raspberry pi openvpn server tutorial
DESCRIPTION
openvpnTRANSCRIPT
-
5/19/2018 Raspberry Pi OpenVPN Server Tutorial
1/9
Categorie: Tutorials
Want 20GBfree cloud space? Use my copy.comreferral url to gain 20GBfree space! Instead of 15GBof you are
not using my referral link
PPTP VPN? Follow my PPTP VPN TUTORIAL!
OPENVPN CLIENT: CLICK HERE
OPENVPN CLIENT FOR ANDROID
Raspberry Pi
Tutorials
StillLookingforaJob?WatchourVacanciesforL M
Raspberry Pi OpenVPN Server Tutorial http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial
1 of 9 8-2-2015 20:08
-
5/19/2018 Raspberry Pi OpenVPN Server Tutorial
2/9
Open Vpn on The Raspberry Pi!
I Installed the openvpn on the 2012-10-28-wheezy-raspbian.zip image.
Did it all trough a ssh putty connection.
I am a totally Linux noob, so I found the open vpn tutorial on the internet, and I got some help from other ppl, thnx
for that!
Lets start.
Just copy the commands 1 by 1, after 1 command just hit the enter key
sudo su
[ENTER]
apt-get update
[ENTER]
apt-get install openvpn openssl
[ENTER]
cd /etc/openvpn
[ENTER]
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa
[ENTER]
apt-get install nano
[ENTER]
nano easy-rsa/vars
[ENTER]
The nano editor pops up, now we gonna change some txt in the file
change
export EASY_RSA=`pwd`
To
Raspberry Pi OpenVPN Server Tutorial http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial
2 of 9 8-2-2015 20:08
-
5/19/2018 Raspberry Pi OpenVPN Server Tutorial
3/9
export EASY_RSA=/etc/openvpn/easy-rsa
And watch the signs!
if you changed it, hit the left control + x button on your keyboard. And save the file
. ./easy-rsa/vars
[ENTER]
./easy-rsa/clean-all
[ENTER]
cd easy-rsa
[ENTER]
ln -s openssl-1.0.0.cnf openssl.cnf
[ENTER]
cd ..
[ENTER]
The next steps are building the client/server files. The easyt way is to hit the
enter keys on all questions.
./easy-rsa/build-ca OpenVPN
[ENTER]
./easy-rsa/build-key-server server
Raspberry Pi OpenVPN Server Tutorial http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial
3 of 9 8-2-2015 20:08
-
5/19/2018 Raspberry Pi OpenVPN Server Tutorial
4/9
[ENTER]
./easy-rsa/build-key client1
[ENTER]
Build-dh command takes a few minutes. So just wait
[ENTER]
./easy-rsa/build-dh
[ENTER]
nano openvpn.conf
And again you made a new file called openvpn.conf and put this info in it.
(you can add "client-to-client" in the config or not, it is up to you. It allows VPN users to communicate to each other.This is normally not needed.
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-clientpush redirect-gateway def1"
#set the dns servers
push dhcp-option DNS 8.8.8.8"
push dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo
And again watch if the signs!! If there are no signs the file will NOT WORK!
Raspberry Pi OpenVPN Server Tutorial http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial
4 of 9 8-2-2015 20:08
-
5/19/2018 Raspberry Pi OpenVPN Server Tutorial
5/9
Hit Left control + x again, and save the file.
Next commands
echo 1 > /proc/sys/net/ipv4/ip_forward
[ENTER]
ifconfig
[ENTER]
With the command ifconfig you can see your network and adapter info. Most of the
times the default adapter name is eth0 and your inet addr This is your
Raspberry Pi IP adres ( the same adres as you connected to with Putty)
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to [ipadres rpi]
[ENTER]
cd ..
[ENTER]
nano sysctl.conf
un-comment (remove the #) from the line containing #net.ipv4.ip_forward=1
(and again quit the nano editor with left control + x and save the file.
cd ..
