Page 1 of 1

Raspberry Pi with Raspbian Jessie configuration adventure

Posted: Sat Dec 03, 2016 6:32 pm
by ruimgoncalves
I decided to post the results of my adventure in configuring a raspberry pi with Raspbian Jessie.

Most of the tutorials out there are for early version of Raspbian, and since I'm using Jessie, that has a new network configuration setup that I would like to respect. Also some tutorials are over complicated with some sleepy ZZzzz.... scripts , and some nasty side effects, like no internet connection after the server is up.

So here's the problem, I wanted to connect my devices (laptop and android phone), to my local network, but I wanted be able to enable the vpn connection on-demand meaning, I only wanted to change the adapters configuration if I started the vpn server and keep the ip's after all the changes. I'm not a network admin so if there is something terribly wrong with this setup causing nuclear havoc, I cannot be held accountable for, so you have been warned.
My Pi has a static ip of 192.168.101.6 assigned outside of the DHCP pool.

Here's my network topology

Home
Ip address range : 192.168.101.1/255.255.255.0
Router/Gateway : 192.168.101.1
DHCP range : 192.168.101.50-192.168.101.250
Pi address : 192.168.101.6

Work
Ip range 192.168.1.1/255.255.255.0

Lets go to work!

1 - Download and install the vpn server.

2 - From SoftEther VPN Server Management go to Local Bridge Settings remove all previous bridges and create a Tap adapter, so go to New Tap Device name and write "soft". Softether will create a tap_soft device for you. You can check it by issuing the "ip a" command.
This step ensures that the pi is also accessible from the vpn connection, so now I can access it at 192.168.101.6 .

3 - Enable ip4 forwarding

nano /etc/sysctl.conf

Uncomment this line
net.ipv4.ip_forward = 1

4? - Add the bridge adapter (br0) but do not enable it for now - (I do not use this step so it may not be necessary)

nano /etc/network/interfaces

change the file so it looks like this

....
allow-hotplug eth0
iface eth0 inet manual

#auto br0
iface br0 inet manual
bridge_ports eth0
bridge_stp off
bridge_waitport 0
bridge_maxwait 0
bridge_fd 0
....

5 - Configure ip and routing in the dhcpcd service

nano /etc/dhcpcd.conf

change the file and add this lines

....
interface eth0
static ip_address=192.168.101.6/24
static routers=192.168.101.1
static domain_name_servers=8.8.8.8 8.8.4.4 192.168.101.1

interface br0
static ip_address=192.168.101.6/24
static routers=192.168.101.1
static domain_name_servers=8.8.8.8 8.8.4.4 192.168.101.1
....

6 - Create the startVPN script

nano startVPN.sh

Add this lines

#!/bin/bash
echo "Switching from eth0 to br0"

# set up bridge
ip link add br0 type bridge
ip link set eth0 master br0
# flush eth0 configuration
ip addr flush dev eth0
ip link set dev br0 up

./vpnserver/vpnserver start

while [ -z "`ifconfig | grep tap_soft`" ]
do
echo "Wait for vpn adapter"
sleep 2
done

echo "Found VPN adapter, attaching to bridge."
ip link set dev tap_soft master br0

7 - chmod +x startVPN.sh, and your done!

Now I can connect from my work, the vpn adapter is assigned an ip from the dhcp server on my home router in the 192.168.101.x range, so no need to enable the SecureNat service.

Here is a link to the files, https://gist.github.com/ruimgoncalves/9 ... 20d89981b7

Hope this is helpful for you!

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Posted: Mon Sep 25, 2017 3:04 pm
by ruimgoncalves
After some month using this configuration here's some updates

Everything works has advertised, I'm using this setup in production and can say it satisfies my needs!

The major problem I'm facing, from time to time, is when the network cable is unplugged. It seems the bridge interface does not reconnect and I have to reboot the machine to be able to reconnect to it. This is the major bummer, and if anyone has some ideas on how to overcome this problem please contact me. I managed to do a workaround and restart the networking service and the softether service but, this is a hack rather than a solution.

