Set up VPN Server on Raspberry Pi

VPN servers are a great way to make sure your connection is secure and safe specially when you are connected to open or shared Wifi network. This tutorial will show you how you can set up your own VPN server at you home on Raspberry Pi, so all your connections on remote devices go through this server as if you were connected to your home Wifi.

The software that I am using – Softether – is a free and open source server that allows you to set up multiple VPN protocols. We will only be setting IPSec protocol that uses secure and encrypted connections for your VPN.


  • Set port forwarding for your Raspberry Pi on your router to forward 50, 51, 500, and 4500
  • Login to your Raspberry Pi and open terminal (or ssh into it)
  • login as root
    sudo su
  • Download Softether server from their website
    screen-shot-2016-11-21-at-4-43-23-pmI am using the Primary Download Server, which will open in a new site where you can choose the version of the server. Select the component, platform and CPU as follows:
  • Copy the link of the download file to use it in the terminal on Raspberry Pi
  • Download the server
  • Extract the files
    tar zxvf softether-vpnserver-v4.21-9613-beta-2016.04.24-linux-arm_eabi-32bit.tar.gz


  • Change the directory to the newly extracted directory
    cd vpnserver

    Installation & Config.

  • While inside the vpnserver directory and as a root run the make command


  • Read and agree to the License Agreement to continue the installation
  • Once finished go to parent directory
    cd ../
  • Then move the vpnserver directory to /usr/local/
    mv vpnserver /usr/local/
  • Go into the directory we just moved
  • Now set the permissions
    chmod 600 * && chmod 700 vpncmd vpnserver
  • Test your installation by starting the VPN server


  • If successful, select any of the options, then type exit to exit the program (I selected 3)
  • Set up auto run to make the VPN server start at boot by creating a file in /etc/init.d/ named vpnserver.
    Content of vpnserver file:

    # chkconfig: 2345 99 01
    # description: SoftEther VPN Server
    test -x $DAEMON || exit 0
    case "$1" in
    $DAEMON start
    touch $LOCK
    $DAEMON stop
    rm $LOCK
    $DAEMON stop
    sleep 3
    $DAEMON start
    echo "Usage: $0 {start|stop|restart}"
    exit 1
    exit 0

    ** Use one of the following options

    • You can use nano
      nano /etc/init.d/vpnserver

      Then paste the content of the file and save (press Ctrl + x, then Y to save the changes)

    • Or you can use vim
      vim /etc/init.d/vpnserver

      Change to insert mode by typing the letter I. Then, paste and save by pressing ESC, then :wq

    • Or you can echo the content into a file named vpnserver
      cat > /etc/init.d/vpnserver

      Hit Enter then Ctrl + D, now the file should be created.

  • Set the proper permissions
    chmod 755 /etc/init.d/vpnserver
  • Verify that the script works by running the command
    /etc/init.d/vpnserver start


  • Finally, register the startup script
    update-rc.d vpnserver defaults


  • Set the VPN Server password by running the ./vpncmda and selecting option 1
    screen-shot-2016-11-21-at-5-25-48-pmHit Enter for each question to use the default value until you see “You have administrator privileges for the entire VPN Server” message
  • Then use the command SeverPasswordSet to set the admin password
  • Then exit
  • Reboot your PI

Setting up Users

  • After the Pi restarts and the server is running, you need to start the config program using:
    sudo /usr/local/vpnserver/vpncmd
  • Select number 1
  • Leave “Hostname of IP Address of Destination” blank and hit Enter
    By default Softether uses port 443, so if your server already uses that port for other purpose, you must specify a different port. To do so, in this step, type “localhost:5555” (without quotes)
    The 5555 port can also be replaced by one of the other ports Softether listens to: 992, 1194, or 5555
  • Leave “Specify Virtual Hub Name” and hit Enter
  • You will be asked to enter the password, this is the server password you set up earlier
  • Create a Hub using HubCreate command followed by the name of the hub (you can name it anything, I named it VPN) and specify the password for that hub, this is the admin password for this hub.
    HubCreate VPN


  • Select the Hub you just created
    Hub VPN


  • Now enable IPSec protocol. Answer “yes” for all the questions, and specify the default hub (the one you created) and the shared secret for that hub. This will be used when connecting to the server


  • Enable secure NAT


  • Now add your first user using UserCreate followed by the username, you can leave all the fields blank
    UserCreate hbattat


  • Finally set the password for the newly created user
    UserPasswordSet hbattat


  • Lastly, reboot the service from the config program


How to Connect

We only set up IPSec protocol, so we will be using this to connect. This protocol does not require any third party apps or clients to connect on Windows, Mac, iOS, Android, and other platforms.

I’m going to only include a Mac example but all other platforms have similar fields to be filled out

    • Open Network preferences and click on the “+” to add a new connection and select VPN then select the protocol
    • Specify the domain or IP address of your Raspberry Pi (the WAN IP address or domain name)
    • Then click on the “Authentication Settings…” to specify the username, password and shared secret
  • Save the changes and test your connection

7 thoughts on “Set up VPN Server on Raspberry Pi”

    1. These are all IPSec ports, but in fact when looking at this again, it seems like 50 and 51 will not actually work and 500 and 4500 UDP would be sufficient.

  1. error message appears after hitting ENTERs,

    Error occurred. (Error code: 2)
    Protocol error occurred. Error was returned from the destination server.

    config is aborted…

    What should I do??

    1. The Softether server by default to run on port 443, if you server also hosts normal https then 443 is already taken and so Softether can’t bind to it.

      By default Softether also listens on 992, 1194, and 5555 so the sollution is to modify specify `localhost:5555` when executing the `vpncmnd`

Leave a Reply