Raspberry Pi Zero WH に SoftEther VPN クライアントをインストールする方法

前書き

Raspberry Pi Zero WH (ラズパイゼロ) に SoftEther VPN クライアント (VPN クライアント) をインストール & 設定して VPN クライアントとして使えるかどうか試したくなった。

以下のようなユースケースを想定しています。

ラズパイゼロにカメラを取り付けて遠隔拠点に設置します。自宅などから、遠隔拠点の状況をラズパイが撮る画像を見て確認したい場合に、VPN でつなげれば確認できると思ったわけです。

ただ、わざわざ VPN でつながなくても遠隔拠点にあるラズパイカメラの画像を確認する方法はあります。たとえば以下の記事で書いたような方法です。

カメラ付き Raspberry Pi Zero WH で画像を Dropbox にアップロードする方法

しかしこの方法では、遠隔拠点にあるラズパイカメラの設定を変更したい場合にそれができません。このような場合に VPN が使えます。

前提条件としてはすでに VPN サーバーが稼働していることです。今回は、私の自宅ですでに稼働している SoftEther VPN サーバー (VPN サーバー) を使います。ラズパイゼロには SoftEther VPN クライアントをインストール & 設定し、自宅の VPN サーバーに接続させることで、我が家のネットワークに参加させる形を取ります。

我が家のネットワークに参加させる形とは言い方を変えると、ラズパイゼロが我が家で使用している IP アドレス帯 (172.16.1.0/24) の IP アドレスを使えるようにすることです。たとえばラズパイゼロが 172.16.1.21 という IP アドレスを使って通信できるようにすることです。

これにより、自宅のパソコン (172.16.1.11 という IP アドレスを持っている) と遠隔拠点に設置したラズパイゼロ (172.16.1.21) が Layer 2 で通信できる状態になります。Layer 2 で通信できるということは、自宅のパソコンから遠隔拠点にあるラズパイゼロの設定変更ができるようになることを意味します。

以下の過去記事と似たような内容となっています。

さくらの VPS にある Ubuntu に SoftEther VPN クライアントをコマンド操作でインストールする

VPN クライアントをインストールするラズパイゼロの情報は以下の通りです。

$ cat /etc/os-release 
PRETTY_NAME="Raspbian GNU/Linux 11 (bullseye)"
NAME="Raspbian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
$ uname -a
Linux raspberrypi 5.15.61+ #1579 Fri Aug 26 11:08:59 BST 2022 armv6l GNU/Linux
$ lscpu
Architecture: armv6l
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
Vendor ID: ARM
Model: 7
Model name: ARM1176
Stepping: r0p7
CPU max MHz: 1000.0000
CPU min MHz: 700.0000
BogoMIPS: 697.95
Flags: half thumb fastmult vfp edsp java tls
$

