Jump to content

Anyone around to help me make VPN work on BananaPi


sibianul

Recommended Posts

I installed the SoftetherVPN using the script provided in Armbian distribution, than I configured it from my windows machine, using the VPN Server manager application downloaded from softether website.

 

When I try to connect  from my iPhone I get an error "The L2TP-VPN server did not respond. Try reconnecting. If the problem persists ..." What I didn't do , is opening ports in my router, do I need to forward 443, 992, 1194,  5555 to my BananaPi IP in my router ?

 

Some more details I posted on the softether forum, but it seems there is noone around to answer, and alot of spam is posted daily :(

 

Thank you.

VPN Tools>check
Check command - Check whether SoftEther VPN Operation is Possible
---------------------------------------------------
SoftEther VPN Operation Environment Check Tool

Copyright (c) SoftEther VPN Project.
All Rights Reserved.

If this operation environment check tool is run on a system and that system passes, it is most likely that Soft Ether VPN software can operate on that system. This check may take a while. Please wait...

Checking 'Kernel System'...
Pass
Checking 'Memory Operation System'...
Pass
Checking 'ANSI / Unicode string processing system'...
Pass
Checking 'File system'...
Pass
Checking 'Thread processing system'...
Pass
Checking 'Network system'...
Pass

All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system.

The command completed successfully.

VPN Tools>

 

Link to comment
Share on other sites

I think I will try to open all ports I see in VPN Server manager, as I opened the 5555 port, forwarded to my BananaPi IP, but I'm still not able to connect to the VPN.

 

Any other ideea of what to check, is welcome.

 

 

router opened port.jpg

Link to comment
Share on other sites

15 minutes ago, sibianul said:

 

I think I will try to open all ports I see in VPN Server manager, as I opened the 5555 port, forwarded to my BananaPi IP, but I'm still not able to connect to the VPN.

 


Now it's perhaps time for VPN server and client debugging, checking their manual / FAQ. Regarding your router, there is nothing else to do.

Link to comment
Share on other sites

I have a working installation of softether vpn server running on a cubietruck with the latest armbian (debian) Jessie mainline release.

You do not need to open port 5555 on the router if you do not need to administrate the vpn server from outside your local network.

If you have other servers on the machine, I would recommend that you disable the rest of the administration ports (443 etc)

You need to port forward UDP ports 500 and 4500 to you server.

1. First you need to have a startup script (i do not know if the armbian script is doing that automatically). Take a look here https://www.softether.org/4-docs/1-manual/7._Installing_SoftEther_VPN_Server/7.3_Install_on_Linux_and_Initial_Configurations

2. You also need to decide if the ip to the client will be provided by the vpn server installation or the router. If it will be provided by the router, don't enable dhcp server on the vpn server installation.

3. You need to setup a user in the hub and the relevant authentication method. Try at first only password for quick testing

4. Setup a vpn connection on your phone. I do not use iphone so i can not provide any help. On android it is straight forward, for password authentication you provide username, password, the server (ip or dynamic dns) and the IPsec Pre-Shared Key. Take a look here: https://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server/1.Setup_L2TP%2F%2F%2F%2FIPsec_VPN_Server_on_SoftEther_VPN_Server

 

Link to comment
Share on other sites

Thank you guys, I have forwarded those 2 ports also, as lampra suggested and now I can connect on my VPN. Awesome! ... but :)

 

The internet is working on my mobile, through the VPN, but I wanted the VPN to be able to access a website hosted on the BananaPi (and not open up that port to public), if I try to connect to 192.168.1.40 nothing loads on my mobile.

 

Now I have to find the DHCP setting and disable it in the VPN software , as I think this could be the problem, I don;t want my VPN to assign IP's, but let my router do this.

Link to comment
Share on other sites

I am not sure if your new problem is the dhcp server, even if it is enabled in the vpn server.

I host owncloud on my cubietruck and I am not always able to connect and eg upload photos. I have not tracked down if the problem is at the server side or the client side.

If your webserver uses port 443, then this might be the problem. You need to disable this port in the administative interface of the vpn server.

If not, you might need a local bridge but this is complicated for me. I purchased  usb to ethernet as I did not want to play with tun-tap devices for the site to site vpn bridge.

Link to comment
Share on other sites

Apache server as I know doesn't use 443 port, is this commmand helping? As it seems that port is only used by  vpnserver

 

