Update vpn_softetherbridge.md : to briged interaface will assiged with physical interface's MAC address.

tools/vpn/vpn_softetherbridge.md

@@ -2,18 +2,28 @@
 
 NOTE: These instructions assume you are using linux on Raspberry Pi.
 `testuser/pftest` is a sample User ID and password in the instruction.
-This setup is NOT a persistent service; if you reboot, you will have to 
-reconfigure it.  TODO: separate static and per-boot parts of instructions;
-create a service and a configuration file.
+This setup is NOT a persistent service; if you reboot, you will have to
+reconfigure it.  
+
+TODO:
+
+- separate static and per-boot parts of instructions
 
 ## 1. Download VPN Bridge from SoftEther Download Center
-- go to https://www.softether-download.com/en.aspx?product=softether
+
+- go to <https://www.softether-download.com/en.aspx?product=softether>
 - Select Software -> SoftEther VPN (Freeware)
 - Select Component -> SoftEther VPN Bridge
 - Select Platform -> Linux
-- Select CPU -> ARM EABI (32bit)
+- Select CPU -> ARM EABI (32bit) or ARM 64bit (64bit)
+  - Select based on your OS version
 - Download newest file
-- (as of this writing, newest file is: https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.34-9745-beta/softether-vpnbridge-v4.34-9745-beta-2020.04.05-linux-arm_eabi-32bit.tar.gz )
+- As of this writing, newest files are as follow:
+  - [Stable v4.41-9782 ARM-64bit](https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.41-9782-beta/softether-vpnbridge-v4.41-9782-beta-2022.11.17-linux-arm64-64bit.tar.gz)
+  - [Stable v4.41-9782 ARM-32bit](https://www.softether-download.com/files/softether/v4.43-9799-beta-2023.08.31-tree/Linux/SoftEther_VPN_Bridge/32bit_-_ARM_EABI/softether-vpnbridge-v4.43-9799-beta-2023.08.31-linux-arm_eabi-32bit.tar.gz)
+- Alternatively, it can be downloaded from GitHub via the following links:
+  - [SoftEther VPN Stable Release Page](https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases)
+  - [SoftEther VPN Dev Release Page](https://github.com/SoftEtherVPN/SoftEtherVPN/releases)
 
 ## 2. Extract Downloaded Archive File
 
@@ -28,17 +38,21 @@ create a service and a configuration file.
 ```
 % make
 ```
+
 ## 3.5. Add static route for VPN server (only for Linux)
 
 To avoid looping, on the bridge,
 set static route for VPN server in the cloud.  For example:
+
 ```
 % sudo ip route add xxx.xxx.xxx.xxx via yyy.yyy.yyy.yyy dev zzz0
 ```
-where 
+
+where
+
 - xxx.xxx.xxx.xxx: IP address of Softether VPN server in the cloud
 - yyy.yyy.yyy.yyy: Default gateway of your local network
-- zzz0: Interface name which is connected to your local network. 
+- zzz0: Interface name which is connected to your local network.
 
 ## 4. Start vpnbridge
 
@@ -64,14 +78,17 @@ Confirm input: **************    <--- again
 
 ## 6. Connect Virtual Hub `BRIDGE` with Physical Interface (e.g. `eth0`)
 
+If you are planning to use the tap interface (local bridging), skip this step. Please see section 8 for the local bridge.
+
 ```
 VPN Server>BridgeDeviceList      <----
 BridgeDeviceList command - Get List of Network Adapters Usable as Local Bridge
 eth0
 wlan0
 VPN Server>BridgeCreate BRIDGE /DEVICE:eth0      <----
 ```
-Physical interface names may vary.  Use a interface name of dedicated network adapter for bridging. 
+
+Physical interface names may vary.  Use a interface name of dedicated network adapter for bridging.
 
 ## 7. Connect Virtual Hub `BRIDGE` to VPN server
 
@@ -86,65 +103,110 @@ VPN Server/BRIDGE>CascadeOnline mybridge   <---
 ```
 
 ## 8. Note for Local Bridging
-If you need to connect the machines in VPN from the machine where `vpnbridge` is running,
 
-you should make a bridge,
+If you need to connect the machines in VPN from the machine where `vpnbridge` is running, perform the actions described below.
+
+Create tap interface, so it can communicate with local network:
+
+```
+VPN Server>BridgeCreate BRIDGE /DEVICE:svpn /TAP:yes      <----
+```
+
+To create the bridged interface, install `bridged-utils`.
 