どこで見分けるのか不確かですが、32 bit OS のラズパイだと思います。

まずは SoftEther VPN クライアントを取ってくる

ラズパイゼロの操作はすべて ssh でログインしてコマンド操作で行います。まずは、インストールする VPN クライアントを wget コマンドで取ってきます。

wget コマンドで tar.gz で圧縮されたファイルをダウンロードしますが、その URL を 公式サイト から 取得します。

今回は Version 4.41 Build 9782 のファイルをダウンロードします。

$ wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.41-9782-beta/softether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz --spider
Spider mode enabled. Check if remote file exists.
--2023-01-04 06:27:47--  https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.41-9782-beta/softether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz
Resolving github.com (github.com)... 20.27.177.113
Connecting to github.com (github.com)|20.27.177.113|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/107487278/53176eab-8a66-437d-99c5-970c4dde270e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T062748Z&X-Amz-Expires=300&X-Amz-Signature=13b1700e1678c0a69d83de5f28dd52cdf51c35bb4c15efe48747f20a2267860a&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=107487278&response-content-disposition=attachment%3B%20filename%3Dsoftether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz&response-content-type=application%2Foctet-stream [following]
Spider mode enabled. Check if remote file exists.
--2023-01-04 06:27:48--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/107487278/53176eab-8a66-437d-99c5-970c4dde270e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T062748Z&X-Amz-Expires=300&X-Amz-Signature=13b1700e1678c0a69d83de5f28dd52cdf51c35bb4c15efe48747f20a2267860a&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=107487278&response-content-disposition=attachment%3B%20filename%3Dsoftether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.111.133, 185.199.109.133, 185.199.110.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7886125 (7.5M) [application/octet-stream]
Remote file exists.
$ wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.41-9782-beta/softether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz
--2023-01-04 06:28:00--  https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.41-9782-beta/softether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz
Resolving github.com (github.com)... 20.27.177.113
Connecting to github.com (github.com)|20.27.177.113|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/107487278/53176eab-8a66-437d-99c5-970c4dde270e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T062748Z&X-Amz-Expires=300&X-Amz-Signature=13b1700e1678c0a69d83de5f28dd52cdf51c35bb4c15efe48747f20a2267860a&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=107487278&response-content-disposition=attachment%3B%20filename%3Dsoftether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz&response-content-type=application%2Foctet-stream [following]
--2023-01-04 06:28:01--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/107487278/53176eab-8a66-437d-99c5-970c4dde270e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T062748Z&X-Amz-Expires=300&X-Amz-Signature=13b1700e1678c0a69d83de5f28dd52cdf51c35bb4c15efe48747f20a2267860a&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=107487278&response-content-disposition=attachment%3B%20filename%3Dsoftether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.111.133, 185.199.109.133, 185.199.110.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7886125 (7.5M) [application/octet-stream]
Saving to: ‘softether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz’

softether-vpnclient-v4.41-9782-beta-2022 100%[===============================================================================>]   7.52M  2.98MB/s    in 2.5s    

2023-01-04 06:28:03 (2.98 MB/s) - ‘softether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz’ saved [7886125/7886125]
$ ls -l softether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz 
-rw-r--r-- 1 hoge hoge 7886125 Nov 17 12:27 softether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz
$ 

ダウンロードできたら tar コマンドで解凍します。

$ tar zxvf softether-vpnclient-v4.41-9782-beta-2022.11.17-linux-arm_eabi-32bit.tar.gz 
vpnclient/
vpnclient/Makefile
vpnclient/.install.sh
vpnclient/ReadMeFirst_License.txt
vpnclient/Authors.txt
vpnclient/ReadMeFirst_Important_Notices_ja.txt
vpnclient/ReadMeFirst_Important_Notices_en.txt
vpnclient/ReadMeFirst_Important_Notices_cn.txt
vpnclient/code/
vpnclient/code/vpnclient.a
vpnclient/code/vpncmd.a
vpnclient/lib/
vpnclient/lib/libcharset.a
vpnclient/lib/libcrypto.a
vpnclient/lib/libedit.a
vpnclient/lib/libiconv.a
vpnclient/lib/libncurses.a
vpnclient/lib/libssl.a
vpnclient/lib/libz.a
vpnclient/lib/License.txt
vpnclient/hamcore.se2
$

make する

$ cd vpnclient/
$ sudo make
--------------------------------------------------------------------

SoftEther VPN Client (Ver 4.41, Build 9782, ARM EABI) for Linux Build Utility
Copyright (c) SoftEther Project at University of Tsukuba, Japan. All Rights Reserved.

--------------------------------------------------------------------

Copyright (c) all contributors on SoftEther VPN project in GitHub.
Copyright (c) Daiyuu Nobori, SoftEther Project at University of Tsukuba, and SoftEther Corporation.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and limitations under the License.

