Raspberry Pi OpenVPN Server Tutorial

1 of 9

http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial

Raspberry Pi
Tutorials

Watch
ou
Vacanc r
ies

Still Lo
ok
for L

ing for
a

Job?

More In
fo

Categorie: Tutorials

Want 20GB free cloud space? Use my copy.com referral url to gain 20GB free space! Instead of 15GB of you are
not using my referral link

PPTP VPN? Follow my PPTP VPN TUTORIAL!

OPENVPN CLIENT: CLICK HERE

OPENVPN CLIENT FOR ANDROID

8-2-2015 20:08

Raspberry Pi OpenVPN Server Tutorial

2 of 9

http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial

Open Vpn on The Raspberry Pi!

I Installed the openvpn on the 2012-10-28-wheezy-raspbian.zip image.
Did it all trough a ssh putty connection.
I am a totally Linux noob, so I found the open vpn tutorial on the internet, and I got some help from other ppl, thnx
for that!
Lets start.
Just copy the commands 1 by 1, after 1 command just hit the enter key
sudo su
[ENTER]
apt-get update
[ENTER]
apt-get install openvpn openssl
[ENTER]
cd /etc/openvpn
[ENTER]
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa
[ENTER]
apt-get install nano
[ENTER]
nano easy-rsa/vars
[ENTER]
The nano editor pops up, now we gonna change some txt in the file
change
export EASY_RSA=`pwd`
To

8-2-2015 20:08

Raspberry Pi OpenVPN Server Tutorial

3 of 9

http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial

export EASY_RSA=/etc/openvpn/easy-rsa
And watch the signs!

if you changed it, hit the left control + x button on your keyboard. And save the file
. ./easy-rsa/vars
[ENTER]
./easy-rsa/clean-all
[ENTER]
cd easy-rsa
[ENTER]
ln -s openssl-1.0.0.cnf openssl.cnf
[ENTER]
cd ..
[ENTER]
The next steps are building the client/server files. The easyt way is to hit the
enter keys on all questions.
./easy-rsa/build-ca OpenVPN
[ENTER]
./easy-rsa/build-key-server server

8-2-2015 20:08

Raspberry Pi OpenVPN Server Tutorial

4 of 9

http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial

[ENTER]
./easy-rsa/build-key client1
[ENTER]
Build-dh command takes a few minutes. So just wait

[ENTER]
./easy-rsa/build-dh
[ENTER]
nano openvpn.conf
And again you made a new file called openvpn.conf and put this info in it.
(you can add "client-to-client" in the config or not, it is up to you. It allows VPN users to communicate to each other.
This is normally not needed.

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push redirect-gateway def1"
#set the dns servers
push dhcp-option DNS 8.8.8.8"
push dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo

And again watch if the signs!! If there are no signs the file will NOT WORK!

8-2-2015 20:08

Raspberry Pi OpenVPN Server Tutorial

5 of 9

http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial

Hit Left control + x again, and save the file.

Next commands
echo 1 > /proc/sys/net/ipv4/ip_forward
[ENTER]
ifconfig
[ENTER]
With the command ifconfig you can see your network and adapter info. Most of the
times the default adapter name is eth0 and your inet addr This is your
Raspberry Pi IP adres ( the same adres as you connected to with Putty)
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to [ipadres rpi]
[ENTER]
cd ..
[ENTER]
nano sysctl.conf
un-comment (remove the #) from the line containing #net.ipv4.ip_forward=1
(and again quit the nano editor with left control + x and save the file.
cd ..
[ENTER]

sudo /etc/init.d/openvpn start

8-2-2015 20:08

Raspberry Pi OpenVPN Server Tutorial

6 of 9

http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial

[ENTER]
nano newvpn.ovpn
This opens the nano editor again with a new file called newvpn.ovpn
Put this info in the file:
dev tun
client
proto udp
remote YOUR.RASPBERRYPI.IPADRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
Hit left control + X, and save the file.
sudo nano /etc/rc.local
[ENTER]
The nano editor pops up with the rc.local file
Add this 2 lines just above exit 0
iptables -t nat -A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source RASPBERRY.PI.IP.ADRESS
Hit left control + x and save the file.
Now we need to copy the certificates from /etc/openvpn/easy-rsa/keys To another
folder. It dont care witch foler, put it in /etc/openvpn/ for example.
This is the command for copy a folder Just change the folders.cp -rf present/directory /desire/directory
(Dont just copy this command, use your own folders)
Now we gonna use WinSCP to transfer the certificates, and the newvpn.ovpn file to your windows /
android / whatever machine.
Browse to the Copyd key folder, and copy the following files to your computer.

8-2-2015 20:08

Raspberry Pi OpenVPN Server Tutorial

7 of 9

http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial

ca.crt, client1.crt, client1.key

if the copyd key folder wont open, give it 777 rights. (guess 755 is also enough)
Use putty again and browse to the copyd key folder and typ:

chmod -R 777 .
Now close and reconnect with WinSCP, now you can enter the folder.
If you want use the VPN from outside your own network. Then you need to open up
port 1194 (udp) in your router/modem. And change the local raspberry pi ip address
in the file newvpn.ovpn to your external ip address.
Source: http://geeksandtweaks.com/wp/how-to-create-a-vpn-server-on-ubuntu-12-04/
And qwyrp2 Thnx for your time and help!

-------------------------------------------------------------------------------------------------------------------------------------------------------------Ps, If you want to make more certificates. ( you cant use 1 certificate on 2 client devices on the same time )
Navigate to /etc/openvpn/

sudo su
And type:
. ./easy-rsa/vars
[Enter]
./easy-rsa/build-key client2 (or client3, or some other certificate name)

8-2-2015 20:08

Raspberry Pi OpenVPN Server Tutorial

8 of 9

http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial

56 Comments

Anonymous

I found a pretty comprehensive paper that explains not only how to configure an OpenVPN
server on my yRaspberry Pi and how to set up clients. It also what each of the commands
mean and how to maximize the security. It even uses a pretty cool feature called tls-auth to
protect your pie from 0-Day and Denial of service. Here is the link: http://www.sans.org
/reading-ro...

mikesplain

Thanks for this! Worked great for me except I couldn't access the vpn externally... I tested the
udp port via nc and it was being blocked by other iptables. After much searching I found
http://forum.stmlabs.com/showt... which describes the drop rule being added to the iptables
automatically.
All you have to do is edit /etc/network/if-up.d/secure-rmc and add something like
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
right before:
iptables -A INPUT -i $IFACE -j DROP
Hope this helps someone!

dash

can anyone biuld a vpnserver forchinese to connect ?thank you

Scott Miller

If you have access to AWS you can create your own for free.
OpenVPN even has an AMI for it.
instructions at tek-t.com

Raspberryhelp1

Mod

I can be done. But not on the stock 1194 port i guess.

Da-Lugi

root@raspberrypi / > /etc/init.d/openvpn start

8-2-2015 20:08

Raspberry Pi OpenVPN Server Tutorial

9 of 9

http://raspberrypihelp.net/tutorials/1-openvpn-server-tutorial

< Vorige

8-2-2015 20:08