Cybersecurity is a growing concern. As homes and offices are more connected than ever, the risk of cyberattacks, identity theft and hacking has increased significantly.
A network has multiple smart devices connected to each other and to the Internet. In the event of a cyberattack, every connected device will be at risk. An effective way to secure a home or office network is to use a virtual private network, or VPN.
A VPN hides your IP address by redirecting the network through a remote server run by a VPN host. This private network essentially disguises online identity and encrypts Internet traffic reaching this network. It does this so well that even an Internet Service Provider (ISP) or any third party cannot decipher which websites you visit or what data you download or upload online.
A virtual private network is ideal for protecting someone's identity, securing data transfers, encrypting online data, and allowing users to access geographically restricted web content.
There are many different types of VPNs, but these three are the most common:
- SSL VPN – implemented through any HTML-5 browser and available for almost all operating systems. This type of VPN is accessed through browser authentication with the help of username and password.
- Site-to-site VPN – guarantees secure and encrypted communication between two separate networks (or intranets) of the same company. Operates between two LAN/WAN networks within the same premise.
- Client-to-Server VPN – implemented through a VPN client installed and configured on a computer. This is the most common and efficient VPN. It connects you to the Internet directly through the VPN host instead of an Internet Service Provider.
VPN client servers can be installed and configured on personal computers such as Raspberry Pi (RPi). The RPi serves as a gateway to the Internet while protecting and encrypting all access to smart devices.
In this article, we will install and configure OpenVPN, a VPN client, on the Raspberry Pi. The RPi can operate 24/7 without consuming much power, making it a cost-effective option. Once the VPN is set up, you will have access to your smart devices wherever you are, at home or away.
Required components
1. Raspberry Pi
2. MicroSD Card
3. Keyboard and mouse (for installation and configuration only)
4. Monitor and HDMI cable (for installation and configuration only)
5. Ethernet or WiFi cable
Prerequisite
Before starting, the Raspbian operating system must be installed on the Raspberry Pi. The VPN client is a software application that runs on the operating system. Any Debian Linux derivative can run on RPI as an operating system. Raspbian is the official microcomputer operating system and the easiest to install and work with. It does not require manual configuration of features such as keyboard layout, region and language.
Remember, once you set up a VPN on Raspberry Pi for your home or office network, all your computers and smart devices will be connected to each other. So make sure everyone is safe before proceeding.
VPN server IP
An IP address is required for the VPN, which can be a static or dynamic IP address. Configuring VPN for a static IP address is simple, while a dynamic IP requires a domain name service (DNS). The domain name can be yours or free (check out no-ip.org for free).
Port forwarding on the RPi
After obtaining an IP address for the VPN, port forwarding the OpenVPN application is the next step. The default port for OpenVPN is 1194. The protocol used by this port is UDP.
Here are the steps:
1. On a computer connected to your home/office network, open the router administration page in a web browser. The router's IP is 192.168.1.1 or 192.168.1.254.
2. On the router administration page, enter the username and password. Typically this is set to admin and admin respectively.
3. After logging into the router administration page, navigate to forwarding -> virtual server.
4. On this page, there are service port, IP address, internal port, protocol and status options. These settings will forward internet traffic from the specified port to the port on the Raspberry Pi.
Observation:
- The service port is the external port
- The IP address is the IP address of the Raspberry Pi
- The internal port must be configured to the Raspberry Pi application port
- The protocol is the Internet protocol used by the application port, which must be set to ALL unless specified
- The status must be set to enabled
- For OpenVPN, set the internal port to 1194 and the protocol to UDP.
Installing the VPN server
Setting up a VPN server on Raspberry Pi involves several steps. For example, you need to install the VPN application, generate the encryption keys, add a port to the firewall, set a static IP for RPi, and so on.
This all gets complicated. An easier method is to use a script for installation. Fortunately, the PiVPN script is available for Raspberry Pi models, simplifying processes and reducing the chance of errors.
Let's start by changing the Raspberry Pi password. After configuring a VPN server on the RPi, anyone can access the computer through the VPN, so it is important to change the default password.
To do this, open Terminal and run the following command.
password
After changing the RPi's default password, download the PiVPN script from GitHub by running the command below in Terminal.
curl -L party
After downloading the script, the following screen will appear.
Press 'Enter' to start the script installation.
The next screen will explain that you must configure a static IP for your VPN to work properly. When the Raspberry Pi restarts, it will try to use the same IP address. If the IP address is changed, access to the VPN will be lost. Press 'Enter' to continue.
Next, you will be asked if you are using a DHCP reservation on your router. If you are unsure, select 'No' to continue. Also select 'No' if you do not want to set the displayed address as your VPN's IP.
However, to set your current IP address and gateway to static, select 'Yes'.
If you selected 'No', a screen will appear warning you that your router may assign the IP address to another device. Most routers can resolve this on their own. Select 'Ok' and press 'Enter' to continue.
