Part 1: Raspberry Pi SoftEther Server Setup for Remote Access to your Flex 6000 Radio

K6OZY

In preparation for Maestro release, I have made the first of two videos on how to setup SoftEther for remote access. I know this has been posted before by Stu, but I'm hoping this video guide will help answer some questions those not famliar with Linux may have. This video applies to both SmartSDR and Maestro users. Part 2 will be a setup guide specifically for Maestro users who want to do remote access from day 1 until the native VPN client is completed. Part 2 depends on Part 1, so build yourself a server ahead of time and buy two Raspberry PI's while you're at it.

https://www.youtube.com/watch?v=Jduyr5vRqzA

Mike va3mw

Thanks Chris.  Nicely done.  I am sure this will help out many others.

Mike va3mw

Lawrence Kellar KB5ZZB

Concerning part two, would one be able to use that solution with a typical VPN solution like the one that comes with the ASUS routers

Mike va3mw

The Softether solution has a few parts.  The server (at the radio), the client where you SSDR or Maestro is and then the firewall/router,  just like Lawrence asked.  

All you have to do is on you Asus router is to forward one port on your Router.  It is called either NAT or Port Forwarding.  Both are the same thing.  The default port is 5555 as described.

This might help  http://portforward.com/.

Mike va3mw

Rob N4GA

Thanks K6, really appreciate the efforts.

I'm waiting for FLEX to produce the WAN capability. 

K1VL

There is the possibility to run SoftEther directly on an ARM based router running 3rd party firmware such as Shibby Tomato on a Netgear R7000.

Here is a reference link: http://www.vpnusers.com/viewtopic.php?f=7&t=4871 

Obviously running SoftEther server on a dedicated Pi is fun and will limit the potential downtime risks of experimenting on your main Internet router, but heck, this is Amateur Radio!

Carmine W1EQX

N4TTY

Is the video available directly on YouTube?  I'd like to watch fill screen, but can't from the community page.  I also couldn't find it on YouTube either.

Steve G./N4TTY

K1VL

Here's the direct link : https://www.youtube.com/watch?v=Jduyr5vRqzA

Carmine W1EQX

N4TTY

Hey Chris, how about a post of your "cheat sheet?"  It would make it easier to have it next to me as I implement your solution without having to constantly stop and start the video as I wade thru the process.  It really shows the steps you are walking us thru.

By the way, it is a great video!  Even with the flubs, as that makes it real for us less savvy command line/linux users!!

Steve G./N4TTY

Mike va3mw

This format was based off of this link:  http://tomearp.blogspot.ca/2013/11/setting-up-l2tpipsec-vpn-with-softether.html.

It might help as an initial cheat sheet.

N4TTY

Thanks Michael!  That seems just like what the patient needed.

Steve G./N4TTY

Jeffrey Kerber, N3VE

eagerly awaiting part 2

Cal N3CAL

me too! 

Mike va3mw

Of course, this is only temporary until we do get a VPN on the Maestro.   

Lawrence Kellar KB5ZZB

I bet there are about 50 Maestros out there with VPN enabled :-)

K6OZY

https://community.flexradio.com/flexradio/topics/part-2-raspberry-pi-softether-bridge-setup-for-maes...

Mike va3mw

Actually, no. We tried so it turned into necessity is the mother of invention. Mike va3mw Alpha Tester

G4NRT

I have a number of spare Raspberry Pi 2s which I could use for this. Is there any real technical benefit in using the Pi 3? Apart from the built-in WiFi, I am not sure that I would need the additional performance that the Pi 3 offers in the VPN configuration. I'm happy to be proved wrong! David G4NRT

Steve K9ZW

Think you would be fine if the devices will run SoftEther and achieve the connectivity needed (I have the Raspberry Pi 3 SoftEther VPN Server cabled and the Raspberry Pi 3 SoftEther VPN Bridge Wireless). 

The hardware both ends wouldn't even have to match - just the ability to run the right software.

Items we added to Chris K6OZY's routine included changing the device name on each Raspberry Pi to make them stand out in the network logs, and I had forgotten to use a low IP address to stay static.   Winston KC9FVR wants to add another "field recovery" Static IP on the Server, like Chris K6OZY shows in the Bridge instructions, to make it possible to move server networks more easily. 

My email is good at QRZ if I can be of any help (I followed the instructions okay!).

