A Step by Step Guide to Installing VPN on Raspberry Pi Whitepaper
Introduction For security conscious IT experts who would like to provide secure access to their network on a budget, this whitepaper provides a step by step guide on how to install and configure Hypersocket VPN on a Raspberry PI 2 Model B and Raspberry PI 3 Model B. Understanding a VPN & its Benefits A VPN is a network used to create a secure and encrypted connection across a less secure public network, usually the internet. It means employees can have LAN-like connectivity and access to corporate networks and resources as if they were located in the same office. The overriding benefit of any VPN is that it helps an organisation maintain privacy by encrypting the information sent and received via the network and so protecting it from prying eyes. For example internet search history can be an overlooked element of corporate privacy. If Google searches are not conducted through a VPN or Tor, they can be linked to an organisation s IP address and made public. By using a VPN even in areas as seemingly innocuous as search engines, companies can maintain an edge of confidentiality. Not all VPNs are the same, they might achieve the same general objective albeit through different technologies, but there are a number of distinct advantages in deploying what s known as a Secure Socket Layer (SSL) VPN. SSL VPN works on the application layer and is a protocol used for secure web-based communication via the internet. SSL secures one application at a time. And this leads to one of the key security and privacy benefits of SSL VPN; it enables organisations to control who accesses what within the network at a very granular level. SSL allows the principle of least privilege access to be implemented so that every user is granted access only to the parts of the network and the resources they need to do their job.
Installing VPN on Raspberry PI 1) Installing the Raspbian Jessie onto the SD Card 1.1 Download the Raspbian Jessie Lite from the following link https://downloads.raspberrypi.org/raspbian_lite_latest *The file is approximately 284MB 1.2 Extract the img file 1.3 Load this file on to your SD card using Win32DiskImager. This can be sourced from https://sourceforge.net/projects/win32diskimager/ 1.4 Insert the SD card in the Raspberry Pi and boot it up 1.5 Log in as user pi with password raspberry, now might be a good time to change the password with the passwd command.
2) How to enable WiFi 2.1 From a terminal shell, type Sudo nano /etc/wpa_supplicant/wpa_supplicant.conf 2.2 Make a new line at the end of the file and add: network={ ssid= your ssid psk= your wifi password key_mgmt=wpa-psk } 2.3 Now press CTRL and X to save the file. 2.4 Then press Y and enter Type: Sudo raspi-config 2.5 Choose option 1 to expand the file system, then go into optioen 9 (Advanced Options), then A4 (SSH) and enable the SSH server. 2.6 Press Tab twice to move to Finish. Press Enter and reboot when prompted. 2.7 Log back in again and from a terminal shell type: ifconfig wlan0. This should show you if you have been connected to the WiFi and if it has detected the IP address.
3) Installing VPN 3.1 Add the Hypersocket apt repository which can be done by typing the following on one line sudo bash c echo http://hypersocketdebiantesting.s3.amazonaws.com neutron main > /etc/apt/sources.list.d/hypersocketdebiantesting.list 3.2 Add the public key for the repo by copy and pasting the whole block below: sudo echo '-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.6 (GNU/Linux) mqgibe55+pmrbacltsd9gwhaq3pdk4sfwoqxydwg5shqjax77y50wm/asovz4z6l djh0ud8fg4e89gww6k9ixhpyf1pu8cnbn4y21wqn2+pohc9cj3c38oaz0zkkfkmw Jtkp9iGEVXD4N2K3khY1g2gdQH4wbB46p6DSB3jcZi9ml6i/ejAoXj6uHwCghJfD Y1tUrNFtdj+z8AmyEd+J4KsD+gID09/PUMgrfvexK/kGAISapo90PfW2XCEIZXOG S9VIUwgc70AdI6UiqQBQdYikxnMh3jgdIyIdEkcOgH9fCpUriiA9TV0/PwB1aWKU Xdse4YOV3U/P+SO2USRWaDt0AA0mXmxaC77XxUvGaD9ftfBES7NRM6pB01wLWNzX ZOVOA/94WUK9TJqfIwYNg3+/aAW9Wocj1zx87qhGXaNfIU51hN8oFCmZPRfx3jYK dnfnwboavjx5bxv0zlmajnioaxy/9pxkcenj+b/axbh9ncq++fm7eazfsv+x6meb m6rqwoxa0bu/pgn9sew4ygxkbuuvnmc74iwjznkcrbcpd9+9bbq5tmvydm- Vwb2lu dcbuzwnobm9sb2dpzxmgkfbhy2thz2luzykgpgluzm9abmvydmvwb2ludc5jb20+ igaeexecacafak55+pmcgwmgcwkibwmcbbuccamefgidaqieaqixgaakcrcxd- Ngv 17AmKWzhAKCEa5cg0C+IUD09BHMYN3Zltzk+1wCfRtvFePz6bcYs1VZbJ2L82DCb tvs5ag0etnn4+haiamlitdg6rnsegl0ckyt7i8gh/ebi1owi208g9xgdx/u0lp3k