Creating a VPN server on Raspberry Pi
Setting up a VPN server with your Raspberry Pi is an excellent way of ensuring secure, private Internet browsing. Here's a detailed guide to help you get started using OpenVPN.
Contents
- Introduction
- Equipment required
- Preparing the Raspberry Pi
- OpenVPN installation
- OpenVPN configuration
- Certificate and key generation
- VPN Client configuration
- Testing and adjustment
- Conclusion
1. Introduction
A VPN (Virtual Private Network) creates a secure, encrypted connection between your device and a server. Using a Raspberry Pi as a VPN server, you can browse the Internet in complete security and access geographically restricted content.
2. Materials required
- Raspberry Pi (model 3 or higher)
- microSD card (minimum 16 GB) with Raspbian installed
- Ethernet cable or Wi-Fi connection
- Power supply for Raspberry Pi
3. Preparing the Raspberry Pi
- Install Raspbian :
- Download the Raspbian image from the official website.
- Use a tool like balenaEtcher to burn the image onto the microSD card.
- Insert the microSD card into the Raspberry Pi and start it up.
- Configuring the Raspberry Pi :
- Log in with the default credentials (user :
pipassword :raspberry). - Update the system with the following commands:
sudo apt updatesudo apt upgrade
- Log in with the default credentials (user :
4. OpenVPN installation
- Installing OpenVPN and Easy-RSA :
- OpenVPN is an open-source VPN server software and Easy-RSA is a PKI (Public Key Infrastructure) management tool:
sudo apt install openvpn easy-rsa
- OpenVPN is an open-source VPN server software and Easy-RSA is a PKI (Public Key Infrastructure) management tool:
- Configuring Easy-RSA :
- Copy the Easy-RSA files to the OpenVPN directory:
make-cadir ~/openvpn-cacd ~/openvpn-ca
- Copy the Easy-RSA files to the OpenVPN directory:
5. OpenVPN configuration
- Modifying Easy-RSA variables :
- Edit file
varsto configure your CA (Certificate Authority) settings:nano ~/openvpn-ca/vars
- Modify the following lines according to your information:
set_var EASYRSA_REQ_COUNTRY "FR"set_var EASYRSA_REQ_PROVINCE "Ile-de-France" (France)set_var EASYRSA_REQ_CITY "Paris" "Paris" "Parisset_var EASYRSA_REQ_ORG "MyOrganizationset_var EASYRSA_REQ_EMAIL "email@example.com"set_var EASYRSA_REQ_OU "MonUnit"
- Edit file
- Build the CA :
- Initialize the PKI and build the CA :
./easyrsa init-pki./easyrsa build-ca
- Initialize the PKI and build the CA :
- Generate certificate and key for Server :
- Create the certificate signing request (CSR) and sign the certificate:
./easyrsa gen-req server nopass./easyrsa sign-req server server
- Create the certificate signing request (CSR) and sign the certificate:
- Generate Diffie-Hellman and HMAC keys :
- These keys add an extra layer of security:
./easyrsa gen-dhopenvpn --genkey --secret ta.key
- These keys add an extra layer of security:
- Configure the sOpenVPN server :
- Create a configuration file for the VPN server:
sudo nano /etc/openvpn/server.conf
- Add the following content:
- Create a configuration file for the VPN server:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA256
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
crl-verify crl.pem
6. Certificate and key generation
- Create certificates and keys for customers :
- Generate a key and certificate for each customer:
./easyrsa gen-req client1 nopass./easyrsa sign-req client client1
- Generate a key and certificate for each customer:
- Create a configuration file for the client :
- Create a file
client.ovpnwith the following content:
- Create a file
customer
dev tun
proto udp
remote your_domain_or_ip 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
auth SHA256
cipher AES-256-CBC
verb 3
-----BEGIN CERTIFICATE-----
# Copy contents of ca.crt
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
# Copy contents of client1.crt
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
# Copy contents of client1.key
-----END PRIVATE KEY-----
-----BEGIN OpenVPN Static key V1-----
# Copy the contents of ta.key
-----END OpenVPN Static key V1-----
7. VPN client configuration
- Configuring the VPN client :
- Install an OpenVPN client on your devices (Windows, macOS, Android, iOS) and import the file
client.ovpn.
- Install an OpenVPN client on your devices (Windows, macOS, Android, iOS) and import the file
8. Tests and adjustments
- Testing the VPN connection :
- Connect to your VPN server from a client device to check that everything is working properly.
- Adjust parameters :
- Adjust security and performance parameters to your specific needs.
9. Conclusion
By following this guide, you now have a working VPN server with a Raspberry Pi. You can surf the Internet safely and access geographically restricted content. Enjoy your VPN server, and don't hesitate to add extra features to make it even more powerful!
