Installation of Softether VPN server on Alt-F DNS 320
219 views
Skip to first unread message
Hubert Gailly
Jan 17, 2022, 12:26:29 AM1/17/22
to Alt-F
I want to share an experience.
First of all, I want to mention that I am an experienced developer in Windows (C-Sharp) and Java but not skilled in Linux and C/C++. So please forgive me if I did not do things by the rules, but after 3/4 days of sweating I managed to make that work and maybe it will be a help for others to discribe what I have done.
I wanted to install Softether VPN on my old but reliable DNS320 updated with Alt-F 1.0
The Softeteher package is Optware, and if I understood correctly that is an extra layer not always compatible with Alt-F packages. On top of that the version is 4 years old.
So as I managed to "compile" the software for my other old NAS synology ds213, I decided to have a go.
First problem, the pre compiled software avalaible here : https://www.softether-download.com/en.aspx are pre compiled with glibc when Alt-F is compile with Uclibc. So I thought that I could not manage with those.
So I downloaded the real source code from here : https://github.com/SoftEtherVPN/SoftEtherVPN/
As there was no Toolchain available to cross compile, I did the work on the DNS 320.
The packages needed are dev-bundle git libiconv ncurses openssl readline and you will need to download and install gconv-modules.
After "configure" and building the make file.
You can then nearly compile with very few modifications. The libiconv has modified the name of some functions included in glibc but not in Uclibc.
iconv -> libiconv
iconv_open -> libiconv_open
iconv_close -> libiconv_close
You need to replace them in src/Mayaqua/internat.c
And you need to add -liconv in the OPTIONS_LINK_RELEASE and OPTIONS_LINK_DEBUG of the make file
I am sure why because I touch so many things (and maybe I did something wrong) but I also had to add a symbolic link from /usr/lib/libpthread.so to /lib/libpthread-0.9.30.3.so
From there it compiled without any problem.
One more problem, if you use local bridge, it is not possible to get access to your Server from any VPN connected device due to Linux limitations.
Check this page https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.6_Local_Bridges
3.6.11 Points to Note when Local Bridging in Linux, FreeBSD, Solaris or Mac OS X.
That a bit little silly for the nas.
For that you would need 2 adapters one dedicated to the bridge.
The only solution is to inplement a Tap adapter and to do an unix bridge between this adapter and the ethernet card AFTER the vpn server has started.
For that, you have to install the package bridge and you use the Softether Server Manager and a script which I setup in
Services -> Users -> User service
First, you enter directly in ssh : modprobe tun
After that, you can go to the Softether Server Manager, connect to your server and in your Local Bridge Setting (main page) you bind your(s) Virtual Hub(s) to a Tap adpater(s) and not the Ethernet card. Let's name it "tapvpn"
Then after you start the Softether server, you do your bridge.
This is my startup script, it is certainly not the best and optimised but it works
#!/bin/sh
# Script to execute as the root user at boot time.
# You can loose your data or make the system inaccessible
# if using the wrong commands. You have been warned!
exec >> /var/log/user.log 2>&1
DAEMON=/path/to/executable/vpnserver
LOCK=/var/lock/subsys/vpnserver
IPGW="x.x.x.1" # Gateway address
IPCARD="x.x.x.100/24" # Ethernet address
IPBRIDGE="x.x.x.101/24" # Bridge address, i can certainly be the same as the ethernet but for all my tests I was using differents addresses so I kept it this way
# I have not tried DHCP
addbridge(){
while [ -z "`ifconfig | grep tap_tapvpn`" ]; do sleep 5; done # "Waiting vpnserver to have created the tun interface, the name is tap_ plus the name you used in Softether Server Manager"
sleep 20 "#just to make sure everything is ready"
brctl addbr xbridge
ip route del default via $IPGW dev eth0
ip addr del $IPCARD dev eth0
brctl addif xbridge eth0
brctl addif xbridge tap_tapvpn # "You can do it for as many Virtual Hub that you need"
ip addr add $IPBRIDGE dev xbridge
ip link set dev xbridge up
ip route add default via $IPGW dev xbridge
}
delbridge(){
ip route del default via $IPGW dev xbridge
ip addr del $IPBRIDGE dev xbridge
ip link set dev xbridge down
brctl delif xbridge tap_tapvpn
brctl delif xbridge eth0
brctl delbr xbridge
ip addr add $IPCARD dev eth0
ip link set dev eth0 up
ip route add default via $IPGW dev eth0
}
case "$1" in
start)
echo "Starting $0"
modprobe tun
while ! aufs.sh -s >& /dev/null; do sleep 1; done # "Waiting for Alt-F packages to be available"
$DAEMON start
touch $LOCK
addbridge
;;
stop)
echo "Stopping $0"
delbridge
$DAEMON stop
rm $LOCK
;;
restart)
delbridge
$DAEMON stop
sleep 3
$DAEMON start
addbridge
;;
esac
First of all, I want to mention that I am an experienced developer in Windows (C-Sharp) and Java but not skilled in Linux and C/C++. So please forgive me if I did not do things by the rules, but after 3/4 days of sweating I managed to make that work and maybe it will be a help for others to discribe what I have done.
