Turn Your Raspberry PI Zero into A VPN Server with OpenVPN

Published  August 17, 2020   2
OpenVPN Server on Raspberry PI

When I think about a VPN service, the first thing that comes to my mind is all subscription-based plans. Also, there are numerous ads that YouTube or other OTT platforms always pours on us. However, those services are not the only way through which you can encrypt your online activity.

One-click VPN services are excellent if you are looking for an out of the box solution, but that service comes with a cost and putting the trust of your valuable data to these servers is not safe. So as a cheaper, and safer dilemma, I like to use the popular Raspberry PI zero with PIVPN to make my VPN server and in this tutorial, I will tell you how you can set up your OpenVPN server on a Raspberry PI very simply.

Raspberry pi is a pocket-sized computer and suitable for creating many types of web-based servers like:

What is a VPN?

VPN

A VPN stands for Virtual Private Network which means it gives you privacy online. Initially, VPNs were used by big organizations and governments because of obvious security reasons, but nowadays VPNs are used by everyone because it ensures privacy and data security.

  1. Your locations stay private
  2. Your data is encrypted
  3. You can surf the web anonymously

I decided to set up a VPN server on my home network using a Raspberry Pi. This way I can securely connect to my local network while I am not home. Also, I just don't want to leave an SSH port open for just anybody to hack in.

When you send your data online, a VPN creates a tunnel between you and your called server, it is done by utilizing a second server, when you request a page on the internet without the VPN, it goes directly to your requested server, but with VPN enabled, your request gets encrypted and goes to the server of your VPN provider, and then it goes to your requested server.

Why use a VPN?

To understand what happens when you type a domain name and hit enter, the domain name is a nickname for the websites IP address, an IP address is like your home address but it consists of numbers, not street names, it's so done because its way easy to remember a name rather than a bunch of numbers and a server translates them that's why it's commonly known as the Name Server.

Our computer has an IP address and so does every other device which is connected to our network when we type in a domain name of our choice and hit enter, it goes to a name server translates the data and sends you back the website you have requested. Now the problem is when you send this data to the server, you are not only sending the data but you are also sending your location information and a bunch of other information alongside that.

This is where a VPN comes in, by enabling a VPN, you are adding an extra layer of security to your network. I am not saying it's impossible to break a VPN network, I am just saying it's tougher than normal.

The websites you visit can also gather information, they do this because to understand the demographics but there can be situations you want to protect your privacy, in this scenario, VPNs can protect your data.

There are many VPN services, which provide no logs policy, which means they do not record which sites you visit so if the government decides to ask the VPN provider for your logs, you can rest astute that there will not be any.

Thus VPNs keep your privacy safe and your data secure. 

Types of VPN

Since we are at it, let's look at some of the protocols used by the VPN providers to ensure a secure connection. I am not going to cover all of them, but I will mention the three most popular ones.

  • Point–to–Point Tunneling Protocol (PPTP): PPTP stands for Point to Point Tunneling Protocol and is one of the oldest VPN protocols that lived. It was developed in the mid-’90s by Microsoft. PPTP started coming with windows95 and mostly used in dial-up connections, but time has passed since then and PPTP's basic encryption protocol was cracked. Since then, it's security has been called into question many times. It's very fast because it uses basic encryption techniques but it's less secure than a modern-day VPN protocol.
  • L2TP/IPSec: L2TP stands for Layer 2 Tunneling Protocol and it was the fruit of a joint venture by Microsoft and Cisco. L2TP was created to resolve security issues with PPTP. This protocol did not offer any encryption out of the box and it needed a security protocol to work with so this protocol became extremely secure and had no vulnerabilities. It uses IPSec to implement end-to-end encryption during communication.
  • OpenVPN: OpenVPN is an open-source standard for a VPN protocol it was introduced in 2001 and became popular because it uses (Theoretically unbreakable) AES-256 bit key encryption with 2048-bit RSA authentication and a 160-bit SHA1 hash algorithm. Nowadays it supports major operating systems and its embedded versions are implemented in routers and network devices too.
  • SSTP: SSTP stands for Secure Socket Tunneling Protocol it became popular because it came integrated with windows vista SP1. SSTP utilizes 2048-bit SSL/TLS certificates for authentication and 256-bit SSL keys for encryption. The basic drawback of this protocol is that it is a Microsoft proprietary protocol and solo developers do not have access to the source code.
  • IKEv2: IKEv2 stands for Internet Key Exchange version 2. It is a common VPN tunneling protocol and uses a secure key exchange protocol similar to L2TP (IKEv1), IKEv2 is merged with IPsec for encryption and authentication. This protocol has the advantage of re-establishing a connection quickly once it is lost temporarily making it a perfect choice for mobile and cellular internet connections. 

