Raspberry Pi with Raspbian Jessie configuration adventure
Posted: Sat Dec 03, 2016 6:32 pm
I decided to post the results of my adventure in configuring a raspberry pi with Raspbian Jessie.
Most of the tutorials out there are for early version of Raspbian, and since I'm using Jessie, that has a new network configuration setup that I would like to respect. Also some tutorials are over complicated with some sleepy ZZzzz.... scripts , and some nasty side effects, like no internet connection after the server is up.
So here's the problem, I wanted to connect my devices (laptop and android phone), to my local network, but I wanted be able to enable the vpn connection on-demand meaning, I only wanted to change the adapters configuration if I started the vpn server and keep the ip's after all the changes. I'm not a network admin so if there is something terribly wrong with this setup causing nuclear havoc, I cannot be held accountable for, so you have been warned.
My Pi has a static ip of 192.168.101.6 assigned outside of the DHCP pool.
Here's my network topology
Home
Ip address range : 192.168.101.1/255.255.255.0
Router/Gateway : 192.168.101.1
DHCP range : 192.168.101.50-192.168.101.250
Pi address : 192.168.101.6
Work
Ip range 192.168.1.1/255.255.255.0
Lets go to work!
1 - Download and install the vpn server.
2 - From SoftEther VPN Server Management go to Local Bridge Settings remove all previous bridges and create a Tap adapter, so go to New Tap Device name and write "soft". Softether will create a tap_soft device for you. You can check it by issuing the "ip a" command.
This step ensures that the pi is also accessible from the vpn connection, so now I can access it at 192.168.101.6 .
3 - Enable ip4 forwarding
nano /etc/sysctl.conf
Uncomment this line
net.ipv4.ip_forward = 1
4? - Add the bridge adapter (br0) but do not enable it for now - (I do not use this step so it may not be necessary)
nano /etc/network/interfaces
change the file so it looks like this
....
allow-hotplug eth0
iface eth0 inet manual
#auto br0
iface br0 inet manual
bridge_ports eth0
bridge_stp off
bridge_waitport 0
bridge_maxwait 0
bridge_fd 0
....
5 - Configure ip and routing in the dhcpcd service
nano /etc/dhcpcd.conf
change the file and add this lines
....
interface eth0
static ip_address=192.168.101.6/24
static routers=192.168.101.1
static domain_name_servers=8.8.8.8 8.8.4.4 192.168.101.1
interface br0
static ip_address=192.168.101.6/24
static routers=192.168.101.1
static domain_name_servers=8.8.8.8 8.8.4.4 192.168.101.1
....
6 - Create the startVPN script
nano startVPN.sh
Add this lines
#!/bin/bash
echo "Switching from eth0 to br0"
# set up bridge
ip link add br0 type bridge
ip link set eth0 master br0
# flush eth0 configuration
ip addr flush dev eth0
ip link set dev br0 up
./vpnserver/vpnserver start
while [ -z "`ifconfig | grep tap_soft`" ]
do
echo "Wait for vpn adapter"
sleep 2
done
echo "Found VPN adapter, attaching to bridge."
ip link set dev tap_soft master br0
7 - chmod +x startVPN.sh, and your done!
Now I can connect from my work, the vpn adapter is assigned an ip from the dhcp server on my home router in the 192.168.101.x range, so no need to enable the SecureNat service.
Here is a link to the files, https://gist.github.com/ruimgoncalves/9 ... 20d89981b7
Hope this is helpful for you!
Most of the tutorials out there are for early version of Raspbian, and since I'm using Jessie, that has a new network configuration setup that I would like to respect. Also some tutorials are over complicated with some sleepy ZZzzz.... scripts , and some nasty side effects, like no internet connection after the server is up.
So here's the problem, I wanted to connect my devices (laptop and android phone), to my local network, but I wanted be able to enable the vpn connection on-demand meaning, I only wanted to change the adapters configuration if I started the vpn server and keep the ip's after all the changes. I'm not a network admin so if there is something terribly wrong with this setup causing nuclear havoc, I cannot be held accountable for, so you have been warned.
My Pi has a static ip of 192.168.101.6 assigned outside of the DHCP pool.
Here's my network topology
Home
Ip address range : 192.168.101.1/255.255.255.0
Router/Gateway : 192.168.101.1
DHCP range : 192.168.101.50-192.168.101.250
Pi address : 192.168.101.6
Work
Ip range 192.168.1.1/255.255.255.0
Lets go to work!
1 - Download and install the vpn server.
2 - From SoftEther VPN Server Management go to Local Bridge Settings remove all previous bridges and create a Tap adapter, so go to New Tap Device name and write "soft". Softether will create a tap_soft device for you. You can check it by issuing the "ip a" command.
This step ensures that the pi is also accessible from the vpn connection, so now I can access it at 192.168.101.6 .
3 - Enable ip4 forwarding
nano /etc/sysctl.conf
Uncomment this line
net.ipv4.ip_forward = 1
4? - Add the bridge adapter (br0) but do not enable it for now - (I do not use this step so it may not be necessary)
nano /etc/network/interfaces
change the file so it looks like this
....
allow-hotplug eth0
iface eth0 inet manual
#auto br0
iface br0 inet manual
bridge_ports eth0
bridge_stp off
bridge_waitport 0
bridge_maxwait 0
bridge_fd 0
....
5 - Configure ip and routing in the dhcpcd service
nano /etc/dhcpcd.conf
change the file and add this lines
....
interface eth0
static ip_address=192.168.101.6/24
static routers=192.168.101.1
static domain_name_servers=8.8.8.8 8.8.4.4 192.168.101.1
interface br0
static ip_address=192.168.101.6/24
static routers=192.168.101.1
static domain_name_servers=8.8.8.8 8.8.4.4 192.168.101.1
....
6 - Create the startVPN script
nano startVPN.sh
Add this lines
#!/bin/bash
echo "Switching from eth0 to br0"
# set up bridge
ip link add br0 type bridge
ip link set eth0 master br0
# flush eth0 configuration
ip addr flush dev eth0
ip link set dev br0 up
./vpnserver/vpnserver start
while [ -z "`ifconfig | grep tap_soft`" ]
do
echo "Wait for vpn adapter"
sleep 2
done
echo "Found VPN adapter, attaching to bridge."
ip link set dev tap_soft master br0
7 - chmod +x startVPN.sh, and your done!
Now I can connect from my work, the vpn adapter is assigned an ip from the dhcp server on my home router in the 192.168.101.x range, so no need to enable the SecureNat service.
Here is a link to the files, https://gist.github.com/ruimgoncalves/9 ... 20d89981b7
Hope this is helpful for you!