9.3 Installing to Linux and Configuring the Default Settings

This section describes how to install PacketiX VPN Bridge 2.0 to a Linux operating system. This assumes that in the Linux operating system, no extra application software is installed after performing a clean install of the system. This also assumes that, as a basic rule, the firewall and similar functions included in the Linux distribution are not being used, and that the function for blocking communication to TCP/IP ports from the outside (firewall function) is disabled.

9.3.1 Recommended System

Recommended Operating System Configuration

The Linux version of PacketiX VPN Bridge 2.0 can operate in most cases on platforms with Linux kernel 2.4 or later; however, SoftEther Corporation recommends only those environments using the following Linux distributions. (As of the time of writing this manual, this is the recommended environment; however, this may change to higher specifications in the future.)

• Red Hat Enterprise Linux AS / ES Version 4 (x86 or x64)
  (Use the standard update utility to update the kernel to 2.6.9-22 or later.)
• Turbolinux 10 Server (x86 or x64)
  (Use the standard update utility to update the kernel to 2.6.8-5 or later.)
• Fedora Core 4 or later (x86 or x64), CentOS 4 or later (x86 or x64)
  (Use the standard update utility to update the kernel to the latest version. Please note that there is no support for PacketiX VPN 2.0 products on Fedora Core 4 or later.)

For more information about the system requirements, please refer to 「12.1.1 Supported Operating Systems (Recommended)」.

The descriptions for installing PacketiX VPN Bridge 2.0 in this chapter are based on the use of one of the above operating systems and the fact that VPN Bridge will be installed to the newly created directory /usr/local/vpnbridge/.

Using Red Hat Enterprise Linux AS / ES Version 4

For operating systems using the Red Hat Enterprise Linux AS / ES Version 4 distribution, support is only provided for environments where a clean installation of the system was performed with one of the following methods.

1. Perform a clean installation of Red Hat Enterprise Linux AS / ES Version 4. Avoid cases where inconsistencies may occur, such as in the libraries after upgrading from an earlier version of Linux.
2. When creating a partition on the hard disk, be sure to allocate sufficient disk space to the partition with the /usr/ directory. The examples in the descriptions below are based on VPN Bridge being installed to /usr/local/vpnbridge/. In addition, we recommend allocating sufficient disk space to the partition to allow VPN Bridge to write log files to the same directory.
3. At the stage of selecting components to be installed, at the minimum, the development tools (compiler, etc.) and development libraries are installed at the same time. When installing VPN Bridge , the make and gccbinutils utilities and the libc (glibc), zlib, openssl, readline, and ncurses development library versions (also called devel) are required.
4. After installing the operating system, use Red Hat Network to update to the latest Linux kernel (2.6.9-22 or later). Because there are problems in the parallel and synchronous processing of the kernel included in the initial install of Red Hat Enterprise Linux AS / ES Version 4, the operations of VPN Bridge may become unstable. Be sure to update the kernel.
5. Complete the installation of the program with the firewall and SELinux functions disabled. After confirming that VPN Bridge is properly installed, you can enable these functions only if necessary.

Using Turbolinux 10 Server

When using Turbolinux 10 Server, we recommend performing a clean installation of the system with one of the following methods, and then install VPN Bridge to the environment. Please note that there is no support for VPN Bridge products on Turbolinux 10 Server.

1. Perform a clean installation of Turbolinux 10 Server cases where inconsistencies may occur, such as in the libraries after upgrading from an earlier version of Linux.
2. When creating a partition on the hard disk, be sure to allocate sufficient disk space to the partition with the /usr/ directory. The examples in the descriptions below are based on VPN Bridge being installed to /usr/local/vpnbridge/. In addition, we recommend allocating sufficient disk space to the partition to allow VPN Bridge to write log files to the same directory.
3. At the stage of selecting components to be installed, at the minimum, the development tools (compiler, etc.) and development libraries are installed at the same time. When installing VPN Server, the make and gccbinutils utilities and the libc (glibc), zlib, openssl, readline, and ncurses development library versions (also called devel) are required.
4. After installing the operating system, use Update Utility to update to the latest Linux kernel (2.6.8-5 or later). Because there are problems in the parallel and synchronous processing of the kernel included in the initial install of Turbolinux 10 Server, the operations of VPN Bridge may become unstable. Be sure to update the kernel.
5. Complete the installation of the program with the firewall and SELinux functions disabled. After confirming that VPN Bridge is properly installed, you can enable these functions only if necessary.

Using Fedora Core 4

When using Fedora Core 4, we recommend performing a clean installation of the system with one of the following methods, and then install VPN Server to the environment. Please note that there is no support for VPN Server products on Fedora Core 4.

