Raspberry Pi with Raspbian Jessie configuration adventure
-
- Posts: 5
- Joined: Sat Dec 03, 2016 3:30 pm
Raspberry Pi with Raspbian Jessie configuration adventure
I decided to post the results of my adventure in configuring a raspberry pi with Raspbian Jessie.
Most of the tutorials out there are for early version of Raspbian, and since I'm using Jessie, that has a new network configuration setup that I would like to respect. Also some tutorials are over complicated with some sleepy ZZzzz.... scripts , and some nasty side effects, like no internet connection after the server is up.
So here's the problem, I wanted to connect my devices (laptop and android phone), to my local network, but I wanted be able to enable the vpn connection on-demand meaning, I only wanted to change the adapters configuration if I started the vpn server and keep the ip's after all the changes. I'm not a network admin so if there is something terribly wrong with this setup causing nuclear havoc, I cannot be held accountable for, so you have been warned.
My Pi has a static ip of 192.168.101.6 assigned outside of the DHCP pool.
Here's my network topology
Home
Ip address range : 192.168.101.1/255.255.255.0
Router/Gateway : 192.168.101.1
DHCP range : 192.168.101.50-192.168.101.250
Pi address : 192.168.101.6
Work
Ip range 192.168.1.1/255.255.255.0
Lets go to work!
1 - Download and install the vpn server.
2 - From SoftEther VPN Server Management go to Local Bridge Settings remove all previous bridges and create a Tap adapter, so go to New Tap Device name and write "soft". Softether will create a tap_soft device for you. You can check it by issuing the "ip a" command.
This step ensures that the pi is also accessible from the vpn connection, so now I can access it at 192.168.101.6 .
3 - Enable ip4 forwarding
nano /etc/sysctl.conf
Uncomment this line
net.ipv4.ip_forward = 1
4? - Add the bridge adapter (br0) but do not enable it for now - (I do not use this step so it may not be necessary)
nano /etc/network/interfaces
change the file so it looks like this
....
allow-hotplug eth0
iface eth0 inet manual
#auto br0
iface br0 inet manual
bridge_ports eth0
bridge_stp off
bridge_waitport 0
bridge_maxwait 0
bridge_fd 0
....
5 - Configure ip and routing in the dhcpcd service
nano /etc/dhcpcd.conf
change the file and add this lines
....
interface eth0
static ip_address=192.168.101.6/24
static routers=192.168.101.1
static domain_name_servers=8.8.8.8 8.8.4.4 192.168.101.1
interface br0
static ip_address=192.168.101.6/24
static routers=192.168.101.1
static domain_name_servers=8.8.8.8 8.8.4.4 192.168.101.1
....
6 - Create the startVPN script
nano startVPN.sh
Add this lines
#!/bin/bash
echo "Switching from eth0 to br0"
# set up bridge
ip link add br0 type bridge
ip link set eth0 master br0
# flush eth0 configuration
ip addr flush dev eth0
ip link set dev br0 up
./vpnserver/vpnserver start
while [ -z "`ifconfig | grep tap_soft`" ]
do
echo "Wait for vpn adapter"
sleep 2
done
echo "Found VPN adapter, attaching to bridge."
ip link set dev tap_soft master br0
7 - chmod +x startVPN.sh, and your done!
Now I can connect from my work, the vpn adapter is assigned an ip from the dhcp server on my home router in the 192.168.101.x range, so no need to enable the SecureNat service.
Here is a link to the files, https://gist.github.com/ruimgoncalves/9 ... 20d89981b7
Hope this is helpful for you!
Most of the tutorials out there are for early version of Raspbian, and since I'm using Jessie, that has a new network configuration setup that I would like to respect. Also some tutorials are over complicated with some sleepy ZZzzz.... scripts , and some nasty side effects, like no internet connection after the server is up.
So here's the problem, I wanted to connect my devices (laptop and android phone), to my local network, but I wanted be able to enable the vpn connection on-demand meaning, I only wanted to change the adapters configuration if I started the vpn server and keep the ip's after all the changes. I'm not a network admin so if there is something terribly wrong with this setup causing nuclear havoc, I cannot be held accountable for, so you have been warned.
My Pi has a static ip of 192.168.101.6 assigned outside of the DHCP pool.
Here's my network topology
Home
Ip address range : 192.168.101.1/255.255.255.0
Router/Gateway : 192.168.101.1
DHCP range : 192.168.101.50-192.168.101.250
Pi address : 192.168.101.6
Work
Ip range 192.168.1.1/255.255.255.0
Lets go to work!
1 - Download and install the vpn server.
2 - From SoftEther VPN Server Management go to Local Bridge Settings remove all previous bridges and create a Tap adapter, so go to New Tap Device name and write "soft". Softether will create a tap_soft device for you. You can check it by issuing the "ip a" command.
This step ensures that the pi is also accessible from the vpn connection, so now I can access it at 192.168.101.6 .
