SoftEther VPN install script for Raspberry Pi

  • 6
  • Idea
  • Updated 4 months ago
I've been asked by people online and offline for help with setting up a VPN using Raspberry Pi. Some have asked for an image. While I'm happy to help, I ended up making a script to automate the install. All it does is download, compile install and configure SoftEther for L2TP use. It also provides instructions for setting up routers and clients. 

You should install the updates for your pi in addition to this when you first set it up.

For now it is a basic, no-frills shell script. I'll add stuff later on, such as generating a profile for easy config of your iPhone/iPad. 

If you want it, drop me a line. My email is good in QRZ. 
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes

Posted 2 years ago

  • 6
Photo of WX7Y

WX7Y

  • 536 Posts
  • 98 Reply Likes
Ria, could you please send me your scripts and instructions please?
My direct email is <bret(dot)wx7y(at)gmail(dot)com>
thank you VERY much for your time!

Bret
WX7Y
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes
Check your email.

I really need a place to host this too, probably will work better than me emailing it
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes
Instead of emailing me (I've been getting a lot of requests for this), download from here. 

https://drive.google.com/file/d/0B0HrAJwAk8BjUU5icnlIS1hxbzg/view?usp=sharing

Post your feedback in this thread so I can improve it.

Right now it is really designed for fresh installs of Raspbian.

Just upload it to your Pi and execute "n2rj_vpnsetup.sh" at a shell prompt. It's self extracting, downloads the latest version of softether and does the config. 
(Edited)
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes
This is usually a generic error that indicates negotiation failed for some reason.

Make sure the time on the pi is correct (pi should automatically sync via ntp since it has no rtc). Make sure time is correct on the Windows machine. Use Meinberg to get it synchronized.

I'm going to update the script to use the latest version of softether as there has been some updates. 

Ria
(Edited)
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes
Latest version here:
https://drive.google.com/open?id=0B0HrAJwAk8BjdG8zOEJ4TG5jYjA

Only thing that has changed is it uses the latest version of softether, which is from November 27, 2016.

Ria
Photo of K1IMD

K1IMD

  • 4 Posts
  • 0 Reply Likes
Good Afternoon Ria,
Everything on my LAN is "sync'd" via NTP using the same NTP server hosted on my IRLP node which gets time from an Internet time source (ntp.org).  The time is very very close.  The remote PC's tested are also getting time from the Internet.  All devices have time that is very close to one another... how close does the time need to be?

I will look at the Meinberg app to synchronize the windows computer.

FWIW, the VPN would not connect on my cellphone (iPhone) either which should have accurate time from the cellular carrier (AT&T).

The SoftEther manager connects without difficulty... thought it might have been some weird Windows firewall problem but I disabled the firewall which made no difference.

I will run the updated script... do I assume I must start from scratch?  ie. I can't run the script on a system that has SoftEther already installed.  I assume that the update will likely not solve my problem.

I do have a copy of the original image that worked FB for 3 months before these problems occurred.

I will let you know how it turns out.  Looks like no smoking gun... :(

73
Jon
K1IMD
Photo of K1IMD

K1IMD

  • 4 Posts
  • 0 Reply Likes
Ria,
It has been a little nuts here at work.  Hate it when work gets in the way of ham radio!!  Anyway, I ran the updated script and it executed perfectly.  I will test it later tonight to ensure it works properly but I suspect it will.  Still no smoking gun on the intermittent connection issues...
73
Jon
K1IMD
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes
Push come to shove we can try TeamViewer sometime.
Photo of John-K3MA

John-K3MA

  • 102 Posts
  • 29 Reply Likes
Will this work on a older version of the PI....Model B?

Ria, TU for your work on the script and sharing it.
(Edited)
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2252 Posts
  • 874 Reply Likes
Works on everything that runs Linux.
And you're welcome. :)
(Edited)
Photo of Chris Tate  - N6WM

Chris Tate - N6WM, Elmer

  • 808 Posts
  • 217 Reply Likes
Softether is really a great application suite, there are a number of vpn solutions but this one is really well thought out, cross platform and works well.  Definitely a good solution to counter the abrupt removal of PPTP from iOS forcing a switch to L2TP as the next simplest solution for your iOS and windows device.  Using the right tools once can take a softether bridge enabled Pi on the road with a Maestro and connect to your flex environment from anywhere.
(Edited)
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes
I'm going to write another script to setup a bridge (site to site VPN), automagically. Need to setup two pis to test it on. 
Photo of Chris Tate  - N6WM

Chris Tate - N6WM, Elmer

  • 808 Posts
  • 217 Reply Likes
this one may be a bit tough to script b/c you will need to pass some arguments that could vary.  a second USB Ethernet adapter is needed in this scenario.  Sounds like your up to the challenge though!  ;-).
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes
Not difficult, I've been at this a while, since high school... 

The pi 3 has wifi and ethernet. I don't think you'd need another ethernet adapter unless you're connecting to a wired network. 
(Edited)
Photo of Chris Tate  - N6WM

Chris Tate - N6WM, Elmer

  • 808 Posts
  • 217 Reply Likes
I had to use an external wifi bridge in one application b/c I was having trouble getting the internal wifi adapter to work with S/E.  It may have been a bug in an earlier release.  K6OZY and a number of use started experimenting with this withing days of the release of LAN remote functionality.  having both options is good too.  Happy to see you doing this though for sure and look forward to seeing it contributed to the community.  Much appreciated.
Photo of Ali - 9K2WA

Ali - 9K2WA

  • 110 Posts
  • 23 Reply Likes
Thanks Ria,

SoftEther L2TP is working fine for me on my Raspberry PI now, excellent job.
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 878 Reply Likes
Glad I was able to help!
Photo of Chris Tate  - N6WM

Chris Tate - N6WM, Elmer

  • 808 Posts
  • 217 Reply Likes
Incidentally.. if the whole linux thing is intimidating to you and you just don't want to go there, you can install SoftEther server on a windows device in your environment as well.  Its more expensive but if you have a separate box doing other duties it is available and well documented on the softether site.  Part of the attraction of softether is their comprehensive documentation, extremely well done.
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes
This was the idea of the script, to make it easy for people so they can use a cheap, low power consumption Raspberry pi box instead of a power hungry PC which is overkill for this application. Seems to work out quite well. 
Photo of Rob G6EIH

Rob G6EIH

  • 100 Posts
  • 12 Reply Likes
Use Linux every day, always good to have a script that works and thanks Ria.
Photo of Chris Tate  - N6WM

Chris Tate - N6WM, Elmer

  • 808 Posts
  • 217 Reply Likes
yep.. absolutely.  Some folks may have an extra windows box out there just letting them know the options. I personally prefer the RasPi option but have installed both successfully.

Photo of Rob G6EIH

Rob G6EIH

  • 100 Posts
  • 12 Reply Likes
Yes totally agree, I have it on W7 & W10 boxes however I prefer run it on the Pi.
Windows boxes are power hungry devices and with all the updates who knows when they will break yet again, I just find Linux a much more stable platform to leave running in the background.

Isn't It great we have all these different ways to us the Flex ecosystem.
Photo of Bruce  PY2BS

Bruce PY2BS

  • 3 Posts
  • 1 Reply Like
Hi Ria, It's working perfectly here, I'm using the 6500 remotely, no issues at all, thank you a lot for making the script available.
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2252 Posts
  • 874 Reply Likes
You're welcome. 
Photo of Ed Woodrick

Ed Woodrick

  • 11 Posts
  • 6 Reply Likes
It would be so nice if the Flex devs could just change the software wo allow manual IP configuration instead of the AutoDiscover that the clients do. And then just publish the ports in use.
Photo of William Schauff

William Schauff

  • 10 Posts
  • 1 Reply Like
Hi Ria!

Good morning!
Have installed your script in a PI3B with sucess.
Thank you so much! I am having a lot of fun using my VPN  remote acess.
Just for your records, I had to re-run  your script after a cold reboot of raspbian , to get the configuration questions.

Best 73

PY2GN William Schauff

   
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2252 Posts
  • 874 Reply Likes
Hi William. Glad it worked out for you.
Photo of Mark WS7M

Mark WS7M

  • 386 Posts
  • 113 Reply Likes
Hi Ria,  I wanted to try your script but the google site seems to have some trash at the end of the script and it comes across corrupt.

Would you be willing to email me a zipped copy?   ws7m@arrl.net  works.  Thanks
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes
Hi Mark,

That's a feature, not a bug. It's a self extracting script with multiple files. The "trash" at the end is a tar archive. Download as-is and scp to the pi to use it. 

Ria
Photo of Mark WS7M

Mark WS7M

  • 386 Posts
  • 113 Reply Likes
Yeah I've seen those before but this one is not working for some reason.

In the past when I've done these kinds of things I zip or tar them as for some reason my download is losing line feeds and things are looking really strange.

When I run it I get things like  "fi not found line 39" etc.

anyway I think I have the server installed now I just have to get it to give me an IP I can work with... sigh...
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes
I'll check again. I did the packaging on my Mac and not on a pi but it should work, as I did that last time.
Photo of Mark Burton

Mark Burton

  • 2 Posts
  • 0 Reply Likes
Hi Ria, thanks for the script.
It worked well once I figured out that eth0 was hardcoded into the vpninstall.sh script, as I am running Raspbian Stretch the interfaces are all renamed so had to tweak it to find the interface. Unfortunately I just hardcoded it, not sure how to fix it properly to make it dynamic.
Mark
Photo of Mark Burton

Mark Burton

  • 2 Posts
  • 0 Reply Likes

maybe update vpnsinstall.sh to use something like 

for f in e*; do [[ -e $f ]] || continue; echo $f ; done | head -1 
to get the wired interface and then use that to update commands.in
bridgecreate VPN /DEVICE:enxMAC:ADDRESS /TAP:no
and when echoing
echo "Hardware address/MAC address:" `cat /sys/class/net/enxMAC:ADDRESS /address`
echo "IP address:"                   `ip addr show enxMAC:ADDRESS  | grep "inet " | cut -d '/' -f1 | cut -d ' ' -f6`


Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes
Yep I guess I could do that, but this was just a simple script I threw together because others were asking me to help them get theirs going. I've stopped maintaining it since we have Smartlink and v2.0.
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2254 Posts
  • 879 Reply Likes
I've really not maintained it all that much, but figured it was due for a minor update. I've updated the version of SoftEther used as well as not hardcoding eth0. I've also made the source code available on github in case you guys want to do your own things with it:

https://github.com/rjairam/softether-scripts

I used Makeself for the packaging. 
Photo of K1IMD

K1IMD

  • 4 Posts
  • 0 Reply Likes
Thank you so much Ria... Some of us are still using PowerSDR on older Flex gear and this is just what the doctor ordered!
73JonK1IMD