How to create a VPN server with Raspberry Pi
👨💻
When you think of a VPN, you might imagine a subscription service that routes your internet traffic through a server located elsewhere in the world. However, these services are not the only way to encrypt your online activity.
One-click VPN services can be great, and there are a few VPNs we recommend if you want a simple solution that works out of the box. This service comes at a cost, though: It’s usually around $5 to $10 a month, not to mention putting your trust in anyone on the other end. For a cheaper option that you control, you can set up an OpenVPN server on your Raspberry Pi (or certain routers) and use your home internet connection as a VPN while you’re abroad.
Be aware that you won’t be able to spoof your location to an overseas country, or hide your identity from prying eyes (since the traffic will appear to come from your regular home internet connection). However, it will still give you extra security when browsing on public Wi-Fi, and is somewhat useful when you need to access your home network, for example, to wake a sleeping computer so you can use Remote Desktop. It is cheap and easy to use. Well worth doing if you have a Pi lying around.
What will you need
To set this up, you’ll need the obvious: a Raspberry Pi with all the important accessories, like a power supply and an SD card. This guide does not require a special operating system; You can only use Raspbian, so check out our beginner’s guide to the Raspberry Pif or all you need to know about setting up the basics. (Be sure to change the default password when you first turn on the Pi, as it is extremely important for security – which, after all, is the whole point of this project.)
I’d recommend getting a mouse, keyboard, and monitor for these instructions as well—just for the initial setup—although they’re not strictly required. (You can SSH into your Pi to set up your VPN, but you may have to reconnect in the middle of the process, since changing network settings can cause your Pi to lose connection.)
Everything you need to turn your Raspberry Pi into a VPN server
That’s all you technically need, although there are a few other things I would recommend. First, it is a good idea to set up a DHCP reservation for your Raspberry Pi, so that its internal IP address does not change over time.
Second, I recommend the dynamic DNS service. In order to access your Pi from afar, you will need to point it to your public IP address at home. This isn’t hard to find, but it can change from time to time, which may disable your VPN until you reconfigure it. Doing so is a bit of a pain, so it’s easier to use a dynamic DNS service that instead gives you an easy-to-remember address, which updates whenever your IP address changes.
Check your router’s settings to see if it supports any dynamic DNS services like DynDNSor No-IP – some are paid subscriptions, but others, like No-IP, are free for limited use, which should work perfectly for our purposes. We won’t go through the entire process in this guide, but I recommend looking into it if you find your Internet provider keeps changing your public IP and cracking your VPN.
How to install OpenVPN with PiVPN
OpenVPN is an open source software suite that allows you to set up a VPN on almost any type of device. If you like, you can install OpenVPN’s Linux server on the Pi and manually modify the configuration files, but there is an easier solution. PiVPN is a set of open source scripts that turns your OpenVPN configuration into an easy-to-use wizard, so even if it’s your first time working with OpenVPN, you won’t have much trouble setting it up.
Install PiVPN in a Windows Terminal window
So turn on your Pi, make sure all software is up to date, and open a new terminal window. Installing PiVPN is as simple as running the following command:
curl -L https://install.pivpn.io | crush
The script will take a few minutes to install OpenVPN, after which it will walk you through the configuration process. First, it will let you know that PiVPN requires a static IP address, so you can easily access your VPN server when you are abroad. If you set up a DHCP reservation, you can only say yes when PiVPN asks if you’re using one.
After selecting the user (the default user Pi is fine, unless you have another user that you want to use), PiVPN will ask you if you want to use WireGuard, a new VPN protocol, or OpenVPN. I am using OpenVPN for this guide, so use the arrow keys to move the cursor to OpenVPN, then press Space to select it before pressing Enter to continue.
WireGuard is fairly new and shows a lot of hope, while OpenVPN is more popular and widely supported. If you want to try WireGuard, you can read more about it here.
Set up your own VPN with PiVPN
For the next few steps, the default settings are suitable for most users. You will be asked if you want to use UDP or TDP (you should choose UDP unless you have a good reason not to), which port you want to use (1194 is fine unless something else is using it), and what DNS provider you want to use (ie Appropriate).
One hitch: I found that despite my use of dynamic DNS, PiVPN would not accept my custom URL. If you encounter the same problem, just tell it to use your public IP address, and you can change it in the config file later.
Finally, OpenVPN 2.4 features are worth enabling unless you know you’re using apps that you don’t support. Choose the recommended security certificate when prompted – larger sizes give better security, but may slow things down and aren’t necessary for most users. Enable unattended upgrades, and PiVPN will install the necessary packages and create the necessary configuration files.
Finally, you can choose the DNS to use when connecting to your VPN. Skip adding a custom search domain (unless you know what a search domain is and want to use it). Once this is done, you will be asked to restart your Pi.
Your customer name
After restarting, you will need to open a terminal window and run:
add pivpn
Give the config file a name (I chose whitson-laptop), specify the number of days the certificate will last (the default value is fine), and enter a password of your choice (make sure it’s strong). It will create an .ovpn file for you under /home/pi/ovpns, which you will need to connect to your VPN – copy it to your computer and keep it somewhere safe.
PiVPN recommends repeating this process for other devices, so if you have other laptops or phones on which you want to use the VPN, run this command to create their configuration files now.
Replace the IP address with your own custom URL
Here is where I had to make one modification to my .ovpn file. If you’re using a dynamic DNS service like me, open the file in Notepad (or the text editor of your choice), and replace your IP address on line 4 with your custom URL. If you’re having issues connecting to your VPN, this is the first line I’ll mess around with – it’s caused me problems in the past with a number of OpenVPN config generators.
From here, your Pi should be all set up, but you’ll need to do one more thing before you can connect: forward the VPN port on your router. This process varies from one router to another, but it goes like this: you log into your router’s configuration page, find a port forwarding option, and forward port 1194 to your Pi’s internal IP address. You can find more detailed instructions for specific routers at portforward.com.
Connect to your VPN from anywhere
You are at home now because the rest is very easy. To connect to your VPN when you are away from home, you will need a VPN app or “client” that is able to connect to your OpenVPN server. OpenVPN has an official client called OpenVPN Connect, which is available on Windows, macOS, Linux, iOS, and Android.
You can get it from the OpenVPN homepage – just scroll down to start using OpenVPN Connect and click on the platform of your choice. There are also popular third-party software such as Viscosity (Windows/Mac) and Tunnelblick (Mac) that provide additional options for advanced users. You can see other OpenVPN clients on this page in the OpenVPN Community.
Manage your VPN with OpenVPN
Launch the OpenVPN Connect app and click on the File tab to add a new profile. Go to the config file you copied from the Pi (again, I had the name whitson-laptop.ovpn) and select it. Click the Add button, and you can connect to your VPN by flipping the switch and entering your password.
Once you do that, all of your traffic will be encrypted, and routed through the home internet connection where the Pi is. Your traffic will be safe from prying eyes on the café’s Wi-Fi, and you’ll be able to access any resources on your home network as if you were there – no subscription fee required.
Like what you read?
sign for security monitoring A newsletter of our top privacy and security stories delivered straight to your inbox.
This newsletter may contain advertisements, deals or affiliate links. Subscribing to a newsletter indicates your acceptance of our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.
[ad_1]
Don’t forget to share this post with friends !
