Networking
Now Reading
OpenVPN: Raspberry Pi
3
Review

OpenVPN: Raspberry Pi

OpenVPN: Raspberry Pi

If you are in a public network, for example at university or the airport, your traffic can be recorded and decrypted. To prevent others from doing that you can send your traffic through a secured VPN-tunnel. The VPN-tunnel leads your traffic encrypted to a server which is processing your requests.

In the following tutorial you will learn how to run OpenVPN Server on your Raspberry Pi:

Requirements

OpenVPN

Raspbian or a similar distribution.

 

Step 1

To be able to install the latest program versions we should update our packet sources:

sudo apt-get update

Step 2

Now we are installing Open VPN and OpenSSL.

sudo apt-get install openvpn openssl

Step 3

We are switching to the directory and paste a directory we will be needing later into it.

cd /etc/openvpn
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa

Step 4

Now we open the file easy-rsa/vars with nano and apply some changes.

nano /easy-rsa/vars 
export EASY_RSA="`pwd`"
export EASY_RSA="/etc/openvpn/easy-rsa"

Step 5

We change the directory, log in as root user and execute some configurations.

cd easy-rsa
sudo su
source vars
./clean-all
./pkitool --initca
ln -s openssl-1.0.0.cnf openssl.cnf

Step 6

Now we are able to generate the components for the encryption of Open VPN. After the first input you will be asked for the abbreviation of your country (US = USA, DE – Germany, AT = Austria, CH – Switzerland). All other inputs can simply be confirmed.

./build-ca OpenVPN
./build-key-server server
./build-key client1

Step 7

The calculation of the last components can take a few minutes.

./build-dh
exit

Step 8

We have to switch the directory again and create the file openvpn.conf with the following content:

cd ..
sudo touch openvpn.conf
sudo nano openvpn.conf

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo

You can change the DNS-servers to any DNS you like.

Step 9

Now, create the internet-forwarding for the CPN clients. If you are not using an ethernet-cable (e.g. Wifi) you will have to replace “eth0″ with the name of your network device.

sudo sh -c ‘echo 1 > /proc/sys/net/ipv4/ip_forward’
sudo iptables -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -o eth0 -j MASQUERADE

Step 10

One of the final steps will be to delete the “#” before net.ipv4.ip_forward=1 in sysctl.conf.

cd ..
sudo nano sysctl.conf

Step 11

A part of the above settings have to be endorsed as a crontab to work permanently. Insert following line at the end of the crontab file (replace “eth0″ if you did above):

crontab -e

@reboot sudo iptables -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -o eth0 -j MASQUERADE

Step 12

Again change to the root-user and to the directory /etc/openvpn/easy-rsa/keys in which we will create the fileraspberrypi.ovpn and fill it with the code of the second paragraph. RASPBERRY-PI-IP should be replaced by the IP address of your Pi or, if you are using a DynDNS service,  by the given domain.

sudo su
cd /etc/openvpn/easy-rsa/keys
nano raspberrypi.ovpn

dev tun
client
proto udp
remote RASPBERRY-PI-IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3

 

Step 13

Now create a packet with all the needed files for the client, which we will place in /home/pi and give the user pi the needed rights to the file.

tar czf openvpn-keys.tgz ca.crt ca.key client1.crt client1.csr client1.key raspberrypi.ovpn
mv openvpn-keys.tgz /home/pi
chown pi:pi /home/pi/openvpn-keys.tgz
exit

Step 14

Restart the server.

sudo /etc/init.d/openvpn start

Finished! Now we are able to download the file die openvpn-keys.tar.gz on the client and extract the files to your Open VPN client folder. OpenVPN

An Open VPN Client for Windows is: http://openvpn.se/
for Mac: https://code.google.com/p/tunnelblick/

Linux users simply install the packet openvpn

OpenVPN


In The Beginning Voting Was Open.

This has made a lot of people very angry and been widely regarded as a bad move. Now You Have To Log In

Rate IT !
Our Rating
Visitors Rating
Rate Here
Rating
51%
74%
Overall Rating
76%
90%
51%
Our Rating
82%
Visitors Rating
4 ratings
You have rated this
What's your reaction?
OWND
400%
Cool
400%
Nice
100%
WHAT ?
0%
MEH
0%
zzzZZzz
0%
Rage
0%
About The Author
Profile photo of CyberPunk
CyberPunk

You must log in to post a comment