You could be searching for a subscription service that provides a VPN if you wish to secure your internet connection while using public networks to browse the web. These VPN services are simple and work right out of the box, but they are often pricey, require monthly payments, and require you to place your trust in them since they have access to all of your network activity if they so choose. What if there was a less expensive and safer alternative? Setting up a Raspberry Pi as a VPN server will just take a few minutes if you already have one on hand. In this article, we'll show you How to setup a Raspberry Pi OpenVPN gateway.
What You Need to Setup a Raspberry Pi OpenVPN Gateway
There is nothing super special that you will need to Setup a Raspberry Pi OpenVPN Gateway; all the bits and pieces that I made use of are listed below.
- Raspberry Pi
- Micro SD Card or an SD card if you’re using an old version of the Pi.
- Ethernet Cable or Wi-Fi
Getting Prepared for Your VPN Server
There are a few things we need to go through to ensure that you are ready to setup raspberry pi OpenVPN Gateway gateway before we get started.
It's crucial to know that I'm using a fresh version of Raspbian for this tutorial. My article on installing Raspbian is quite helpful if you're new to all of this, haven't installed it yet, and would like to learn how to do so.
When you start setting up a VPN, be sure you need one since it may serve as a gateway into your home network.
If you do intend to use a VPN, make sure all of the devices on your home network are secure and that you aren't sharing any sensitive information inside your local network that you wouldn't want others to have access to.
Preparing your VPN Server’s IP Address
Choosing between a static IP address and a dynamic IP address is crucial; setting up a VPN for a static IP address is a simple procedure that doesn't involve any additional work.
But, a dynamic DNS service is required if you wish to use a dynamic IP address.
Decide whether to use your domain name or a free one if you decide to go the dynamic DNS service route.
If you wish to make use of your own domain name, you may use a service like CloudFlare; if you're going to make use of a free subdomain, a service like no-ip.org will be useful for you.
Note the domain name you set up for either Cloudflare or no-ip.org, since you will need it later in the tutorial.
Port Forward for your Raspberry Pi VPN
Before you start setting up your Raspberry Pi, the third important step is to port forward the OpenVPN software.
You must forward port 1194, which is the default. Note the port you set since you will need it later in the tutorial. You must for UDP as the protocol for this port.
We recommend looking up your router's port forwarding settings if you are unsure of how to port forward on your router.
Installing the VPN Server
1- Installing the software, creating the encryption keys, adding the port to the firewall, configuring the Raspberry Pi to maintain a static IP address, and much more is often required while setting up a Raspberry Pi VPN server.
Fortunately for us, there is a far simpler way to set up a Raspberry Pi VPN server thanks to an install script called PiVPN, which takes care of all the technical details of setting up a VPN and reduces the risk of making errors.
The default Pi user's password should be changed before we get started. This is to ensure that even if someone managed to gain access to your VPN, they would not have easy access to your Raspberry Pi.
2- The process of setting up our VPN server on the Raspberry Pi may now begin with the updated password. Running the command below downloads and runs the install script from PiVPN's GitHub page, allows us to begin this process.
Running a script straight from a URL is often a poor idea since it may be a simple way for someone to gain access to your Raspberry Pi and do significant harm.
But this is a trusted source that we have checked; if you want to check out the code for yourself, simply go to the location of the script.
curl -L https://install.pivpn.io | bash
3- The following screen should appear once you have run the aforementioned command. You'll see some text on this screen telling you that you're going to install OpenVPN.
You must press the ENTER key to proceed to the next screen.
4- The next screen explains that you must set up a static IP address for your VPN.
This is done so that the Raspberry Pi will try to use the same IP address when it is restarted. You might potentially lose local IP access to your VPN if the local IP changes.
5- Select <Yes> to set the existing IP gateway and static address.
Select <No> if you are unhappy with the IP address that is shown on this page.
6- This screen warns you that there is a possibility that your router may provide the IP address to another device.