root@banana:~# sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      1590/master
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      964/vpnserver
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      14289/smbd
tcp        0      0 0.0.0.0:992             0.0.0.0:*               LISTEN      964/vpnserver
tcp        0      0 127.0.0.1:10023         0.0.0.0:*               LISTEN      1238/postgrey.pid -
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      1575/amavisd-new (m
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      4635/mysqld
tcp        0      0 0.0.0.0:1194            0.0.0.0:*               LISTEN      964/vpnserver
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      14289/smbd
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      1590/master
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      711/memcached
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      763/dovecot
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      1/init
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      1590/master
tcp        0      0 0.0.0.0:5555            0.0.0.0:*               LISTEN      964/vpnserver
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      722/sshd
tcp6       0      0 :::25                   :::*                    LISTEN      1590/master
tcp6       0      0 :::443                  :::*                    LISTEN      964/vpnserver
tcp6       0      0 :::445                  :::*                    LISTEN      14289/smbd
tcp6       0      0 :::992                  :::*                    LISTEN      964/vpnserver
tcp6       0      0 ::1:10024               :::*                    LISTEN      1575/amavisd-new (m
tcp6       0      0 :::1194                 :::*                    LISTEN      964/vpnserver
tcp6       0      0 :::587                  :::*                    LISTEN      1590/master
tcp6       0      0 :::139                  :::*                    LISTEN      14289/smbd
tcp6       0      0 :::110                  :::*                    LISTEN      763/dovecot
tcp6       0      0 :::143                  :::*                    LISTEN      1/init
tcp6       0      0 :::80                   :::*                    LISTEN      326/apache2
tcp6       0      0 :::465                  :::*                    LISTEN      1590/master
tcp6       0      0 :::5555                 :::*                    LISTEN      964/vpnserver
tcp6       0      0 :::22                   :::*                    LISTEN      722/sshd
udp        0      0 127.0.0.1:11211         0.0.0.0:*                           711/memcached
udp        0      0 127.0.0.1:500           0.0.0.0:*                           964/vpnserver
udp        0      0 192.168.1.40:500        0.0.0.0:*                           964/vpnserver
udp        0      0 0.0.0.0:20559           0.0.0.0:*                           964/vpnserver
udp        0      0 192.168.1.255:137       0.0.0.0:*                           14352/nmbd
udp        0      0 192.168.1.40:137        0.0.0.0:*                           14352/nmbd
udp        0      0 0.0.0.0:137             0.0.0.0:*                           14352/nmbd
udp        0      0 192.168.1.255:138       0.0.0.0:*                           14352/nmbd
udp        0      0 192.168.1.40:138        0.0.0.0:*                           14352/nmbd
udp        0      0 0.0.0.0:138             0.0.0.0:*                           14352/nmbd
udp        0      0 0.0.0.0:35488           0.0.0.0:*                           963/vpnserver
udp        0      0 127.0.0.1:1194          0.0.0.0:*                           964/vpnserver
udp        0      0 192.168.1.40:1194       0.0.0.0:*                           964/vpnserver
udp        0      0 0.0.0.0:46305           0.0.0.0:*                           964/vpnserver
udp        0      0 127.0.0.1:4500          0.0.0.0:*                           964/vpnserver
udp        0      0 192.168.1.40:4500       0.0.0.0:*                           964/vpnserver
udp        0      0 0.0.0.0:34214           0.0.0.0:*                           964/vpnserver
udp        0      0 0.0.0.0:59310           0.0.0.0:*                           964/vpnserver
udp6       0      0 ::1:500                 :::*                                964/vpnserver
udp6       0      0 fe80::56:4ff:fe41:d:500 :::*                                964/vpnserver
udp6       0      0 ::1:1194                :::*                                964/vpnserver
udp6       0      0 fe80::56:4ff:fe41::1194 :::*                                964/vpnserver
udp6       0      0 ::1:4500                :::*                                964/vpnserver
udp6       0      0 fe80::56:4ff:fe41::4500 :::*                                964/vpnserver

 

I could only find this section in the VPN manager that has something to do with the DHCP, is this the place where I can enable/disable the DHCP server ? I think now it's disabled .

 

 

vpn.jpg

Link to comment
Share on other sites

On 27/7/2017 at 11:36 AM, lampra said:

I tested the solution and it works fine for me. I am able to reach servers in the lan on the same machine now

As proposed, I created the following /etc/network/interfaces.d/softether.cfg file:
 

allow-hotplug tap_MyVirtualHub
iface tap_MyVirtualHub inet dhcp
metric 300 

Edit: To clarify, this solution if for accessing servers on the same machine that the vpn server is running on.

Edited by lampra
Link to comment
Share on other sites

On 7/26/2017 at 8:48 PM, lampra said:

I have a working installation of softether vpn server running on a cubietruck with the latest armbian (debian) Jessie mainline release.

You do not need to open port 5555 on the router if you do not need to administrate the vpn server from outside your local network.

If you have other servers on the machine, I would recommend that you disable the rest of the administration ports (443 etc)

You need to port forward UDP ports 500 and 4500 to you server.

1. First you need to have a startup script (i do not know if the armbian script is doing that automatically). Take a look here https://www.softether.org/4-docs/1-manual/7._Installing_SoftEther_VPN_Server/7.3_Install_on_Linux_and_Initial_Configurations

2. You also need to decide if the ip to the client will be provided by the vpn server installation or the router. If it will be provided by the router, don't enable dhcp server on the vpn server installation.

3. You need to setup a user in the hub and the relevant authentication method. Try at first only password for quick testing

4. Setup a vpn connection on your phone. I do not use iphone so i can not provide any help. On android it is straight forward, for password authentication you provide username, password, the server (ip or dynamic dns) and the IPsec Pre-Shared Key. Take a look here: https://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server/1.Setup_L2TP%2F%2F%2F%2FIPsec_VPN_Server_on_ SoftEther _VPN_Server

 

Thanks mate, i dont know whats difference but this works for me

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines