Set up VPN Server on Raspberry Pi

VPN servers are a great way to make sure your connection is secure and safe specially when you are connected to open or shared Wifi network. This tutorial will show you how you can set up your own VPN server at you home on Raspberry Pi, so all your connections on remote devices go through this server as if you were connected to your home Wifi.

The software that I am using – Softether – is a free and open source server that allows you to set up multiple VPN protocols. We will only be setting IPSec protocol that uses secure and encrypted connections for your VPN.

Prep.

  • Set port forwarding for your Raspberry Pi on your router to forward 50, 51, 500, and 4500
  • Login to your Raspberry Pi and open terminal (or ssh into it)
  • login as root
    sudo su
  • Download Softether server from their website
    screen-shot-2016-11-21-at-4-43-23-pmI am using the Primary Download Server, which will open in a new site where you can choose the version of the server. Select the component, platform and CPU as follows:
    screen-shot-2016-11-21-at-4-45-21-pm
  • Copy the link of the download file to use it in the terminal on Raspberry Pi
  • Download the server
    wget http://www.softether-download.com/files/softether/v4.21-9613-beta-2016.04.24-tree/Linux/SoftEther_VPN_Server/32bit_-_ARM_EABI/softether-vpnserver-v4.21-9613-beta-2016.04.24-linux-arm_eabi-32bit.tar.gz
  • Extract the files
    tar zxvf softether-vpnserver-v4.21-9613-beta-2016.04.24-linux-arm_eabi-32bit.tar.gz

    screen-shot-2016-11-21-at-4-48-01-pm

  • Change the directory to the newly extracted directory
    cd vpnserver

    Installation & Config.

  • While inside the vpnserver directory and as a root run the make command
    make

    screen-shot-2016-11-21-at-4-52-17-pm

  • Read and agree to the License Agreement to continue the installation
  • Once finished go to parent directory
    cd ../
  • Then move the vpnserver directory to /usr/local/
    mv vpnserver /usr/local/
  • Go into the directory we just moved
    /usr/local/vpnserver/
  • Now set the permissions
    chmod 600 * && chmod 700 vpncmd vpnserver
  • Test your installation by starting the VPN server
    ./vpncmd

    screen-shot-2016-11-21-at-5-03-00-pm

  • If successful, select any of the options, then type exit to exit the program (I selected 3)
    screen-shot-2016-11-21-at-5-04-41-pm
  • Set up auto run to make the VPN server start at boot by creating a file in /etc/init.d/ named vpnserver.
    Content of vpnserver file:

    #!/bin/sh
    # chkconfig: 2345 99 01
    # description: SoftEther VPN Server
    DAEMON=/usr/local/vpnserver/vpnserver
    LOCK=/var/lock/subsys/vpnserver
    test -x $DAEMON || exit 0
    case "$1" in
    start)
    $DAEMON start
    touch $LOCK
    ;;
    stop)
    $DAEMON stop
    rm $LOCK
    ;;
    restart)
    $DAEMON stop
    sleep 3
    $DAEMON start
    ;;
    *)
    echo "Usage: $0 {start|stop|restart}"
    exit 1
    esac
    exit 0

    ** Use one of the following options

    • You can use nano
      nano /etc/init.d/vpnserver

      Then paste the content of the file and save (press Ctrl + x, then Y to save the changes)

    • Or you can use vim
      vim /etc/init.d/vpnserver

      Change to insert mode by typing the letter I. Then, paste and save by pressing ESC, then :wq

    • Or you can echo the content into a file named vpnserver
      cat > /etc/init.d/vpnserver

      Hit Enter then Ctrl + D, now the file should be created.

  • Set the proper permissions
    chmod 755 /etc/init.d/vpnserver
  • Verify that the script works by running the command
    /etc/init.d/vpnserver start

    screen-shot-2016-11-21-at-5-23-17-pm

  • Finally, register the startup script
    update-rc.d vpnserver defaults

    screen-shot-2016-11-21-at-5-32-48-pm

  • Set the VPN Server password by running the ./vpncmda and selecting option 1
    ./vpncmd
    screen-shot-2016-11-21-at-5-25-48-pmHit Enter for each question to use the default value until you see “You have administrator privileges for the entire VPN Server” message
  • Then use the command SeverPasswordSet to set the admin password
    screen-shot-2016-11-21-at-5-29-08-pm
  • Then exit
    screen-shot-2016-11-21-at-5-30-11-pm
  • Reboot your PI

Setting up Users

  • After the Pi restarts and the server is running, you need to start the config program using:
    sudo /usr/local/vpnserver/vpncmd
  • Select number 1
  • Leave “Hostname of IP Address of Destination” blank and hit Enter
  • Leave “Specify Virtual Hub Name” and hit Enter
  • You will be asked to enter the password, this is the server password you set up earlier
  • Create a Hub using HubCreate command folowed by the name of the hub (you can name it anything, I named it VPN) and specify the password for that hub, this is the admin password for this hub.
    HubCreate VPN

    screen-shot-2016-11-21-at-9-13-50-pm

  • Select the Hub you just created
    Hub VPN

    screen-shot-2016-11-21-at-9-19-19-pm

  • Now enable IPSec protocol. Answer “yes” for all the questions, and specify the default hub (the one you created) and the shared secret for that hub. This will be used when connecting to the server
    IPsecEnable

    screen-shot-2016-11-21-at-9-21-01-pm

  • Enable secure NAT
    SecureNatEnable

    screen-shot-2016-11-21-at-9-23-11-pm

  • Now add your first user using UserCreate followed by the username, you can leave all the fields blank
    UserCreated hbattat

    screen-shot-2016-11-21-at-9-36-31-pm

  • Finally set the password for the newly created user
    UserPasswordSet hbattat

    screen-shot-2016-11-21-at-9-38-19-pm

  • Lastly, reboot the service from the config program
    Reboot

    screen-shot-2016-11-21-at-9-24-02-pm

How to Connect

We only set up IPSec protocol, so we will be using this to connect. This protocol does not require any third party apps or clients to connect on Windows, Mac, iOS, Android, and other platforms.

I’m going to only include a Mac example but all other platforms have similar fields to be filled out

  • Open Network preferences and click on the “+” to add a new connection and select VPN then select the protocol
    screen-shot-2016-11-21-at-9-30-05-pm
  • Specify the domain or IP address of your Raspberry Pi (the WAN IP address or domain name)
    screen-shot-2016-11-21-at-9-32-08-pm
  • Then click on the “Authentication Settings…” to specify the username, password and shared secret
    screen-shot-2016-11-21-at-9-34-19-pm
  • Save the changes and test your connection
    screen-shot-2016-11-21-at-9-39-10-pm

 

Leave a Reply