1. Perform a clean installation of Fedora Core 4 cases where inconsistencies may occur, such as in the libraries after upgrading from an earlier version of Linux.
2. When creating a partition on the hard disk, be sure to allocate sufficient disk space to the partition with the /usr/ directory. The examples in the descriptions below are based on VPN Bridge being installed to /usr/local/vpnbridge/. In addition, we recommend allocating sufficient disk space to the partition to allow VPN Bridge to write log files to the same directory.
3. At the stage of selecting components to be installed, at the minimum, the development tools (compiler, etc.) and development libraries are installed at the same time. When installing VPN Server, the make and gccbinutils utilities and the libc (glibc), zlib, openssl, readline, and ncurses development library versions (also called devel) are required.
4. After installing the operating system, Please update the version of the Linux kernel to the latest thing if possible. Because there are problems in the parallel and synchronous processing of the kernel included in the initial install of Fedora Core 4, the operations of VPN Bridge may become unstable. Be sure to update the kernel.
5. Complete the installation of the program with the firewall and SELinux functions disabled. After confirming that VPN Bridge is properly installed, you can enable these functions only if necessary.

9.3.2 Selecting the Installation Mode

As described in 「3.1 Operating Environment」 and 「3.2 Operating Modes」, PacketiX VPN Bridge can be operated in either service mode or user mode. When configuring VPN Bridge for use as part of an everyday operation system in a company, we recommend installing PacketiX VPN Bridge in service mode. To install the VPN Bridge program to the system in service mode on a Linux operating system, you must register the vpnbridge program as a daemon program in the Linux startup script.

9.3.3 Checking the Required Software and Libraries

The following software and libraries are required to install VPN Bridge to a Linux operating system. Check that the following software and libraries are installed to the system and are enabled. (If the recommended environment distribution is installed using the method specified in 「7.3.1 Recommended System」, these libraries are also installed.)

• gcc software
• binutils software
• tar, gzip or other software for extracting package files
• chkconfig system utility
• cat, cp or other basic file operation utility
• EUC-JP, UTF-8 or other code page table for use in a Japanese language environment
• libc (glibc) library
• zlib library
• openssl library
• readline library
• ncurses library
• pthread library

9.3.4 Extracting the Package

Preparing the Installer File

To install VPN Bridge , you need to prepare the file containing the VPN Bridge program (package file compressed with tar.gz format).

• When PacketiX VPN Bridge 2.0 is purchased as a product, the installer file is distributed on a CD-ROM. Place the CD-ROM on the CD-ROM drive of the computer, mount it to the Linux system, and copy the required files to a temporary directory.?
• You can also download the latest VPN Bridge installer file from the SoftEther Corporation website (http://www.softether.com/). We recommend checking the above website for the latest version of VPN Server even if you have the CD-ROM with the installer file. If you signed a maintenance contract with a partner using PacketiX VPN 2.0, please contact your partner representative in advance and check whether the latest version can be installed.
• If you received the latest version of VPN Bridge on a CD-ROM or as electronic files from your partner using PacketiX VPN 2.0, install the software using those files.

Extracting the Package File for Installation

Extract the package file for installation using the tar command. Copy the tar.gz file to a directory and extract the file as follows.

[root@machine root]# tar xzvf vpnbridge-5070-rtm-linux-x86.tar.gz 
vpnbridge/
vpnbridge/vpnbridge.a
vpnbridge/vpncmd.a
vpnbridge/hamcore.se2
vpnbridge/libcrypto.a
vpnbridge/Makefile
vpnbridge/libssl.a
vpnbridge/License_ReadMeFirst.txt
vpnbridge/License_ReadMeFirstUtf.txt
vpnbridge/License_ReadMeFirstSjis.txt
vpnbridge/.install.sh 

When the package is extracted, the directory "vpnbridge" is created in the working folder, and the required installation files are extracted.

9.3.5 Creating an Executable File

Executing a make

To install VPN Bridge, you must execute a make and create a vpnbridge executable file.

First, go to the vpnbridge directory extracted in the previous subsection and type [make].

Next, the message "Do you want to read the License Agreement for this software?" is displayed. Select [1] to continue.

Next, the PacketiX VPN Bridge Version 2.0 end-user license agreement is displayed. Please read and understand the license agreement. The license agreement is displayed over several pages, so use a terminal emulator or SSH client software with a scroll function to view the entire license agreement. If you are unable to read the entire license agreement, press Ctrl + C to cancel the make, and then use a text editor to directly open and view the contents of the text file with the license agreement located in the vpnbridge directory.

At the end of the license agreement, the message "Did you read and understand the License Agreement?" is displayed. If you read and understood the license agreement, select [1].

Next, the message "Do you agree to the License Agreement?" is displayed. If you agree to the license agreement, select [1].

