Jump to content
TorGuard
Sign in to follow this  
19807409

HowTo Openconnect on linux devices (like Raspberry Pi, Openwrt, DD-Wrt, ...)

Rate this topic

Recommended Posts

19807409

Requirements:

  • openconnect
  • vpnc vpnc-scripts

Install requirements:
 
Ubuntu/Raspbian

# Update repository
sudo apt-get update

# Install openconnect and vpnc scripts
sudo apt-get install openconnect vpnc-scripts -y

 
Openwrt/Lede
(current available openconnect does not work, you need to compile your own)

# Update repository
opkg update

# Install openconnect and vpnc scripts
opkg install openconnect vpnc-scripts

 
Connect to VPN:
 
Method 1
(password stored in a file)
(password is stored in plain text)

# Method 1 - Password stored in file
sudo openconnect -u YourUsername --authgroup=DEFAULT -b --passwd-on-stdin --cafile=/home/pi/torguard/ca.crt --servercert=YourServerCert --pfs Server:Port </home/pi/torguard/userpass.txt

 
Method 2
(pass password in command)
(password is in plain text)

# Method 2 - Pass password
echo YourPass | sudo openconnect -u YourUsername --authgroup=DEFAULT -b --passwd-on-stdin --cafile=/home/pi/torguard/ca.crt --servercert=YourServerCert --pfs Server:Port

 
My results with Raspberry Pi 3 Model B on factory system is 20/20Mb/s during Kodi was running full HD stream. With openconnect, RaspberryPi can be used as streaming service with high vpn encryption provided by TorGuard.
 
Autostart - Method 1
There are plenty of vpnc scripts which can be used. In case of Raspberry Pi 3 Model B, it has onboard WLAN which does not perform very well, I don't get 20Mb/s with it. Connecting USB Wireless N did not solve the issue as it seems that RPi does not provide enough power to get more out of WLAN. For that reason I used external USB HUB with own power supply providing with power wireless or any other device, so that Raspberry itself has enough power.
 
I ran into second problem. Without additional installation or manuall commands typing in terminal, you can't use second wlan that easy. Many suggest methods like to install some additional software for managing wireless, where I do not need onboard wireless at all to boot with the OS. But disabling it turns out often for newbies that they don't remember how to turn it on. That is the reason why I do suggest a very simple method for newbies, especially those who never did deal with this topics before.
 

Using Raspeberry's LAN port is not a problem. I do get 90Mb/s, which is actually almost 100% what 100Mb/Lan card can offer. LAN is always preferable if possible.

 

I will keep this example for the factory delivery of RPi and reffer to Raspberry Pi 3 Model B in this guide.
 
Requirements:

  • CA certificate from TorGuard. You can get it here.
     
  • Save your password for VPN service into file in plain text, I will use this path in this guide
    /home/pi/torguard/onlypass-plain.txt
     
  • Server's fingerprint (SHA1).
    (If you don't know how to find it, connect manually without and it will print sha1 fingerprint)
    (you can also always ask TorGuard support for assistance)
     
  • XTERM
    xterm is not installed by default, you can install it with this command:
    sudo apt-get update; sudo apt-get install xterm -y
    
  • Create a script to start openconnect in new terminal window
    Path in this guide: /home/pi/Desktop/tg.sh

    Example of tg.sh:
    sudo openconnect --verbose --pid-file=/var/run/openconnect.pid -u demouser --authgroup=DEFAULT -b --reconnect-timeout=200 --passwd-on-stdin --cafile=/home/pi/torguard/ca.crt --servercert=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF --pfs 1.2.3.4:22 </home/pi/torguard/onlypass-plain.txt
  • Create a script for autostarting VPN connection on boot.
    Path in this guide: /home/pi/Desktop/autostart-openconnect-at-sharedip.sh

    Because we need separate terminal window where we always can see what is going on, we need to start VPN after desktop has been loaded. There are several ways to achive it, but one simple is xterm:
    sleep 20
    sudo xterm -e "bash /home/pi/Desktop/tg.sh;bash"
    

    Xterm starts a new window running a script where new terminal window is not closed after sh command has been run, because if it closes, you closed your VPN connection. Here I use 20 seconds to wait until everything loads or vpn will fail to connect. It works also with 10 seconds, but I would not recommend lower value.


    For more advanced setups, please use vpnc scripts.
     
  • Edit LXDE session start script for current user
    Path to start script/home/pi/.config/lxsession/LXDE-pi/autostart

    Add command to run a a script autoconnecting to VPN, add to :
    /home/pi/.config/lxsession/LXDE-pi/autostart

    Here I do disable onboard wlan0 because I use USB device and if you don't do that, then VPN will connect over wlan0.
    sudo ifconfig wlan0 down                                       # Disable onboard Wifi
    @sudo /home/pi/Desktop/autostart-openconnect-at-sharedip.sh    # Connect correctly over wlan1
    
     
    (Here we have second time sudo, but it will not harm anything, it will only ensure, that if you forget sudo in your tg.sh, then autostart will still work)
    (You need to have root privileges to be able to access vpns folder)
     
  • Reboot

I hope it helps some newbies to get started with this amazing VPN service. On factory RPi and openconnect, I get 30Mb on download constantly which is great result and is enough for almost anything, including streaming in HD. Those who have/need faster connections, they will need to buy better device. But all in all, you can use RPi as Media Center together with IPTV behind TorGuards VPN and it is working very well, everything works very stable. This is much better replacement for any smart tv around and costs barely € 35. I think there is no cheaper device performing better for this price. If you know any, please show me the results, I would love to test them.
 
Once again, TorGuard, thank you very much for such a great service!

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×