You may prevent this by using DHCP reservations. Yet, the majority of routers are smart enough to prevent the issue.
To proceed, select <Ok> and press the ENTER key.
7- This screen explains that we must set up a user who will be responsible for owning the OpenVPN configuration files.
To proceed to the next screen, select <Ok> and then press ENTER.
8- Our Raspberry Pi's VPN config files will be listed by users.
Pi user will be used in this tutorial. Use the ARROW keys and SPACEBAR to select another user if you wish to.
Press the ENTER key to proceed after you are satisfied with your option.
9- On your Raspberry Pi, you will now be asked to select the type of VPN you wish to install.
WireGuard and OpenVPN are the two possibilities.
OpenVPN on our Raspberry Pi will be used for this tutorial (1.). You may select it using the ARROW keys and the SPACEBAR.
Press the ENTER key to proceed after selecting OpenVPN (2.).
10- You now have the option to decide whether you wish to modify the OpenVPN installation on your Raspberry Pi.
For the majority of users, the setting selected by the PiVPN team is optimal. Nevertheless, if you'd like, you may change them.
We're going to stick with the default settings for our tutorial.
Select <No> then press the ENTER key to proceed.
11- Selecting the port via which OpenVPN will operate is now our next step.
We're going to stick with the default port of 1194 for this tutorial. Only if there is a compelling reason should you alter the port.
After the port has been specified, select <Ok> and then press ENTER.
12- During your OpenVPN installation, you will be asked to confirm the port you set.
Select <Yes> to proceed if you are happy with the port you have selected.
13- Selecting a DNS provider is the next step. An IP address is generated from a URL, such as https://pimylifeup.com, by a DNS provider.
Cloudflare's DNS server will be used in our tutorial. Every day, Cloudflare wipes its records and does not keep track of the IP address that made the request.
Use the ARROW keys to select Cloudflare or another DNS provider (1.).
To select a DNS provider, press the SPACEBAR key while it is highlighted in your cursor.
You may press the ENTER key to proceed after you are happy that you made the appropriate choice.
14- You must decide whether to use a DNS name or your public IP address.
We recommend using the public DNS name option if you are using a dynamic IP address. If you want help with this, you may refer to our guide on setting up dynamic DNS on the Raspberry Pi.
We'll stick with our public IP address for this guide since we're using a static IP address.
With the ARROW key combinations, you may choose between the available choices. Press the SPACEBAR key to select it after you've found the one you want.
15- The PiVPN script is going to produce both the HMAC key and the server key, as stated in the next step.
These keys are part of what makes up the encryption part of your Raspberry Pi's VPN.
To continue reading the guide, press the ENTER key.
16- You will now be presented with a simple explanation of unattended upgrading.
The Raspberry Pi OS will now automatically download security package updates every day thanks to this functionality.
To proceed to the page where this setting is configured, press the ENTER key.
17- Selecting <Yes> will allow unattended upgrades on this screen, which we strongly recommend. By enabling this, you can ensure that your Raspberry Pi always has the most up-to-date software.
A significant security risk to your Raspberry Pi's VPN and potentially your home network might result from leaving this function switched off.
To confirm your set settings, press the ENTER key once you're done.
18- You have now completed the installation of the Raspberry Pi OpenVPN Gateway.
You have now around 90% completed this setup guide, although there are still a couple more tasks you must accomplish to authorize connections.
19- A screen requesting that we reboot the Raspberry Pi will now appear in front of us.
By pressing the ENTER key, select <Yes> on the next two screens.
After installing OpenVPN, a critical step is to restart your Raspberry Pi.
Read More: How to Make a Raspberry Pi Print Server
Setting up your first OpenVPN User
1- Typically, setting up a user for OpenVPN would be a painful process since you would have to create unique certificates for each user, but thanks to PiVPN, we can accomplish this in a single command.
Run the command below to begin adding the user:
sudo pivpn add
The client's name will serve as an identifier on this screen, allowing you to distinguish between different clients.
