Raspberry Pi with Raspbian Jessie configuration adventure

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
ruimgoncalves
Posts: 5
Joined: Sat Dec 03, 2016 3:30 pm

Raspberry Pi with Raspbian Jessie configuration adventure

Post by ruimgoncalves » Sat Dec 03, 2016 6:32 pm

I decided to post the results of my adventure in configuring a raspberry pi with Raspbian Jessie.

Most of the tutorials out there are for early version of Raspbian, and since I'm using Jessie, that has a new network configuration setup that I would like to respect. Also some tutorials are over complicated with some sleepy ZZzzz.... scripts , and some nasty side effects, like no internet connection after the server is up.

So here's the problem, I wanted to connect my devices (laptop and android phone), to my local network, but I wanted be able to enable the vpn connection on-demand meaning, I only wanted to change the adapters configuration if I started the vpn server and keep the ip's after all the changes. I'm not a network admin so if there is something terribly wrong with this setup causing nuclear havoc, I cannot be held accountable for, so you have been warned.
My Pi has a static ip of 192.168.101.6 assigned outside of the DHCP pool.

Here's my network topology

Home
Ip address range : 192.168.101.1/255.255.255.0
Router/Gateway : 192.168.101.1
DHCP range : 192.168.101.50-192.168.101.250
Pi address : 192.168.101.6

Work
Ip range 192.168.1.1/255.255.255.0

Lets go to work!

1 - Download and install the vpn server.

2 - From SoftEther VPN Server Management go to Local Bridge Settings remove all previous bridges and create a Tap adapter, so go to New Tap Device name and write "soft". Softether will create a tap_soft device for you. You can check it by issuing the "ip a" command.
This step ensures that the pi is also accessible from the vpn connection, so now I can access it at 192.168.101.6 .

3 - Enable ip4 forwarding

nano /etc/sysctl.conf

Uncomment this line
net.ipv4.ip_forward = 1

4? - Add the bridge adapter (br0) but do not enable it for now - (I do not use this step so it may not be necessary)

nano /etc/network/interfaces

change the file so it looks like this

....
allow-hotplug eth0
iface eth0 inet manual

#auto br0
iface br0 inet manual
bridge_ports eth0
bridge_stp off
bridge_waitport 0
bridge_maxwait 0
bridge_fd 0
....

5 - Configure ip and routing in the dhcpcd service

nano /etc/dhcpcd.conf

change the file and add this lines

....
interface eth0
static ip_address=192.168.101.6/24
static routers=192.168.101.1
static domain_name_servers=8.8.8.8 8.8.4.4 192.168.101.1

interface br0
static ip_address=192.168.101.6/24
static routers=192.168.101.1
static domain_name_servers=8.8.8.8 8.8.4.4 192.168.101.1
....

6 - Create the startVPN script

nano startVPN.sh

Add this lines

#!/bin/bash
echo "Switching from eth0 to br0"

# set up bridge
ip link add br0 type bridge
ip link set eth0 master br0
# flush eth0 configuration
ip addr flush dev eth0
ip link set dev br0 up

./vpnserver/vpnserver start

while [ -z "`ifconfig | grep tap_soft`" ]
do
echo "Wait for vpn adapter"
sleep 2
done

echo "Found VPN adapter, attaching to bridge."
ip link set dev tap_soft master br0

7 - chmod +x startVPN.sh, and your done!

Now I can connect from my work, the vpn adapter is assigned an ip from the dhcp server on my home router in the 192.168.101.x range, so no need to enable the SecureNat service.

Here is a link to the files, https://gist.github.com/ruimgoncalves/9 ... 20d89981b7

Hope this is helpful for you!
Last edited by ruimgoncalves on Mon Sep 25, 2017 3:10 pm, edited 1 time in total.

ruimgoncalves
Posts: 5
Joined: Sat Dec 03, 2016 3:30 pm

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Post by ruimgoncalves » Mon Sep 25, 2017 3:04 pm

After some month using this configuration here's some updates

Everything works has advertised, I'm using this setup in production and can say it satisfies my needs!

The major problem I'm facing, from time to time, is when the network cable is unplugged. It seems the bridge interface does not reconnect and I have to reboot the machine to be able to reconnect to it. This is the major bummer, and if anyone has some ideas on how to overcome this problem please contact me. I managed to do a workaround and restart the networking service and the softether service but, this is a hack rather than a solution.

I have also changed the network topology a bit to avoid collision with 192.168.1.x networks, so my home ip address range is now 192.168.101.1 and all other networks are 192.168.1.x, 192.168.2.x, etc

Step 4 of my adventure seems not to be necessary since I removed it and everything is working just fine.

