16/10/2020

Learn how to make a Raspberry Pi VPN server using OpenVPN and PiVPN!

The Raspberry Pi has a ton of different uses. Since it’s small and energy-efficient, uses such as a network-attached storage (NAS) device, media server, game server, smart home hub, or any number of Internet of Things (IoT) projects run extremely well on the Raspberry Pi. Since the credit card-sized Raspberry Pi sports a tiny footprint and sips power, it’s ideal for an always-on device. And with superb internet connectivity, whether running on a wireless network or via a wired Ethernet port, the Pi is suitable for handling network traffic. Learn how to build a Raspberry Pi VPN (virtual private network) server!
What is a VPN and Why Should You Use One?
Ok, so what is a VPN? It’s a virtual private network, a means of connecting to the internet with a secure, private connection. Rather than using your IP address, network traffic is routed through a gateway server, so you’ll have public-facing IP address of another location. For instance, you might be located in New York City, but with your VPN, making it look as if you’re connecting in London, UK.
Great, but why should you use a VPN? There are tons of motivations for using a VPN. With an increasing number of snooping ISPs (internet service providers), many users simply want the security of a VPN masking their web traffic. Since you can use VPN servers for different countries, a VPN offers a nifty means of unlocking geo-protected content. Perhaps you’re based out of the UK, but traveling to the United States, and still want to be able to stream the BBC. A VPN can help with that. On public, unprotected Wi-Fi, a VPN adds a layer of security by masking your IP address. Plus, many VPN options alow you to set up a home VPN server for connecting to your home network from anywhere, a useful feature for the likes of server management. (Note: we at Electromaker do not condone illicit activity, so please only use a VPN for legal actions). 
Why use a VPN:

  • Mask your IP address
  • Hide from snooping ISPs
  • Extra security on public Wi-Fi
  • Unblock geo-restricted content
  • Connect to your home network from anywhere

How to Build a Raspberry Pi Raspberry Pi VPN Server
A Raspberry Pi VPN server is pretty easy and cheap to build. You’ll need a Raspberry Pi board, compatible Linux operating system such as the Debian-based Raspbian, a VPN provider, power supply, microSD card for hosting your operating system (OS), and optional but recommended case. You’ll also require an active internet connection, peripherals including a keyboard and mouse, plus a display of some kind. While you can use your Raspberry Pi hooked up to a display such as a monitor, TV, or projector, you might prefer to SSH into your Raspberry Pi instead. 
What you’ll need for a Raspberry Pi VPN server:

  • Raspberry Pi board (Raspberry Pi 4 recommended)
  • Debian-based Linux distribution (distro) such as Raspbian
  • VPN provider (i.e. IPVanish)
  • VPN software i.e. OpenVPN
  • Case
  • microSD card
  • Keyboard/mouse and/or host PC
  • Monitor/TV/projector for a display
  • Active internet connection

