There are basically 2 ways to set up VPN on a Raspberry Pi. There is an easy way and a hard way.
- Use the PiVPN installer (https://www.sitepoint.com/setting-up-a-home-vpn-using-your-raspberry-pi/)
- Download and install OpenVPN manually (http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing/)
The PiVPN installer is very neat and very cool and saves a lot of time. The disadvantage is that you are running a script that is downloaded from the internet and that is risky. It also hides a lot of the complexities so you won’t understand the finer detail compared to doing it manually.
The links provided above are very good and detailed. Here is a quick overview.
Assumptions:
You are running Raspbian Jessie and you have SSH access already.
- Run apt-get update and apt-get upgrade to get your installation up to date.
- Run apt-get install openvpn, the actual software itself.
- Get Easy-RSA. (If it doesn’t come with it, see here and obtain from git).
- Copy a folder with template files from Easy-RSA to Openvpn.
- Create a vars file and modify it.
- Create your client and server certs.
- Convert the client cert to .des3 format.
- Create a server.conf file. (Specify the Pi IP address).
- Create a sysctl.conf file. (Forward internet traffic).
- Create a firewall-openvpn-rules.sh file. (Poke a hole in the pi firewall).
- Edit your network/interface file. (To allow the firewall rules to kick in when connecting to the internet).
- Create a Default.txt
- Create a MakeOVPN.sh (This creates a key file that you need to import into you VPN client)
- Download VPN software. I used Tunnelblick
- Copy User file from Pi (server) to laptop (client)
- Turn on port forwarding on your router.
- Jump on another internet connection and connect!
This is not a 5 minute job. Be prepared to spend half or 1 day on this if you are a newbie doing it for the first time. I messed up in several places.
- Typos. Copy and paste at all cost!
- Port forwarding on my router required a hard reboot and not a software reboot.