Use a VPN With Raspberry Pi and PiRLP

2001 A Space Odyssey

2001 A Space Odyssey

By: Ramon Gonzalez (KP4TR)

A couple of years ago I demonstrated a portable repeater wired with IRLP and a Raspberry Pi computer at the ARRL State Convention 2012 in Puerto Rico. Although functional, I was unable to connect to the internet with the proper IRLP ports forwarded to it. The reason was that the IP provider at the site (VPNet) had a pretty good wireless connection, but it was providing dynamic connections to many people, and we were unable to get the proper ports forwarded for our demonstration. We had to rely on a Verizon 3G USB wireless connection, which worked well.

So I decided to look for a VPN solution I could use in the future. DD-WRT router firmware on a Netgear WNR2000 has a mini build version that has a VPN server built-in. I had one of these at my dad’s house, where I operate a Remoterig station, but has no IRLP node. I remotely configured the VPN server on the router, and only allow 1 IP to be assigned and no other. I use PPTP to connect, and the IP to be assigned is set for port forwarding all the IRLP ports (2074-2093 UDP and 15425-15427 TCP).

On the other end is a Raspberry Pi with IRLP. Since my mini repeater is portable, I can install it in my car, at a hamvention, campsite, where ever. Internet access would be needed for the IRLP node to work. So we use a PepWave Surf on the Go router/bridge. It allows us to gain a wireless internet connection, and at the same time provide WIFI capability and/Ethernet connectivity. We connect the Raspberry Pi to the LAN port of the Pepwave, but this will not work yet. The Raspberry Pi has internet, but port are not being forwarded to it from whatever we connected to (IPhone, McDonalds, campsite, neighbor etc).

The Pepwave can assign IP address to the Raspberry using DHCP and IP address reservation based on MAC hardware address, so we always have the same IP address assigned by the router.

We need to add PPTP VPN capability to the Raspberry Pi. This article pretty much describes how to install PPTP VPN:

Once installed, we then create a file in the /etc/ppp/peers directory that contains the PPTP parameters to start a connection with our host name, userid and password. Lets call the file /etc/ppp/peers/ppp4irlp.

On the IRLP side, we need to add a few commands so we can add scripts to start/stop VPN connections using DTMF commands. As root, edit the sudoers file like this:

visudo -f /etc/sudoers

add the following commands and save:

repeater ALL= NOPASSWD: /bin/ping
repeater ALL= NOPASSWD: /usr/bin/pon
repeater ALL= NOPASSWD: /usr/bin/poff
repeater ALL= NOPASSWD: /usr/bin/plog
repeater ALL= NOPASSWD: /sbin/ifdown
repeater ALL= NOPASSWD: /sbin/ifup


Log in as user repeater (su – repeater). In the /home/irlp/custom directory create this file:

use any editor to create script rc.ppp4irlp and use chmod 750 rc.ppp4irlp to set permissions and execute status. We need to use sudo here because we need to execute the pon and poff commands and only members of the dip group (and root) can execute these commands.


sudo -u root /usr/bin/$1 ppp4irlp
sleep 3


Add the package called “festival” It generates synthesized audio from text audio. Use the following command to install the package:

apt-get install festival


Then add this to the end of your custom_decode file (before exit 0)


# reset ethernet port eth0
if [ "$1" = "A1" ]; then
   $CUSTOM/ifreset & > /dev/null 2>&1
   exit 1


# start ppp VPN connection to whatever is set in /etc/ppp/peers/ppp4irlp
if [ "$1" = "A2" ]; then
   $CUSTOM/rc.ppp4irlp pon
   echo starting vpn | festival --tts
   exit 1

# stop ppp connection
if [ "$1" = "A3" ]; then
$CUSTOM/rc.ppp4irlp poff &
   echo stop vpn | festival --tts
   exit 1


Create this file with an editor (ifreset) to the custom folder and do a chmod 750 ifreset. This will reset your ethernet port with DTMF A0


. /home/irlp/custom/environment

sudo -u root /sbin/ifdown eth0
sleep 2
sudo -u root /sbin/ifup eth0
exit 0


Create this file with an editor (ipstatus) to the custom folder and do a chmod 750 ipstatus. This script will verbally announce the IP address as seen on the internet (via PPP/VPN on the other end) and as recognized by IRLP:


. /home/irlp/custom/environment

STN=$(echo $STATIONID | cut -c4-7)
IRLPIP=$(grep $STN $LOCAL/hosts | cut -d" " -f1)
IP=$(curl -s | cut -d" " -f1)
echo eye pee is $IP | festival --tts
echo IRLP eye pee is $IRLPIP | festival --tts

exit 0

DTMF A1 will reset your Ethernet port and reassign your IP in case you plug/unplug your Raspberry Pi to different routers and need to reset it.

DTMF A2 initiates the PPP PPTP VPN connection.

DTMF A3 will disconnect it.