This guide will show the necessary steps to get an OpenVPN server running on your Raspberry Pi
First of all you would want to make sure your Raspberry Pi is updated and upgraded. For this tutorial we are going to be running all commands as the root user. To change to the root user enter;
apt-get install update
apt-get install upgrade
After everything has been upgraded and installed the next step is to install openvpn and openssl if you don’t already have it installed.
apt-get install openvpn openssl
Once OpenVPN has been installed, we have to now configure it. Firstly copy the easy-rsa file into the openvpn folder.
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa
Once that has been copied over we need to edit the var file so that when the script runs it put the config files correctly.
Then on line 15 change
Then press CTRL + x and save it.Then you need to clean-all the easy-rsa. This will make sure all files are in place. So next change into the easy-rsa directory.
view the files by typing ls
Then we need to run the clean-all command. But first we need to point it to the vars file. So run;
and then we run the clean-all command
Now to see that that necessary files are there type ls again and hopefully you should see something like this;
Now you have successfully configured your files you need to set up OpenVPN. Run;
ln -s openssl-1.0.0.cnf openssl.cnf
Now we need to create the keys and certificates for the VPN. You can either press enter on all of the certificate prompts or fill them out it makes no difference.
build-dh takes a while so be patient
The next part is making the config file for OpenVPN. To do this type;
Edit this file to look like this;
dev tun #defines which protocol tcp/udp proto udp # #Defines the port to connect port 1194 # #This defines where keys and cert are kept ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh1024.pem # user nobody group nogroup server 10.8.0.0 255.255.255.0 persist-key persist-tun status /var/log/openvpn-status.log verb 3 push “redirect-gateway def1" # #DNS to googles DNS servers push “dhcp-option DNS 184.108.40.206" push “dhcp-option DNS 220.127.116.11" log-append /var/log/openvpn comp-lzo
Then save these files using CTRL + X.
echo 1 > /proc/sys/net/ipv4/ip_forward
When you see your network adapters you want to use for VPN traffic. If you are connected via ethernet port it is usually eth0, the inet address that comes from adapter should be your raspberry Pi’s IP address. We need this information to add to the ip tables.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT –to 192.168.0.2
Tip: Instead of 192.168.0.2 add your raspberry Pi’s IP address
On line 28 you need to remove the # from in front of “#net.ipv4.ip_forward=1” to make it “net.ipv4.ip_forward=1”.
service openvpn restart
Now you have fully configured your OpenVPN server. Now we need to create the files to connect to it.
This editor will create a file called newvpn.ovpn. Enter the following into this file to connect with the vpn.
dev tun client proto udp remote YOUR_NETWORK_IP 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key comp-lzo verb 3
TIP: On line 4 make sure you add your public ip address and not your Pi’s IP
Save this file. Then run;
Add these two lines above exit 0;
iptables -t nat -A INPUT -i eth0 -p udp -m udp –dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT –to-source 192.168.0.2
Now we are up and running. We can copy the keys and certificates to our computer. Simple navigate to /etc/openvpn/easy-rsa/keys and do a copy function for all of the keys you need.
The keys we need are ca.crt, client1.crt, client1.key and newvpn.ovpn
Once these have been downloaded successfully open your client that you are going to use and configure the VPN tunnel.
You can use Tunnelblick for Mac – http://code.google.com/p/tunnelblick/
Use OpenVPN for Windows – https://openvpn.net/index.php/open-source/downloads.html
To make another client just run;
Then copy the client2 keys just like above. Finally dont forget to change the newvpn.ovpn file to point the client2 keys and not the client1 keys.
Thank you if you have any questions please comment below.