Raspberry Pi VPN Server

Post Reply
User avatar
rod
Site Admin
Posts: 29
Joined: Wed Jul 31, 2019 7:19 am
Location: Boambee East, NSW
Contact:

Raspberry Pi VPN Server

Post by rod » Fri Aug 30, 2019 3:43 pm

Those who spend much time travelling or have moved to another country know the value of a VPN. Some financial institutions and other web sites will reject connections from foreign IP addresses, and streaming video services will usually either reject connections or show different content depending on where you are connecting from.

Of course before going this route make sure that using a VPN does not violate the laws of the country you are in, or the terms of your agreement with the service that you are accessing.

While there are commercial VPN services, they have three problems:
  1. You have to trust them. They can see all of the sites that you access as well as any data that's not encrypted end-to-end.
  2. They cost money. Or if not, take #1 more seriously.
  3. They don't always work. In particular servers that reject foreign connections will often also reject connections from known VPN or hosting services.
However if you or a suitable friend or relative have a home with broadband internet in the destination country then all of these problems can be solved. My method was to configure a Raspberry Pi as a VPN server. If you want to do this you'll need a bit of Linux experience, or assistance from such a person.

An alternative solution may be to find a home router with a built-in VPN server. Also note that if you're planning to do video streaming then the VPN server site will need pretty good outbound (upload) bandwidth, because all the data will be routed to you from that server.

I used a Raspberry Pi model 2 which was a spare that I had sitting around. If you're buying a new one I suggest the model 3B+ which is newer and faster. A model 4 is also becoming available and should work but it's overkill for this purpose.

The standard operating system for these devices is Raspbian. I used version 9, and version 10 has since been released. Installing Raspbian is beyond the scope of this article but the process is well-documented and not difficult. I used the "Lite" version because a graphical desktop was not needed.

Installing OpenVPN is a formerly complex task made absurdly simple by the openvpn-install project on Github. A single command line at the server sets it up:

Code: Select all

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
You'll need to run openvpn-install again for each additional client device that you want to support.

Because I was not at the destination site, I needed to perform another step. The file /etc/rc.local was configured by the OpenVPN installer to include a line like this:

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 192.168.1.193
... where the IP address at the end is the Pi's IP during installation. However when plugged in at the destination it will be assigned a different IP. Therefore I removed that line and substituted the following so that it will automatically use the correct IP at the time it boots up:

Code: Select all

MYIP=`ifconfig eth0 | perl -nle 's/ inet (\S+)/print $1/e'`
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $MYIP
Yet another step was required. Because the residential internet service provides a dynamic public IP address (most do), I also needed to set up "dynamic DNS" so that the VPN server can always be reached even after its IP address changes. I created a free account at afraid.org which provides this service and instructions for implementing it. Note in particular the "quick cron example" that is given with your selected hostname.

Then I was able to mail the Pi to my family at home and tell them to plug it into their router.

After cabling the Raspberry Pi to the router, there is a small bit of router configuration to be done:
  1. Assign a fixed local IP address to the Raspberry Pi.
  2. Create a port forwarding rule to forward port 1194 (TCP and UDP) to the Pi's IP address.
Details of that will depend on the router.

If you have questions, post a reply below and I'll try to help.

User avatar
rod
Site Admin
Posts: 29
Joined: Wed Jul 31, 2019 7:19 am
Location: Boambee East, NSW
Contact:

Re: Raspberry Pi VPN Server

Post by rod » Mon Sep 02, 2019 8:28 am

I recently learned there's yet another project called PiVPN that simplifies installation of an OpenVPN server. It also seems worth a try! Here is a nicely done video about it.

Post Reply