I've been asked by people online and offline for help with setting up a VPN using Raspberry Pi. Some have asked for an image. While I'm happy to help, I ended up making a script to automate the install. All it does is download, compile install and configure SoftEther for L2TP use. It also provides instructions for setting up routers and clients.
You should install the updates for your pi in addition to this when you first set it up.
For now it is a basic, no-frills shell script. I'll add stuff later on, such as generating a profile for easy config of your iPhone/iPad.
If you want it, drop me a line. My email is good in QRZ.
You should install the updates for your pi in addition to this when you first set it up.
For now it is a basic, no-frills shell script. I'll add stuff later on, such as generating a profile for easy config of your iPhone/iPad.
If you want it, drop me a line. My email is good in QRZ.
Ria - N2RJ, Elmer
Posted 2 years ago
Ria - N2RJ, Elmer
Instead of emailing me (I've been getting a lot of requests for this), download from here.
https://drive.google.com/file/d/0B0HrAJwAk8BjUU5icnlIS1hxbzg/view?usp=sharing
Post your feedback in this thread so I can improve it.
Right now it is really designed for fresh installs of Raspbian.
Just upload it to your Pi and execute "n2rj_vpnsetup.sh" at a shell prompt. It's self extracting, downloads the latest version of softether and does the config.
https://drive.google.com/file/d/0B0HrAJwAk8BjUU5icnlIS1hxbzg/view?usp=sharing
Post your feedback in this thread so I can improve it.
Right now it is really designed for fresh installs of Raspbian.
Just upload it to your Pi and execute "n2rj_vpnsetup.sh" at a shell prompt. It's self extracting, downloads the latest version of softether and does the config.
(Edited)
Ria - N2RJ, Elmer
This is usually a generic error that indicates negotiation failed for some reason.
Make sure the time on the pi is correct (pi should automatically sync via ntp since it has no rtc). Make sure time is correct on the Windows machine. Use Meinberg to get it synchronized.
I'm going to update the script to use the latest version of softether as there has been some updates.
Ria
Make sure the time on the pi is correct (pi should automatically sync via ntp since it has no rtc). Make sure time is correct on the Windows machine. Use Meinberg to get it synchronized.
I'm going to update the script to use the latest version of softether as there has been some updates.
Ria
(Edited)
Ria - N2RJ, Elmer
Latest version here:
https://drive.google.com/open?id=0B0HrAJwAk8BjdG8zOEJ4TG5jYjA
Only thing that has changed is it uses the latest version of softether, which is from November 27, 2016.
Ria
https://drive.google.com/open?id=0B0HrAJwAk8BjdG8zOEJ4TG5jYjA
Only thing that has changed is it uses the latest version of softether, which is from November 27, 2016.
Ria
Good Afternoon Ria,
Everything on my LAN is "sync'd" via NTP using the same NTP server hosted on my IRLP node which gets time from an Internet time source (ntp.org). The time is very very close. The remote PC's tested are also getting time from the Internet. All devices have time that is very close to one another... how close does the time need to be?
I will look at the Meinberg app to synchronize the windows computer.
FWIW, the VPN would not connect on my cellphone (iPhone) either which should have accurate time from the cellular carrier (AT&T).
The SoftEther manager connects without difficulty... thought it might have been some weird Windows firewall problem but I disabled the firewall which made no difference.
I will run the updated script... do I assume I must start from scratch? ie. I can't run the script on a system that has SoftEther already installed. I assume that the update will likely not solve my problem.
I do have a copy of the original image that worked FB for 3 months before these problems occurred.
I will let you know how it turns out. Looks like no smoking gun... :(
73
Jon
K1IMD
Everything on my LAN is "sync'd" via NTP using the same NTP server hosted on my IRLP node which gets time from an Internet time source (ntp.org). The time is very very close. The remote PC's tested are also getting time from the Internet. All devices have time that is very close to one another... how close does the time need to be?
I will look at the Meinberg app to synchronize the windows computer.
