Using a Raspberry Pi as a VPN?
2014-07
So I'm sure many of you have heard of the new Raspberry Pi project. I was looking at messing around with Model B, which has the following relevant specs:
Broadcom BCM2835 700MHz ARM1176JZFS processor with FPU and Videocore 4 GPU
256MB RAM
Boots from SD card, running the Fedora version of Linux (ARM Version)
10/100 BaseT Ethernet socket
USB 2.0 socket
So I was curious if it would be possible to create a simple VPN out of this little machine. I do realize that since it's an ARM processor that might mess up quite a few things. Any ideas if this is possible?
Just for what it's worth, this would be a personal project so I'm not worried about performance.
People have built OpenVPN for BeagleBoard, so, in the worst case, you should be able to do something similar. The Raspberry has a lot of press, so it's possible there'll be pre-compiled packages available in the near future, also.
I see this Fedora ARM package. I'm unfamiliar with the naming conventions for non-Intel builds, so I'm not sure if that fits, though.
I'm not a huge Linux expert by any means and so the various tutorials were not enough for me to get a PPTP VPN working on the Pi. I wanted PPTP as Windows 7 and iDevices support it out the box. I finally got it working and documented the process in my blog:
RaspberryPi as a PPTP VPN Server - HOWTO
In summary, yes the RasPi can definitely function as a VPN endpoint (that costs £35 and uses 5W electricity...) and it does so well. I used the Arch Linux distro but no reason Fedora shouldn't work. I haven't tried having more than two clients connected though.
It can run Fedora. You can get VPN code for Fedora, in fact it's powerful enough to run a decent Fedora desktop – it'll run a simple VPN just fine.
Maybe don't plan on using it for a corporation, but it'll work.
Two ways documented on my blog:
Look here:
How to Setup a VPN (PPTP) Server on Debian Linux
It tells you how to set up the pptpd service which is what you need. It works for me connecting from my iPhone with the VPN setting pointing to my Pi's IP.
There is no building or compiling or similar. Just apt-get
the pptp and configure your IP and user settings as described.
I've installed the Fedora 18 ARM Remix for Raspberry Pi onto the SD card of my RasPi (type B). When connected by HDMI, Fedora and XFCE4 come up fine and without the HDMI i'm able to login through SSH easily from my other Windows box in the same network. The Pi is connected by LAN cable to a simple home router which assigns private IP addresses in 192.168...
The problem is getting remote desktop through xrdp or vnc in this FEDORA 18 ARM (rpfr18). Remote desktop is quite simple to get up and running in Raspbian and I was able to 'sudo apt-get install xrdp vncserver' after which the remote desktop was reachable directly through mstsc and a VNC Client respectively from my Windows 7.
On Fedora I've installed xrdp and vncserver and have started them yet I'm not able to connect from Windows. I have done a fair amount of googling yet am unable to get remote desktop working on this Fedora on Pi from Windows 7. Help much appreciated...
This is what I've done so far through a putty SSH session :-
[root@pkrpfr18 prateek]# cat /etc/issue Fedora remix release 18 (Raspberrypi Fedora Remix) [prateek@pkrpfr18 ~]$ uname -a Linux pkrpfr18 3.6.11 #1 PREEMPT Fri Feb 15 14:07:09 EST 2013 armv6l armv6l armv6l GNU/Linux [prateek@pkrpfr18 ~]$ pifconfig lo inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING eth0 HWaddr b8:27:eb:e2:37:6f inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST [prateek@pkrpfr18 ~]$ cat /proc/cpuinfo Processor : ARMv6-compatible processor rev 7 (v6l) BogoMIPS : 697.95 Features : swp half thumb fastmult vfp edsp java tls CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x0 CPU part : 0xb76 CPU revision : 7 Hardware : BCM2708 Revision : 000f Serial : 0000000099e2376f [prateek@pkrpfr18 ~]$ cat /proc/meminfo MemTotal: 446688 kB [root@pkrpfr18 prateek]# yum update No Packages marked for Update [root@pkrpfr18 prateek]# yum install xrdp tightvnc tightvnc-server tightvnc-server-module tigervnc tigervnc-server tigervnc-server-module x11vnc freerdp freerdp Package xrdp-0.6.0-0.7.fc18.armv5tel already installed and latest version Package tigervnc-1.2.80-0.10.20130314svn5065.fc18.armv5tel already installed and latest version Package tigervnc-server-1.2.80-0.10.20130314svn5065.fc18.armv5tel already installed and latest version Package tigervnc-server-module-1.2.80-0.10.20130314svn5065.fc18.armv5tel already installed and latest version Package tigervnc-1.2.80-0.10.20130314svn5065.fc18.armv5tel already installed and latest version Package tigervnc-server-1.2.80-0.10.20130314svn5065.fc18.armv5tel already installed and latest version