I wanted to install Softether VPN on my old but reliable DNS320 updated with Alt-F 1.0
The Softeteher package is Optware, and if I understood correctly that is an extra layer not always compatible with Alt-F packages. On top of that the version is 4 years old.
So as I managed to "compile" the software for my other old NAS synology ds213, I decided to have a go.
First problem, the pre compiled software avalaible here : https://www.softether-download.com/en.aspx are pre compiled with glibc when Alt-F is compile with Uclibc. So I thought that I could not manage with those.
So I downloaded the real source code from here : https://github.com/SoftEtherVPN/SoftEtherVPN/
As there was no Toolchain available to cross compile, I did the work on the DNS 320.
The packages needed are dev-bundle git libiconv ncurses openssl readline and you will need to download and install gconv-modules.
After "configure" and building the make file.
You can then nearly compile with very few modifications. The libiconv has modified the name of some functions included in glibc but not in Uclibc.
iconv -> libiconv
iconv_open -> libiconv_open
iconv_close -> libiconv_close
You need to replace them in src/Mayaqua/internat.c
And you need to add -liconv in the OPTIONS_LINK_RELEASE and OPTIONS_LINK_DEBUG of the make file
I am sure why because I touch so many things (and maybe I did something wrong) but I also had to add a symbolic link from /usr/lib/libpthread.so to /lib/libpthread-0.9.30.3.so
From there it compiled without any problem.
One more problem, if you use local bridge, it is not possible to get access to your Server from any VPN connected device due to Linux limitations.
Check this page https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.6_Local_Bridges
3.6.11 Points to Note when Local Bridging in Linux, FreeBSD, Solaris or Mac OS X.
That a bit little silly for the nas.
For that you would need 2 adapters one dedicated to the bridge.
The only solution is to inplement a Tap adapter and to do an unix bridge between this adapter and the ethernet card AFTER the vpn server has started.
For that, you have to install the package bridge and you use the Softether Server Manager and a script which I setup in
Services -> Users -> User service
First, you enter directly in ssh : modprobe tun
After that, you can go to the Softether Server Manager, connect to your server and in your Local Bridge Setting (main page) you bind your(s) Virtual Hub(s) to a Tap adpater(s) and not the Ethernet card. Let's name it "tapvpn"
Then after you start the Softether server, you do your bridge.
This is my startup script, it is certainly not the best and optimised but it works
#!/bin/sh
# Script to execute as the root user at boot time.
# You can loose your data or make the system inaccessible
# if using the wrong commands. You have been warned!
exec >> /var/log/user.log 2>&1
DAEMON=/path/to/executable/vpnserver
LOCK=/var/lock/subsys/vpnserver
IPGW="x.x.x.1" # Gateway address
IPCARD="x.x.x.100/24" # Ethernet address
IPBRIDGE="x.x.x.101/24" # Bridge address, i can certainly be the same as the ethernet but for all my tests I was using differents addresses so I kept it this way
# I have not tried DHCP
addbridge(){
while [ -z "`ifconfig | grep tap_tapvpn`" ]; do sleep 5; done # "Waiting vpnserver to have created the tun interface, the name is tap_ plus the name you used in Softether Server Manager"
sleep 20 "#just to make sure everything is ready"
brctl addbr xbridge
ip route del default via $IPGW dev eth0
ip addr del $IPCARD dev eth0
brctl addif xbridge eth0
brctl addif xbridge tap_tapvpn # "You can do it for as many Virtual Hub that you need"
ip addr add $IPBRIDGE dev xbridge
ip link set dev xbridge up
ip route add default via $IPGW dev xbridge
}
delbridge(){
ip route del default via $IPGW dev xbridge
ip addr del $IPBRIDGE dev xbridge
ip link set dev xbridge down
brctl delif xbridge tap_tapvpn
brctl delif xbridge eth0
brctl delbr xbridge
ip addr add $IPCARD dev eth0
ip link set dev eth0 up
ip route add default via $IPGW dev eth0
}
case "$1" in
start)
echo "Starting $0"
modprobe tun
while ! aufs.sh -s >& /dev/null; do sleep 1; done # "Waiting for Alt-F packages to be available"
$DAEMON start
touch $LOCK
addbridge
;;
stop)
echo "Stopping $0"
delbridge
$DAEMON stop
rm $LOCK
;;
restart)
delbridge
$DAEMON stop
sleep 3
$DAEMON start
addbridge
;;
esac
Reply all
Reply to author
Forward
0 new messages