[ENTER]
sudo /etc/init.d/openvpn start
Raspberry Pi OpenVPN Server Tutorial http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial
5 of 9 8-2-2015 20:08
-
5/19/2018 Raspberry Pi OpenVPN Server Tutorial
6/9
[ENTER]
nano newvpn.ovpn
This opens the nano editor again with a new file called newvpn.ovpn
Put this info in the file:
dev tun
client
proto udp
remote YOUR.RASPBERRYPI.IPADRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
Hit left control + X, and save the file.
sudo nano /etc/rc.local
[ENTER]
The nano editor pops up with the rc.local file
Add this 2 lines just above exit 0
iptables -t nat -A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source RASPBERRY.PI.IP.ADRESS
Hit left control + x and save the file.
Now we need to copy the certificates from /etc/openvpn/easy-rsa/keys To another
folder. It dont care witch foler, put it in /etc/openvpn/ for example.
This is the command for copy a folder Just change the folders.cp -rf present/directory /desire/directory
(Dont just copy this command, use your own folders)
Now we gonna use WinSCP to transfer the certificates, and the newvpn.ovpn file to your windows /
android / whatever machine.
Browse to the Copyd key folder, and copy the following files to your computer.
Raspberry Pi OpenVPN Server Tutorial http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial
6 of 9 8-2-2015 20:08
-
5/19/2018 Raspberry Pi OpenVPN Server Tutorial
7/9
ca.crt, client1.crt, client1.key
if the copyd key folder wont open, give it 777 rights. (guess 755 is also enough)
Use putty again and browse to the copyd key folder and typ:
chmod -R 777.
Now close and reconnect with WinSCP, now you can enter the folder.
If you want use the VPN from outside your own network. Then you need to open up
port 1194(udp) in your router/modem. And change the local raspberry pi ip address
in the file newvpn.ovpn to your external ip address.
Source: http://geeksandtweaks.com/wp/how-to-create-a-vpn-server-on-ubuntu-12-04/
And qwyrp2Thnx for your time and help!
------------------------------------------------------------------------------------------------------------------------------------------------------------
Ps, If you want to make more certificates. ( you cant use 1 certificate on 2 client devices on the same time )
Navigate to/etc/openvpn/
sudo su
And type:
. ./easy-rsa/vars
[Enter]
./easy-rsa/build-key client2(or client3, or some other certificate name)
Raspberry Pi OpenVPN Server Tutorial http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial
7 of 9 8-2-2015 20:08
-
5/19/2018 Raspberry Pi OpenVPN Server Tutorial
8/9
56 Comments
Anonymous
I found a pretty comprehensive paper that explains not only how to configure an OpenVPN
server on my yRaspberry Pi and how to set up clients. It also what each of the commands
mean and how to maximize the security. It even uses a pretty cool feature called tls-auth to
protect your pie from 0-Day and Denial of service. Here is the link: http://www.sans.org
/reading-ro...
mikesplain
Thanks for this! Worked great for me except I couldn't access the vpn externally... I tested the
udp port via nc and it was being blocked by other iptables. After much searching I found
http://forum.stmlabs.com/showt...which describes the drop rule being added to the iptables
automatically.
All you have to do is edit /etc/network/if-up.d/secure-rmc and add something like
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
right before:
iptables -A INPUT -i $IFACE -j DROP
Hope this helps someone!
dash
can anyone biuld a vpnserver forchinese to connect ?thank you
Scott Miller
If you have access to AWS you can create your own for free.
OpenVPN even has an AMI for it.
instructions at tek-t.com
Raspberryhelp1 Mod
I can be done. But not on the stock 1194 port i guess.
Da-Lugi
root@raspberrypi / > /etc/init.d/openvpn start
Raspberry Pi OpenVPN Server Tutorial http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial
8 of 9 8-2-2015 20:08
-
5/19/2018 Raspberry Pi OpenVPN Server Tutorial
9/9
< Vorige
Raspberry Pi OpenVPN Server Tutorial http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial
9 of 9 8 2 2015 20:08