Rock Pi4 install VPN server and client setup

34 0 New 
Fix Rock Pi 4 sources.list: 
source /etc/os-release
export DISTRO="${VERSION_CODENAME}-stable"export DISTRO="${VERSION_CODENAME}-stable"
 sudo apt install wget
 wget -O - apt.radxa.com/$DISTRO/public.key | sudo apt-key add -

fix header: (work around for wireguard installation)
sudo apt-get install -y libssl-dev build-essential iptables
cd /usr/src/linux-headers-$(uname -r)
make scripts

https://github.com/hwdsl2/wireguard-install/blob/master/README.md
wget -O wireguard.sh https://get.vpnsetup.net/wg
or (curl -fL -o wireguard.sh https://get.vpnsetup.net/wg) - if problems with downloading
https://github.com/hwdsl2/wireguard-install/raw/master/wireguard-install.sh
https://gitlab.com/hwdsl2/wireguard-install/-/raw/master/wireguard-install.sh
1. Wire Guard server
sudo bash wireguard.sh


2. VPN IPsec server

wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh
(https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/README.md#upgrade-libreswan)

How to connect to client: 
Android 11+ users can also connect using the native IKEv2 client.
[Supporters] Screencast: Connect using Native VPN Client on Android 11+

Securely transfer the generated .p12 file to your Android device.
Launch the Settings application.
Go to Security -> Advanced -> Encryption & credentials.
Tap Install a certificate.
Tap VPN & app user certificate.
Choose the .p12 file you transferred from the VPN server.
Note: To find the .p12 file, tap the three-line menu button, then browse to the location you saved the file.
Enter a name for the certificate, then tap OK.
Go to Settings -> Network & internet -> VPN, then tap the "+" button.
Enter a name for the VPN profile.
Select IKEv2/IPSec RSA from the Type drop-down menu.
Enter Your VPN Server IP (or DNS name) in the Server address field.
Note: This must exactly match the server address in the output of the IKEv2 helper script.
Enter anything (e.g. empty) in the IPSec identifier field.
Note: This field should not be required. It is a bug in Android.
Select the certificate you imported from the IPSec user certificate drop-down menu.
Select the certificate you imported from the IPSec CA certificate drop-down menu.
Select (receive from server) from the IPSec server certificate drop-down menu.
Tap Save. Then tap the new VPN connection and tap Connect.


3. Deploy Google BBR
sudo cp /etc/sysctl.conf /etc/sysctl.conf.backup
sudo vim /etc/sysctl.conf
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

For kernel versions >= 4.20
sudo sysctl -p

For kernel versions < 4.20
sudo reboot

Check Google BBR status
sudo sysctl net.ipv4.tcp_available_congestion_control
# net.ipv4.tcp_available_congestion_control = reno cubic bbr
sudo sysctl -n net.ipv4.tcp_congestion_control
# bbr
lsmod | grep bbr
# tcp_bbr  20580  0

Related Articles
We will be happy to hear your thoughts

Leave a reply

na.Deal
Compare items
  • Total (0)
Compare
0
Shopping cart