Build your own Raspberry Pi VPN server
In this tutorial, I will go through the steps on how to setup a Raspberry Pi VPN server using OpenVPN software.
I will also set up several things that you should do to make sure your connection is as secure as possible by setting up encryption keys.
This project can be a bit of a lengthy process, but it’s a relatively simple tutorial to follow, and it shouldn’t require any additional interaction once it’s configured.
Using a Raspberry Pi is a cheap way to set up a virtual private network (VPN) that can stay online 24/7 without consuming a lot of power.
It’s small and powerful enough to handle a few connections at once which makes it great for private use at home.
A VPN is an incredibly useful network tool that can allow you to access your encrypted and secure internet traffic even when using public Wi-Fi.
As an added bonus, you can also use it to allow yourself to connect to your computer and access your home network. It allows your other devices outside your local network to act as if they were on the VPN server’s local network.
For example, if you have a storage server attached to the network and you want to access it while you are away, a VPN server will be very useful in achieving a secure way to access it.
Here are all the bits and pieces I used in this Raspberry Pi VPN Server tutorial, there is nothing very special that you will need to be able to complete this.
Micro SD card or SD card if you are using an older version of the Pi.
Ethernet cord or Wifi dongle (Pi 3 has inbuilt WiFi)
Raspberry Pi . bag
In the video below, we walk you through the process of setting up a VPN on our Raspberry Pi using OpenVPN software.
If you run into any problems, be sure to check out the written version of our VPN guide below.
Adblock video blocking? Support us by subscribing to our ad-free service.
Prepare for your own VPN server
Before we get started with setting up a Raspberry Pi VPN server, there are a few things we should go through to make sure you’re ready to set up and use it.
First, in this tutorial it is important to know that I am using a clean version of Raspbian. If you haven’t installed it and would like to know how my guide on installing Raspbian is very useful if you are new to all this.
For starters, make sure you really need a VPN before you start setting this up, as it can act as a gateway to your home network.
If you intend to use a VPN, make sure that all the computers on your home network are secure, and that you don’t share anything within your local network that you don’t want someone to be able to access.
Prepare the IP address of the VPN server
It is important to decide whether you will make use of a static IP address or a dynamic IP address, setting up a VPN for a static IP address is a fairly simple process and does not require any additional work.
However, if you want to use a dynamic IP address, you must make use of the dynamic DNS service.
If you choose to go the dynamic DNS service path, you have to decide whether you want to take advantage of your own domain name or a free domain name.
If you want to make use of your own domain name then you can use a service like CloudFlare, if you are going to use a free subdomain then a service like no-ip.org will come in handy for you.
You can see our guide on setting up your Raspberry Pi for Dynamic DNS for more information.
Remember the domain name you set up for any of them Cloud Flare or no-ip.org As you will need this later in the tutorial.
Forward port of your Raspberry Pi VPN
The third important thing that you will need to accomplish before you start setting up your Raspberry Pi is OpenVPN redirection.
The default port you want to forward is 1194. Remember the port you set as you will need it later in the tutorial. The protocol you should use for this port is UDP.
If you are not sure how to forward the port on your router, we recommend looking at your router on the port forward.
VPN server installation
1. Setting up a Raspberry Pi VPN Server can be a very complicated process, you usually have to install the software, generate encryption keys, add the port to the firewall, set the Pi to hold a static IP address, and much more.
Fortunately for us, there is a much easier way to set up a Raspberry Pi VPN server thanks to an installer called PiVPNThis handles all the hard work of setting up a VPN and reduces the possibility of making mistakes.
Before we start, we must first change the default pi user password, so as to make sure that if someone can access your VPN, they cannot access your Raspberry Pi easily.
2. With the password changed, we can start the process of setting up our VPN server on the Raspberry Pi. We can start this process by running the command below, this command downloads the installation script from the PiVPN page on GitHub and runs it.
Running a script directly from a URL is usually a bad idea, as it can be an easy way for someone to gain access to your Raspberry Pi and cause some serious damage.
However, this is a trusted source that we checked, if you want to check the code yourself, just go to the script site.
3. Once you run the above command, you should meet the following screen. This screen will contain text telling you that you are about to install OpenVPN.
To proceed to the next screen, you need to press the ENTER key.
4. The next screen shows that you will need to set up a static IP address for your VPN.
This is so that when you restart your Raspberry Pi, it will try to use the same IP address. If the local IP address changes, you will likely lose access to your VPN.
5. You will now be asked if you are using a DHCP reservation on your router.
If you don’t know what a DHCP reservation is or how to use it, select <لا> to follow.
6. Here, select <نعم> Sets the current IP address and gateway as static.
If you are not satisfied with the IP address displayed on this page, select <لا>.
