. -------------------------------------------------------------------- (中略) make[1]: Entering directory `/root/tmp/vpnclient' Preparing SoftEther VPN Client... ranlib lib/libcharset.a ranlib lib/libcrypto.a ranlib lib/libedit.a ranlib lib/libiconv.a ranlib lib/libintelaes.a ranlib lib/libncurses.a ranlib lib/libssl.a ranlib lib/libz.a ranlib code/vpnclient.a gcc code/vpnclient.a -O2 -fsigned-char -pthread -m64 -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -o vpnclient ranlib code/vpncmd.a gcc code/vpncmd.a -O2 -fsigned-char -pthread -m64 -lm -ldl -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -o vpncmd -------------------------------------------------------------------- The preparation of SoftEther VPN Client is completed ! # ./vpnclient start The SoftEther VPN Client service has been started.
3.CLI版ユーティリティで接続先設定を保存します
# ./vpncmd vpncmd command - SoftEther VPN Command Line Management Utility SoftEther VPN Command Line Management Utility (vpncmd command) Version 4.21 Build 9613 (English) Compiled 2016/04/24 16:39:47 by yagi at pc30 Copyright (c) SoftEther VPN Project. All Rights Reserved. By using vpncmd program, the following can be achieved. (中略) Connected to VPN Client "localhost". VPN Client>NicCreate mgmt0 NicCreate command - Create New Virtual Network Adapter The command completed successfully. VPN Client>NicEnable mgmt0 NicEnable command - Enable Virtual Network Adapter The command completed successfully. VPN Client>AccountCreate MANAGE /SERVER:sesrv.nkjg.info:443 /HUB:MANAGE /USERNAME:host2 /NICNAME:mgmt0 AccountCreate command - Create New VPN Connection Setting The host name and port number specification is invalid. Please specify using the format of host name:port number, or IP address:port number. Destination VPN Server Host Name and Port Number: 443 The command completed successfully. The specified VPN Connection Setting does not exist. VPN Client>AccountPasswordSet MANAGE AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication Please enter the password. To cancel press the Ctrl+D key. Password: ********** Confirm input: ********** Specify standard or radius: standard The command completed successfully. VPN Client>AccountConnect MANAGE AccountConnect command - Start Connection to VPN Server using VPN Connection Setting The command completed successfully. VPN Client>exit
4.自動起動設定を施します
# cat /etc/sysconfig/network-scripts/ifcfg-vpn_mgmt0 TYPE="Ethernet" BOOTPROTO="static" IPADDR=172.16.255.2 NETMASK=255.255.255.0 NAME="vpn_mgmt0" DEVICE="vpn_mgmt0" ONBOOT="no" NM_CONTROLLED="no" # cat /etc/rc.local /usr/local/vpnclient/vpnclient start sleep 2 /usr/local/vpnclient/vpncmd /client localhost /cmd AccountConnect MANAGE sleep 30 /sbin/ifup vpn_mgmt0 # chmod +x /etc/rc.local
以上で、ホスト再起動後も該当ホストに対してICMPが復帰するなどすれば、問題なく疎通しています。
参考サイト
http://rauq04.blogspot.jp/2014/02/linux-softether-vpn-client-vpngate.htmlhttps://ja.softether.org/4-docs/1-manual/6/6.2
http://tsuchinoko.dmmlabs.com/?p=1371
コメントする