Good luck and hoping it fires right up for you!

BTW I have better than 20 Mbps network available both ends, which helps.

73

Steve K9ZW

G4NRT

Anyone planning to follow along with this tutorial should be aware that the way of setting static IP addresses seems to have changed.  The method outlined in the video didn't work for me and I had to edit /etc/dhcpcd.conf to make eth0 have a static IP rather than getting one through DHCP!

David G4NRT (trying it on Pi 2s) 

G4NRT

Thanks Steve .. I was typing my comment as you were typing yours but you pressed submit first!!

Steve K9ZW

Selecting an IP that wasn't in the dynamically assigned range was my first (and biggest) error that Winston KC9FVR corrected for me.  Expect doing this is so second nature to Chris K6OZY that he wouldn't have thought someone like me would just go up one from the initial assignment when trying to put it to static. 

When we moved down into the static assignment area all became very well quickly!

73

Steve K9ZW

G4NRT

It seems that in the May2016 Jessie build, they deprecate adding lines to /etc/network/interfaces and recommend adding lines instead to dhcpcd.conf (there is plenty of stuff on this available via Google).

That is what I did and it worked for me.  I have the vpnserver running and am now downloading the manager.

David G4NRT

Steve - N4TTY

Did you remember to comment out the line 'iface eth0 inet manual' and add in a paragraph beginning with the following two lines:
     auto eth0
     iface eth0 inet static

then followed by the lines specific for you network?

It worked fine for me just editing the 'interfaces' file.

Steve G./N4TTY

G4NRT

Yes. I do this for a living! When my DHCP IP address was persistent, I researched the issue and found the notes about a different method. I really don't think it matters as long as one is able to drive a persistent, static IP address. I was just trying to highlight a problem which I encountered which I hoped would help others! David G4NRT

Steve - N4TTY

Used to do things similar to this is for a living as well, so I apologize if I gave the impression I was inferring you had done something wrong. That wasn't my intent at all.

Your point is well taken that if it doesn't work one way, try a different approach.

I was was just pointing out the fact that it worked for me in the way shown in the video, so maybe everyone's mileage will vary.  It is interesting that it worked one way for me and another for you.  Not that it really matters since we both have it working, but I wonder what's the real difference?

Steve G./N4TTY

Steve K9ZW

After doing all update Winston KC9FVR mentioned something about this. 

Between typical "I don't have a clue what you just said" and eagerness to get results I'd not captured exactly what he told me - but it was about editing a different file to get the IP set correctly. 

I don't do any of this for a living and have to thank folk like those here for help.

It could be really useful to do some project notes that are inclusive of the changes you all found and some of the stuff that Chris K6OZY raced through, remembering what is instinctive for you as professionals is nearly magic for someone who seldom gets to do anything command line anymore.

Have a Maestro running on a file cabinet in my office this morning, as I want to let it run for an extended period to watch stability.  All I can do to not start watching DX Spots though....

73

Steve  K9ZW

George K7GRJ

Chris,
Followed your video to install Softether on a Beaglebone Black running latest Debian Jessie console.  Works great!  Will use to connect to SmartSDR remotely.   Thank you.

73 
George Jones, K7GRJ

K6OZY

I've had a few requests for scripts that I used since the video may be hard to see the details.

My /etc/init.d/vpnserver script contains this:

#!/bin/sh

### BEGIN INIT INFO

# Provides:          vpnserver

# Required-Start:    $local_fs $network

# Required-Stop:     $local_fs

# Default-Start:     2 3 4 5

# Default-Stop:      0 1 6

# Short-Description: vpnserver

# Description: SoftEther VPN Server

### END INIT INFO

DAEMON=/usr/local/vpnserver/vpnserver

LOCK=/var/lock/vpnserver

test -x $DAEMON || exit 0

. /lib/lsb/init-functions

case "$1" in

start)

$DAEMON start

touch $LOCK

;;

stop)

$DAEMON stop

rm $LOCK

;;

restart)

$DAEMON stop

sleep 3

$DAEMON start

;;

*)

echo "Usage: $0 {start|stop|restart}"

exit 1

esac

exit 0

K6OZY

Make sure to then run these commands after creating that file:

chmod +x /etc/init.d/vpnserver
service vpnserver start
update-rc.d vpnserver defaults

Tim VE6SH

Many thanks! 73 Tim VE6SH