It will also prompt you to set a password for the client, and it is important to make this something secure and difficult to guess since this will compromise the encryption key.
So, it severely reduces the security of your VPN if someone can simply guess the password.
If you press enter on these, the PiVPN script will tell Easy-RSA to create the 2048-bit RSA private key for the client and then store the file in /home/pi/ovpns.
To transfer the produced file to our devices, we will need to gain access to the folder /home/pi/ovpns in the next several stages.
As your sole way to access your VPN, make sure you safeguard these files.
2- We now need to get our new OpenVPN client onto the device we intend to connect from once it has been set up for OpenVPN with our password.
The simplest way to do this is to make use of SFTP from inside your home network.
Before continuing with this tutorial, make sure you have a program installed that can handle SFTP connections, such as FileZilla.
Let's log into our Raspberry Pi using SFTP to get things started. Remember to type sftp:// before the IP address of your Raspberry Pi.
Use the command hostname -I in the terminal if you don't know your Raspberry Pi's local address.
Press the quick-connect button after you've provided your IP address, username, and password.
3- We need to look for the ovpns folder once you have successfully logged in since this is where the file we need may be found.
Double-click the folder once you've found it.
4- Drag the desired .ovpn file to a safe location on your computer, and we're done. Save this file safely since it includes the information we will need to connect to the VPN.
That is also the only way someone may potentially gain access to your VPN; therefore, keeping the passphrase and the important file secure is crucial.
Someone might potentially damage your network if they gain access to it.
5- Now that we have the .opvn file on our device, we can use it to make a connection to our VPN.
Everything we need to make a secure connection is stored in the .opvn file. It includes all the necessary encryption information as well as the web address to connect to.
Your passphrase is the only thing it does not include, so you will need to input it when you connect to the VPN.
The official OpenVPN client, which you can get from their official OpenVPN website, is the client we're going to use.
Download and install this client. The first time you run it, it will minimize the taskbar. Select “Import File…” after right-clicking the icon.
6- You will be presented with a file explorer screen; navigate to the location where you previously stored the .opvn file.
To import the file into the OpenVPN client, double-click it once you've found it.
7- The file has been successfully imported into OpenVPN, and you should now be presented with a prompt telling you so.
To proceed, just click the “OK” button.
8- Click the “Connect” button after right-clicking the OpenVPN client icon on the taskbar once again.
9- The data located in the .opvn file will now be attempted to be read by the OpenVPN client.
It will now prompt you to input the passphrase you set earlier in this lesson, as we already have one set.
Click the “OK” button after you are convinced that you have entered the right passphrase.
10- The OpenVPN client will now try to connect to the VPN server on your Raspberry Pi. If the OpenVPN symbol turns solid green, it means you have successfully connected to your VPN.
That means something is causing the connection to fail if it turns yellow and then fails to turn green after 60 seconds.
In most situations, port-forwarding issues have caused connection failure. Numerous issues with port-forwarding exist, for example, with my router.
To obtain help with any issues you may be having with port forwarding, it is simplest to Google your router's model number.
It's advisable to confirm that your ISP isn't restricting the port you plan to use since some ISPs (Internet Service Providers) also block specific ports.
Make sure your dynamic DNS service is appropriately updated with your latest IP address if you're using one. The connection will break down if the IP address has changed but the DNS setting hasn't.
By now, you should have a VPN that is fully functional and that you can connect to successfully.
Uninstalling the VPN from your Pi
1. Simply use the following command on your Raspberry Pi if you wish to remove your VPN for whatever reason:
To uninstall the VPN tunnel, this command will use the pivpn software.
sudo pivpn uninstall
I hope that this tutorial has helped you set up a Raspberry Pi VPN server and that you haven't encountered any issues. Anybody who wishes to set up a low-cost, always-on VPN network should consider it.
Please don't hesitate to leave a comment below if you have any suggestions, advice, or issues that you would like to share.