OcEXiX8Zbq5f/6hXGejJI1Vhmz6guVCJMGz+2SDPKzOLCgLT5Gtv5bhmt16lKuSh y0okwf2empyrhd+ptav+/2ygdxoim0xj1wpolp7f7mdj/na6wmrq0ud38+2egu4+ U1n9rqEcNTlyUcLS5nRaQM2PZvJmZTbcQkPHWqIaYCF5yzmG62ZUH6JI3XPxeF3g bpmcxja5zad9d2cernra7vhiyj2epd0vooloudt6ynvfmfuqzhhurhoa0iiikukg AzBrpWO+Fl4SZ2mG+CUKeHcJbC3KWvjpY+vVc38AAwUIAIxKM0y9GAJTgvHDr72E 4y1OKjZULYlzYwAu1UrWTDY+P7nMpisvCWHcuzbJapj44CTMzu5sVnIfa/q5H5W6 +ngtjnjlkycq/k0nrdl5ltjjg1ulngducbjzix+fhexywp7i5bmysvuri0zev7wd 0dNBazt8MdHcd2aNlrqLW0CjkTG5fWDky5wgFs4EMNXDsHvjsH2aLeiuf9c1a96C 0IRcNHQACayWHdijk/5kiaxP2o4xkZRE4IwTxwK4De5mbrXlrLcMYj+22QXZ6p15 L8OpJ8N3eS71xarNqed/Lold5WIRo2wptBjsZxKJoVVJ4UIvFqLa5PmqH8tyXNCt 5SiISQQYEQIACQUCTnn4+gIbDAAKCRCxDNgv17AmKQS0AJ0YUPAG/sX/n9l1jHG0 wwjmvzkhoacfsai82t31x7ecjx8xpzicio0i7am= =Ctol -----END PGP PUBLIC KEY BLOCK-----' apt-key add 3.3 Then we can update the apt cache by typing: sudo apt-get update 3.4 Now install the packages. Type: Ssudo apt-get install oracle-java8-jdk hypersocket-vpn
4) Starting the VPN Service 4.1 To start the service automatically, type in: sudo systemctl enable hypersocket-vpn 4.2 Now start the service with this command: sudo /etc/init.d/hypersocket-vpn start 4.3 The service takes approximately 3-4 minutes to start, after which you can go to https://<raspi-ipaddress> using a web browser where you should see a login page. 4.4 Accept the certificate error, then log in as admin with a password of admin and change your password when prompted. 4.5 Upgrade to the latest version when prompted and restart when that button appears. 4.6 Now you need to get a license. Follow this link which will allow you to register for a 30 day evaluation license: https://www.hypersocket.com/en/products/hypersocket-vpn/register 4.7 When you have the license file, you can load it in the Hypersocket UI during the setup wizard that runs the first time you log on to the system. 4.8 Seven days before the evaluation expires, you will be able to log on to our website using your account and request a free license. 4.9 Once licensed, the Hypersocket UI will show a Getting Started page which should guide you further on setting up. We also have a knowledgebase available for further information at https://support.hypersocket.com/hc/en-us
Hypersocket VPN Hypersocket VPN provides a cost effective alternative to IPsec or Point-to-Point Tunnelling Protocol for secure browser-based remote access with the ease of use of SSL. Hypersocket VPN provides a unique hybrid solution giving your remote workforce secure, least-privileged access to company resources anywhere in the world. Supporting simultaneous access to multiple on-premise serves and cloud networks through Hypersocket s multi-homed client giving greater productivity, more flexibility, a virtual network that adapts to business needs and improves productivity without compromising security. It lends itself well to Bring Your Own Devices scenarios, because the client has no direct access to the network. The ability to have connections to multiple sites at the same time enables secure access to a corporate LAN and other resources such as private cloud without the need for a permanent bridge between them. The VPN comes in two editions, a free Open Source version that provides basic connectivity under the GNU General Practice License V3 and an Enterprise Edition that provides the additional features required by security-conscious organizations. The server can be installed on any operating system supporting Java and client support currently is available for Windows and OSX. To enable access, the administrator defines one or more Network Resources using the HSF resource architecture, which identifies individual TCP/IP services that can be assigned to users through their roles. The Enterprise Edition adds further support, including support for users logging in from Active Directory, branding, auditing, accessing file systems over WebDAV, and extended file system support such as Amazon S3, SFTP, Dropbox, and Google Drive. It allows for configurable authentication flows and new authentication mechanisms. An Audit Log records all events, which are searchable by event type, session or user. Reports can be exported as CSV, XML, or PDF, and administrators have full control over how long the server keeps the data before it is archived. Unit 1, Vision Business Center Firth Way Nottingham NG6 8GF United Kingdom 0115 871 3121 www.hypersocket.com Sales@hypersocket.com