3 - Enable ip4 forwarding
nano /etc/sysctl.conf
Uncomment this line
net.ipv4.ip_forward = 1
4? - Add the bridge adapter (br0) but do not enable it for now - (I do not use this step so it may not be necessary)
nano /etc/network/interfaces
change the file so it looks like this
....
allow-hotplug eth0
iface eth0 inet manual
#auto br0
iface br0 inet manual
bridge_ports eth0
bridge_stp off
bridge_waitport 0
bridge_maxwait 0
bridge_fd 0
....
5 - Configure ip and routing in the dhcpcd service
nano /etc/dhcpcd.conf
change the file and add this lines
....
interface eth0
static ip_address=192.168.101.6/24
static routers=192.168.101.1
static domain_name_servers=8.8.8.8 8.8.4.4 192.168.101.1
interface br0
static ip_address=192.168.101.6/24
static routers=192.168.101.1
static domain_name_servers=8.8.8.8 8.8.4.4 192.168.101.1
....
6 - Create the startVPN script
nano startVPN.sh
Add this lines
#!/bin/bash
echo "Switching from eth0 to br0"
# set up bridge
ip link add br0 type bridge
ip link set eth0 master br0
# flush eth0 configuration
ip addr flush dev eth0
ip link set dev br0 up
./vpnserver/vpnserver start
while [ -z "`ifconfig | grep tap_soft`" ]
do
echo "Wait for vpn adapter"
sleep 2
done
echo "Found VPN adapter, attaching to bridge."
ip link set dev tap_soft master br0
7 - chmod +x startVPN.sh, and your done!
Now I can connect from my work, the vpn adapter is assigned an ip from the dhcp server on my home router in the 192.168.101.x range, so no need to enable the SecureNat service.
Here is a link to the files, https://gist.github.com/ruimgoncalves/9 ... 20d89981b7
Hope this is helpful for you!
Last edited by ruimgoncalves on Mon Sep 25, 2017 3:10 pm, edited 1 time in total.
-
- Posts: 5
- Joined: Sat Dec 03, 2016 3:30 pm
Re: Raspberry Pi with Raspbian Jessie configuration adventure
After some month using this configuration here's some updates
Everything works has advertised, I'm using this setup in production and can say it satisfies my needs!
The major problem I'm facing, from time to time, is when the network cable is unplugged. It seems the bridge interface does not reconnect and I have to reboot the machine to be able to reconnect to it. This is the major bummer, and if anyone has some ideas on how to overcome this problem please contact me. I managed to do a workaround and restart the networking service and the softether service but, this is a hack rather than a solution.
I have also changed the network topology a bit to avoid collision with 192.168.1.x networks, so my home ip address range is now 192.168.101.1 and all other networks are 192.168.1.x, 192.168.2.x, etc
Step 4 of my adventure seems not to be necessary since I removed it and everything is working just fine.
I'm going to try and change the configuration tutorial to accommodate this changes.
If anyone has some idea on how to resolve the network cable problem, please post or contact me.
Everything works has advertised, I'm using this setup in production and can say it satisfies my needs!
The major problem I'm facing, from time to time, is when the network cable is unplugged. It seems the bridge interface does not reconnect and I have to reboot the machine to be able to reconnect to it. This is the major bummer, and if anyone has some ideas on how to overcome this problem please contact me. I managed to do a workaround and restart the networking service and the softether service but, this is a hack rather than a solution.
I have also changed the network topology a bit to avoid collision with 192.168.1.x networks, so my home ip address range is now 192.168.101.1 and all other networks are 192.168.1.x, 192.168.2.x, etc
Step 4 of my adventure seems not to be necessary since I removed it and everything is working just fine.
I'm going to try and change the configuration tutorial to accommodate this changes.
If anyone has some idea on how to resolve the network cable problem, please post or contact me.
-
- Posts: 2
- Joined: Sat Sep 01, 2018 9:13 am
Re: Raspberry Pi with Raspbian Jessie configuration adventure
How can I setup my raspberry in order to execute the script startVPN.sh at boot? I tried with cron and placing a file on /etc/network/if-up.d but it doesn't work. Any idea?
Thank you!
Thank you!
-
- Posts: 5
- Joined: Sat Dec 03, 2016 3:30 pm
Re: Raspberry Pi with Raspbian Jessie configuration adventure
I created a simple systemd service and it works very well.
Use this file for reference.
https://gist.github.com/ruimgoncalves/f652f74f3a13b78ae4c18745baed67c3
Hope this helps.
Use this file for reference.
https://gist.github.com/ruimgoncalves/f652f74f3a13b78ae4c18745baed67c3
Hope this helps.
-
- Posts: 2
- Joined: Sat Sep 01, 2018 9:13 am
Re: Raspberry Pi with Raspbian Jessie configuration adventure
ruimgoncalves wrote:
> I created a simple systemd service and it works very well.
>
> Use this file for reference.