DISCLAIMER
==========
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

THIS SOFTWARE IS DEVELOPED IN JAPAN, AND DISTRIBUTED FROM JAPAN, UNDER JAPANESE LAWS. YOU MUST AGREE IN ADVANCE TO USE, COPY, MODIFY, MERGE, PUBLISH, DISTRIBUTE, SUBLICENSE, AND/OR SELL COPIES OF THIS SOFTWARE, THAT ANY JURIDICAL DISPUTES WHICH ARE CONCERNED TO THIS SOFTWARE OR ITS CONTENTS, AGAINST US (SOFTETHER PROJECT, SOFTETHER CORPORATION, DAIYUU NOBORI OR OTHER SUPPLIERS), OR ANY JURIDICAL DISPUTES AGAINST US WHICH ARE CAUSED BY ANY KIND OF USING, COPYING, MODIFYING, MERGING, PUBLISHING, DISTRIBUTING, SUBLICENSING, AND/OR SELLING COPIES OF THIS SOFTWARE SHALL BE REGARDED AS BE CONSTRUED AND CONTROLLED BY JAPANESE LAWS, AND YOU MUST FURTHER CONSENT TO EXCLUSIVE JURISDICTION AND VENUE IN THE COURTS SITTING IN TOKYO, JAPAN. YOU MUST WAIVE ALL DEFENSES OF LACK OF PERSONAL JURISDICTION AND FORUM NON CONVENIENS. PROCESS MAY BE SERVED ON EITHER PARTY IN THE MANNER AUTHORIZED BY APPLICABLE LAW OR COURT RULE.

USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS YOU HAVE A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY CRIMINAL LAWS OR CIVIL RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS SOFTWARE IN OTHER COUNTRIES IS COMPLETELY AT YOUR OWN RISK. THE SOFTETHER VPN PROJECT HAS DEVELOPED AND DISTRIBUTED THIS SOFTWARE TO COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING CIVIL RIGHTS INCLUDING PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER COUNTRIES' LAWS OR CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES. WE HAVE NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+ COUNTRIES AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE WORLD, WITH DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY COUNTRIES' LAWS, REGULATIONS AND CIVIL RIGHTS TO MAKE THE SOFTWARE COMPLY WITH ALL COUNTRIES' LAWS BY THE PROJECT. EVEN IF YOU WILL BE SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A PUBLIC SERVANT IN YOUR COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE LIABLE TO RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL

RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT JUST A STATEMENT FOR WARNING AND DISCLAIMER.

READ AND UNDERSTAND THE 'src/WARNING.TXT' FILE BEFORE USING THIS SOFTWARE. SOME SOFTWARE PROGRAMS FROM THIRD PARTIES ARE INCLUDED ON THIS SOFTWARE WITH LICENSE CONDITIONS WHICH ARE DESCRIBED ON THE 'src/THIRD_PARTY.TXT' FILE.

--------------------------------------------------------------------

make[1]: Entering directory '/home/hoge/vpnclient'
Preparing SoftEther VPN Client...
ranlib lib/libcharset.a
ranlib lib/libcrypto.a
ranlib lib/libedit.a
ranlib lib/libiconv.a
ranlib lib/libncurses.a
ranlib lib/libssl.a
ranlib lib/libz.a
ranlib code/vpnclient.a
gcc code/vpnclient.a -fPIE -O2 -fsigned-char -pthread -lm -lrt -Wl,--no-warn-mismatch -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a -ldl -o vpnclient
ranlib code/vpncmd.a
gcc code/vpncmd.a -fPIE -O2 -fsigned-char -pthread -lm -lrt -Wl,--no-warn-mismatch -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a -ldl -o vpncmd

--------------------------------------------------------------------

The preparation of SoftEther VPN Client is completed !

*** How to switch the display language of the SoftEther VPN Client Service ***
SoftEther VPN Client supports the following languages:
  - Japanese
  - English
  - Simplified Chinese

You can choose your prefered language of SoftEther VPN Client at any time.
To switch the current language, open and edit the 'lang.config' file.

Note: the administrative password is not set on the VPN Server. Please set your own administrative password as soon as possible by vpncmd or the GUI manager.

*** How to start the SoftEther VPN Client Service ***
Please execute './vpnclient start' to run the SoftEther VPN Client Background Service.
And please execute './vpncmd' to run the SoftEther VPN Command-Line Utility to configure SoftEther VPN Client.

