VPN server with Raspberry PI (IPSec / L2TP Raspbian)

Maciej

4 min readSep 18, 2020

Prerequisite

Raspberry PI with Raspbian installed
Windows machine (same network as Raspberry PI)

What can be achieved after successful configuration ?

Raspberry PI becomes VPN server (IPSec over L2TP compatible)
VPN connection is possible from Windows, Mac, iPhone, Android, etc.
User addition and path change are possible from Windows with GUI
SoftEther DDNS name can be used

Steps that we have to do

Preparation of Raspberry
Raspberry Pi initial settings
IPSec VPN Server Settings with SoftEther VPN
Router settings
Firewall settings

1. Preparation of Raspberry Pi

Buy and prepare a Raspberry Pi! Those who use the initial model should be careful about power shortages such as wireless LAN adapters.

2. Raspberry Pi initial settings

The distribution uses Raspbian this time. Please download from the official page below and write the image to SD according to the setting manual.

Raspberry Pi Downloads - Software for the Raspberry Pi

Raspberry Pi OS (previously called Raspbian) is our official operating system for all models of the Raspberry Pi.

www.raspberrypi.org

Then is the same initial action when using Linux.

sudo apt-get update
sudo apt-get upgrade

We can also updated the firmware

sudo rpi-update

3. IPSec VPN Server Settings with SoftEther VPN

Configuration on RaspberryPI

Download SoftEther Server

SoftEther Download Center

Edit description

www.softether-download.com

Go to Download->SoftEther VPN->SoftEther VPN Server-> Linux-> ARM EABI(32bit) and choose Latest Build.

I don’t like to work as root so much, but since all SoftEther official documents are root work, I work as root.

7.3 Install on Linux and Initial Configurations

This section describes how to install SoftEther VPN Server to a Linux operating system. This assumes that in the Linux…

www.softether.org

# wget https://www.softether-download.com/files/softether/v4.34-9745-rtm-2020.04.05-tree/Linux/SoftEther_VPN_Server/32bit_-_ARM_EABI/softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-arm_eabi-32bit.tar.gz
# tar zxvf softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-arm_eabi-32bit.tar.gz
# cd vpnserver
# make
id you read and understand the License Agreement ?
(If you couldn't read above text, Please read 'ReadMeFirst_License.txt'
 file with any text editor.)1. Yes
...
1
...
make[1]: Leaving directory '/root/vpnserver'root@raspberrypi:~/vpnserver# cd ../
root@raspberrypi:~# mv vpnserver /usr/local/
root@raspberrypi:~# rm softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-arm_eabi-32bit.tar.gz 
root@raspberrypi:~# cd /usr/local/vpnserver/
root@raspberrypi:/usr/local/vpnserver# chmod 600 *
root@raspberrypi:/usr/local/vpnserver# chmod 700 vpncmd
root@raspberrypi:/usr/local/vpnserver# chmod 700 vpnserver
root@raspberrypi:/usr/local/vpnserver# ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.34 Build 9745   (English)
Compiled 2020/04/04 17:53:35 by yagi at pc30
Copyright (c) SoftEther VPN Project. All Rights Reserved.By using vpncmd program, the following can be achieved.1. Management of VPN Server or VPN Bridge 
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)Select 1, 2 or 3: 3VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used.VPN Tools>check
Check command - Check whether SoftEther VPN Operation is Possible
---------------------------------------------------
SoftEther VPN Operation Environment Check ToolCopyright (c) SoftEther VPN Project.
All Rights Reserved.If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait...Checking 'Kernel System'... 
              Pass
Checking 'Memory Operation System'... 
              Pass
Checking 'ANSI / Unicode string processing system'... 
              Pass
Checking 'File system'... 
              Pass
Checking 'Thread processing system'... 
              Pass
Checking 'Network system'... 
              PassAll checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system.The command completed successfully.VPN Tools>exit

Edit init script with pico editor

root@raspberrypi:/usr/local/vpnserver# pico /etc/init.d/vpnserver

Then we must install chkconfig package and add our vpnserver

root@raspberrypi:/usr/local/vpnserver# apt-get install chkconfig

root@raspberrypi:/usr/local/vpnserver# chkconfig vpnserver on
root@raspberrypi:/usr/local/vpnserver# chkconfig vpnserver --list
vpnserver                 0:off  1:off  2:on   3:on   4:on   5:on   6:off

Configuration on Windows

Download and install SoftEther on your Windows machine.

4. Router configuration

IPSec uses UDP 500 and 4500, so map them to the Raspberry PI IP. Also, map the protocol esp in the same way. Ports for managing softether (such as 443) are also used separately, but it is recommended that these are dedicated from the intranet and not mapped from the router.

5. Firewall settings

Please also set the firewall with IPTables etc. At this time, make sure that you can access the SoftEther management port (at least from the intranet) in addition to the port used by IPSec.

End conclusion

You can now make a VPN connection with IPSec over L2TP!

I think the pattern of using openswawn is good, but it was difficult to set up and it took a lot of time. .. Compared to that, using SoftEther, it took less than 60 minutes to set up, so it is recommended!