Once you agree to the license agreement, the vpnbridge program is automatically created.

make[1]: Entering directory `/root/vpnbridge'
ranlib libssl.a
ranlib libcrypto.a
ranlib vpnbridge.a
gcc vpnbridge.a -pthread -lrt -lm -lz libssl.a libcrypto.a -lpthread -ldl
-lreadline -lcurses -o vpnserver
strip vpnbridge
ranlib vpncmd.a
gcc vpncmd.a -pthread -lrt -lm -lz libssl.a libcrypto.a -lpthread
-ldl -lreadline -lcurses -o vpncmd
strip vpncmd
make[1]: Leaving directory `/root/vpnbridge'

[root@machine vpnbridge]# 

If an error occurs during this process, creation of the vpnbridge program fails. In this case, see 「7.3.1 Recommended System」 and 「7.3.3 Checking the Required Software and Libraries」 again and check whether any required libraries are missing.

9.3.6 VPN Bridge Location

After the vpnbridge program is created, we recommend moving the vpnbridge directory, which is created when the package is extracted, to the /usr/local/ directory. Use the following method to move the vpnbridge directory to /usr/local/. The operations hereafter must be performed as a root user.

[root@machine vpnbridge]# cd ..
[root@machine root]# mv vpnbridge /usr/local
[root@machine root]# ls -l /usr/local/vpnbridge/
Total 13000
-rwxrwxrwx 1 root root 20245 12月 8 16:14 License_ReadMeFirst.txt*
-rwxrwxrwx 1 root root 20317 12月 8 16:14 License_ReadMeFirstSjis.txt*
-rwxrwxrwx 1 root root 30210 12月 8 16:14 License_ReadMeFirstUtf.txt*
-rwxrwxrwx 1 root root 609 12月 8 16:14 Makefile*
-rwxrwxrwx 1 root root 4018399 12月 8 16:14 hamcore.se2*
-rwxrwxrwx 1 root root 1942994 12月 9 02:23 libcrypto.a*
-rwxrwxrwx 1 root root 336070 12月 9 02:23 libssl.a*
-rwxr-xr-x 1 root root 1814216 12月 9 02:23 vpncmd*
-rwxrwxrwx 1 root root 1630858 12月 9 02:23 vpncmd.a*
-rwxr-xr-x 1 root root 1814120 12月 9 02:23 vpnbridge*
-rwxrwxrwx 1 root root 1630304 12月 9 02:23 vpnbridge.a*
[root@machine root]#  

Confirm that all of the files are moved to the /usr/local/vpnbridge/ directory, as shown above.

If the user does not have root permissions, the files in the vpnbridge directory cannot be read, so change and protect the permissions.

[root@machine root]# cd /usr/local/vpnbridge/
[root@machine vpnbridge]# chmod 600 *
[root@machine vpnbridge]# chmod 700 vpncmd
[root@machine vpnbridge]# chmod 700 vpnbridge
[root@machine vpnbridge]# ls -l
Total 13000
-rw------- 1 root root 20245 12月 8 16:14 License_ReadMeFirst.txt
-rw------- 1 root root 20317 12月 8 16:14 License_ReadMeFirstSjis.txt
-rw------- 1 root root 30210 12月 8 16:14 License_ReadMeFirstUtf.txt
-rw------- 1 root root 609 12月 8 16:14 Makefile
-rw------- 1 root root 4018399 12月 8 16:14 hamcore.se2
-rw------- 1 root root 1942994 12月 9 02:23 libcrypto.a
-rw------- 1 root root 336070 12月 9 02:23 libssl.a
-rwx------ 1 root root 1814216 12月 9 02:23 vpncmd*
-rw------- 1 root root 1630858 12月 9 02:23 vpncmd.a
-rwx------ 1 root root 1814120 12月 9 02:23 vpnbridge*
-rw------- 1 root root 1630304 12月 9 02:23 vpnbridge.a
[root@machine vpnbridge]#  

This completes the changing of the location of the vpnserver program.

9.3.7 Using the vpncmd Check Command to Check Operations

We recommend performing a final check to see whether VPN Bridge can operate properly on your computer system before starting vpnbridge.

You can use the check command on the vpncmd command line management utility to automatically check whether the system has sufficient functions to operate VPN Bridge. For details, please refer to 「6.6 VPN Tools Command Reference」.

First, start vpncmd by typing [./vpncmd]. Next, select [Use of VPN Tools (certificate creation or communication speed measurement)] and execute the check command.

[root@machine vpnbridge]# ./vpncmd
vpncmd command - PacketiX VPN Command Line Management Utility
PacketiX VPN Command Line Management Utility (vpncmd command)
Version 2.20 Build 5302
Compiled Sat Mar 31 03:09:18 2007 by yagi at ILC308
Copyright (C) 2004-2006 SoftEther Corporation. All Rights Reserved.

By using vpncmd program, the following can be achieved.

1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and communication speed measurement)

Select 1, 2 or 3: 3

VPN Tools was launched. By inputting HELP, you can view a list of the commands t
hat can be used.