What You'll Need for Raspberry Pi OpenVPN Server

Requirement for OpenVPN Server

To set this up, you'll need the obvious:

  • A Raspberry Pi (I am using a Raspberry PI Zero)
  • A Wi-Fi adapter or a USB to Ethernet Adapter (I am going to use the Wi-Fi adapter)
  • A USB OTG cable
  • A Power Brick can deliver sufficient current.
  • A micro SD card.
  • USB cable to power it.

Keep in mind that I am going to use the headless setup method to set up the Raspberry Pi. If you want to do it in any other way, you can always attach a monitor and a keyboard but you need a separate USB hub for that and its Messi. 

Setting up the Raspberry pi for VPN Server

Setting up your raspberry pi is very easy and requires very few steps. To set up a raspberry, you need to download the Raspberry Pi OS from the official Raspberry PI website and prepare the SD card and install Raspberry PI OS on it. Learn more about getting started with Raspberry pi here.

Download the Raspberry PI OS: 

Raspberry Pi OS (32-bit) Lite

I am using a Raspberry pi zero, so I am going to download the Raspberry Pi OS (32-bit) Lite image.

Flash the SD Card: 

To flash that, we need a tool called balenaEtcher or you can use your favourite flashing tool.

balenaEtcher

I recommend the portable version since it is not something that we need to install. Open Etcher > Choose Your File > Choose Your Target and just Flash it! And your Done.

Once the Flashing process is finished, you will get a small 250MB partition named boot.

Setup Headless SSH: 

To set up the Headless SSH, you need to create an empty file named ssh. This simple step will enable ssh for the Raspberry Pi.

Setup Headless SSH

Setup Headless Wi-Fi: 

Setup Headless Wi-Fi

To set up Headless Wi-Fi, you need to make a file, named wpa_supplicant.conf and save it into the boot partition, which I have previously mentioned.

The content inside the file listed below:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=<Insert 2 letter ISO 3166-1 country code here>
network={
 ssid="Test_Raspberry-PI"
 psk="12345678"
}

You need to put the SSID and password of your router in the SSID and PSK section.

And That's it for the SD card part, now you need to put the SD card onto your Raspberry Pi and power it up.

Assign a Static IP: 

Assign Static IP

It's really important to assign a static IP address for the raspberry PI, otherwise, it will change dynamically and cause us problems.

In my router, I have an operations tab, by clicking it in the green sign, I can reserve the IP address for the Raspberry Pi. If you are doing this, you need to find the process for your router.

SSH to the Raspberry PI: 

Now it's time to SSH to the raspberry pi and update and upgrade the operating system, to do that, I am going to use the Git Bash from my windows PC. You can use PuTTY if that is your favourite SSH app.

SSH to Raspberry Pi

You need to SSH to your raspberry pi by typing PI@your IP Address, in my case, it was pi@192.168.1.2 and if everything works fine, you will be prompted to enter your password.

SSH to Raspberry Pi

Enter the default password for the Raspberry Pi which is raspberry.

SSH to Raspberry Pi

And everything works fine, then you will be prompted with pi@raspberry bash. Congratulations you have successfully SSH into your raspberry pi.

Now, you need to update and upgrade your Raspberry PI OS, to do that type in the following command and hit enter.


sudo apt-get update && sudo apt-get upgrade

Change the default SSH Password:

After update and upgrade, it is very important to change the default SSH password for the Raspberry Pi else hackers can very easily SSH into your network and break the password.

To do that you need to type in sudo raspi-config and you will be presented with the following screen.

Change Default SSH Password

Hit enter because it's the first option in the list, enter your new password and you are good to go.

Now we will set up OpenVPN by utilizing the PIVPN project on the PIVPN website.

