If you are in a public network, for example at university or the airport, your traffic can be recorded and decrypted. To prevent others from doing that you can send your traffic through a secured VPN-tunnel. The VPN-tunnel leads your traffic encrypted to a server which is processing your requests.
In the following tutorial you will learn how to run OpenVPN Server on your Raspberry Pi:
Raspbian or a similar distribution.
To be able to install the latest programversions we should update our packet sources:
sudo apt-get update
Now we are installing OpenVPN and OpenSSL.
sudo apt-get install openvpn openssl
We are switching to the directory of OpenVPN and paste a directory we will be needing later into it.
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa
Now we open the file easy-rsa/vars with nano and apply some changes.
We change the directory, log in as root user and execute some configurations.
ln -s openssl-1.0.0.cnf openssl.cnf
Now we are able to generate the components for the encryption of OpenVPN. After the first input you will be asked for the abbreviation of your country (US = USA, DE – Germany, AT = Austria, CH – Switzerland). All other inputs can simply be confirmed.
The calculation of the last components can take a few minutes.
We have to switch the directory again and create the file openvpn.conf with the following content:
sudo touch openvpn.conf
sudo nano openvpn.conf
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 126.96.36.199"
push "dhcp-option DNS 188.8.131.52"
You can change the DNS-servers to any DNS you like.
Now, create the internet-forwarding for the CPN clients. If you are not using an ethernet-cable (e.g. Wifi) you will have to replace “eth0″ with the name of your network device.
sudo sh -c ‘echo 1 > /proc/sys/net/ipv4/ip_forward’
sudo iptables -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -o eth0 -j MASQUERADE
One of the final steps will be to delete the “#” before net.ipv4.ip_forward=1 in sysctl.conf.
sudo nano sysctl.conf
A part of the above settings have to be endorsed as a crontab to work permanently. Insert following line at the end of the crontab file (replace “eth0″ if you did above):
@reboot sudo iptables -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -o eth0 -j MASQUERADE
Again change to the root-user and to the directory /etc/openvpn/easy-rsa/keys in which we will create the file raspberrypi.ovpn and fill it with the code of the second paragraph. RASPBERRY-PI-IP should be replaced by the IP address of your Pi or, if you are using a DynDNS service, by the given domain.
remote RASPBERRY-PI-IP 1194
Now create a packet with all the needed files for the client, which we will place in /home/pi and give the user pi the needed rights to the file.
tar czf openvpn-keys.tgz ca.crt ca.key client1.crt client1.csr client1.key raspberrypi.ovpn
mv openvpn-keys.tgz /home/pi
chown pi:pi /home/pi/openvpn-keys.tgz
Restart the OpenVPN server.
sudo /etc/init.d/openvpn start
Finished! Now we are able to download the file die openvpn-keys.tar.gz on the client and extract the files to your OpenVPN client folder.
An OpenVPN Client for Windows is: http://openvpn.se/
for Mac: https://code.google.com/p/tunnelblick/
Linux users simply install the packet openvpn