7. This screen warns you that your router may assign an IP address to another device.
You can use DHCP reservations to avoid this. However, most routers are smart enough to prevent the problem.
To continue, select <موافق> and press the enter key.
8. This screen shows that we will need to assign a user who owns the OpenVPN configuration files.
Locate <موافق> and press ENTER to go to the next screen.
9. We will give us a list of users who can own the Raspberry Pi VPN configuration files.
In this tutorial, we will make use of the pi user. If you want to use another user, use the arrow keys and the spacebar to select it.
Once you are happy with your choice, press ENTER to continue.
10. You will now be asked to select the type of VPN you want to install on your Raspberry Pi.
The two options are WireGuard and OpenVPN.
In this guide, we will be using OpenVPN on a Raspberry Pi (1.). Use the arrow keys and the spacebar to select it.
Once you select OpenVPN, press ENTER to continue (2.).
10. You can now decide if you want to customize the installation of OpenVPN on your Raspberry Pi.
The setting chosen by the PiVPN team is the best for most users. However, you can modify these if you like.
For our guide, we’ll stick with the default settings.
To continue, select <لا> , then press Enter.
11. Now we will choose the port through which OpenVPN will run.
In this tutorial, we’ll stick to the default port 1194. You shouldn’t change the port unless you have a good reason for it.
Once you have selected the port, select <موافق> and press ENTER.
14. You will be asked to confirm which port you have set to install OpenVPN
If you are satisfied with your chosen port, select <نعم> to follow.
15. The next step is to select a DNS provider. A DNS provider is what resolves a URL like https://pimylifeup.com into an IP address.
In our guide, we will be using Cloudflare’s DNS servers. Cloudflare scans their logs every 24 hours and does not track the query’s IP address.
To select Cloudflare or another DNS provider, you will need to use the arrow keys (1.).
Once you hover over the DNS provider you want, press the SPACEBAR key to select it.
Once you are happy that you made the right decision, you can press ENTER to continue.
16. You will need to decide if you want to take advantage of the public IP address or DNS name.
If you are using a dynamic IP address, we recommend using the public DNS name option. You can follow our guide on setting up dynamic DNS on a Raspberry Pi if you need help with that.
Since we are using a static public IP address, we will stick to using our public IP address for this guide.
You can change between options using the arrow keys. Once you have the one you want, press the spacebar to select it.
17. The next step just explains to you that the PiVPN script is about to generate the HMAC key and the server key.
These keys are part of what makes up the encryption part of the Raspberry Pi’s VPN.
Press ENTER to continue with the guide.
18. You will now be presented with a simple explanation of unattended upgrades.
This feature causes the Raspberry Pi OS to automatically download security package updates daily.
Press ENTER to proceed to the actual configuration page for this setting.
19. On this screen, we highly recommend enabling unattended upgrades by selecting <نعم>. Enabling this will ensure that your Raspberry Pi should always contain the latest packages.
Leaving this feature turned off could pose significant security risks to your Raspberry Pi’s VPN and possibly your home network.
Once done, press ENTER to confirm your settings.
20. You have now completed the OpenVPN installation on your Raspberry Pi.
While there are still a few other things you’ll need to complete to allow connections, you’re now about 90% through this setup guide.
21. We will now be greeted with a screen asking us to restart the Raspberry Pi.
Select an option <نعم> for the next two screens by pressing the enter key.
Restarting your Raspberry Pi after installing OpenVPN is a critical step.
Setting up your first OpenVPN user
1. Setting up a user for OpenVPN is usually a painful process as you will have to generate individual certificates for the user, fortunately we can do this in one command thanks to PiVPN.
To start adding the user, run the following command:
On this screen, you will need to enter a file Noun For the client, this name will act as an identifier so you can distinguish between different clients.
It will also ask you to set a file The password For the client, and it’s important to make this thing secure and not easy to guess as this will secure the encryption key.
So, if anyone can easily guess the password, it severely reduces the security of your VPN.
Once the enter key is pressed, the PiVPN script will ask to tell Easy-RSA to generate the 2048-bit RSA private key for the client, then store the file in /home/pi/ovpns.
/home/pi/ovpns is the folder that we will have to access in the next few steps in order to be able to copy the created file to our device.
Make sure to keep these files safe as they are the only way to access your VPN.
2. Now that we’re new Client It’s set up for OpenVPN with our passphrase, we’ll now need to connect it to the device we intend to connect from.
The easiest way to do this is to use SFTP from within your home network.
Make sure you have a program like FileZilla that can handle installed SFTP connections before continuing with this tutorial.
To get started, let’s log into your Raspberry Pi via SFTP. Remember to type sftp:// in front of your Raspberry Pi’s IP address.
If you don’t have the local Pi address, use the command…