How to Create a VPN Server With Raspberry Pi
When you think of a VPN, you might imagine a subscription service that tunnels your internet traffic through a server located elsewhere in the world. However, those services aren't the only way to encrypt your online activity.
One-click VPN services can be great, and there are a few VPNs we recommend if you want a simple solution that works out of the box. That service comes with a cost, though: usually about $5 to $10 per month, not to mention putting your trust in whoever's on the other end. For a cheaper option that you control, you can set up an OpenVPN server on a Raspberry Pi (or certain routers) and use your own home internet connection as a VPN while you're out and about.
Be aware that you won't be able to spoof your location to an overseas country, or hide your identity from prying eyes (since the traffic will appear to come from your regular home internet connection). However, it will still give you extra security when browsing on public Wi-Fi, and it's rather useful when you need to access your home network for, say, waking up a sleeping PC so you can Remote Desktop in. It's cheap, easy, and well worth doing if you have a Pi lying around.
What You'll Need
To set this up, you'll need the obvious: a Raspberry Pi with all the crucial accessories, like a power supply and SD card. This guide doesn't require a special operating system; you can just use Raspbian, so check out our beginner's guide to the Raspberry Pi for everything you need to know about setting up the basics. (Make sure you change the default password when you first boot up the Pi, as it's extremely important for security—which, after all, is the entire point of this project.)
I recommend having a mouse, keyboard, and monitor for this walkthrough as well—just for the initial setup—though it isn't strictly required. (You can SSH into your Pi to set up your VPN, but you may have to reconnect in the middle of the process, since changing network settings can cause the Pi to lose connection.)
That's all you technically need, though there are a few other things I recommend. First, it's a good idea to set up a DHCP reservation for your Raspberry Pi, so its internal IP address doesn't change over time.
Second, I recommend a dynamic DNS service. In order to access your Pi from afar, you'll need to point it to your public IP address at home. This isn't hard to find, but it can change from time to time, which could break your VPN until you re-configure it. Doing so is kind of a pain, so it's easier to use a dynamic DNS service that gives you an easy-to-remember address instead, which updates whenever your IP address changes.
Check your router's settings to see if it supports any dynamic DNS services like DynDNS or No-IP— some of these are paid subscriptions, but others, like No-IP, are free for limited usage, which should work perfectly for our purposes. We won't walk through the entire process in this guide, but I recommend looking into it if you find your internet provider keeps changing your public IP address and breaking your VPN.
How to Install OpenVPN With PiVPN
OpenVPN is an open-source set of software that allows you to set up a VPN on just about any type of hardware. If you wanted, you could install OpenVPN's Linux server on your Pi and tweak the configuration files manually, but there's an easier solution. PiVPN is a set of open-source scripts that turn OpenVPN's configuration into an easy-to-use wizard, so even if this if your first time working with OpenVPN, you shouldn't have too much trouble getting it set up.
So boot up your Pi, make sure all software is up to date, and open a new Terminal window. Installing PiVPN is as simple as running the following command:
curl -L https://install.pivpn.io | bash
The script will take a few minutes to install OpenVPN, and then it'll walk you through the configuration process. First, it will inform you that PiVPN requires a static IP address, so you can easily access your VPN server when you're out and about. If you set up a DHCP reservation, you can just say Yes when PiVPN asks if you're using one.
After choosing your user (the default Pi user is fine, unless you have another you wish to use), PiVPN will ask whether you want to use WireGuard, a new VPN protocol, or OpenVPN. I'm using OpenVPN for this guide, so use the arrow keys to move the cursor to OpenVPN, then press Space to select it before pressing Enter to continue.
WireGuard is fairly new, and shows a lot of promise, while OpenVPN is more popular and widely supported. If you want to give WireGuard a try, you can read more about it here.
For the next few steps, the default settings are fine for most users. You'll be asked whether you want to use UDP or TDP (you should choose UDP unless you have a good reason for not doing so), what port you want to use (1194 is fine unless something else is using it), and what DNS provider you want to use (any are suitable).
After rebooting, you’ll need to open a Terminal window and run:
pivpn add
Give the configuration file a name (I chose whitson-laptop), set how many days the certificate lasts (the default value is fine), and enter a password of your choice (make sure it's strong). It'll generate an .ovpn file for you under /home/pi/ovpns, which you'll need to connect to your VPN—copy it to your PC and keep it somewhere safe.
PiVPN recommends repeating this process for other devices, so if you have other laptops or phones you want to use this VPN on, re-run this command to generate their own config files now.
Here's where I had to make one edit to my .ovpn file. If you're using a dynamic DNS service like I am, open the file in Notepad (or the text editor of your choice), and replace your IP address in line 4 with your custom URL. If you have problems connecting to your VPN, this is the first line I'd mess with—it's caused problems for me in the past with a number of OpenVPN config generators.
From here, your Pi should be all set, but you'll need to do one more thing before you can connect: forward your VPN's port on your router. This process varies from router to router, but it goes like this: you log into your router's configuration page, find the port forwarding option, and forward port 1194 to the internal IP address of your Pi. You can find more detailed instructions for specific routers at portforward.com.
Connect to Your VPN From Anywhere
You're in the home stretch now because the rest is super easy. To connect to your VPN when you're away from home, you'll need a VPN app, or "client," capable of connecting to your OpenVPN server. OpenVPN has an official client called OpenVPN Connect, which is available on Windows, macOS, Linux, iOS, and Android.
You can grab it from OpenVPN's home page — just scroll down to Get Started with OpenVPN Connect and click the platform of your choice. There are also popular third-party programs like Viscosity(Windows/Mac) and Tunnelblick(Mac) that provide extra options for advanced users. You can see other OpenVPN clients on this page at the OpenVPN community.
No comments:
Post a Comment