FWIW, the VPN would not connect on my cellphone (iPhone) either which should have accurate time from the cellular carrier (AT&T).
The SoftEther manager connects without difficulty... thought it might have been some weird Windows firewall problem but I disabled the firewall which made no difference.
I will run the updated script... do I assume I must start from scratch? ie. I can't run the script on a system that has SoftEther already installed. I assume that the update will likely not solve my problem.
I do have a copy of the original image that worked FB for 3 months before these problems occurred.
I will let you know how it turns out. Looks like no smoking gun... :(
73
Jon
K1IMD
Ria,
It has been a little nuts here at work. Hate it when work gets in the way of ham radio!! Anyway, I ran the updated script and it executed perfectly. I will test it later tonight to ensure it works properly but I suspect it will. Still no smoking gun on the intermittent connection issues...
73
Jon
K1IMD
It has been a little nuts here at work. Hate it when work gets in the way of ham radio!! Anyway, I ran the updated script and it executed perfectly. I will test it later tonight to ensure it works properly but I suspect it will. Still no smoking gun on the intermittent connection issues...
73
Jon
K1IMD
Ria - N2RJ, Elmer
Push come to shove we can try TeamViewer sometime.
Will this work on a older version of the PI....Model B?
Ria, TU for your work on the script and sharing it.
Ria, TU for your work on the script and sharing it.
(Edited)
Ria - N2RJ, Elmer
Works on everything that runs Linux.
And you're welcome. :)
And you're welcome. :)
(Edited)
Chris Tate - N6WM, Elmer
Softether is really a great application suite, there are a number of vpn solutions but this one is really well thought out, cross platform and works well. Definitely a good solution to counter the abrupt removal of PPTP from iOS forcing a switch to L2TP as the next simplest solution for your iOS and windows device. Using the right tools once can take a softether bridge enabled Pi on the road with a Maestro and connect to your flex environment from anywhere.
(Edited)
Ria - N2RJ, Elmer
I'm going to write another script to setup a bridge (site to site VPN), automagically. Need to setup two pis to test it on.
Chris Tate - N6WM, Elmer
this one may be a bit tough to script b/c you will need to pass some arguments that could vary. a second USB Ethernet adapter is needed in this scenario. Sounds like your up to the challenge though! ;-).
Ria - N2RJ, Elmer
Not difficult, I've been at this a while, since high school...
The pi 3 has wifi and ethernet. I don't think you'd need another ethernet adapter unless you're connecting to a wired network.
The pi 3 has wifi and ethernet. I don't think you'd need another ethernet adapter unless you're connecting to a wired network.
(Edited)
Chris Tate - N6WM, Elmer
I had to use an external wifi bridge in one application b/c I was having trouble getting the internal wifi adapter to work with S/E. It may have been a bug in an earlier release. K6OZY and a number of use started experimenting with this withing days of the release of LAN remote functionality. having both options is good too. Happy to see you doing this though for sure and look forward to seeing it contributed to the community. Much appreciated.
Thanks Ria,
SoftEther L2TP is working fine for me on my Raspberry PI now, excellent job.
SoftEther L2TP is working fine for me on my Raspberry PI now, excellent job.
Ria - N2RJ, Elmer
Glad I was able to help!
Chris Tate - N6WM, Elmer
Incidentally.. if the whole linux thing is intimidating to you and you just don't want to go there, you can install SoftEther server on a windows device in your environment as well. Its more expensive but if you have a separate box doing other duties it is available and well documented on the softether site. Part of the attraction of softether is their comprehensive documentation, extremely well done.
Ria - N2RJ, Elmer
This was the idea of the script, to make it easy for people so they can use a cheap, low power consumption Raspberry pi box instead of a power hungry PC which is overkill for this application. Seems to work out quite well.
Use Linux every day, always good to have a script that works and thanks Ria.
Chris Tate - N6WM, Elmer
yep.. absolutely. Some folks may have an extra windows box out there just letting them know the options. I personally prefer the RasPi option but have installed both successfully.