Installing OpenVPN with PiVPN in Raspberry Pi Zero

Because of the PIVPN, installing a VPN on Raspberry Pi is incredibly easy, follow the steps below and you will have a VPN server in no time.

First, Go to the PIVPN website and copy the given curl command.

Installing OpenVPN with PiVPN

Next, SSH into your Raspberry PI and paste in your code and hit enter, this will download & set up all the necessary setup to run OpenVPN.

After that, you will be greeted with the below screen saying it will convert your raspberry pi into OpenVPN.

Convert Raspberry Pi into OpenVPN

In the next screen, it's asking you to set up a static IP address for your Raspberry Pi, we already did that previously so we do not need to do it again. Select Yes and move on.

Static IP Address for Raspberry Pi

Next, we need to specify a Local User for the server.

Local User for Server

Hit enter and you will be presented with the user selection page, choose pi (Which is the default User), and hit enter.

User Selection Page

Next, you need to choose what type of VPN you like to use. It's the open VPN:

Choose OpenVPN

Choose OpenVPN and hit Enter.

Next, it will prompt you to choose a protocol, options are TCP and UDP.

I am using UDP because it is faster than TCP.

TCP and UDP

Next, you need to select the UDP port.

UDP Port

Confirm the settings by selecting yes and hitting enter.

Next, you are prompted to select a DNS provider. I am selecting Google as my DNS provider.

DNS Provider

Next, you will be prompted to select your search domain.

Search Domain

Select yes and hit enter.

After selecting yes, you have to make a dynamic DNS server, this is because we want to access our VPN network outside our home network.

To do so, you need a free dynamic DNS name server, for that, I am going to use dynu. It's free and easy to set up.

Make a free account and you are good to go. Moving on...

Next, you have to enter your dynamic DNS server name and hit enter, if everything is alright, you will receive your public IP address in the raspberry pi console.

Public IP Address in Raspberry Pi Console

I am going to use Open VPN 2.4 or later if you are using something else choose NO.

Open VPN 2.4

Next, choose what type of encryption we want. I am going to choose a 256-bit certificate.

256-Bit Certificate

Next, it's telling us to enable automatic updates for bug fixes and security updates.

Enable Automatic Updates

I am going to choose yes here.

Unattended Upgrades

Now, it will run the code and install everything necessary.

Installing Packages

Finally, you need to reboot your pi and finish the setup process.

Reboot Rasperry Pi

Now we have to log back into the raspberry pi and run pivpn add

Run PiVPN Add

After, the Raspberry Pi reboots log back into the Pi using SSH and run the command pivpn add.

This will create a new VPN profile, we need to create a VPN profile for every device we need to connect to.

When you enter pivpn add into your terminal and hit enter, you will be prompted with some options, which is shown below.

Installing OpenVPN in Raspberry Pi Zero

Now, the file is made and we need to copy it to our desktop so that I am going to use the secure copy method. Run the following command to do so.


scp pi@192.168.1.2:/home/pi/ovpns/test.ovpn /c/Users/your directory/Desktop

Secure Copy Method

When that's done, we need a VPN client for PC, for that, I am going to use the OpenVPN Client software in the OpenVPN community-download page.

Now, when the download and installation process is finished, run it, if you get an error, don't worry, it's just that the software did not find any profile, click ok and you will get a new icon in the system tray of your PC.

OpenVPN GUI

Which looks like the above image, right-click and click import > provide the .ovpn file and click ok. You will get a message 'the import was successful'.

Now all you need to do is wait for a little bit and give the GUI a little time to do its things. After a few moments, you will see a green icon and the VPN should get connected.

Raspberry Pi OpenVPN Server Testing

And, voila! After typing the password, you should be connected to your very own OpenVPN server on Raspberry Pi.

Start browsing with privacy!

Connect to Your VPN From Anywhere.

Have any question realated to this Article?

Ask Our Community Members

Comments

Hey there Debashis, I know this is an old post but I was hoping you could help me with something. I followed all the steps and at the end I got to the client side of the openvpn and I get this error code when trying to connect: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity). TLS Error: TLS handshake failed

Would you happen to know how to fix this and or direct me to where I can get help for it? Really appreciate the easy to follow guide by the way!