Total cost: $35+ USD. You can get started creating a VPN server with a Raspberry Pi for as little as $35. If you opt for a Raspberry Pi Zero or Zero W, that cost lowers even more. I recommend a Raspberry Pi 4, although virtually any Pi board should work. 
Make a Raspberry Pi VPN Server Using PiVPN
Arguably the easiest methods for running a Raspberry Pi VPN server is with PiVPN, an OpenVPN configuration too. As a word of caution: running PiVPN runs a script downloaded from the internet, so you’ll want to trust the source. While I haven’t personally scoured their GitHub codebase, everything seems to check out and it works like a champ on my Raspberry Pi. 
Begin by running an update:
sudo apt-get update && apt-get upgrade
Next up, run the PiVPN installation script:
curl -L https://install.pivpn.dev | bash
If you prefer the unstable test branch, enter:
curl -L https://test.pivpn.dev | TESTING= bash
And that’s it! Sort of. The script launches a PiVPN automated installer. You’ll receive a message informing you that “This installer will transform your Raspberry Pi into an openvpn server!” Click Ok and continue. 
Next up, select a static IP address, then hit Ok. Choose either wlan0 or eth0 for wireless or ethernet respectively. Highlight the option you wish to choose, press spacebar to add an asterisk beside that choice, then hit Ok when you’re ready.
Then, there’s a message asking if you’d like to use your current newtork settings as a static address. You can review your IP address. If you’re satisfied, press Yes and continue.
PiVPN now confirms your IP address settings. Wait a bit, and you should now see a screen asking you to pick a local user to hold your OpenVPN configuration. Click Ok. Then, you should be able to select a user. On my Raspberry Pi, I had one option: Pi. Press the spacebar to select it and an asterisk will appear next to Pi. After that, hit Ok.
You’ll be prompted to enable unattended-upgrades. Select Ok and continue. Next up you can either enable unattended-upgrades or not. Choose either yes or no. Once you’ve proceeded, apt-get will check for upgraded packages, as well as check if OpenVPN is installed. If it’s not installed, PiVPN proceeds to install it. 
If PiVPN begins installing OpenVPN, you’ll see a notification about selecting an OpenVPN port. By default, that’s 1194 but you can change it. I left this unchanged. Press Ok. 
Confirm your OpenVPN port and hit Yes. Select your preferred encryption strength: 2048-bit (recommended, 1024-bit (test level), or 4096-bit (paranoid level). I left this as the recommended 2048-bit level. When you’re satisfied, hit Ok. 
A screen lets you know that default values for fields used in a security certificate will be reviewed. Select Ok, and review the different fields including country, state, city, and more. You can change these, or leave them as-is. I left them unaltered and pressed Ok. Again, confirm that these fields are correct and pick Yes. 
OpenVPN will now create your encryption keys, so click Ok. Wait for your encryption to generate keys. Depending on your level of encryption, this might take a bit of time. Go grab a cup of coffee or a pint, walk your dog, or fire up your favorite video game while you wait. Upon completion, OpenVPN prompts you if you’ve got a public DNS entry you’d like to use versus a public IP address. Select your preferred option, and continue. 
Should you opt for a DNS entry, PiVPN asks you to give your public DNS name. Then, pick a DNS provider such as Google and OpenDNS. Enter that and press Ok. Alternatively, selecting IP address lets you enter your IP address.
Installation is complete, and you can run pivpn add which will create ovpn profiles. You’ll be prompted to reboot your Raspberry Pi so select Yes. 
After restarting, go ahead and update again:
sudo apt-get update && apt-get upgrade
Then, configure your VPN client:
pivpn add
You’ll need to select a name for your client and specify a password that will be used for connecting to this VPN. After you set up your first OpenVPN client, there’s an .ovpn file for the newly-created client, and you need this to log in on a client device. 
Install OpenVPN on the Raspberry Pi
Alternatively, you may prefer to simply install OpenVPN for the Raspberry Pi on a Linux distro such as Raspbian, Debian, Ubuntu, Linux Mint, or another OS.
Begin by performing an update:
sudo apt-get update && apt-get upgrade
Next, install OpenVPN:
sudo apt-get install openvpn unzip
Check that your time zone information is correctly configured:
sudo dpkg-reconfigure tzdata
Select any add-on services, choose your country, region, and protocol, either UDP or TCP. 
Make sure you’re running with root privileges:
sudo -i
And download the OpenVPN set up:
cd /tmp && wget https://files.ovpn.com/raspbian/ovpn-se-gothenburg.zip && unzip ovpn-se-gothenburg.zip && mkdir -p /etc/openvpn && mv config/* /etc/openvpn && chmod +x /etc/openvpn/update-resolv-conf && rm -rf config && rm -f ovpn-se-gothenburg.zip
Then, enter your login user name and password:
echo “USERNAME” >> /etc/openvpn/credentialsecho “PASSWORD” >> /etc/openvpn/credentials
Now, start OpenVPN with:
sudo openvpn –config /etc/openvpn/ovpn.conf –daemon
And check your connection using:
curl https://www.ovpn.com/v2/api/client/ptr | python -m json.tool
To check that OpenVPN is running on your Raspberry Pi, enter:
ps aux|grep openvpn
Now, OpenVPN should be properly installed on your Raspberry Pi. 
OpenVPN Clients and More
In order to connect to your Raspberry Pi VPN server, you’ll need to run client software. For macOS, Tunnleblick is a solid choice. On Windows, you can use OpenVPN. And for Android or iOS mobile devices, OpenVPN Connect is a great option. Once you’ve got a client installed, you need to copy the client configuration .ovpn file to your device. Then, you can connect to your Pi VPN server. 
Run OpenVPN on your Raspberry Pi – Final Thoughts
An OpenVPN Raspberry Pi server works extremely well. Small, energy-efficient, and with a simple OpenVPN installation, the Pi is a fantastic always-on VPN server option.