Yes, this is yet another How to for setting up an OpenVPN on a Raspberry Pi device. I put this one together because, personally I tend to document everything I do incase I need to re-trace my steps and also because I tried following a few tutorials I found online and ended up running into little quirks a long the way, like needing to update the system first. So here’s a long step by step on how to get this all set up and going.
I referenced a really great YouTube tutorial which you can view here:
I hit a couple of issues which the fella in the video didn’t seem to hit e.g. I needed to run updates and also set the permissions on my files differently because it didn’t work the suggested way. I think there were one or two other quirks which I had to get around also…but I set it up over 2 months ago, so I honestly can’t remember.
I have some screenshots here but not one for each line. Each line indicates a line to enter in the command\terminal window. I took pictures from my phone and so many came out terrible and were not worth adding. It should still be pretty straight forward to follow.
Before you start. Ensure you’ve got your SD Card (Recommend 8GB) at the ready.
Prepare Device
Download the NOOBS with Network from HERE
Format 8GB SD Card
Extract downloaded NOOBS zip to the SD Card
Insert SD Card into Raspberry Pi system, plug it all in and go.
OS Installation and Configuration
Select to install Raspbian
Click Yes
Installation will commence
Click OK
Raspberry Pi should start up as above, type sudo raspi-config and hit enter
When installed change Overclock to Medium
Navigate to Advanced
Select Memory Split
GPU is set to 64
Change the value to 16
Expand the File System to ensure all 8GB is available
Choose Finish
Choose Yes to Reboot
Login as Username: Pi Password: raspberry
Type sudo apt-get install openvpn openssl
Type Y and Enter
Wait until complete
Type sudo apt-get install rpi-update to see if there’s any firmware updates
Type sudo rpi-update to see if there’s any software updates
Wait until complete
Type cd /etc/openvpn
Type sudo Cp –r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa
Type sudo su
Type cd /etc/openvpn
Type nano easy-rsa/vars
Replace the text that says pwd with /etc/openvpn/easy-rsa
Type . ./easy-rsa/vars
Type ./easy-rsa/clean-all
Cd easy-rsa
Type ln –s openssl-1.0.0.cnf openssl.cnf to create a symbolic link to our openssl file
Cd ..
Type ./easy-rsa/build-ca OpenVPN
Enter Meta-data if you wish
.easy-rsa/build-key-server server
Enter metdata
Just hit enter when prompted for challenge password and company name
Enter Y to create the certificate and y again to commit
Type ./easy-rsa-/build-key client1
Repeate steps of entering meta-data. Hitting enter for challenge password and organization. As well as y to create and y to commit certificate
Type ./easy-rsa/build-dh (this may take a few minutes to complete)
Type nano openvpn.conf
Type in:
Dev turn
Proto udp port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.eky
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push “redirect-gateway def1”
#set the dns servers
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”
log-append /var/log/openvpn
comp-lzo
Ctrl X and yes to save and then hit enter to overwrite the file
Echo 1 > /proc/sys/net/ipv4/ip_forward
Ifconfig
(note the inet addr: e.g. 192.168.0.11 (you should also see eht0…if not you may need to note what it is, for the next command)
iptables –t nat –A POSTROUTING –s 10.8.0.0/24 –o eth0 –j SNAT – to 192.168.0.11
nano sysctl.conf.
Remove the comment from the ipforwarding line
cd..
sudo /etc/init.d/openvpn start
nano newvpn.ovpn
Contents should be as follows:
dev tun
client
proto udp
remote <Your Raspberry Pi’s Public IP address>
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
Open up port 1194 on Router
Sudo nano /etc/rc.local
Between the fi and exit 0 enter the following:
Iptables –t nat –A INPUT –I eth0 –p udp –m udp –dport 1194 –j ACCEPT
Iptables –t nat –A POSTROUTING –s 10.8.0.0/24 –o eth0 –j SNAT –to-source 192.168.0.11
Cp –rf /etc/openvpn/easy-rsa/keys /home/pi
Chown pi:pi /home/pi
Chown pi:pi /home/pi/keys
Chown pi:pi /home/pi/keys/ca.crt
Chown pi:pi /home/pi/keys/client1.crt
Chown pi:pi /home/pi/keys/client1.key
Connect using the internal IP address and pi username and password. I used WinSCP as a free download for Windows.
Copy all three files using SFTP to you client machines. These will be required to connect.
Set IP address of Raspberry Pi in the DMZ
Type curl ifconfig.me back on the Raspberry Pi UI to get the Public IP address
Ready to test!! Fire up your Favorite VPN client (if using MAC you could use the built in client) and give it a whirl. You’ll need to point to the three key files you copied via the SFTP earlier. Enjoy