Package tigervnc-server-module-1.2.80-0.10.20130314svn5065.fc18.armv5tel already installed and latest version Package x11vnc-0.9.13-4.fc18.armv5tel already installed and latest version Package freerdp-1.0.1-7.fc18.armv5tel already installed and latest version Package freerdp-1.0.1-7.fc18.armv5tel already installed and latest version Nothing to do [root@pkrpfr18 prateek]# yum update xrdp tightvnc tightvnc-server tightvnc-server-module tigervnc tigervnc-server tigervnc-server-module x11vnc freerdp freerdp No Packages marked for Update [root@pkrpfr18 prateek]# find / -name xrdp find: `/proc/5400': No such file or directory /etc/sysconfig/xrdp /etc/xrdp /etc/logrotate.d/xrdp /usr/share/xrdp /usr/sbin/xrdp /usr/lib/xrdp [root@pkrpfr18 prateek]# ls /etc/xrdp/ km-0407.ini km-040c.ini km-0419.ini rsakeys.ini startwm-bash.sh xrdp.ini xrdp.sh_bak km-0409.ini km-0410.ini km-041d.ini sesman.ini startwm.sh xrdp.sh In xrdp.sh, have had to change SBINDIR=/usr/local/sbin to SBINDIR=/usr/sbin because there are no file there. [root@pkrpfr18 prateek]# ls /usr/local/sbin/ [root@pkrpfr18 prateek]# [root@pkrpfr18 xrdp]# /bin/bash /etc/xrdp/xrdp.sh Usage: xrdp.sh {start|stop|restart|force-reload} [root@pkrpfr18 xrdp]# /bin/bash xrdp.sh start xrdp is already loaded [root@pkrpfr18 xrdp]# /bin/bash /etc/xrdp/xrdp.sh restart Restarting xrdp ... Stopping: xrdp and sesman . . . Started: xrdp and sesman . . . [prateek@pkrpfr18 ~]$ whoami prateek [prateek@pkrpfr18 ~]$ vncserver New 'pkrpfr18:1 (prateek)' desktop is pkrpfr18:1 Starting applications specified in /home/prateek/.vnc/xstartup Log file is /home/prateek/.vnc/pkrpfr18:1.log [prateek@pkrpfr18 ~]$ cat /home/prateek/.vnc/pkrpfr18:1.log Xvnc TigerVNC 1.2.80 - built Mar 20 2013 07:34:55 Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt) See http://www.tigervnc.org for information on TigerVNC. Underlying X server release 11303000, The X.Org Foundation Initializing built-in extension Generic Event Extension Initializing built-in extension SHAPE Initializing built-in extension MIT-SHM Initializing built-in extension XInputExtension Initializing built-in extension XTEST Initializing built-in extension BIG-REQUESTS Initializing built-in extension SYNC Initializing built-in extension XKEYBOARD Initializing built-in extension XC-MISC Initializing built-in extension XFIXES Initializing built-in extension RENDER Initializing built-in extension RANDR Initializing built-in extension COMPOSITE Initializing built-in extension DAMAGE Initializing built-in extension MIT-SCREEN-SAVER Initializing built-in extension DOUBLE-BUFFER Initializing built-in extension RECORD Initializing built-in extension DPMS Initializing built-in extension X-Resource Initializing built-in extension XVideo Initializing built-in extension XVideo-MotionCompensation Initializing built-in extension VNC-EXTENSION Initializing built-in extension GLX Fri Mar 8 01:41:05 2013 vncext: VNC extension running! vncext: Listening for VNC connections on all interface(s), port 5901 vncext: created VNC server for screen 0 [prateek@pkrpfr18 ~]$ vncserver -list TigerVNC server sessions: X DISPLAY # PROCESS ID :1 1106 prateek@pkrpfr18 ~]$ cat /etc/services | grep vnc corel_vncadmin 2654/tcp corel-vncadmin # Corel VNC Admin corel_vncadmin 2654/udp corel-vncadmin # Corel VNC Admin [prateek@pkrpfr18 ~]$ Have Tried from Windows 7 to connect using mstsc, VNCViewer, TigerVNC Viewer TightVNCViewer on 192.168.1.3 and at ports :0, :1, :3389, :5900, :5901 Nothing worked as they ALL get timed out
The firewall system might be blocking the connection requests. Try temporarily turning the firewall off (systemctl stop firewalld.service) and if that fixes the issue, adjust the firewall to permit the appropriate ports (5900+display number for vnc, for example) and re-enable the firewall (assuming that you won't want to run with the firewall off unless you're on a private LAN).
Alternately: use the '-via' option within the VNC client to use ssh for the connection. This is more secure than using a raw, snoopable VNC connection, and with ssh compression turned on (the default), slightly faster too.
Should be something more than the firewall issue. After checking out step by step the PKM report this is the output I got. the tigervnc client cannot read the the line 28 in the config file at vncserver.
[txe@Txarly ~]$ vncviewer 192.168.0.8:5903
TigerVNC Viewer 32-bit v1.2.80 (20130314) Built on Mar 14 2013 at
18:53:28 Copyright (C) 1999-2011 TigerVNC Team and many others (see
README.txt) See http://www.tigervnc.org for information on TigerVNC.
Wed Oct 16 21:54:54 2013
Parameters: Could not read the line(28) in the configuration file,the buffersize is to small.
CConn: unable connect to socket: No route to host (113) XOpenIM() failed
[txe@Txarly ~]$