Results 1 to 1 of 1

Thread:
Raspberry Pi to VPN in 30-minutes

  1. #1
    HacksDen Staff
    Administrator
    streamlinehd's Avatar
    Join Date
    Mar 2011
    Location
    New England, USA
    Posts
    1,332
    Thanked: 383
    Blog Entries
    1
    Mentioned
    0 Post(s)

    Raspberry Pi to VPN in 30-minutes






    Turn Your Raspberry Pi into your own personal VPN

    There are many reasons you might want to have your very own VPN. The most obvious being that the internet is not secure and the information you send and receive is open for prying eyes to see. Most of us won't be too concerned with this when browsing from our home networks seeing as it would be a little more difficult for someone to breach your personal network from outside. The bigger concern is for those of us using any public networks like WiFi hotspots. This is where your privacy could be almost non-existent as you can be easily spied on by hackers and even network administrators connected to the same network. Since these attacks are initiated from within the same network, there is very little stopping the attacker. If you aren't the type to use public networks then another possible reason for having your own VPN could be to use the internet securely at work. A VPN creates a secure tunnel from the client to the VPN server and all the information sent through this tunnel is secure because it is out of sight from others and encrypted. This means that if someone could identify you while connected to your VPN, the person wouldn't be able to see what you're doing since any data they may be able to get would be completely unreadable. Another reason for having your own home VPN server is that once it's setup, it's pretty much free for you to use at anytime. I could explain many other reasons to have your own VPN however I think I've made my point so I'll stop here. I hope I've made this simple enough to follow but feel free to ask questions if I'm not clear on any of the steps below.

    Before beginning with this guide you must have a Raspberry pi distro already installed and the basic configuration completed. You can get your distro here (For this guide I'll be using Rasbian "Wheezy"). You will also need a domain name if you aren't provided with a static ip address from your ISP (most of us do not get a static ip from our ISP without paying big $$ for it). You can go the same route as I did by buying a domain name and having a script run on the Raspberry Pi which continually checks your external IP and automatically updates it with your DNS when the IP changes. If that task is above your skill set you can go the route of obtaining a free subdomain from Dnsdynamic and use a ddns client (which I beleive they provide for free) to automatically check and update your IP address with your DNS.

    1) SSH into your Pi as root (use putty if on a windows machine)



    2) Update apt-get repository and install openvpn with udev dependencies

    Code:
    apt-get update
    apt-get install openvpn udev


    3) Copy vars and edit defaults

    Code:
    cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
    edit vars type nano /etc/openvpn/easy-rsa/2.0/vars


    4) Initialize the Public Key Infrastructure and build certificate that will be used to sign client config files.

    Code:
    cd /etc/openvpn/easy-rsa/2.0/
    ./vars
    ./clean-all
    ./build-ca
    5) Generate Certificates and Private Keys

    Code:
    ./build-key-server server
    6) Create private Keys for clients

    Code:
    ./build-key client1
    -Repeat for additional client keys

    7) Generate Diffie Hellman Parameters

    Code:
    ./build-dh


    8) Relocate Secure Keys

    a. Change keys directory ownership and ftp to local computer for easy access and then use any SFTP client to move the files to your computer for easy access as you will need these keys to setup your clients.

    Code:
    chown pi -R /etc/openvpn/easy-rsa/2.0/keys
    * Now move keys and certs to your desktop computer using SFTP (see pic below)





    b. Copy server keys to /etc/openvpn directory
    Code:
    cd /etc/openvpn/easy-rsa/2.0/keys
    cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
    Keep FTP client open you will need to use it again soon!

    9) Configure the Virtual Private Network

    Code:
    cd /usr/share/doc/openvpn/examples/sample-config-files
    gunzip -d server.conf.gz
    cp server.conf /etc/openvpn/
    cp client.conf ~/
    cd ~/
    10) Modify the remote line and client files name in your ~/client.conf file to reflect the OpenVPN server's name. Repeat for all clients.
    nano client.conf





    Code:
    cp client1.conf /home
    cp client2.conf /home
    11) FTP to home directory and copy client.conf files to your computer in the same directory as your keys.



    12) Edit server.conf File

    Code:
    cd /etc/openvpn
    nano server.conf
    Leave everything as default except for:
    uncomment the following:

    push "redirect-gateway def1 bypass-dhcp"
    client-to-client
    log
    Exit and save

    13) Start Openvpn server

    Code:
    /etc/init.d/openvpn start


    14) edit sysctl.conf

    Code:
    nano /etc/sysctl.conf
    uncomment:
    net.ipv4.ip_forward=1
    exit and save

    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    15) Set IP tables rules and MASQUERADE

    Code:
    iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
    iptables -A FORWARD -j REJECT
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    Add the following script to rc.local

    Code:
    nano /etc/rc.local
    #!/bin/sh -e
    #
    # [...]
    #
    
    iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
    iptables -A FORWARD -j REJECT
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    
    exit 0
    Exit and save



    16) restart openvpn server

    Code:
    /etc/init.d/openvpn restart
    17) Forward UDP port 1194 on your router

    Server side is DONE!!!!

    Now it's time to setup your clients....

    The point of this guide is to get your VPN running quickly so I won't get into teaching you how to setup the client side of OpenVPN as there are many different possibilities for that. I will however explain how you can setup an iPhone OpenVPN client since that is something I'll be doing for myself. If you want to setup a windows or linux client you can simply google OpenVPN clients or visit the openVPN website

    iPhone setup

    Download openVPN Connect client from appstore (free)

    make .ovpn file from client.conf (client1.conf, etc.) files stored on your computer



    plug in iPhone to your computer, open iTunes, and navigate to your iPhone.

    choose the apps tab and then choose openvpn
    under openvpn documents choose to add the following files:
    ca.crt, client1.crt, client1.key
    click add again and this time only choose to add the client1.ovpn file you just made.



    on your iPhone open the openvpn app and you will see a screen with a green add autologin profile button. Press the green plus button to add your client profile.
    Now your in like Flynn... Enjoy!






  2. The Following User Says Thank You to streamlinehd For This Useful Post:


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •