VPN server construction with Raspberry Pi
Hello. This is Ryo. This time we will build a VPN server using Raspberry Pi 3.
Why do you do it
I went to Shanghai the other day. At that time, I was surfing the internet using a Hong Kong SIM, but I was hit by access from some domestic sites. (* Could not access the Lawson ID login page.) Build a VPN server at home so that you can access it the next time you travel.
environment
Raspberry Pi 3 Raspbian GNU/Linux 9.6 (stretch) MacBook Pro 13 inch 2015 Softbank Hikari BB Unit Buffalo WCR-1166DS Router Pixel 3a via Softbank 4G
Supplement
I will omit the introduction of Rasbian and SSH. Make a note of * 1 to * 3 as they are used in the client settings.
1. Introduction of SoftEther
Download SoftEther File.
Check the IP address of the Raspberry Pi on the router and transfer the DL file with the SCP command
terminal
scp softether-vpnserver-v4.31-9727-beta-2019.11.18-linux-arm_eabi-32bit.tar.gz pi@"IP address of Raspberry Pi":~
Unzip the transferred file on the Raspberry Pi.
Rasbian
pi@raspberrypi:~ $ tar xf softether-vpnserver-v4.31-9727-beta-2019.11.18-linux-arm_eabi-32bit.tar.gz
Enter the unzipped directory and expand it further.
Rasbian
pi@raspberrypi:~ $ cd vpnserver
pi@raspberrypi:~/vpnserver $ make
When you hit the make command, you will be asked some questions, so select all 1.
After unpacking, move the vpnserver directory to usr / local. You are not logged in as the root user, so use the sudo command.
Rasbian
pi@raspberrypi:~ $ sudo mv vpnserver /usr/local
Go to the destination and set the permissions.
Rasbian
pi@raspberrypi:/usr/local/vpnserver $ chmod 600 *
pi@raspberrypi:/usr/local/vpnserver $ chmod 700 vpncmd vpnserver
Check if the authority has been set.
Rasbian
pi@raspberrypi:/usr/local/vpnserver $ ls -la
Also, check if vpnserver can be installed.
Rasbian
pi@raspberrypi:/usr/local/vpnserver $ /usr/local/vpnserver/vpncmd
You will be forced to choose the following 3 options, so select 3.
Rasbian
By using vpncmd program, the following can be achieved.
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 3
Type the check command.
VPN Tools>check
As shown below, if all pass, the installation is successful.
If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait...
Checking 'Kernel System'...
Pass
Checking 'Memory Operation System'...
Pass
Checking 'ANSI / Unicode string processing system'...
Pass
Checking 'File system'...
Pass
Checking 'Thread processing system'...
Pass
Checking 'Network system'...
Pass
All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system.
The command completed successfully.
Exit VPN Tools with ctrl + c.
Set the vpnserver to start automatically.
Creation directory </ B> /etc/systemd/system/ File name </ B> vpnserver.service
Create a script.
Rasbian
pi@raspberrypi:/usr/local/vpnserver $ sudo nano /etc/systemd/system/vpnserver.service
vpnserver.service
[Unit]
Description=SoftEther VPN Server
After=network.target network-online.target
[Service]
User=root
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
Type=forking
RestartSec=3s
WorkingDirectory=/usr/local/vpnserver/
ExecStartPre=/sbin/ip link set dev eth0 promisc on
[Install]
WantedBy=multi-user.target
Start the service and check the operation.
Rasbian
pi@raspberrypi:/usr/local/vpnserver $ sudo systemctl start vpnserver
pi@raspberrypi:/usr/local/vpnserver $ systemctl status vpnserver.service
If it says active, it's working.
Rasbian
Active: active (running) since Wed 2019-12-18 03:13:34 JST; 19s ago
The service will start automatically.
Rasbian
pi@raspberrypi:/usr/local/vpnserver $ sudo systemctl enable vpnserver.service
Check if the service is running.
Rasbian
pi@raspberrypi:~ $ systemctl status vpnserver.service
Active: active (running)
2. VPN Server Manager settings
Install VPN Server Manager on your Mac and configure VPN Server.
Start SoftEther VPN Server Manager.
Click New Setting.
