Part 1: Raspberry Pi SoftEther Server Setup for Remote Access to your Flex 6000 Radio

  • 8
  • Praise
  • Updated 1 year ago
  • (Edited)
In preparation for Maestro release, I have made the first of two videos on how to setup SoftEther for remote access. I know this has been posted before by Stu, but I'm hoping this video guide will help answer some questions those not famliar with Linux may have.
This video applies to both SmartSDR and Maestro users. Part 2 will be a setup guide specifically for Maestro users who want to do remote access from day 1 until the native VPN client is completed. Part 2 depends on Part 1, so build yourself a server ahead of time and buy two Raspberry PI's while you're at it.

Photo of K6OZY

K6OZY, Elmer

  • 524 Posts
  • 195 Reply Likes

Posted 2 years ago

  • 8
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 195 Reply Likes
Thanks Chris.  Nicely done.  I am sure this will help out many others.

Mike va3mw
Photo of Lawrence Kellar KB5ZZB

Lawrence Kellar KB5ZZB

  • 197 Posts
  • 28 Reply Likes
Concerning part two, would one be able to use that solution with a typical VPN solution like the one that comes with the ASUS routers
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 195 Reply Likes
The Softether solution has a few parts.  The server (at the radio), the client where you SSDR or Maestro is and then the firewall/router,  just like Lawrence asked.  

All you have to do is on you Asus router is to forward one port on your Router.  It is called either NAT or Port Forwarding.  Both are the same thing.  The default port is 5555 as described.

This might help  http://portforward.com/.

Mike va3mw
Photo of Rob N4GA

Rob N4GA

  • 145 Posts
  • 25 Reply Likes
Thanks K6, really appreciate the efforts.

I'm waiting for FLEX to produce the WAN capability. 
Photo of Carmine Iannace, W1EQX

Carmine Iannace, W1EQX

  • 45 Posts
  • 15 Reply Likes
There is the possibility to run SoftEther directly on an ARM based router running 3rd party firmware such as Shibby Tomato on a Netgear R7000.

Here is a reference link: http://www.vpnusers.com/viewtopic.php?f=7&t=4871 

Obviously running SoftEther server on a dedicated Pi is fun and will limit the potential downtime risks of experimenting on your main Internet router, but heck, this is Amateur Radio! :)

Carmine W1EQX
(Edited)
Photo of N4TTY

N4TTY

  • 48 Posts
  • 4 Reply Likes
Is the video available directly on YouTube?  I'd like to watch fill screen, but can't from the community page.  I also couldn't find it on YouTube either.

Steve G./N4TTY
Photo of Carmine Iannace, W1EQX

Carmine Iannace, W1EQX

  • 45 Posts
  • 15 Reply Likes
Here's the direct link : https://www.youtube.com/watch?v=Jduyr5vRqzA

Carmine W1EQX
Photo of N4TTY

N4TTY

  • 48 Posts
  • 4 Reply Likes
Hey Chris, how about a post of your "cheat sheet?"  It would make it easier to have it next to me as I implement your solution without having to constantly stop and start the video as I wade thru the process.  It really shows the steps you are walking us thru.

By the way, it is a great video!  Even with the flubs, as that makes it real for us less savvy command line/linux users!! \

Steve G./N4TTY
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 195 Reply Likes
This format was based off of this link:  http://tomearp.blogspot.ca/2013/11/setting-up-l2tpipsec-vpn-with-softether.html.

It might help as an initial cheat sheet.
Photo of N4TTY

N4TTY

  • 48 Posts
  • 4 Reply Likes
Thanks Michael!  That seems just like what the patient needed.

Steve G./N4TTY
Photo of Jeffrey Kerber, N3VE

Jeffrey Kerber, N3VE

  • 95 Posts
  • 13 Reply Likes
eagerly awaiting part 2
Photo of Cal Spreitzer

Cal Spreitzer

  • 331 Posts
  • 60 Reply Likes

me too! 

Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 195 Reply Likes
Of course, this is only temporary until we do get a VPN on the Maestro.   
Photo of Lawrence Kellar KB5ZZB

Lawrence Kellar KB5ZZB

  • 197 Posts
  • 28 Reply Likes
I bet there are about 50 Maestros out there with VPN enabled :-)
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 195 Reply Likes
Actually, no. :) We tried so it turned into necessity is the mother of invention.

Mike va3mw
Alpha Tester
Photo of K6OZY

K6OZY, Elmer

  • 524 Posts
  • 195 Reply Likes
Photo of David G4NRT / Z21NRT

David G4NRT / Z21NRT

  • 221 Posts
  • 34 Reply Likes
I have a number of spare Raspberry Pi 2s which I could use for this. Is there any real technical benefit in using the Pi 3? Apart from the built-in WiFi, I am not sure that I would need the additional performance that the Pi 3 offers in the VPN configuration.

I'm happy to be proved wrong!

David G4NRT
Photo of Steve K9ZW

Steve K9ZW, Elmer

  • 1241 Posts
  • 646 Reply Likes

Think you would be fine if the devices will run SoftEther and achieve the connectivity needed (I have the Raspberry Pi 3 SoftEther VPN Server cabled and the Raspberry Pi 3 SoftEther VPN Bridge Wireless). 

The hardware both ends wouldn't even have to match - just the ability to run the right software.

Items we added to Chris K6OZY's routine included changing the device name on each Raspberry Pi to make them stand out in the network logs, and I had forgotten to use a low IP address to stay static.   Winston KC9FVR wants to add another "field recovery" Static IP on the Server, like Chris K6OZY shows in the Bridge instructions, to make it possible to move server networks more easily. 

My email is good at QRZ if I can be of any help (I followed the instructions okay!).

Good luck and hoping it fires right up for you!

BTW I have better than 20 Mbps network available both ends, which helps.

73

Steve K9ZW


Photo of David G4NRT / Z21NRT

David G4NRT / Z21NRT

  • 221 Posts
  • 34 Reply Likes
Thanks Steve .. I was typing my comment as you were typing yours but you pressed submit first!!
Photo of David G4NRT / Z21NRT

David G4NRT / Z21NRT

  • 221 Posts
  • 34 Reply Likes
Anyone planning to follow along with this tutorial should be aware that the way of setting static IP addresses seems to have changed.  The method outlined in the video didn't work for me and I had to edit /etc/dhcpcd.conf to make eth0 have a static IP rather than getting one through DHCP!

David G4NRT (trying it on Pi 2s) 
Photo of David G4NRT / Z21NRT

David G4NRT / Z21NRT

  • 221 Posts
  • 34 Reply Likes
It seems that in the May2016 Jessie build, they deprecate adding lines to /etc/network/interfaces and recommend adding lines instead to dhcpcd.conf (there is plenty of stuff on this available via Google).

That is what I did and it worked for me.  I have the vpnserver running and am now downloading the manager.

David G4NRT
Photo of Steve - N4TTY

Steve - N4TTY

  • 85 Posts
  • 10 Reply Likes
Did you remember to comment out the line 'iface eth0 inet manual' and add in a paragraph beginning with the following two lines:
     auto eth0
     iface eth0 inet static

then followed by the lines specific for you network?

It worked fine for me just editing the 'interfaces' file.

Steve G./N4TTY
Photo of David G4NRT / Z21NRT

David G4NRT / Z21NRT

  • 221 Posts
  • 34 Reply Likes
Yes. I do this for a living!

When my DHCP IP address was persistent, I researched the issue and found the notes about a different method.

I really don't think it matters as long as one is able to drive a persistent, static IP address.

I was just trying to highlight a problem which I encountered which I hoped would help others!

David G4NRT
Photo of Steve - N4TTY

Steve - N4TTY

  • 85 Posts
  • 10 Reply Likes
Used to do things similar to this is for a living as well, so I apologize if I gave the impression I was inferring you had done something wrong. That wasn't my intent at all.

