Use a VPN With Raspberry Pi and PiRLP
A couple of years ago I demonstrated a portable repeater wired with IRLP and a Raspberry Pi computer at the ARRL State Convention 2012 in Puerto Rico. Although functional, I was unable to connect to the internet with the proper IRLP ports forwarded to it. The reason was that the IP provider at the site (VPNet) had a pretty good wireless connection, but it was providing dynamic connections to many people, and we were unable to get the proper ports forwarded for our demonstration. We had to rely on a Verizon 3G USB wireless connection, which worked well.
So I decided to look for a VPN solution I could use in the future. DD-WRT router firmware on a Netgear WNR2000 has a mini build version that has a VPN server built-in. I had one of these at my dad’s house, where I operate a Remoterig station, but has no IRLP node. I remotely configured the VPN server on the router, and only allow 1 IP to be assigned and no other. I use PPTP to connect, and the IP to be assigned is set for port forwarding all the IRLP ports (2074-2093 UDP and 15425-15427 TCP).
On the other end is a Raspberry Pi with IRLP. Since my mini repeater is portable, I can install it in my car, at a hamvention, campsite, where ever. Internet access would be needed for the IRLP node to work. So we use a PepWave Surf on the Go router/bridge. It allows us to gain a wireless internet connection, and at the same time provide WIFI capability and/Ethernet connectivity. We connect the Raspberry Pi to the LAN port of the Pepwave, but this will not work yet. The Raspberry Pi has internet, but port are not being forwarded to it from whatever we connected to (IPhone, McDonalds, campsite, neighbor etc).
The Pepwave can assign IP address to the Raspberry using DHCP and IP address reservation based on MAC hardware address, so we always have the same IP address assigned by the router.
We need to add PPTP VPN capability to the Raspberry Pi. This article pretty much describes how to install PPTP VPN: http://raspberrypi.stackexchange.com/questions/1679/run-all-online-traffic-through-an-pptp-vpn-connection
Once installed, we then create a file in the /etc/ppp/peers directory that contains the PPTP parameters to start a connection with our host name, userid and password. Lets call the file /etc/ppp/peers/ppp4irlp.
On the IRLP side, we need to add a few commands so we can add scripts to start/stop VPN connections using DTMF commands. As root, edit the sudoers file like this:
visudo -f /etc/sudoers
add the following commands and save:
repeater ALL= NOPASSWD: /bin/ping repeater ALL= NOPASSWD: /usr/bin/pon repeater ALL= NOPASSWD: /usr/bin/poff repeater ALL= NOPASSWD: /usr/bin/plog repeater ALL= NOPASSWD: /sbin/ifdown repeater ALL= NOPASSWD: /sbin/ifup
Log in as user repeater (su – repeater). In the /home/irlp/custom directory create this file:
use any editor to create script rc.ppp4irlp and use chmod 750 rc.ppp4irlp to set permissions and execute status. We need to use sudo here because we need to execute the pon and poff commands and only members of the dip group (and root) can execute these commands.
#!/bin/bash sudo -u root /usr/bin/$1 ppp4irlp sleep 3
Add the package called “festival” It generates synthesized audio from text audio. Use the following command to install the package:
apt-get install festival
Then add this to the end of your custom_decode file (before exit 0)
# reset ethernet port eth0 if [ "$1" = "A1" ]; then $CUSTOM/ifreset & > /dev/null 2>&1 exit 1 fi #rc.ppp4irlp # start ppp VPN connection to whatever is set in /etc/ppp/peers/ppp4irlp if [ "$1" = "A2" ]; then $BIN/forcekey $CUSTOM/rc.ppp4irlp pon echo starting vpn | festival --tts $CUSTOM/ipstatus $BIN/forceunkey exit 1 fi # stop ppp connection if [ "$1" = "A3" ]; then $CUSTOM/rc.ppp4irlp poff & $BIN/forcekey echo stop vpn | festival --tts $BIN/forceunkey exit 1 fi
Create this file with an editor (ifreset) to the custom folder and do a chmod 750 ifreset. This will reset your ethernet port with DTMF A0
#!/bin/bash . /home/irlp/custom/environment sudo -u root /sbin/ifdown eth0 sleep 2 sudo -u root /sbin/ifup eth0 $CUSTOM/ipstatus exit 0
Create this file with an editor (ipstatus) to the custom folder and do a chmod 750 ipstatus. This script will verbally announce the IP address as seen on the internet (via PPP/VPN on the other end) and as recognized by IRLP:
#!/bin/bash . /home/irlp/custom/environment STN=$(echo $STATIONID | cut -c4-7) IRLPIP=$(grep $STN $LOCAL/hosts | cut -d" " -f1) IP=$(curl -s http://ifconfig.me | cut -d" " -f1) echo eye pee is $IP | festival --tts echo IRLP eye pee is $IRLPIP | festival --tts exit 0
DTMF A1 will reset your Ethernet port and reassign your IP in case you plug/unplug your Raspberry Pi to different routers and need to reset it.
DTMF A2 initiates the PPP PPTP VPN connection.
DTMF A3 will disconnect it.