I'm going to try and change the configuration tutorial to accommodate this changes.

If anyone has some idea on how to resolve the network cable problem, please post or contact me.

nayege
Posts: 2
Joined: Sat Sep 01, 2018 9:13 am

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Post by nayege » Sat Sep 01, 2018 9:15 am

How can I setup my raspberry in order to execute the script startVPN.sh at boot? I tried with cron and placing a file on /etc/network/if-up.d but it doesn't work. Any idea?

Thank you!

ruimgoncalves
Posts: 5
Joined: Sat Dec 03, 2016 3:30 pm

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Post by ruimgoncalves » Sat Sep 01, 2018 9:54 pm

I created a simple systemd service and it works very well.

Use this file for reference.
https://gist.github.com/ruimgoncalves/f652f74f3a13b78ae4c18745baed67c3

Hope this helps.

nayege
Posts: 2
Joined: Sat Sep 01, 2018 9:13 am

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Post by nayege » Sun Sep 02, 2018 8:02 am

ruimgoncalves wrote:
> I created a simple systemd service and it works very well.
>
> Use this file for reference.
> https://gist.github.com/ruimgoncalves/f652f74f3a13b78ae4c18745baed67c3
>
> Hope this helps.

Simply perfect, thank you very much!

BobVVue
Posts: 3
Joined: Thu Sep 20, 2018 3:50 pm

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Post by BobVVue » Thu Sep 20, 2018 4:24 pm

Thanks ruimgoncalves for this! I see you updated the startup to use systemd. I still use the old LSB and rc.d startup way in Rasberian Stretch on a rPi3. as I have a remote cabin with Verizon USB-modem and a rPi as the VPN server so I can see cameras and thermostat. Because Verizon bandwidth is 1g/month for $20, I can't just have the camera upload to the cloud willy-nilly. So I VPN into the rPi with Softether and view the live image or images stored locally on the cameras SDcard.

Works GREAT. Since this is a remote location, powered 24/7 and is hours away where I can't work on it if I loose connection, it has to take care of itself. The only problem is if the CraddlePoint router reboots due to lost Verizon signal (it does that), when the ethernet connection goes away from the rPi, the bridge is not re-established without a rPi reboot so I loose connection. I saw I'm not alone with this exact ethernet port problem, so I set up cron to reboot the rPi everynight at 11:03. And every 45 minutes cron job pings 8.8.8.8 (Google DNS) and reboots if can't get replies.

I have a 20 page doc I'm working on with screen shots on how to do this, from the start of installing Rasberrian. I don't want to steal your thunder, as you did all the heavy work here, I just wrapped it in extras like setting up VNC,downloading Softether and compiling and moving to right directories to screen shots of the the cron jobs to check connection. Shows Config of Softether using the Windows server manager. I did this so when the SD card dies in the rPi from over-use, I can rebuild without struggling. It took about 1 hour total time to run through this doc from first boot of rPi to working VPN. Initially, without this post and others, it was WAY longer to get rPi working. (Also looking at using an SSD instead of SDcard since rPi now boots from USB.)

Anyways, THANKS AGAIN! Without this, I was really struggling to get the bridging working in Linux on the rPi.

ruimgoncalves
Posts: 5
Joined: Sat Dec 03, 2016 3:30 pm

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Post by ruimgoncalves » Sun Oct 07, 2018 8:53 pm

BobVVue wrote:
Thu Sep 20, 2018 4:24 pm
...
Dear BobVVue

Thanks for your kind words, I would be honored to be referenced in your work, and would like very much to see it when it becomes available.

Thanks again!

sky59
Posts: 477
Joined: Tue Sep 11, 2018 5:58 pm

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Post by sky59 » Mon Oct 08, 2018 6:29 am

I undewent similar adventure with OrangePi Zero, see neighbouring thread...

Just one info: there is no need to create tap_soft interface and bridge it later, it is sufficient you make local bridge inside vpnserver package directly between VPN virtual hub and physical eth0

On openwrt for some reasons they do not use eth0 directly but create eth0.1, so in this case bridge VPN with eth0.1 (eth0 does not work no idea why)

one more note: I just implemented and tested positively vpnbridge into A5V11 router, but ROM memory needed to be changed from 4MB to 8MB
32MB RAM is just enough!

Bachpo
Posts: 1
Joined: Mon Oct 08, 2018 10:46 am

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Post by Bachpo » Mon Oct 08, 2018 11:15 am

Nice topic. Thanks.

Post Reply