raspberry pi openvpn server tutorial

5/19/2018 Raspberry Pi OpenVPN Server Tutorial

1/9

Categorie: Tutorials

Want 20GBfree cloud space? Use my copy.comreferral url to gain 20GBfree space! Instead of 15GBof you are

not using my referral link

PPTP VPN? Follow my PPTP VPN TUTORIAL!

OPENVPN CLIENT: CLICK HERE

OPENVPN CLIENT FOR ANDROID

Raspberry Pi

Tutorials

StillLookingforaJob?WatchourVacanciesforL M

Raspberry Pi OpenVPN Server Tutorial http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial

1 of 9 8-2-2015 20:08


2/9

Open Vpn on The Raspberry Pi!

I Installed the openvpn on the 2012-10-28-wheezy-raspbian.zip image.

Did it all trough a ssh putty connection.

I am a totally Linux noob, so I found the open vpn tutorial on the internet, and I got some help from other ppl, thnx

for that!

Lets start.

Just copy the commands 1 by 1, after 1 command just hit the enter key

sudo su

[ENTER]

apt-get update

[ENTER]

apt-get install openvpn openssl

[ENTER]

cd /etc/openvpn

[ENTER]

cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa

[ENTER]

apt-get install nano

[ENTER]

nano easy-rsa/vars

[ENTER]

The nano editor pops up, now we gonna change some txt in the file

change

export EASY_RSA=`pwd`

To


2 of 9 8-2-2015 20:08


3/9

export EASY_RSA=/etc/openvpn/easy-rsa

And watch the signs!

if you changed it, hit the left control + x button on your keyboard. And save the file

. ./easy-rsa/vars

[ENTER]

./easy-rsa/clean-all

[ENTER]

cd easy-rsa

[ENTER]

ln -s openssl-1.0.0.cnf openssl.cnf

[ENTER]

cd ..

[ENTER]

The next steps are building the client/server files. The easyt way is to hit the

enter keys on all questions.

./easy-rsa/build-ca OpenVPN

[ENTER]

./easy-rsa/build-key-server server


3 of 9 8-2-2015 20:08


4/9

[ENTER]

./easy-rsa/build-key client1

[ENTER]

Build-dh command takes a few minutes. So just wait

[ENTER]

./easy-rsa/build-dh

[ENTER]

nano openvpn.conf

And again you made a new file called openvpn.conf and put this info in it.

(you can add "client-to-client" in the config or not, it is up to you. It allows VPN users to communicate to each other.This is normally not needed.

dev tun

proto udp

port 1194

ca /etc/openvpn/easy-rsa/keys/ca.crt

cert /etc/openvpn/easy-rsa/keys/server.crt

key /etc/openvpn/easy-rsa/keys/server.key

dh /etc/openvpn/easy-rsa/keys/dh1024.pem

user nobody

group nogroup

server 10.8.0.0 255.255.255.0

persist-key

persist-tun

status /var/log/openvpn-status.log

verb 3

client-to-clientpush redirect-gateway def1"

#set the dns servers

push dhcp-option DNS 8.8.8.8"

push dhcp-option DNS 8.8.4.4"

log-append /var/log/openvpn

comp-lzo

And again watch if the signs!! If there are no signs the file will NOT WORK!


4 of 9 8-2-2015 20:08


5/9

Hit Left control + x again, and save the file.

Next commands

echo 1 > /proc/sys/net/ipv4/ip_forward

[ENTER]

ifconfig

[ENTER]

With the command ifconfig you can see your network and adapter info. Most of the

times the default adapter name is eth0 and your inet addr This is your

Raspberry Pi IP adres ( the same adres as you connected to with Putty)

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to [ipadres rpi]

[ENTER]

cd ..

[ENTER]

nano sysctl.conf

un-comment (remove the #) from the line containing #net.ipv4.ip_forward=1

(and again quit the nano editor with left control + x and save the file.

cd ..

[ENTER]

sudo /etc/init.d/openvpn start


5 of 9 8-2-2015 20:08


6/9

[ENTER]

nano newvpn.ovpn

This opens the nano editor again with a new file called newvpn.ovpn

Put this info in the file:

dev tun

client

proto udp

remote YOUR.RASPBERRYPI.IPADRESS 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert client1.crt

key client1.key

comp-lzo

verb 3

Hit left control + X, and save the file.

sudo nano /etc/rc.local

[ENTER]

The nano editor pops up with the rc.local file

Add this 2 lines just above exit 0

iptables -t nat -A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source RASPBERRY.PI.IP.ADRESS

Hit left control + x and save the file.

Now we need to copy the certificates from /etc/openvpn/easy-rsa/keys To another

folder. It dont care witch foler, put it in /etc/openvpn/ for example.

This is the command for copy a folder Just change the folders.cp -rf present/directory /desire/directory

(Dont just copy this command, use your own folders)

Now we gonna use WinSCP to transfer the certificates, and the newvpn.ovpn file to your windows /

android / whatever machine.

Browse to the Copyd key folder, and copy the following files to your computer.


6 of 9 8-2-2015 20:08


7/9

ca.crt, client1.crt, client1.key

if the copyd key folder wont open, give it 777 rights. (guess 755 is also enough)

Use putty again and browse to the copyd key folder and typ:

chmod -R 777.

Now close and reconnect with WinSCP, now you can enter the folder.

If you want use the VPN from outside your own network. Then you need to open up

port 1194(udp) in your router/modem. And change the local raspberry pi ip address

in the file newvpn.ovpn to your external ip address.

Source: http://geeksandtweaks.com/wp/how-to-create-a-vpn-server-on-ubuntu-12-04/

And qwyrp2Thnx for your time and help!

------------------------------------------------------------------------------------------------------------------------------------------------------------

Ps, If you want to make more certificates. ( you cant use 1 certificate on 2 client devices on the same time )

Navigate to/etc/openvpn/

sudo su

And type:

. ./easy-rsa/vars

[Enter]

./easy-rsa/build-key client2(or client3, or some other certificate name)


7 of 9 8-2-2015 20:08


8/9

56 Comments

Anonymous

I found a pretty comprehensive paper that explains not only how to configure an OpenVPN

server on my yRaspberry Pi and how to set up clients. It also what each of the commands

mean and how to maximize the security. It even uses a pretty cool feature called tls-auth to

protect your pie from 0-Day and Denial of service. Here is the link: http://www.sans.org

/reading-ro...

mikesplain

Thanks for this! Worked great for me except I couldn't access the vpn externally... I tested the

udp port via nc and it was being blocked by other iptables. After much searching I found

http://forum.stmlabs.com/showt...which describes the drop rule being added to the iptables

automatically.

All you have to do is edit /etc/network/if-up.d/secure-rmc and add something like

iptables -A INPUT -p udp --dport 1194 -j ACCEPT

right before:

iptables -A INPUT -i $IFACE -j DROP

Hope this helps someone!

dash

can anyone biuld a vpnserver forchinese to connect ?thank you

Scott Miller

If you have access to AWS you can create your own for free.

OpenVPN even has an AMI for it.

instructions at tek-t.com

Raspberryhelp1 Mod

I can be done. But not on the stock 1194 port i guess.

Da-Lugi

root@raspberrypi / > /etc/init.d/openvpn start


8 of 9 8-2-2015 20:08


9/9

< Vorige


9 of 9 8 2 2015 20:08

raspberry pi openvpn server tutorial

Documents