Sean-X · September 20, 2015 06:37 · Jun 24, 2014 · Jun 20, 2014 · Jun 17, 2014 · Jun 17, 2014
diff --git a/iptables.sh b/iptables.sh
@@ -9,6 +9,6 @@ sysctl -p
 
 echo "
 
-for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
+for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > \$vpn/accept_redirects; echo 0 > \$vpn/send_redirects; done
 iptables -A FORWARD -i br0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -A FORWARD -i br0 -o br0 -j ACCEPT" >> /etc/rc.local
diff --git a/interfaces b/interfaces
@@ -9,7 +9,7 @@ iface br0 inet dhcp
 	bridge_waitport 0
 	bridge_maxwait 0
 	bridge_fd 0
-	bridge_hw MACADDRESS
+	post-up ip link set br0 address MACADDRESS
 
 allow-hotplug eth0
-iface eth0 inet manual
+iface eth0 inet manual
diff --git a/step1.sh b/step1.sh
@@ -2,7 +2,7 @@
 DOWNLOADURL="http://www.softether-download.com/files/softether/v4.08-9449-rtm-2014.06.08-tree/Linux/SoftEther%20VPN%20Server/32bit%20-%20ARM%20EABI/softether-vpnserver-v4.08-9449-rtm-2014.06.08-linux-arm_eabi-32bit.tar.gz"
 sudo apt-get update
 sudo apt-get dist-upgrade -y
-sudo apt-get install vim git-core ufw moreutils lsof rpi-update build-essential curl -y
+sudo apt-get install vim git-core ufw moreutils lsof rpi-update build-essential curl bridge-utils -y
 sudo rpi-update
 
 sudo ./iptables.sh

diff --git a/step1.sh b/step1.sh
@@ -1,11 +1,12 @@
 #! /bin/bash
+DOWNLOADURL="http://www.softether-download.com/files/softether/v4.08-9449-rtm-2014.06.08-tree/Linux/SoftEther%20VPN%20Server/32bit%20-%20ARM%20EABI/softether-vpnserver-v4.08-9449-rtm-2014.06.08-linux-arm_eabi-32bit.tar.gz"
 sudo apt-get update
 sudo apt-get dist-upgrade -y
 sudo apt-get install vim git-core ufw moreutils lsof rpi-update build-essential curl -y
 sudo rpi-update
 
 sudo ./iptables.sh
-curl http://www.softether-download.com/files/softether/v4.04-9412-rtm-2014.01.15-tree/Linux/SoftEther%20VPN%20Server/32bit%20-%20ARM%20EABI/softether-vpnserver-v4.04-9412-rtm-2014.01.15-linux-arm_eabi-32bit.tar.gz -s | sudo tar xzvf - -C /usr/local/
+curl $DOWNLOADURL -s | sudo tar xzvf - -C /usr/local/
 pushd .
 cd /usr/local/vpnserver
 echo "1

diff --git a/step1.sh b/step1.sh
@@ -1,7 +1,7 @@
 #! /bin/bash
 sudo apt-get update
 sudo apt-get dist-upgrade -y
-sudo apt-get install vim git-core ufw moreutils lsof rpi-update -y
+sudo apt-get install vim git-core ufw moreutils lsof rpi-update build-essential curl -y
 sudo rpi-update
 
 sudo ./iptables.sh

diff --git a/README → Raspberry Pi L2TP VPN Setup Scripts b/README → Raspberry Pi L2TP VPN Setup Scripts
diff --git a/interfaces b/interfaces
@@ -1,4 +1,3 @@
-
 auto lo
 
