5m0k3
Posts: 5
Joined: Tue Aug 14, 2012 4:38 pm

VPN Server Tutorial

Tue Aug 14, 2012 6:05 pm

There has been a fair amount of interest in using a Raspberry Pi as a VPN Server, but until now there has been no clear step-by-step guide for setting one up. I've finally decided to create such a guide. The tutorial also addresses setting up a dynamic DNS service on your Raspberry Pi. Hopefully you find it useful. If you have any questions, please let me know.

http://wellsb.com/post/29412820494/rasp ... vpn-server

scottcjordan
Posts: 6
Joined: Sat Jun 30, 2012 11:12 pm

Re: VPN Server Tutorial

Thu Aug 30, 2012 10:21 pm

Two ways documented on my blog: http://unvexed.blogspot.com/2012/08/how ... d-vpn.html and http://unvexed.blogspot.com/2012/08/how ... e-web.html (PPTP and SSH-based, respectively)

hbarnwheeler
Posts: 1
Joined: Fri Aug 31, 2012 2:15 pm

Re: VPN Server Tutorial

Fri Aug 31, 2012 2:20 pm

From my understanding, L2TP over IPsec is much more secure than PPTP (see http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol). Is there some reason you didn't go this route?

I will be receiving my Raspberry Pi soon and plan to use L2TP, if possible. I found the following tutorials which I hope will work.

http://wiki.debian.org/HowTo/iPhoneVPNServer
http://blog.bertelsen.co/2012/02/debian ... erver.html

errorcode
Posts: 3
Joined: Mon Sep 03, 2012 4:47 am

Re: VPN Server Tutorial

Mon Sep 03, 2012 4:49 am

A PPTP VPN relies on the MS-CHAPv2. MS-CHAPv2 was recently proven to be insecure and can easily be cracked utilizing cloudcracker. Here is a link:

https://www.cloudcracker.com/blog/2012/ ... s-chap-v2/

errorcode
Posts: 3
Joined: Mon Sep 03, 2012 4:47 am

Re: VPN Server Tutorial

Mon Sep 03, 2012 4:27 pm

hbarnwheeler wrote:From my understanding, L2TP over IPsec is much more secure than PPTP (see http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol). Is there some reason you didn't go this route?

I will be receiving my Raspberry Pi soon and plan to use L2TP, if possible. I found the following tutorials which I hope will work.

http://wiki.debian.org/HowTo/iPhoneVPNServer
http://blog.bertelsen.co/2012/02/debian ... erver.html
Actually, IPsec is just as easy to crack as PPTP. OpenVPN should be utilized if possible.

Jungle-Boogie
Posts: 3
Joined: Sun Sep 02, 2012 7:14 am
Location: Simi Valley, California

Re: VPN Server Tutorial

Mon Sep 03, 2012 5:48 pm

errorcode wrote: Actually, IPsec is just as easy to crack as PPTP. OpenVPN should be utilized if possible.
Agreed. Please make a tutorial on using openVPN.

5m0k3
Posts: 5
Joined: Tue Aug 14, 2012 4:38 pm

Re: VPN Server Tutorial

Mon Sep 03, 2012 11:13 pm

The source acknowledges this fact. When I have time, I'll work on an OpenVPN solution.
Keep in mind, PPTP is inherently less secure than an OpenVPN protocol solution. However, it’s much easier to set up on a Raspberry Pi :)

65coupei6
Posts: 27
Joined: Wed Jul 18, 2012 1:29 am

Re: VPN Server Tutorial

Wed Sep 05, 2012 12:08 am

OpenVPN on the RPI
This is not mine. I just found it and have not tried it yet.

http://sandeepmore.com/blog/2012/08/21/ ... tatic-key/

Piminiuser
Posts: 73
Joined: Wed May 30, 2012 1:15 pm

Re: VPN Server Tutorial

Tue Apr 02, 2013 10:51 am

65coupei6 wrote:OpenVPN on the RPI
This is not mine. I just found it and have not tried it yet.

http://sandeepmore.com/blog/2012/08/21/ ... tatic-key/

This one will 100% work :) http://raspberrypihelp.net/tutorials/1- ... r-tutorial

Liquidant
Posts: 11
Joined: Thu Jan 10, 2013 6:28 pm

Re: VPN Server Tutorial

Tue Apr 02, 2013 5:26 pm

I used this tutorial and I'm happy to say it works great. I can connect to the VPN and access my samba shares on my iphone and stream my movies just how I wanted.

Only problem I've found was this.

At my friends house I connected to his wireless then connected to my VPN so I could show him the streaming of the movies.

This worked great

I proceeded to create a VPN log in for my friend as well as adding him as a user on my RPi and on samba.

when I checked I noticed that the VPN was giving us both the same ip address 192.168.0.235

thus stopping my friend from logging into the RPi with his username and password.

I confirmed this by disconnecting from the VPN and logging my friend in on his iphone.


I have set remote ip to be between 230 - 245 in the pptpd.conf

Any one know why it would connect us to the same ip

Piminiuser
Posts: 73
Joined: Wed May 30, 2012 1:15 pm

Re: VPN Server Tutorial

Wed Apr 03, 2013 7:55 pm

Liquidant wrote:I used this tutorial and I'm happy to say it works great. I can connect to the VPN and access my samba shares on my iphone and stream my movies just how I wanted.

Only problem I've found was this.

At my friends house I connected to his wireless then connected to my VPN so I could show him the streaming of the movies.

This worked great

I proceeded to create a VPN log in for my friend as well as adding him as a user on my RPi and on samba.

when I checked I noticed that the VPN was giving us both the same ip address 192.168.0.235

thus stopping my friend from logging into the RPi with his username and password.

I confirmed this by disconnecting from the VPN and logging my friend in on his iphone.


I have set remote ip to be between 230 - 245 in the pptpd.conf

Any one know why it would connect us to the same ip
The only thing you did was adding 1 extra username + password in the /etc/ppp/chap-secrets file?

Liquidant
Posts: 11
Joined: Thu Jan 10, 2013 6:28 pm

Re: VPN Server Tutorial

Fri Apr 05, 2013 5:25 pm

no got 3 users in the chap-secrets file.


I seem to have fixed it.

I edited the /etc/pptpd.conf file

and instead of setting

localip and remoteip

I just uncommented remoteip and gave it a range from 192.168.0200 to 245

now when I get more than 1 device connecting it issues the ip correctly.

I think this is to do with the arpproxy but I could be wrong. Either way it seems to be working ok now.


User avatar
DougieLawson
Posts: 36161
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: VPN Server Tutorial

Sun Feb 09, 2014 4:32 pm

Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

Return to “Networking and servers”