Security, security,,,, privacy, privacy, ipv6 leaks, big brother yada yada yada … Lets build VPN.
PiVPN Project has made setting up VPN server on Raspberry Pi quite straight forward.
But before there are some prerequisites. First you need open ports on your VPN server connection. Static IP is recommended and knowledge how to route ports on your router.
Heads up!!! Part of the tutorial (key generation) may take up to several hours.
- We will run bash script from pivpn project homepage:
curl -L https://install.pivpn.io | bash
Remember its never safe to run bash scripts from internet 😉 .
- Now Just follow the instructions on screen.
First selection is the network interface.
- Next question is if you wish to set up static ip. Select Yes.
If you have read my previous tutorials you actually know how to manually set up static IP on your Raspberry Pi.
- Choose user (default: pi)
- Unattended Upgrades: Yes
- Protocol: UDP
- Now you are prompted the port selection. This will be the port that openVPN starts to listsen for connections and port you need to route to your Pi from router. Default is 1194 but you can choose what you wish. Now sometimes it is better to choose different port because if somebody scan-s default openvpn port on your network they will find the server. So for defence +5 its recommended to use different port,
- Next selection is encryption strength.
Select 2048 or for paranoid 4096. IMPORTANT !!! Key generation step will take long time. For 2048 it is minutes to 3 hours and for 4096 up to 24 hours so choose wisely.
- Now you can choose public ip or dns. I chose public IP despite having dynamic IP. Because my service provider changes the IP address of my connection rarely I can choose IP and if my IP will ever change I can change PiVPN IP settings from file: /etc/openvpn/easy-rsa/pki/Default.txt . Remember if you change IP you have to regenerate ovpn files. Now if you have service like noip you can choose DNS Entry and enter your address.
- Next select DNS provider: Default: Google
- Ok And Done.
- Next we will create OpenVPN client file. Run:
When creating the .ovpn file, you will be asked for a pass phrase. This pass phrase will need to be entered each time you use your VPN client to connect to your Raspberry Pi VPN server. I suggest you use a strong and long pass phrase since the client .ovpn encryption file and the pass phrase are your only weaknesses for someone hacking your Raspberry Pi VPN Server. Keep your configuration/encryption file safe.
- The final step you will want to do is to forward your Raspberry Pi’s VPN port on your router. The default port you need to forward will be 1194 unless you changed this port in the PiVPN setup. Google “port forwarding” and your router name to find out how to do this for your own router.
In some cases when the ip and/or subnet of your target network is same with your client network you may experience connection and speed issues. Example: Your home router internal IP (router the vpn server is connected to) is 192.168.1.1 and also the remote location you use your VPN client has router with IP 192.168.1.1.
Solutions: Change either the remote location internal IP and if that is not possible change your local network internal IP address. I changed the remote routers IP to 126.96.36.199 and this solved the problem.