I have also changed the network topology a bit to avoid collision with 192.168.1.x networks, so my home ip address range is now 192.168.101.1 and all other networks are 192.168.1.x, 192.168.2.x, etc

Step 4 of my adventure seems not to be necessary since I removed it and everything is working just fine.

I'm going to try and change the configuration tutorial to accommodate this changes.

If anyone has some idea on how to resolve the network cable problem, please post or contact me.

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Posted: Sat Sep 01, 2018 9:15 am
by nayege
How can I setup my raspberry in order to execute the script startVPN.sh at boot? I tried with cron and placing a file on /etc/network/if-up.d but it doesn't work. Any idea?

Thank you!

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Posted: Sat Sep 01, 2018 9:54 pm
by ruimgoncalves
I created a simple systemd service and it works very well.

Use this file for reference.
https://gist.github.com/ruimgoncalves/f652f74f3a13b78ae4c18745baed67c3

Hope this helps.

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Posted: Sun Sep 02, 2018 8:02 am
by nayege
ruimgoncalves wrote:
> I created a simple systemd service and it works very well.
>
> Use this file for reference.
> https://gist.github.com/ruimgoncalves/f652f74f3a13b78ae4c18745baed67c3
>
> Hope this helps.

Simply perfect, thank you very much!

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Posted: Thu Sep 20, 2018 4:24 pm
by BobVVue
Thanks ruimgoncalves for this! I see you updated the startup to use systemd. I still use the old LSB and rc.d startup way in Rasberian Stretch on a rPi3. as I have a remote cabin with Verizon USB-modem and a rPi as the VPN server so I can see cameras and thermostat. Because Verizon bandwidth is 1g/month for $20, I can't just have the camera upload to the cloud willy-nilly. So I VPN into the rPi with Softether and view the live image or images stored locally on the cameras SDcard.

Works GREAT. Since this is a remote location, powered 24/7 and is hours away where I can't work on it if I loose connection, it has to take care of itself. The only problem is if the CraddlePoint router reboots due to lost Verizon signal (it does that), when the ethernet connection goes away from the rPi, the bridge is not re-established without a rPi reboot so I loose connection. I saw I'm not alone with this exact ethernet port problem, so I set up cron to reboot the rPi everynight at 11:03. And every 45 minutes cron job pings 8.8.8.8 (Google DNS) and reboots if can't get replies.

I have a 20 page doc I'm working on with screen shots on how to do this, from the start of installing Rasberrian. I don't want to steal your thunder, as you did all the heavy work here, I just wrapped it in extras like setting up VNC,downloading Softether and compiling and moving to right directories to screen shots of the the cron jobs to check connection. Shows Config of Softether using the Windows server manager. I did this so when the SD card dies in the rPi from over-use, I can rebuild without struggling. It took about 1 hour total time to run through this doc from first boot of rPi to working VPN. Initially, without this post and others, it was WAY longer to get rPi working. (Also looking at using an SSD instead of SDcard since rPi now boots from USB.)

Anyways, THANKS AGAIN! Without this, I was really struggling to get the bridging working in Linux on the rPi.

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Posted: Sun Oct 07, 2018 8:53 pm
by ruimgoncalves
BobVVue wrote:
Thu Sep 20, 2018 4:24 pm
...
Dear BobVVue

Thanks for your kind words, I would be honored to be referenced in your work, and would like very much to see it when it becomes available.

Thanks again!

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Posted: Mon Oct 08, 2018 6:29 am
by sky59
I undewent similar adventure with OrangePi Zero, see neighbouring thread...

Just one info: there is no need to create tap_soft interface and bridge it later, it is sufficient you make local bridge inside vpnserver package directly between VPN virtual hub and physical eth0

On openwrt for some reasons they do not use eth0 directly but create eth0.1, so in this case bridge VPN with eth0.1 (eth0 does not work no idea why)

one more note: I just implemented and tested positively vpnbridge into A5V11 router, but ROM memory needed to be changed from 4MB to 8MB
32MB RAM is just enough!

Re: Raspberry Pi with Raspbian Jessie configuration adventure

Posted: Mon Oct 08, 2018 11:15 am
by Bachpo
Nice topic. Thanks.