> https://gist.github.com/ruimgoncalves/f652f74f3a13b78ae4c18745baed67c3
>
> Hope this helps.
Simply perfect, thank you very much!
> I created a simple systemd service and it works very well.
>
> Use this file for reference.
> https://gist.github.com/ruimgoncalves/f652f74f3a13b78ae4c18745baed67c3
>
> Hope this helps.
Simply perfect, thank you very much!
-
- Posts: 3
- Joined: Thu Sep 20, 2018 3:50 pm
Re: Raspberry Pi with Raspbian Jessie configuration adventure
Thanks ruimgoncalves for this! I see you updated the startup to use systemd. I still use the old LSB and rc.d startup way in Rasberian Stretch on a rPi3. as I have a remote cabin with Verizon USB-modem and a rPi as the VPN server so I can see cameras and thermostat. Because Verizon bandwidth is 1g/month for $20, I can't just have the camera upload to the cloud willy-nilly. So I VPN into the rPi with Softether and view the live image or images stored locally on the cameras SDcard.
Works GREAT. Since this is a remote location, powered 24/7 and is hours away where I can't work on it if I loose connection, it has to take care of itself. The only problem is if the CraddlePoint router reboots due to lost Verizon signal (it does that), when the ethernet connection goes away from the rPi, the bridge is not re-established without a rPi reboot so I loose connection. I saw I'm not alone with this exact ethernet port problem, so I set up cron to reboot the rPi everynight at 11:03. And every 45 minutes cron job pings 8.8.8.8 (Google DNS) and reboots if can't get replies.
I have a 20 page doc I'm working on with screen shots on how to do this, from the start of installing Rasberrian. I don't want to steal your thunder, as you did all the heavy work here, I just wrapped it in extras like setting up VNC,downloading Softether and compiling and moving to right directories to screen shots of the the cron jobs to check connection. Shows Config of Softether using the Windows server manager. I did this so when the SD card dies in the rPi from over-use, I can rebuild without struggling. It took about 1 hour total time to run through this doc from first boot of rPi to working VPN. Initially, without this post and others, it was WAY longer to get rPi working. (Also looking at using an SSD instead of SDcard since rPi now boots from USB.)
Anyways, THANKS AGAIN! Without this, I was really struggling to get the bridging working in Linux on the rPi.
Works GREAT. Since this is a remote location, powered 24/7 and is hours away where I can't work on it if I loose connection, it has to take care of itself. The only problem is if the CraddlePoint router reboots due to lost Verizon signal (it does that), when the ethernet connection goes away from the rPi, the bridge is not re-established without a rPi reboot so I loose connection. I saw I'm not alone with this exact ethernet port problem, so I set up cron to reboot the rPi everynight at 11:03. And every 45 minutes cron job pings 8.8.8.8 (Google DNS) and reboots if can't get replies.
I have a 20 page doc I'm working on with screen shots on how to do this, from the start of installing Rasberrian. I don't want to steal your thunder, as you did all the heavy work here, I just wrapped it in extras like setting up VNC,downloading Softether and compiling and moving to right directories to screen shots of the the cron jobs to check connection. Shows Config of Softether using the Windows server manager. I did this so when the SD card dies in the rPi from over-use, I can rebuild without struggling. It took about 1 hour total time to run through this doc from first boot of rPi to working VPN. Initially, without this post and others, it was WAY longer to get rPi working. (Also looking at using an SSD instead of SDcard since rPi now boots from USB.)
Anyways, THANKS AGAIN! Without this, I was really struggling to get the bridging working in Linux on the rPi.
-
- Posts: 5
- Joined: Sat Dec 03, 2016 3:30 pm
-
- Posts: 477
- Joined: Tue Sep 11, 2018 5:58 pm
Re: Raspberry Pi with Raspbian Jessie configuration adventure
I undewent similar adventure with OrangePi Zero, see neighbouring thread...
Just one info: there is no need to create tap_soft interface and bridge it later, it is sufficient you make local bridge inside vpnserver package directly between VPN virtual hub and physical eth0
On openwrt for some reasons they do not use eth0 directly but create eth0.1, so in this case bridge VPN with eth0.1 (eth0 does not work no idea why)
one more note: I just implemented and tested positively vpnbridge into A5V11 router, but ROM memory needed to be changed from 4MB to 8MB
32MB RAM is just enough!
Just one info: there is no need to create tap_soft interface and bridge it later, it is sufficient you make local bridge inside vpnserver package directly between VPN virtual hub and physical eth0
On openwrt for some reasons they do not use eth0 directly but create eth0.1, so in this case bridge VPN with eth0.1 (eth0 does not work no idea why)
one more note: I just implemented and tested positively vpnbridge into A5V11 router, but ROM memory needed to be changed from 4MB to 8MB
32MB RAM is just enough!
-
- Posts: 1
- Joined: Mon Oct 08, 2018 10:46 am
Re: Raspberry Pi with Raspbian Jessie configuration adventure
Nice topic. Thanks.