Of course, you can use the VPN Server Manager GUI Application for Windows / Mac OS X on the other Windows / Mac OS X computers in order to configure the SoftEther VPN Client remotely.

*** For Windows users ***
You can download the SoftEther VPN Server Manager for Windows
from the http://www.softether-download.com/ web site.
This manager application helps you to completely and easily manage the VPN server services running in remote hosts.

*** For Mac OS X users ***
In April 2016 we released the SoftEther VPN Server Manager for Mac OS X.
You can download it from the http://www.softether-download.com/ web site.
VPN Server Manager for Mac OS X works perfectly as same as the traditional Windows versions. It helps you to completely and easily manage the VPN server services running in remote hosts.

*** PacketiX VPN Server HTML5 Web Administration Console (NEW) ***
This VPN Server / Bridge has the built-in HTML5 Web Administration Console.

After you start the server daemon, you can open the HTML5 Web Administration Console is available at

https://127.0.0.1:5555/
or
https://ip_address_of_the_vpn_server:5555/

This HTML5 page is obviously under construction, and your HTML5 development contribution is very appreciated.

--------------------------------------------------------------------

make[1]: Leaving directory '/home/hoge/vpnclient'
$

/usr/local/vpnclient に配置してパーミッションを変更する

$ cd ..
$ sudo mv vpnclient/ /usr/local
$ cd /usr/local/vpnclient/
$ sudo chmod 600 *
$ sudo chmod 700 vpncmd
$ sudo chmod 700 vpnclient 
$ sudo chown root:root *
$ ls -tlr
total 13448
-rw------- 1 root root    3587 Nov 17 07:44 ReadMeFirst_License.txt
-rw------- 1 root root   52554 Nov 17 07:44 ReadMeFirst_Important_Notices_ja.txt
-rw------- 1 root root   37747 Nov 17 07:44 ReadMeFirst_Important_Notices_en.txt
-rw------- 1 root root   32256 Nov 17 07:44 ReadMeFirst_Important_Notices_cn.txt
-rw------- 1 root root    3518 Nov 17 07:44 Makefile
-rw------- 1 root root 2011365 Nov 17 07:44 hamcore.se2
-rw------- 1 root root      82 Nov 17 07:44 Authors.txt
drw------- 2 root root    4096 Jan  4 06:33 lib
-rwx------ 1 root root 5801000 Jan  4 06:33 vpnclient
drw------- 2 root root    4096 Jan  4 06:33 code
-rwx------ 1 root root 5800940 Jan  4 06:33 vpncmd
$

VPN クライアントの動作テスト

$ sudo ./vpnclient start
The SoftEther VPN Client service has been started.
$ sudo ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.41 Build 9782   (English)
Compiled 2022/11/17 16:36:25 by buildsan at crosswin with OpenSSL 3.0.7
Copyright (c) 2012-2022 SoftEther VPN Project. All Rights Reserved.

By using vpncmd program, the following can be achieved. 

1. Management of VPN Server or VPN Bridge 
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 3

VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used.

VPN Tools>Check 
Check command - Check whether SoftEther VPN Operation is Possible 
--------------------------------------------------- 
SoftEther VPN Operation Environment Check Tool 

Copyright (c) SoftEther VPN Project. 
All Rights Reserved. 

If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait... 

Checking 'Kernel System'...
        Pass
Checking 'Memory Operation System'...
        Pass
Checking 'ANSI / Unicode string processing system'...
        Pass
Checking 'File system'...
        Pass
Checking 'Thread processing system'...
        Pass
Checking 'Network system'...
        Pass

All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system. 

The command completed successfully. 

VPN Tools>exit
$ sudo ./vpnclient stop
Stopping the SoftEther VPN Client service ...
SoftEther VPN Client service has been stopped.
$

動作テストはすべて Pass しました。これで良しです。

以上でラズパイゼロに VPN クライアントをインストール作業は終了です。あくまでインストールが終わっただけなので設定はまだです。

VPN クライアントの設定方法については次回以降に書くことにします。