IPsec VPN Server

Suggestions for features and software you would like to see in DietPi, goes here.
Carnot
Posts: 15
Joined: Thu Aug 10, 2017 1:06 pm

IPsec VPN Server

Post by Carnot » Sun Aug 13, 2017 3:10 pm

DietPi has an openvpn server, but it doesn't support windows, android or iphone without client.
IPsec VPN is the most supported server, will you put it into DietPi?

Refference
https://github.com/hwdsl2/setup-ipsec-vpn

carlevans459
Posts: 2
Joined: Sun Sep 09, 2018 4:02 pm

Re: IPsec VPN Server

Post by carlevans459 » Sun Sep 09, 2018 4:05 pm

Try Ivacy, it supports windows, linux, mac and android. Read the detailed analysis here:

https://vpnranks.com/ivacy-vpn-review/

User avatar
WarHawk
Posts: 539
Joined: Thu Jul 20, 2017 7:55 am

Re: IPsec VPN Server

Post by WarHawk » Tue Nov 13, 2018 7:49 am

When OpenVPN creates the .ovpn file...all the included information and keys are included

The hard part is getting that info out into a "network" config in windows...I think there is a batch file to pull info like that out

https://community.openvpn.net/openvpn/w ... onfigFiles
https://www.lisenet.com/2014/openvpn-se ... n-windows/

Here is the script
https://github.com/ryanniehaus/useful_s ... t_certs.sh

User avatar
MichaIng
Site Admin
Posts: 1807
Joined: Sat Nov 18, 2017 5:21 pm

Re: IPsec VPN Server

Post by MichaIng » Thu Nov 15, 2018 1:07 pm

Did you try WireGuard? Seems to be a promising new approach and the next software I am aiming to implement: https://github.com/Fourdee/DietPi/issues/2052

cdlenfert
Posts: 3
Joined: Fri Mar 29, 2019 4:42 pm

Re: IPsec VPN Server

Post by cdlenfert » Fri Mar 29, 2019 4:54 pm

I found this thread after using the IPSEC VPN server script from the Github link the OP shared on a previous Pi (before I came across dietpi). https://github.com/hwdsl2/setup-ipsec-vpn

The script works great on Raspbian Stretch, but fails on DietPi in the Fail2Ban setup. I remembered seeing Fail2Ban as an option for installation via dietpi-software so I thought I'd give that a try. Fail2Ban also fails to install when I use the dietpi-software scripts to install it. Maybe this is because I previously broke something trying to use the setup-ipsec-vpn script?

I'd definitely like to get a similar VPN server running on my DietPi box (Pi 3b) because of the OPs stated reasons. Basically natively supported (no client app) on Mac and iOS devices. I don't fully grasp WireGuard and how that works, and if the end result is the same user experience (because the setup certainly seems more challenging to me).

Anyway, thanks in advance for any nudges in the right direction. If I can get the setup-ipsec-vpn script to work, I'd be totally happy with that, but not sure why I can't get fail2ban installed.

User avatar
MichaIng
Site Admin
Posts: 1807
Joined: Sat Nov 18, 2017 5:21 pm

Re: IPsec VPN Server

Post by MichaIng » Mon May 27, 2019 1:19 am

@cdlenfert
Could you paste which exact step failed when installing fail2ban?
apt install fail2ban

cdlenfert
Posts: 3
Joined: Fri Mar 29, 2019 4:42 pm

Re: IPsec VPN Server

Post by cdlenfert » Mon May 27, 2019 2:46 am

Thank you for the response. I have since installed the VPN on another device on my network running Debian, however I think the issue on my DietPi (Raspberry Pi 3b) could have been resolved with the same fix I ended up doing on my other device. Here is an issue I hijacked on the iPSEC VPN script repo - https://github.com/hwdsl2/setup-ipsec-v ... -478674824

The fix was:
run this before running the install script:

Code: Select all

touch /var/log/auth.log
Just having that auth.log file in place prior to running the script made the installation successful.

User avatar
MichaIng
Site Admin
Posts: 1807
Joined: Sat Nov 18, 2017 5:21 pm

Re: IPsec VPN Server

Post by MichaIng » Mon May 27, 2019 3:02 am

@cdlenfert
Ah indeed that was an issue a while ago. However our installer meanwhile includes this step as well.

dandymon
Posts: 1
Joined: Mon May 27, 2019 10:45 am

Re: IPsec VPN Server

Post by dandymon » Mon May 27, 2019 10:47 am

Nah, i'm afraid this bug persists as of 10 minutes ago, though, I did the fix and it all seems to work fine.

Great work on the scripting - I've wasted HOURS googling and trying to get a simple native solution like this to work on a pi- and this was an absolute doddle to install. Don't like OpenVPN, do like IPSec

Also thanks for the fix - it's simple!

Dan

User avatar
MichaIng
Site Admin
Posts: 1807
Joined: Sat Nov 18, 2017 5:21 pm

Re: IPsec VPN Server

Post by MichaIng » Mon May 27, 2019 2:55 pm

@dandymon
Ah yeah our solution is different now:
- We pre-create the /etc/fail2ban/jail.conf to not use /var/log/auth.log for login fail detection but systemd-journald (journalctl), which is always present thus does not depend on rsyslog.
- The install only failed because the default jail.conf shipped by the packages has auth.log detection pre-configured thus requires this file.

So the question is now why this does not work in your case. I just tested on VM and works as expected. Did you install the APT package prior to the dietpi-software install manually or when following the IPsec setup guide? Because we do not override existing jail.conf, but expect it this already exists, then it's most likely customised and should have worked before.

Post Reply