How to set up your own VPN server (and block ads) with a Raspberry Pi
Set up your Raspberry Pi as a VPN for your home network in order to increase security and privacy while browsing on public networks.
Personal goal: Learn more about networking and security and do something with the newly talented Raspberry Pi!
This is a beginners tutorial for setting up OpenVPN on a Raspberry Pi, using PiVPN and MacOSX.
Browsing on an open WiFi network, like Starbucks, your hotel, or anywhere else, means that anyone with enough knowledge can see the data you’re transmitting or perform a man-in-the-middle attack. Setting up a VPN server means that your data is now encrypted and can only be read by your home ISP. It also allows you to access your home network and files when you’re away from home, if you wish. You can buy a monthly subscription service from a VPN provider, but you run the risk of not knowing if you can really trust that provider, that they have set up their VPN correctly/securely, and that they are not collecting information about you. Plus, a Raspberry Pi kit will only cost around $50 — a one-time charge instead of a monthly subscription — and give you greater protection and privacy.
what do you need:
Raspberry Pi . setup
Below we’ll explain how to set up a “headless” Raspberry Pi. This means that we don’t need anything beyond the above i.e. no additional keyboard/monitor needed, etc. Everything will be executed in one form or another on the command line.
Step 1: Download the Raspbian image (Jessie Lite is enough) to your local drive.
Step 2: Connect the SD card to your computer. Unzip the file and copy the .img file to your SD card using Etcher (the easiest way), or follow the instructions here for a manual installation.
Step 3: Add a file called ssh to your SD card (no extension) so you can access your Pi via SSH. This is basically equivalent
Step 4: Now plug the SD card into your Rasberry Pi, connect the Ethernet to your router, and connect the Pi to a power source.
Step 5: Open Terminal. Find the IP address of your Raspberry Pi. You can do this by logging into your router and searching for connected devices, or via the following command in Terminal.
Step 6: SSH into your Pi file. Out of the box, the default username and password are:
Replace the IP address below with the address you found in the previous step.
Follow the prompts to be connected and see a prompt like this:
Step 7: Configure your Pi and follow the GUI prompts using the arrow keys and the spacebar. In MINIMUM, change the password if nothing else. (It is recommended to change the subtitle settings as well.)
More on configuration here.
Step 8: Update the Pi file.
Step 9 (Optional): To see the Pi’s GUI desktop, enable the VNC server by following the instructions here.
Raspberry Pi setup completed!
Step 1: Install PiVPN on Raspberry Pi. (Always be careful when using commands for routing. The following was taken from the PiVPN website, feel free to take a look at the source code.)
$ curl -L https://install.pivpn.io | crush
Step 2: Browse the prompts, choose Perform security updates automatically, UDP protocol, default port number (or something else if you wish), and at least 2048 encryption. The 2048 bit encryption will take a long time (up to 30 minutes or more depending on your device) so feel free to walk away and do something else in the meantime.
Step 3: When you reach this screen, choose IP if you have a static IP address that you can use from your ISP. If not, register with No-IP and select Public DNS with the spacebar. Enter the public hostname you created with No-IP.
Step 4: Your initial setup is complete, and it will ask for a restart. Restart it now.
Step 5: Forward the VPN port of the Pi on your router by adding port forwarding in your router’s configuration settings.
Step Six: Generate the Client Key. (One per device, so if a device is stolen, you can easily revoke access while still using your VPN.) You can name the client however you like, but make sure the password is strong. This will create an .opvn file that you will need to transfer to computers that need access to the VPN.
Step 7: Move the .opvn file from your Pi’s /home/pi/ovpns directory to your local PC(s). You can do this with Filezilla for SFTP transfer. If you are switching to an iOS device (iPhone, iPad), download OpenVPN Connect from the iTunes Store. Then connect your device to iTunes, go to Apps in your device, scroll down to select OpenVPN, and drop the .opvn file into the OpenVPN Documents.
Step 8: Download and install Tunnelblick VPN Client for macOSX. For iOS, open the OpenVPN app, and you’ll see your VPN hostname there. Click the add button to add the configuration.
Step 9: Double-click on the .opvn file, which will open Tunnelblick to install VPN configuration. For all devices: Connect to the VPN tunnel using the password you created earlier. Give it a minute or so and then running this command on your Pi should show the connected device(s):
VPN setup completed!
Looks good in its eco-friendly casing next to my router.
Well, wait… though, how do I know my VPN is working besides the fact that it is connected?
There might be a better way, but the fastest way I can think of is to connect to another network and try a VPN in your home network. If you have access to tethering with your phone, you can connect your device to your phone’s hotspot, go to whatsmyip.org and check your IP address. Next, enter the VPN into your home network and check your IP address again. This should change and correspond to the IP address of your home network. there he is!
Note that using a VPN means that you’re connected to your home network, so when you’re browsing on other networks, no one will be able to mess around or see what you’re doing. Your ISP will still be able to see everything you do, and this does not give you anonymity on the Internet. If you’re looking for safer browsing in general, I highly recommend the HTTPS Everywhere browser extension, and if you’re looking for anonymous browsing, try Tor.
Upgrade your Raspberry Pi to block ads with Pi-hole. This small tutorial below shows how to block ads for any device connected to the router.
Step 1: Follow the prompts and default settings until you reach the network interface. Select tun0 with the spacebar.
Step 2: Change your password using the router:
Step 3: Configure your router settings by setting the primary/static domain name server address as the IP address of your Raspberry Pi.
Note: tun0 stands for VPN while eth0 stands for your LAN devices. If you have devices connected to a LAN, you will need to follow these steps for the Internet to work.
Step 4: On your Pi, run the following commands to edit the pihole config file in VIM. (A crash course on VIM here.)
sudo vi /etc/dnsmasq.conf
Find a line starting with #interface = and add eth0 (ethernet-connected devices), tun0 (VPN tunnel), and wlan0 (wireless devices) as interfaces (as needed) like so:
Step 5: Reboot the Raspberry Pi:
Now wait a few minutes for it to reboot, and you’re all done! Now sit back, relax, and watch these ads get blocked as you sip that soft (e)y whisk in your hand.
Browse without ads, awesome!
Hey! Did you like my tutorial? If so, consider supporting me by making a donation to the next Raspberry Pi project, purchasing materials for this project through one of the Amazon Associate links above, or even purchasing a Raspberry Pi if you’re feeling very generous. Anyway, thanks for reading and let me know if I can help you set up safe and private browsing!