7.2 Installing to Windows and Configuring the Default Settings
This section describes how to install PacketiX VPN Server to an
operating system with Windows 2000 or later. This assumes that in the
Windows operating system, no extra application software is installed
after performing a clean install of the system. This also assumes that
the Windows function for blocking communication to TCP/IP ports from the
outside (firewall function) is disabled.
7.2.1 Selecting the Installation Mode
As described in 「3.2 Operating Modes」, PacketiX VPN Server can be operated in either
service mode or user mode. When configuring VPN Server for use as part
of an everyday operation system, we recommend installing PacketiX VPN
Server in service mode. The installer for the Windows version of VPN
Server installs the VPN Server program to the system in service mode.
7.2.2 Installation Procedure Using the Installer
Preparing the Installer File
The installation of the Windows version of PacketiX VPN Server is
very easy as it is almost completely performed automatically. To install
VPN Server, use any of the following methods to obtain the Windows
installer file.
- When PacketiX VPN Server 2.0 is purchased as a product, the
installer file is distributed on a CD-ROM. Place the CD-ROM on the
CD-ROM drive of the computer and select the executable file to
install the Windows version of VPN Server.
- You can also download the latest VPN Server installer file from
the SoftEther Corporation website (http://www.softether.com/).
We recommend checking the above website for the latest version of
VPN Server even if you have the CD-ROM with the installer file. If
you signed a maintenance contract with a partner supporting PacketiX
VPN 2.0, please contact your partner representative in advance and
check whether the latest version can be installed.
- If you received the latest version of VPN Server on a CD-ROM or
as electronic files from your partner using PacketiX VPN 2.0,
install the software using those files.
The VPN Server Windows version installer file is an executable file
with the name vpnserver-build-number-win32-x86.exe. At the time
of writing this manual, the installer file of the latest build is
vpnserver-5070-rtm-win32-x86.exe.
Figure 7-2-1 VPN Server Installer |
Starting the Installer
Start the installer by double-clicking the VPN Server installer file.
The Windows Installer-based installer starts automatically. Using the
installation wizard, you can select the name of the installation
directory. (By default, the program is installed to
Program Files\PacketiX VPN Server on the system drive.) The VPN
Server process writes large log files to the installation directory, so
we recommend selecting an area on the hard drive that has high transfer
rate and a large amount of unused space.
Figure 7-2-2 Specifying the VPN Server Installation
Directory |
During the installation, the end-user license agreement may be
displayed. Please thoroughly read the agreement. If you agree to the
terms and conditions, the installation continues.
Figure 7-2-3 VPN Server End-User License Agreement |
The installer automatically registers the PacketiX VPN
Server system service and sets the program to automatically start in
background mode at Windows startup.
7.2.3 Optimizing the TCP/IP Communication Settings
The window for optimizing the TCP/IP communication settings may be
displayed during installation of VPN Server.
Figure 7-2-4 Changing the TCP/IP Communication Settings |
The TCP/IP communication settings optimization function can be used
to perform the following.
- Using a TCP/IP send/receive window buffer size of 64 KB or more
by means of the window scaling option can improve the communication
speed over a broadband line.
- The buffer size of the Windows AFD service can be rewritten to a
value for high-speed communication.
However, there are reports that enabling the TCP/IP window scaling
option can create unstable communication or completely block
communication through a firewall device, such as some transparent
proxies. These problems seem to occur with older versions of firewall
devices on a network that do not support the window scaling option. If,
after optimizing the TCP/IP communication settings, TCP/IP communication
becomes unstable, you can restore the optimized TCP/IP communication
settings to their original settings. To restore the optimized TCP/IP
communication settings (and use the default values of the operating
system), we recommend clicking [Start] > [PacketiX VPN Server] > [TCP
Communication Optimization Utility], and then changing the [TCP Incoming
Window Size] and [TCP Outgoing Window Size] values to [Use OS Default
Value].
Figure 7-2-5 Restoring the TCP/IP Communication Settings to
the Default Values of the Operating System |
7.2.4 Precautions After Installation
When installation of the Windows version of VPN Server is completed,
the PacketiX VPN Server service is already running in the background on
the Windows system. Normally, the computer does not have to be restarted
after installation of the program. However, if you expect to use the
local bridge function while using a network adapter that supports
hardware offloading, as described in 「3.6.10 Points to Note when Local Bridging in Windows」, we recommend that you
restart the computer.