 ```
 % sudo apt install bridge-utils
+```
+
+Before creating a bridge interface, get physical interface's MAC address by running,
 
-% sudo brctl addbr br0
+```
+% ip link
 ```
 
-create tap interface on step 6 in above,
+On the `ip link` output, you can find the Media Access Control (MAC) address, as shown below.
 
 ```
-VPN Server>BridgeCreate BRIDGE /DEVICE:svpn /TAP:yes      <----
+2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP mode DEFAULT group default qlen 1000
+    link/ether 00:a0:98:79:42:65 brd ff:ff:ff:ff:ff:ff
+    ↑--------------------------↑ -> This is Mac address
 ```
 
-then bridge the tap interface and physical interface (`eth0`) using:
+Physical interface names may vary.  Use the interface name of a dedicated network adapter for bridging.
 
+To create a bridged interface, we need to modify the `netplan`, as described below.
+
+```
+% sudo nano /etc/netplan/50-cloud-init.yaml # Opening netplan condig file
 ```
-% sudo brctl addif br0 tap_svpn
 
-% sudo brctl addif br0 eth0
+Add bridged interface
+
+```
+network:
+  version: 2
+  ethernets:
+    eth0:
+      dhcp4: false <--- Make sure to change to false!!! Otherwise, you will no longer be able to access your device over Ethernet.  
+
+  bridges:
+      macaddress: 00:a0:98:79:42:65  <--- Change to physical MAC address from "ip link"
+      interfaces: [ eth0 ]
+      dhcp4: true
+      parameters:
+        stp: true
+        forward-delay: 4
+```
 
-% sudo ip link set br0 up
+Now apply `netplan` to activate bridged interface (`br0`),
 
-% sudo dhclient br0
+```
+% sudo netplan apply
+```
+
+Now, we can link the tap interface from the SoftEther VPN to the bridged interface (`br0`)  
+
+that we created,
+
+Now, we can link the tap interface from the SoftEther VPN to the bridged interface (`br0`)
+
+```
+% sudo brctl addif br0 svpn
 ```
 
 You may adjust DHCP setting for physical interfaces.
 
 Further information about local bridge is [here](https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.6_Local_Bridges#3.6.11_Points_to_Note_when_Local_Bridging_in_Linux.2C_FreeBSD.2C_Solaris_or_Mac_OS_X).
 
 ## 9. Automatically starting at boot
+
 The local VPN bridge software automatically saves its configuration in a file (`vpn_bridge.config`, owned by root) so
 you do not have to reconfigure it each time you run it.
-If you set it up to run in 
-["service mode"](https://www.softether.org/4-docs/1-manual/7._Installing_SoftEther_VPN_Server/7.3_Install_on_Linux_and_Initial_Configurations) 
+If you set it up to run in
+["service mode"](https://www.softether.org/4-docs/1-manual/7._Installing_SoftEther_VPN_Server/7.3_Install_on_Linux_and_Initial_Configurations)
 then it will also run automatically at boot using `init.d`.
 This starts by copying the files to `/usr/local` and making them owned by root,
 then setting up an `init.d` service file.  However the instructions for the service file are not
 quite right for the Raspberry Pi which does not have `chkconfig`.
-Instead you have to 
-manually set the dependencies in the service file (see here for an appropriate 
-[init.d/vpnbridge service file](vpnbridge)) and then use the following to 
+Instead you have to
+manually set the dependencies in the service file (see here for an appropriate
+[init.d/vpnbridge service file](vpnbridge)) and then use the following to
 make it executable and register it:
+
 ```
    sudo chmod +x /etc/init.d/vpnbridge
    sudo update-rc.d vpnbridge defaults
 ```
 
 As a secondary problem,
-if you want to use a bridge interface (see `br0` above) then you have to make the 
+if you want to use a bridge interface (see `br0` above) then you have to make the
 `br0` interface persistent.  This is a bit tricky since `br0` depends on the
-`tap_svpn` interface which
+`svpn` interface which
 is actually dynamically created by `vpnbridge` when it starts.
-One way around this is to add the 
-bridge creation to `/etc/network/interfaces`, but the Raspberry Pi makes this complicated by autogenerating 
+One way around this is to add the
+bridge creation to `/etc/network/interfaces`, but the Raspberry Pi makes this complicated by autogenerating
 that file from a DHCP configuration file...
-A simpler if slightly hacky solution is to add the 
+A simpler if slightly hacky solution is to add the
 bridge creation commands to the `init.d` script, which is what I have done above.
 
 Note that I use `eth0` for my connection to the upstream external network (internet) and
@@ -155,7 +217,6 @@ in this service file but if the IP of the VPN server changes that part will have
 and also your local gateway may have a different address than what I used.  In short, make sure to
 check and edit these elements.
 
-
 ## 10. Setting up a Raspberry Pi as a Wi-Fi access point
 
 1. Install `hostapd`
@@ -169,6 +230,7 @@ check and edit these elements.
 2. Setup Wi-Fi interface
 
 In `/etc/dhcpcd.conf`:
+
 ```
 ...
 interface wlan0
@@ -181,6 +243,7 @@ interface wlan0
 3. Setup `hostapd`
 
