VPN servers are a great way to make sure your connection is secure and safe specially when you are connected to open or shared Wifi network. This tutorial will show you how you can set up your own VPN server at you home on Raspberry Pi, so all your connections on remote devices go through this server as if you were connected to your home Wifi.

The software that I am using – Softether – is a free and open source server that allows you to set up multiple VPN protocols. We will only be setting IPSec protocol that uses secure and encrypted connections for your VPN.

Prep

Set port forwarding for your Raspberry Pi on your router to forward 50, 51, 500, and 4500

Login to your Raspberry Pi and open terminal (or ssh into it)
login as root

sudo su

Download Softether server from their website

I am using the Primary Download Server, which will open in a new site where you can choose the version of the server. Select the component, platform and CPU as follows:

Copy the link of the download file to use it in the terminal on Raspberry Pi
Download the server

wget http://www.softether-download.com/files/softether/v4.21-9613-beta-2016.04.24-tree/Linux/SoftEther_VPN_Server/32bit_-_ARM_EABI/softether-vpnserver-v4.21-9613-beta-2016.04.24-linux-arm_eabi-32bit.tar.gz

Extract the files

tar zxvf softether-vpnserver-v4.21-9613-beta-2016.04.24-linux-arm_eabi-32bit.tar.gz

Change the directory to the newly extracted directory

cd vpnserver

Installation & Config.

While inside the vpnserver directory and as a root run the make command

make

Read and agree to the License Agreement to continue the installation
Once finished go to parent directory

cd ../

Then move the vpnserver directory to /usr/local/

mv vpnserver /usr/local/

Go into the directory we just moved

cd /usr/local/vpnserver/

Now set the permissions

chmod 600 * && chmod 700 vpncmd vpnserver

Test your installation by starting the VPN server

./vpncmd

If successful, select any of the options, then type exit to exit the program (I selected 3)

Set up auto run to make the VPN server start at boot by creating a file in /etc/init.d/ named vpnserver.
Content of vpnserver file:

#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
vpnserver

User one of the following options to edit the file:


You can use nano

nano /etc/init.d/vpnserver

Then paste the content of the file and save (press Ctrl + x, then Y to save the changes)

OR

You can use vim

vim /etc/init.d/vpnserver

Change to insert mode by typing the letter I. Then, paste and save by pressing ESC, then :wq


Now set the proper permissions

chmod 755 /etc/init.d/vpnserver

Verify that the script works by running the command

/etc/init.d/vpnserver start

Finally, register the startup script

update-rc.d vpnserver defaults

Set the VPN Server password by running the ./vpncmda and selecting option 1

Hit Enter for each question to use the default value until you see “You have administrator privileges for the entire VPN Server” message

Then use the command SeverPasswordSet to set the admin password

Then exit

Finally reboot your PI

Setting up Users

After the Pi restarts and the server is running, you need to start the config program using:

sudo /usr/local/vpnserver/vpncmd

Select number 1
Leave “Hostname of IP Address of Destination” blank and hit Enter
Leave “Specify Virtual Hub Name” and hit Enter
You will be asked to enter the password, this is the server password you set up earlier

Create a Hub using HubCreate command followed by the name of the hub (you can name it anything, I named it VPN) and specify the password for that hub, this is the admin password for this hub.

HubCreate VPN

Select the Hub you just created

Now enable IPSec protocol. Answer “yes” for all the questions, and specify the default hub (the one you created) and the shared secret for that hub. This will be used when connecting to the server

IPsecEnable

Enable secure NAT

SecureNatEnable

Now add your first user using UserCreate followed by the username, you can leave all the fields blank

UserCreated hbattat

Finally set the password for the newly created user

UserPasswordSet hbattat

Lastly, reboot the service from the config program

Reboot

How to Connect

We only set up IPSec protocol, so we will be using this to connect. This protocol does not require any third party apps or clients to connect on Windows, Mac, iOS, Android, and other platforms.

I’m going to only include a Mac example but all other platforms have similar fields to be filled out

Open Network preferences and click on the “+” to add a new connection and select VPN then select the protocol

Specify the domain or IP address of your Raspberry Pi (the WAN IP address or domain name)

Then click on the “Authentication Settings…” to specify the username, password and shared secret

Save the changes and test your connection