Your point is well taken that if it doesn't work one way, try a different approach.

I was was just pointing out the fact that it worked for me in the way shown in the video, so maybe everyone's mileage will vary.  It is interesting that it worked one way for me and another for you.  Not that it really matters since we both have it working, but I wonder what's the real difference?

Steve G./N4TTY
Photo of Steve K9ZW

Steve K9ZW, Elmer

  • 1241 Posts
  • 646 Reply Likes

After doing all update Winston KC9FVR mentioned something about this. 

Between typical "I don't have a clue what you just said" and eagerness to get results I'd not captured exactly what he told me - but it was about editing a different file to get the IP set correctly. 

I don't do any of this for a living and have to thank folk like those here for help.

It could be really useful to do some project notes that are inclusive of the changes you all found and some of the stuff that Chris K6OZY raced through, remembering what is instinctive for you as professionals is nearly magic for someone who seldom gets to do anything command line anymore.

Have a Maestro running on a file cabinet in my office this morning, as I want to let it run for an extended period to watch stability.  All I can do to not start watching DX Spots though....

73

Steve  K9ZW

Photo of George K7GRJ

George K7GRJ

  • 5 Posts
  • 2 Reply Likes
Chris,
Followed your video to install Softether on a Beaglebone Black running latest Debian Jessie console.  Works great!  Will use to connect to SmartSDR remotely.   Thank you.

73 
George Jones, K7GRJ
Photo of K6OZY

K6OZY, Elmer

  • 524 Posts
  • 195 Reply Likes
I've had a few requests for scripts that I used since the video may be hard to see the details.

My /etc/init.d/vpnserver script contains this:

#!/bin/sh

### BEGIN INIT INFO

# Provides:          vpnserver

# Required-Start:    $local_fs $network

# Required-Stop:     $local_fs

# Default-Start:     2 3 4 5

# Default-Stop:      0 1 6

# Short-Description: vpnserver

# Description: SoftEther VPN Server

### END INIT INFO


DAEMON=/usr/local/vpnserver/vpnserver

LOCK=/var/lock/vpnserver

test -x $DAEMON || exit 0


. /lib/lsb/init-functions


case "$1" in

start)

$DAEMON start

touch $LOCK

;;

stop)

$DAEMON stop

rm $LOCK

;;

restart)

$DAEMON stop

sleep 3

$DAEMON start

;;

*)

echo "Usage: $0 {start|stop|restart}"

exit 1

esac

exit 0

Photo of K6OZY

K6OZY, Elmer

  • 524 Posts
  • 195 Reply Likes
Make sure to then run these commands after creating that file:

chmod +x /etc/init.d/vpnserver
service vpnserver start
update-rc.d vpnserver defaults
Photo of Tim Ellam

Tim Ellam

  • 208 Posts
  • 25 Reply Likes
Many thanks!

73

Tim VE6SH
Photo of Mark WS7M

Mark WS7M

  • 311 Posts
  • 85 Reply Likes
Hi all...

I'm generally pretty good with linux but I have run into an issue following this process.

At first I manually typed in the script and it seemed to work except it complained like in the video about LSB.

I decided to make sure I had this right so I used the script posted above and replaced my script with it.   Since then I'm not getting VPN to autostart yet I can run the script manually so it's not a permission issue.

the reported issue I get is:

vpnserver.service - LSB vpnserver
loaded: loaded (/etc/init.d/vpnserver)
Active: failed (result: exit-code) since <date/time>
Process 859 ExecStart/etc/init.d/vpnserver start (code=exited, status=203/EXEC)

It seems like it is some kind of problem with the vpnserver script.  If I manually run the thing and start it it works just fine.

Also after following all the steps very carefully when I try to connect from windows (local machine to the pi server so no router in place yet) I can connect the manager just fine.  Connection windows VPN says connected, waits then says:

A connection to the remote computer could not be established.  You might need to change the network settings for this connection.

Very strange.  Guess I have some debugging to do...