Setting up VPN on a Raspberry Pi

By | December 1, 2016

There are basically 2 ways to set up VPN on a Raspberry Pi. There is an easy way and a hard way.

  • Use the PiVPN installer (https://www.sitepoint.com/setting-up-a-home-vpn-using-your-raspberry-pi/)
  • Download and install OpenVPN manually (http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing/)

The PiVPN installer is very neat and very cool and saves a lot of time. The disadvantage is that you are running a script that is downloaded from the internet and that is risky. It also hides a lot of the complexities so you won’t understand the finer detail compared to doing it manually.

The links provided above are very good and detailed. Here is a quick overview.

Assumptions:

You are running Raspbian Jessie and you have SSH access already.

  1. Run apt-get update and apt-get upgrade to get your installation up to date.
  2. Run apt-get install openvpn, the actual software itself.
  3. Get Easy-RSA. (If it doesn’t come with it, see here¬†and obtain from git).
  4. Copy a folder with template files from Easy-RSA to Openvpn.
  5. Create a vars file and modify it.
  6. Create your client and server certs.
  7. Convert the client cert to .des3 format.
  8. Create a server.conf file. (Specify the Pi IP address).
  9. Create a sysctl.conf file. (Forward internet traffic).
  10. Create a firewall-openvpn-rules.sh file. (Poke a hole in the pi firewall).
  11. Edit your network/interface file. (To allow the firewall rules to kick in when connecting to the internet).
  12. Create a Default.txt
  13. Create a MakeOVPN.sh (This creates a key file that you need to import into you VPN client)
  14. Download VPN software. I used Tunnelblick
  15. Copy User file from Pi (server) to laptop (client)
  16. Turn on port forwarding on your router.
  17. Jump on another internet connection and connect!

This is not a 5 minute job. Be prepared to spend half or 1 day on this if you are a newbie doing it for the first time. I messed up in several places.

  • Typos. Copy and paste at all cost!
  • Port forwarding on my router required a hard reboot and not a software reboot.

Leave a Reply

Your email address will not be published. Required fields are marked *