Raspberry Pi VPN Server
Posted: Fri Aug 30, 2019 3:43 pm
Those who spend much time travelling or have moved to another country know the value of a VPN. Some financial institutions and other web sites will reject connections from foreign IP addresses, and streaming video services will usually either reject connections or show different content depending on where you are connecting from.
Of course before going this route make sure that using a VPN does not violate the laws of the country you are in, or the terms of your agreement with the service that you are accessing.
While there are commercial VPN services, they have three problems:
An alternative solution may be to find a home router with a built-in VPN server. Also note that if you're planning to do video streaming then the VPN server site will need pretty good outbound (upload) bandwidth, because all the data will be routed to you from that server.
I used a Raspberry Pi model 2 which was a spare that I had sitting around. If you're buying a new one I suggest the model 3B+ which is newer and faster. A model 4 is also becoming available and should work but it's overkill for this purpose.
The standard operating system for these devices is Raspbian. I used version 9, and version 10 has since been released. Installing Raspbian is beyond the scope of this article but the process is well-documented and not difficult. I used the "Lite" version because a graphical desktop was not needed.
Installing OpenVPN is a formerly complex task made absurdly simple by the openvpn-install project on Github. A single command line at the server sets it up:
You'll need to run openvpn-install again for each additional client device that you want to support.
Because I was not at the destination site, I needed to perform another step. The file /etc/rc.local was configured by the OpenVPN installer to include a line like this:
... where the IP address at the end is the Pi's IP during installation. However when plugged in at the destination it will be assigned a different IP. Therefore I removed that line and substituted the following so that it will automatically use the correct IP at the time it boots up:
Yet another step was required. Because the residential internet service provides a dynamic public IP address (most do), I also needed to set up "dynamic DNS" so that the VPN server can always be reached even after its IP address changes. I created a free account at afraid.org which provides this service and instructions for implementing it. Note in particular the "quick cron example" that is given with your selected hostname.
Then I was able to mail the Pi to my family at home and tell them to plug it into their router.
After cabling the Raspberry Pi to the router, there is a small bit of router configuration to be done:
If you have questions, post a reply below and I'll try to help.
Of course before going this route make sure that using a VPN does not violate the laws of the country you are in, or the terms of your agreement with the service that you are accessing.
While there are commercial VPN services, they have three problems:
- You have to trust them. They can see all of the sites that you access as well as any data that's not encrypted end-to-end.
- They cost money. Or if not, take #1 more seriously.
- They don't always work. In particular servers that reject foreign connections will often also reject connections from known VPN or hosting services.
An alternative solution may be to find a home router with a built-in VPN server. Also note that if you're planning to do video streaming then the VPN server site will need pretty good outbound (upload) bandwidth, because all the data will be routed to you from that server.
I used a Raspberry Pi model 2 which was a spare that I had sitting around. If you're buying a new one I suggest the model 3B+ which is newer and faster. A model 4 is also becoming available and should work but it's overkill for this purpose.
The standard operating system for these devices is Raspbian. I used version 9, and version 10 has since been released. Installing Raspbian is beyond the scope of this article but the process is well-documented and not difficult. I used the "Lite" version because a graphical desktop was not needed.
Installing OpenVPN is a formerly complex task made absurdly simple by the openvpn-install project on Github. A single command line at the server sets it up:
Code: Select all
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
Because I was not at the destination site, I needed to perform another step. The file /etc/rc.local was configured by the OpenVPN installer to include a line like this:
Code: Select all
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 192.168.1.193
Code: Select all
MYIP=`ifconfig eth0 | perl -nle 's/ inet (\S+)/print $1/e'`
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $MYIP
Then I was able to mail the Pi to my family at home and tell them to plug it into their router.
After cabling the Raspberry Pi to the router, there is a small bit of router configuration to be done:
- Assign a fixed local IP address to the Raspberry Pi.
- Create a port forwarding rule to forward port 1194 (TCP and UDP) to the Pi's IP address.
If you have questions, post a reply below and I'll try to help.