To check whether the VPN Server installer properly installed the
PacketiX VPN Server service to the Windows system, click [Control Panel]
> [Administrative Tools] > [Services], and check that [PacketiX VPN
Server] is displayed on the list of services.
Figure 7-2-6 Completion of VPN Server Installer |
7.2.5 Managing VPN Server with VPN Server Manager
VPN Server Manager
After VPN Server is installed, the program can be properly configured
and the VPN client computers can be provided with the function that
allows the program to operate as a VPN server.
PacketiX VPN Server Manager can be used on Windows to manage VPN
Server. For information about the detailed management method, please
refer to 「Chapter 3 PacketiX VPN Server 2.0 Manual」.
Start VPN Server Manager, which is installed at the same time as the
Windows version of VPN Server, connect to [localhost] (the host itself)
on the server window, and configure the default settings.
To configure or manage the Linux or other Unix version of VPN Server,
you can also use the Windows version of VPN Server Manager from a remote
computer. For information about manually installing VPN Server Manager
on a computer without VPN Server installed, please refer to 「2.4.4 Installing VPN Server Manager Alone」.
Default Settings of VPN Server Manager
When VPN Server Manager is started for first time, nothing is
registered to the [PacketiX VPN Server Connection Settings] list on the
startup window.
Figure 7-2-7 VPN Server Manager |
To create a connection setting, click [Create New Setting] and
specify the host name, port number, and other information of VPN Server
to which to establish a management connection. Once a connection setting
is registered, it is displayed the next time VPN Server Manager is
started.
Figure 7-2-8 Window for Creating a Connection Setting |
After creating a connection setting, double-click that connection
setting to try to connect to VPN Server.
7.2.6 Managing with vpncmd
You can also use the command line-based vpncmd software to configure
and manage VPN Server. This is helpful in cases where VPN Server is
installed to a Linux or other Unix operating system and a separate
Windows computer is not available locally, therefore VPN Server Manager
cannot be used. In this case, you can use vpncmd to configure the
default settings. You can also use vpncmd to configure the settings on
the Windows version of VPN Server. For information about detailed vpncmd
operations, please refer to 「Chapter 6 Command Line Management Utility Manual」.
SoftEther Corporation recommends using VPN Server Manager on a
Windows computer to configure and manage VPN Server and using vpncmd as
a supplemental management utility for automating simple repetitive
tasks.
7.2.7 Starting and Stopping Service
The installer for the Windows version of VPN Server automatically
installs the PacketiX VPN Server service. This service continually
operates while Windows is running, and it automatically shuts down when
Windows shuts down.
If the service must be restarted for management reasons or because
VPN Server operations become unstable, you can click [Control Panel] >
[Administrative Tools] > [Services], and start or stop the service. An
easier and more reliable method is to call the net command at the
command prompt and start or stop the service.
To stop the service, type the following command.
To start the service, type the following command.
If, in the unlikely event, the VPN Server process hangs and cannot be
controlled using the net command, you can use Task Manager in
Windows to forcibly terminate the vpnserver.exe process.
7.2.8 Adding and Deleting the Service
You can add or delete the service for the vpnserver.exe process using
the method described in the description of the service mode of the
Windows PacketiX VPN Server in 「3.2.1 Service Mode」. You can use this method, for
example, to move all setting files in the VPN Server installation
directory to a different directory or hard drive, and then re-register
the process as a service. (However, we cannot recommend using this
method as the uninstaller may not be able to properly uninstall the
program.)
7.2.9 Limitations When Starting with General User Rights
We recommend operating the Windows version of VPN Server as a service
mode program, but you can also start VPN Server in the user mode by
using the method described in 「3.2.2 User Mode」. When VPN Server is started in
user mode, critical security holes, such as buffer overruns, exist
temporarily on the VPN Server, but because only user accounts starting
VPN Server in user mode would be affected if an attack were to occur,
VPN Server can be used relatively securely and safely. However,
SoftEther Corporation does not recommend actually operating VPN Server
in user mode for the following reasons.
- The local bridge function cannot be used. (For details, please
refer to 「3.6 Local Bridges」.)
- Some features of the disaster recovery function, such as
automatic recovery when an error occurs in a self process, cannot be
used. (For details, please refer to 「3.3.12 Failure Recovery」.)
- To start the VPN Server process in user mode, the user must
remained logged on to the server. The user cannot operate VPN Server
when the user logs off or when no users are logged on to the server
after Windows starts. For these reasons, user mode is not suited for
actual operation of VPN Server.
|