Raspberry Pi as VPN Host Point

My work has been used VPN for certain applications that requires static IP. Since the location of my work is pretty much abandoned by pretty much every single broadband companies (other than Clear), I’ve decided to move VPN access point off-site, to ensure I have access to this device at decent speed — even from off-site if needed to be.

At the office, I have connected the VPN router through one of PC running Linux. For taking this functionality off the company network, I wanted more power-efficient, portable solution. I already had one of Raspberry Pi, so I decided to take it a spin for using it as a VPN Host Point.

For providing the conduit to this system, I’ve decided to use recently open sourced SoftEther. The reasons I’ve selected this particular solution is:

  • It’s easy to configure
  • Provides a variety of emulation, including OpenVPN, L2TP/IPSec (since SoftEther lacks client support for Mac, those emulation supports are very useful)

Another factor was the fact that I was already familiar with UT-VPN which has similar configuration styles.

Configuration for SoftEther went fairly smooth, only pitfall was that when kernel mode NAT was used in conjunction with the device, it obtained IP address outside of the VPN, thus, I had to set DisableKernelModeSecureNAT to true.
While vpncmd utility would provide configuration options, configuration options were bit confusing, such as natenable, and securenattable actually switches different part of the NAT system; I had to wonder why NAT was not activated. Once I learned to inspect both of them, it wasn’t too bad after that.

So far, performance seems to be satisfactory, and the next step will be to actually have dedicated Raspberry Pi for this purpose.

By Hideki Saito

In the video game industry for for more than 15 years. Currently working for Nintendo of America Inc. as a Localization Engineer, developing the translation solutions.

2 replies on “Raspberry Pi as VPN Host Point”

Some benchmark suggests that Raspberry Pi gives something around 2MB to 2.5MB/second with SHA-1/AES256. That’s around 16Mbps to 20Mbps, so it’s probably appropriate for relatively small (e.g. SOHO) type of installation. (Also somewhat bottlenecked by the fact that Raspi only comes with 100Mbps Ethernet) However, SoftEther supports clustering, so potentially you can scale it to supports more accesses as needed, although if you are starting to find yourself needing tens of Raspi to cluster for this purpose, you might just as well as get decent PC or two for it.

Comments are closed.