VPN Tools>check
Check command - Check if PacketiX VPN Operation is Possible
---------------------------------------------------
PacketiX VPN Operation Environment Check Tool

Copyright (C) 2004-2006 SoftEther Corporation.
All Rights Reserved.

If this operation environment check tool is run on a system and that system pass
es, it is highly likely that PacketiX VPN software can operate on that system. T
his check may take a while. Please wait...

Checking 'Kernel System'...
[Pass]
Checking 'Memory Operation System'...
[Pass]
Checking 'ANSI / Unicode string processing system'...
[Pass]
Checking 'File system'...
[Pass]
Checking 'Thread processing system'...
[Pass]
Checking 'Network system'...
[Pass]

All checks passed. It is highly likely that PacketiX VPN Server / Bridge can ope
rate normally on this system.

The command terminated normally.
VPN Tools>exit
[root@machine vpnbridge]#  

If, after executing the check command, the message "Passed all checks. It is likely that VPN Server/Bridge will operate properly on this system." is displayed, as shown above, it is likely that your system has satisfied the VPN Bridge operation requirements and VPN Bridge can safely be used.

If, however, the system fails at any of the above check items, we recommend checking 「7.3.1 Recommended System」 and 「7.3.3 Checking the Required Software and Libraries」 again.

9.3.8 Registering a Startup Script

After installing vpnbridge to the /usr/local/vpnbridge/ directory using the method described above, you can configure your system to operate the vpnbridge program as a service mode program by registering the /usr/local/vpnbridge/vpnbridge program as a daemon process that continues to run in the background while Linux is starting.

To register vpnbridge to Linux as a daemon process, create a startup script, as shown below, with the name /etc/init.d/vpnbridge. (The following startup script is a description example, and you may have to rewrite part of the script for it to work properly on your system.)

You can use a text editor or the cat command to write the above script to /etc/init.d/vpnbridge as a text file. To use the cat command to create the script, press Ctrl + D after the line break in the final line, as shown below.

After creating the /etc/init.d/vpnbridge startup script, change the permissions for this script so that the script cannot be rewritten by a user without permissions.

[root@machine vpnbridge]# chmod 755 /etc/init.d/vpnbridge

Lastly, use the chkconfig command to allow the above startup script to start automatically in the background when the Linux kernel starts.

[root@machine vpnbridge]# /sbin/chkconfig --add vpnbridge

VPN Bridge  is now prepared to run as a service mode program.

9.3.9 Starting and Stopping Service

VPN Bridge registered as a service mode program automatically starts when Linux starts and automatically stops when Linux shuts down. You can manually stop or restart the VPN Bridge service if you need to do so for management reasons.

To start or stop VPN Bridge registered as a service mode program, type the command below.

Starting the VPN Bridge Service

With the VPN Bridge service not running and with root permissions, type the following to start the VPN Bridge service.

[root@machine vpnbridge]# /etc/init.d/vpnbridge start 

Stopping the VPN Bridge Service

With the VPN Bridge service running and with root permissions, type the following to stop the VPN Bridge service.

[root@machine vpnbridge]# /etc/init.d/vpnbridge stop 

Cases in Which You Must Stop the VPN Bridge Service

The VPN Bridge service must be manually stopped in the following cases.

• When manually editing or replacing the configuration file
• When updating the vpnbridge program and other files after the release of a new version of VPN vpnbridge (To replace the vpnbridge, vpncmd and hamcore.se2 files, be sure to stop the service in advance.)
• When you want to restart the service due to erratic behavior of the operating VPN Bridge

Forcibly Terminating the vpnbridge Process

It is unlikely that VPN Bridge would malfunction due to a problem with the physical memory of the computer or a software bug. If this should occur and the VPN Bridge service does not respond when you try to stop the service using the method above, you can stop the service by forcibly terminating the vpnbridge process. For the detailed method for forcibly terminating the vpnbridge process, please refer to the method of using the kill command described in 「3.2.2 User Mode」.

9.3.10 Limitations when Starting with General User Rights

The Linux version of VPN Bridge can also be started with general user rights. When starting VPN Bridge as a user mode program with general user rights, the program cannot be registered as a system service, but when a general user starts the VPN Bridge program in the background by typing [./vpnbridge start], unlike the Windows version, the Linux version of the vpnbridge process can continue to run even after that user logs out. SoftEther Corporation does not recommend actually operating VPN Bridge in user mode for the following reasons.

• The local bridge function cannot be used. (For details, please refer to 「3.6 Local Bridges」.)
• After starting the system, the user must log on and manually start the vpnbridge process, decreasing operability.

PacketiX VPN 2.0 Online Manual 2.20.5320
Copyright © 2004-2007 SoftEther Corporation. All Rights Reserved.
 Contact Plat'Home for inquiries. | Support | Notes