 iface lo inet loopback

diff --git a/README b/README
@@ -0,0 +1,63 @@
+Install raspbian, set up your users however you would like, so long as you have
+sudo access on the user you are running this with. You probably want to resize
+the image so it fills the SD card as well.
+
+1) Copy this entire gist to your raspberry pi
+2) Run step1.sh
+    a) This script does a few things - it first updates your raspberry pi, then
+    it installs a few needed utilities, then it upgrades the firmware on your
+    raspberry pi
+    b) Next, it sets up a few iptables rules in /etc/rc.local. Please verify
+    that there is not an 'exit 0' statement before those rules are run, as the
+    'exit 0' will obviously prevent them from being loaded
+    c) It downloads softether for raspberry pi, extracts it to
+    /usr/local/vpnserver, agrees to the license terms, and then "makes" it. 
+    d) It changes the permissions as necessary on the /usr/local/vpnserevr files
+    e) It adds the ufw profile for l2tpvpn's and allows it (But it doesn't enable
+    ufw if it isn't already enabled)
+    f) It adds the init.d script to start up the vpn server on startup
+
+    A) Please enable ufw if you would like your pi to be more secure. The
+    IPTables and ufw rules should allow you to simple type 'sudo ufw enable' and
+    everything should work
+    B) Please check /etc/rc.local to ensure that 'exit 0' does not come before
+    the iptables commands
+    C) Unless you are confident in managing the services manually, please reboot
+    your pi to make sure everything is working nicely.
+
+2) Run step2.sh
+    a) This script sets up the softether VPN config for an L2TP/IPSec vpn
+    b) It will ask you various things in order and then stream-edit them into
+    a copy of the 'commands.in' file, which it will then use to configure the
+    softether server with.
+    c) This script only works with a clean-install of softether - if you have
+    already placed a password on softether, it will not work
+    d) The soft-ether admin password is used only to administer the server
+    using the vpncmd program or the softether gui for Windows
+    e) The IPSec secret is the shared secret for all the IPSec connection
+    f) The User/Pass are for one specific account, and do not have to match your
+    unix account
+    g) The script also grabs the mac address of the Raspberry Pi's 'eth0'
+    interface, and then sets up the /etc/network/interfaces to use a bridge with
+    that mac address rather than the ethernet adapter direction
+        1) This is because we have softether binding to a TAP, which we then
+        need to bridge together, so that we can access the raspberry pi via the
+        vpn. If we did a local bridge directly onto eth0, we would be able to
+        access everything but the raspberry pi when connected via VPN
+
+    A) Please check /etc/network/interfaces to make sure things look good! You
+    shouldn't see MACADDRESS in the file, and you should see it making a bridge,
+    and that eth0 is set to manual with no additional settings
+
+Lastly, which you must do on your own,
+
+Set up a dhcp reservation for your Raspberry Pi in your router (essentially a
+DHCP assigned static IP). If you cannot do this, you may want to mess around
+with the bridge settings and assign the pi a static IP that way. Then, you need
+to forward ports 1701tcp, 4500udp, and 500udp from your router to your Raspberry Pi
+
+That should be it! Feel free to message me if you have issues, but only if you
+are using a raspberrypi and raspbian. I may or may not be able to get back to
+you. If you make modifications to these scripts to work for other OS's, it might
+be nice if you shared them with us. If you have any tips on how I should improve
+my PI's, let me know!
diff --git a/commands.in b/commands.in
@@ -0,0 +1,21 @@
+ServerPasswordSet ADMINPASSWORD
+HubCreate VPN /PASSWORD:
+hubdelete default
+Hub VPN
+UserCreate USERNAME /GROUP:none /REALNAME:none /NOTE:none
+UserPasswordSet USERNAME /PASSWORD:TESTPASS
+OpenVPNEnable no /PORTS:1194
+sstpenable no
+SecureNatDisable
+natdisable
+dhcpdisable
+bridgecreate VPN /DEVICE:soft /TAP:yes
+ipsecenable /L2TP:yes /L2TPRAW:no /ETHERIP:no /PSK:TESTSECRET /DEFAULTHUB:VPN
+keepdisable
+vpnovericmpdnsenable /ICMP:no /DNS:no
+listenerdelete 1194
+listenerdelete 5555
+listenerdelete 992
+ServerCipherset AES256-SHA
+flush
+exit
diff --git a/interfaces b/interfaces
@@ -0,0 +1,16 @@
+
+auto lo
+
+iface lo inet loopback
+
+auto br0