 In `/etc/hostapd/hostapd.conf`:
+
 ```
 contry_code=US
 interface=wlan0
@@ -194,9 +257,11 @@ wpa_key_mgmt=WPA-PSK
 rsn_pairwise=CCMP
 wpa_passphrase=YOUR_FABORITE_PASSWORD
 ```
-Specify country codes, etc., appropriately for your environment. See https://w1.fi/hostapd/ .
+
+Specify country codes, etc., appropriately for your environment. See <https://w1.fi/hostapd/> .
 
 In `/etc/default/hostapd`:
+
 ```
 ...
 DAEMON_CONF="/etc/hostapd/hostapd.conf"

tools/vpn/vpnbridge

@@ -16,45 +16,40 @@ LOCK=/var/lock/subsys/vpnbridge
 test -x $DAEMON || exit 0
 case "$1" in
 start)
-ip route add 52.38.92.17 via 192.168.2.1 dev eth0
-#ip link set eth1 down
-#ip addr add 0.0.0.0/24 dev eth1
-#ip link set eth1 up
-$DAEMON start
-touch $LOCK
-sleep 5
-brctl addbr br0
-brctl addif br0 tap_svpn
-sleep 10
-brctl addif br0 eth1
-ip link set br0 up
-dhclient br0
-;;
+    # Change ip address based on local mechine setting
+    ip route add 52.38.92.17 via 192.168.2.1 dev eth0
+    #ip link set eth1 down
+    #ip addr add 0.0.0.0/24 dev eth1
+    #ip link set eth1 up
+    $DAEMON start
+    touch $LOCK
+    sleep 5
+    while [ -z "$(ip link | grep svpn)" ]; do
+        sleep 5
+    done
+    brctl addif br0 svpn
+    ;;
 stop)
-ip link set br0 down
-brctl delbr br0
-$DAEMON stop
-rm $LOCK
-;;
+    brctl delif br0 svpn
+    $DAEMON stop
+    rm $LOCK
+    ;;
 restart)
-ip link set br0 down
-brctl delbr br0
-$DAEMON stop
-sleep 3
-#ip link set eth1 down
-#ip addr add 0.0.0.0/24 dev eth1
-#ip link set eth1 up
-$DAEMON start
-sleep 5
-brctl addbr br0
-brctl addif br0 tap_svpn
-sleep 10
-brctl addif br0 eth1
-ip link set br0 up
-dhclient br0
-;;
+    brctl delif br0 svpn
+    $DAEMON stop
+    sleep 3
+    #ip link set eth1 down
+    #ip addr add 0.0.0.0/24 dev eth1
+    #ip link set eth1 up
+    $DAEMON start
+    while [ -z "$(ip link | grep svpn)" ]; do
+        sleep 5
+    done
+    brctl addif br0 svpn
+    ;;
 *)
-echo "Usage: $0 {start|stop|restart}"
-exit 1
+    echo "Usage: $0 {start|stop|restart}"
+    exit 1
+    ;;
 esac
 exit 0