Yes totally agree, I have it on W7 & W10 boxes however I prefer run it on the Pi.
Windows boxes are power hungry devices and with all the updates who knows when they will break yet again, I just find Linux a much more stable platform to leave running in the background.
Isn't It great we have all these different ways to us the Flex ecosystem.
Windows boxes are power hungry devices and with all the updates who knows when they will break yet again, I just find Linux a much more stable platform to leave running in the background.
Isn't It great we have all these different ways to us the Flex ecosystem.
Hi Ria, It's working perfectly here, I'm using the 6500 remotely, no issues at all, thank you a lot for making the script available.
Ria - N2RJ, Elmer
You're welcome.
Hi Ria!
Good morning!
Have installed your script in a PI3B with sucess.
Thank you so much! I am having a lot of fun using my VPN remote acess.
Just for your records, I had to re-run your script after a cold reboot of raspbian , to get the configuration questions.
Best 73
PY2GN William Schauff
Good morning!
Have installed your script in a PI3B with sucess.
Thank you so much! I am having a lot of fun using my VPN remote acess.
Just for your records, I had to re-run your script after a cold reboot of raspbian , to get the configuration questions.
Best 73
PY2GN William Schauff
Ria - N2RJ, Elmer
Hi William. Glad it worked out for you.
Hi Ria, I wanted to try your script but the google site seems to have some trash at the end of the script and it comes across corrupt.
Would you be willing to email me a zipped copy? ws7m@arrl.net works. Thanks
Would you be willing to email me a zipped copy? ws7m@arrl.net works. Thanks
Ria - N2RJ, Elmer
Hi Mark,
That's a feature, not a bug. It's a self extracting script with multiple files. The "trash" at the end is a tar archive. Download as-is and scp to the pi to use it.
Ria
That's a feature, not a bug. It's a self extracting script with multiple files. The "trash" at the end is a tar archive. Download as-is and scp to the pi to use it.
Ria
Yeah I've seen those before but this one is not working for some reason.
In the past when I've done these kinds of things I zip or tar them as for some reason my download is losing line feeds and things are looking really strange.
When I run it I get things like "fi not found line 39" etc.
anyway I think I have the server installed now I just have to get it to give me an IP I can work with... sigh...
In the past when I've done these kinds of things I zip or tar them as for some reason my download is losing line feeds and things are looking really strange.
When I run it I get things like "fi not found line 39" etc.
anyway I think I have the server installed now I just have to get it to give me an IP I can work with... sigh...
Ria - N2RJ, Elmer
I'll check again. I did the packaging on my Mac and not on a pi but it should work, as I did that last time.
Hi Ria, thanks for the script.
It worked well once I figured out that eth0 was hardcoded into the vpninstall.sh script, as I am running Raspbian Stretch the interfaces are all renamed so had to tweak it to find the interface. Unfortunately I just hardcoded it, not sure how to fix it properly to make it dynamic.
Mark
It worked well once I figured out that eth0 was hardcoded into the vpninstall.sh script, as I am running Raspbian Stretch the interfaces are all renamed so had to tweak it to find the interface. Unfortunately I just hardcoded it, not sure how to fix it properly to make it dynamic.
Mark
maybe update vpnsinstall.sh to use something like
for f in e*; do [[ -e $f ]] || continue; echo $f ; done | head -1to get the wired interface and then use that to update commands.in
bridgecreate VPN /DEVICE:enxMAC:ADDRESS /TAP:noand when echoing
echo "Hardware address/MAC address:" `cat /sys/class/net/enxMAC:ADDRESS /address` echo "IP address:" `ip addr show enxMAC:ADDRESS | grep "inet " | cut -d '/' -f1 | cut -d ' ' -f6`
Ria - N2RJ, Elmer
Yep I guess I could do that, but this was just a simple script I threw together because others were asking me to help them get theirs going. I've stopped maintaining it since we have Smartlink and v2.0.
Ria - N2RJ, Elmer
Ria - N2RJ, Elmer
I really need a place to host this too, probably will work better than me emailing it