+iface br0 inet dhcp
+	bridge_ports eth0
+	bridge_stp off
+	bridge_waitport 0
+	bridge_maxwait 0
+	bridge_fd 0
+	bridge_hw MACADDRESS
+
+allow-hotplug eth0
+iface eth0 inet manual
diff --git a/iptables.sh b/iptables.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+iptables --table nat --append POSTROUTING --jump MASQUERADE
+echo "net.ipv4.ip_forward = 1" |  tee -a /etc/sysctl.conf
+echo "net.ipv4.conf.all.accept_redirects = 0" |  tee -a /etc/sysctl.conf
+echo "net.ipv4.conf.all.send_redirects = 0" |  tee -a /etc/sysctl.conf
+for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
+sysctl -p
+
+
+echo "
+
+for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
+iptables -A FORWARD -i br0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i br0 -o br0 -j ACCEPT" >> /etc/rc.local
diff --git a/l2tpvpn b/l2tpvpn
@@ -0,0 +1,4 @@
+[L2TPVPN]
+title=Johan's L2TP
+description=Dis is a VPN
+ports=500,1701,4500/udp|1701,1723/tcp
diff --git a/step1.sh b/step1.sh
@@ -0,0 +1,37 @@
+#! /bin/bash
+sudo apt-get update
+sudo apt-get dist-upgrade -y
+sudo apt-get install vim git-core ufw moreutils lsof rpi-update -y
+sudo rpi-update
+
+sudo ./iptables.sh
+curl http://www.softether-download.com/files/softether/v4.04-9412-rtm-2014.01.15-tree/Linux/SoftEther%20VPN%20Server/32bit%20-%20ARM%20EABI/softether-vpnserver-v4.04-9412-rtm-2014.01.15-linux-arm_eabi-32bit.tar.gz -s | sudo tar xzvf - -C /usr/local/
+pushd .
+cd /usr/local/vpnserver
+echo "1
+1
+1
+1
+" | sudo make
+popd
+sudo chmod 755 /usr/local/vpnserver
+sudo chmod 600 /usr/local/vpnserver/*
+sudo chmod 700 /usr/local/vpnserver/vpncmd
+sudo chmod 700 /usr/local/vpnserver/vpnserver
+
+sudo cp l2tpvpn /etc/ufw/applications.d/
+sudo chmod 644 /etc/ufw/applications.d/l2tpvpn
+sudo ufw allow L2TPVPN
+sudo ufw allow ssh
+
+sudo cp vpnserver /etc/init.d/
+sudo chmod 755 /etc/init.d/vpnserver
+sudo update-rc.d vpnserver defaults
+
+echo "Please enable UFW if you would like to be more secure (sudo ufw enable)"
+echo "Please check /etc/rc.local. If 'exit 0' occurs before the iptables rules,
+please edit so that 'exit 0' is after."
+
+echo "ATTENTION: Please restart before next step to ensure new raspberry pi 
+firmware is loaded and vpn server starts"
+
diff --git a/step2.sh b/step2.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+HOSTNAME=`hostname`
+CONFIGBASEFILENAME=commands.in
+NETWORKBASEFILENAME=interfaces
+mkdir .vpnsetuptemp
+cp $CONFIGBASEFILENAME $NETWORKBASEFILENAME .vpnsetuptemp/
+CONFIG=.vpnsetuptemp/$CONFIGBASEFILENAME
+CONFIG2=.vpnsetuptemp/$NETWORKBASEFILENAME
+echo "Please enter your softether admin password: "
+read softadmin
+echo "Please enter your IPSEC Secret: "
+read secret
+echo "Please enter your l2tp username: "
+read username
+echo "Please enter your l2tp password: "
+read pass
+sed -i "s/ADMINPASSWORD/$softadmin/g" $CONFIG
+sed -i "s/USERNAME/$username/g" $CONFIG
+sed -i "s/TESTPASS/$pass/g" $CONFIG
+sed -i "s/TESTSECRET/$secret/g" $CONFIG
+
+sed -i "s/MACADDRESS/`cat /sys/class/net/eth0/address`/g" $CONFIG2
+
+sudo /usr/local/vpnserver/vpncmd localhost:443 /SERVER /IN:$CONFIG
+
+sudo cp /etc/network/interfaces /etc/network/interfaces.orig.bak
+sudo cp $CONFIG2 /etc/network/interfaces
+
+
+sudo rm -r .vpnsetuptemp
+
+echo "You need to reboot for settings to take effect. PLEASE CHECK
+/etc/network/interfaces TO make sure things look right! If they do 
+not, please edit accordingly, especially if working remotely!!!!"
diff --git a/vpnserver b/vpnserver
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+### BEGIN INIT INFO
+# Provides:          vpnserver
+# Required-Start:    $network $syslog $remote_fs
+# Required-Stop:     $network $syslog $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: start firewall
+### END INIT INFO
+
+# chkconfig: 2345 99 01
+# description: SoftEther VPN Server
+DAEMON=/usr/local/vpnserver/vpnserver
+LOCK=/var/lock/vpnserver
+test -x $DAEMON || exit 0
+case "$1" in
+start)
+$DAEMON start
+touch $LOCK
+TIMEOUTCOUNTER=0
+MAXTIMEOUT=50
+SLEEPINTERVAL=0.5
+until ifconfig tap_soft 1>/dev/null 2>&1; do 
+    TIMEOUTCOUNTER=$((TIMEOUTCOUNTER + 1))
+    sleep $SLEEPINTERVAL
+    if (( $TIMEOUTCOUNTER > $MAXTIMEOUT )); then 
+        echo "Time out waiting for device to come online. Could not add to bridge" 1>&2
+        exit 1
+    fi
+done
+brctl addif br0 tap_soft
+;;
+stop)
+$DAEMON stop
+rm $LOCK
+;;
+restart)
+$DAEMON stop
+sleep 3
+$DAEMON start
+;;
+*)
+echo "Usage: $0 {start|stop|restart}"
+exit 1
+esac
+exit 0
No results found