Create an administrator password.
With Bridge Easy Setup
Check Remote Access VPN Server and click Next.
You will be asked if you want to initialize the VPN Server and VPN Bridge settings, but click Yes.
Enter any name in Virtual Hub Name and click OK.
Check Enable L2TP Server Function (L2TP over IPsec) in the IPsec L2TP server settings.
Enter any password in IPsec Pre-Shared Key (* 1) in IPsec Common Settings.
At this time, if you set a password of 10 characters or more, you will be warned that an error has occurred on the Android device, so set a password of 9 characters or less.
Azure setting is Disable.
Create a User.
Set any User Name (* 2), Password (* 3), and Confirm Password.
Do Local Bridge Setting.
Enter any name in Virtual HUB Name in Virtual Pc.
Check Bridge with New Tap Device.
Select eth0 for the LAN adapter.
Enter any name for New Tap Device Name.
This completes the VPN Server Manager settings. Ssh to the raspberry pi in the terminal and hit ifconfig. It is OK if there is a name set by tap_ + New Tap Device Name.
Rasbian
tap_softether: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
3. Local bridge settings
Set up a local bridge on your Raspberry Pi.
Rasbian
pi@raspberrypi:~ $ sudo apt install -y bridge-utils
Edit the network configuration of the Raspberry Pi.
Rasbian
pi@raspberrypi:~ $ sudo nano /etc/network/interfaces
interfaces
auto eth0
iface eth0 inet manual
# SoftEther VPN
auto br0
iface br0 inet static
address 192.168.11.64
netmask 255.255.255.0
gateway 192.168.11.1
bridge_ports eth0 tap_softether
bridge_maxwait 10
Restart your Raspberry Pi. This completes the local bridge settings.
~~ The remaining router and client (Pixel 3a) settings will be added as soon as verification is complete. ~~ I have confirmed the connection, so I will add it. (2020/03/19)
4. Router settings
Set the WCR-1166DS mode toggle to AP mode.
- WCR-1166DS does not set the router.
Access 172.16.255.254 from your browser and log in to the SoftBank Hikari BB unit setting screen.
(If you have not changed the settings, you can log in with ID: user, PASS: user.)
Wireless LAN setting-Stop the wireless LAN function of the SoftBank Hikari BB unit from the wireless LAN function stop setting.
Next, from the router function settings-IP address / DHCP server settings, match the IP address allocation range with the Raspberry Pi's IP address. The SoftBank Hikari BB router starts from "192.168.3.1" by default, but the Buffalo router starts from "192.168.11.1", so the device IP address / subnet mask is changed from "192.168.3.1" to "192.168.11.1". Change.
The IP address of Raspberry Pi is fixed by the fixed allocation on the same page.
Rasbian
pi@raspberrypi:~ $ ifconfig
Omission
ether Mac address txqueuelen 1000(Ethernet)
Check the Mac address under ether, and enter the IP address and MAC address in the fixed allocation.
Set up port forwarding.
Enable, protocol UDP, port 500,4500, transfer destination IP address set to 192.168.11.64.
This completes the router settings.
5. Client (Pixel 3a) settings
Tap Settings-Network and Internet-Advanced-VPN to open the VPN settings page.
Tap the + button on the upper right. You can edit the profile, so enter it in the following items.
--Name: Arbitrary --Type: L2TP / IPSec PSK --Server Address: Global IPv4 Address of SoftEther Dynamic DNS Function --IPSec Pre-Shared Key: IPsec Pre-Shared Key (* 1) of IPsec Common Settings set by SoftEther --Transfer route: 0.0.0.0/0 --User name: User set by SoftEther (* 2) --Password: Password set by SoftEther (* 3)
Set the above and save.
After setting, tap the set profile and if you can connect, you are done.
Thank you for your hard work.
The highlight of this time was the setting of the router. It took me a while to notice because I had no idea of using a wireless router as a mere AP and taking over the settings of the SoftBank Hikari BB unit.
Once the coronavirus turmoil has subsided, make sure you can connect in China.
Reference URL
SoftEther VPN environment created with Raspberry Pi Building a VPN server with Raspberry Pi VPN with Raspberry Pi and softether What is the bridge mode with open port