Jeff M Belt

© 2018 - All Rights Reserved

Parts List

Sourced from http://www.adafruit.com

    •    Raspberry Pi 3 - Model B - ARMv8 with 1G RAM

    •    5V 2.4A Switching Power Supply with 20AWG MicroUSB Cable

    •    Pi Model B+ / Pi 2 / Pi 3 Case Base - Smoke Gray

    •    Raspberry Pi Model B+ / Pi 2 / Pi 3 Case Lid - Smoke Gray

    •    8GB SD Card with Raspbian Jessie Operating System

Setup Scripts

Download setup scripts from https://gist.github.com/jhenkens/11190151/a

If for some reason, they are not available, a copy is available on my downloads page.

Install raspbian, set up your users however you would like, so long as you have sudo access on the user you are running this with. You probably want to resize the image so it fills the SD card as well.

​

    1    Copy this entire gist to your raspberry pi

    2    Run step1.sh

        This script does a few things - it first updates your raspberry pi, then it installs a few needed utilities, then it upgrades the firmware on your raspberry pi

        Next, it sets up a few iptables rules in /etc/rc.local. Please verify that there is not an 'exit 0' statement before those rules are run, as the 'exit 0' will obviously prevent them from being loaded

        It downloads softether for raspberry pi, extracts it to /usr/local/vpnserver, agrees to the license terms, and then "makes" it.

        It changes the permissions as necessary on the /usr/local/vpnserevr files

        It adds the ufw profile for l2tpvpn's and allows it (But it doesn't enable ufw if it isn't already enabled)

        It adds the init.d script to start up the vpn server on startup

        Please enable ufw if you would like your pi to be more secure. The IPTables and ufw rules should allow you to simple type 'sudo ufw enable' and everything should work

        Please check /etc/rc.local to ensure that 'exit 0' does not come before the iptables commands

        Unless you are confident in managing the services manually, please reboot your pi to make sure everything is working nicely.

    3    Run step2.sh

        This script sets up the softether VPN config for an L2TP/IPSec vpn

        It will ask you various things in order and then stream-edit them into a copy of the 'commands.in' file, which it will then use to configure the softether server with.

        This script only works with a clean-install of softether - if you have already placed a password on softether, it will not work

        The soft-ether admin password is used only to administer the server using the vpncmd program or the softether gui for Windows

        The IPSec secret is the shared secret for all the IPSec connection

        The User/Pass are for one specific account, and do not have to match your unix account

        The script also grabs the mac address of the Raspberry Pi's 'eth0' interface, and then sets up the /etc/network/interfaces to use a bridge with that mac address rather than the ethernet adapter direction

        This is because we have softether binding to a TAP, which we then need to bridge together, so that we can access the raspberry pi via the vpn. If we did a local bridge directly onto eth0, we would be able to access everything but the raspberry pi when connected via VPN

        Please check /etc/network/interfaces to make sure things look good! You shouldn't see MACADDRESS in the file, and you should see it making a bridge, and that eth0 is set to manual with no additional settings

    4    Update the /etc/network/interfaces file to have a static IP address. Here is an example:

    5    auto lo

    6    

    7    iface lo inet loopback

    8    

    9    auto br0

    10    iface br0 inet static

    11        bridge_ports eth0

    12        bridge_stp off

    13        bridge_waitport 0

    14        bridge_maxwait 0

    15        bridge_fd 0

    16        post-up ip link set br0 address b8:27:eb:08:76:a3

    17        address 192.168.1.19

    18        netmask 255.255.255.0

    19        network 192.168.1.0

    20        broadcast 192.168.1.255

    21        gateway 192.168.1.1

    22    

    23    allow-hotplug eth0

    24    iface eth0 inet manual

    25    

​

Lastly, which you must do on your own, set up your router to forward ports 1701tcp, 4500udp, and 500udp from your router to your Raspberry Pi

Raspberry Pi L2TP VPN Server