The next screen will ask you to define a user who will own the OpenVPN configuration file. Select 'Ok' and press 'Enter' to continue.
The following screen will present a list of users — one of which can be selected to own the OpenVPN configuration file. (If there is more than one Raspberry Pi user, the full list of users will be displayed. If there is only one standard user, it will be displayed alone.)
The list can be navigated using the arrow buttons. Choose the correct user by pressing the spacebar. After selecting a user, press 'Enter'.
You will be asked what type of VPN you want to install on the Raspberry Pi. There are two options available: WireGuard and OpenVPN. Use the arrow keys to navigate to OpenVPN and select it by pressing the spacebar. Then press 'Enter'.
Next, you will be asked if you want to customize your OpenVPN settings. The settings chosen by the PiVPN script are ideal for most users and do not need to be changed unless necessary. Select 'No' and press 'Enter' to continue.
You must select the port on which OpenVPN will operate. By default, port 1194 is selected and displayed on the screen. It is recommended to continue with this default port. Select 'Ok' and press 'Enter'.
You will be asked to confirm the port for the OpenVPN installation. Select 'Yes' and press 'Enter'.
You will see a list of DNS service providers. Choose the DNS provider with the URL of your VPN's IP address. You can scroll through the list using the arrow keys and select the correct DNS provider by pressing the spacebar.
Here we select “cloudfare” as our DNS provider. Then select 'Ok' and press 'Enter'.
Then decide whether you want to use a public IP address or a DNS entry. If you are using a dynamic IP address, use the DNS entry. Otherwise, choose static public IP address.
In our example, we are using a static public IP address. Scroll through the options using the arrow keys and select one by pressing the spacebar. Then select 'Ok' and press 'Enter'.
A screen will appear informing you that the server key and HMAC key will be generated. Select 'Ok' and press 'Enter' to continue.
An explanation of unattended updates is provided below. It will automatically download security suite updates daily. Select 'Ok' and press 'Enter'.
You will be prompted to enable unattended updates. Select 'Yes' and press 'Enter' to confirm the updates. It is important to do this to protect the Raspberry Pi from any security risks.
The next screen should show that the OpenVPN installation is complete. Select 'Ok' and press 'Enter'.
Finally, a screen will appear asking you to restart the Raspberry Pi, which is necessary to complete the installation. Select 'Yes' and press 'Enter' to restart the RPi.
An OpenVPN username
After completing the OpenVPN installation, you can use the server. But first you need to set up an OpenVPN user. Typically, this is a complicated task that involves generating individual certificates for each user.
Fortunately, with PiVPN, all of this can be done with a single command, as follows.
sudo pivpn add
You will be asked to enter a name for the client, which will act as an identifier to differentiate VPN users. You will also be asked to enter a password. Choose a secure password and press 'Enter'.
The script will launch Easy-RSA to generate a 2048-bit RSA private key for the client and store it in the file in the /home/pi/openvpn folder.
Now, you have a client configuration for OpenVPN. We will also need to connect the VPN server to your home/office network and your smart devices. This can be done using a secure file transfer protocol (SFTP) within your local network. You must install a file server program such as FileZilla for this.
Before starting FileZilla, get the IP address of your Raspberry Pi by running the following command in Terminal.
hostname -I
Once complete, open FileZilla on your computer and enter the IP address of the Raspberry Pi preceded by 'sftp://' in the Host tab. Enter your Raspberry Pi username and password and tap the 'Quick Connect' button.
After logging in, locate the openvpn folder and double-click on it.
Find the .opvn file in the folder and drag it to your desktop or to a new folder on your computer. This .opvn file will be used to make a connection to the VPN server. The file stores all the data required for a secure connection to the OpenVPN IP address and encryption keys. The only thing it doesn't contain is the password for connecting to the VPN.
Next, download the official OpenVPN client from this link and install the client on your computer. After running it for the first time, you will find it on the taskbar. Right-click the OpenVPN client icon and select 'Import file'.
A file explorer window will appear on your computer. Go to your desktop or the folder where you downloaded the .opvn file.
Double-click the file to import it into the OpenVPN client. When the file is successfully imported, you will receive the message below.
Right-click the OpenVPN client icon on the taskbar and click the 'Connect' button.
The openVPN client will read the data from the .opvn file and you will be asked to enter the password. Enter it and click 'OK.'
The OpenVPN client will connect to the Raspberry Pi's OpenVPN server. The OpenVPN icon on the taskbar will turn green when successfully connected to the VPN host. You now have a working VPN that you can connect to over the Internet.
Uninstalling the VPN
If for some reason you want to remove the VPN server from your Raspberry Pi, run the following command in the terminal.
sudo pivpn uninstall
You will be asked if you want to remove each package and remove automatic updates. Select 'Y' for all. The Raspberry Pi will restart after the uninstallation is complete.
