randloki
Posts: 6
Joined: Sat Dec 30, 2017 4:59 am
Location: Michigan US

VPN OpenVPN ovpn Windscribe for stretch

Sat Jan 06, 2018 1:08 am

It took me awhile and looking at multiple different forums and websites to get my windscribe vpn to work on my pi 3b Stretch Raspbian OS. I have tried this on several fresh installs and updates on stretch. I hope someone finds it useful.

Windscribe Raspberry Pi Stretch latest version 1/4/18

Download Credentials from Windscribe. Save copies to downloads or desktop.

STEP 1. Get your current package list updated:

$ sudo apt-get update

STEP 2. Install the openvpn daemon/package:

$ sudo apt-get install openvpn

STEP 3. Download the needed config files and then copy them to the pi (via scp or FTP), then unzip them into /etc/openvpn (I just downloaded mine right to the pi or used vnc from my laptop)

(your OVPN File such as : Windscribe-US-Germany.ovpn)

$ sudo mv Windscribe-US-Germany.ovpn /etc/openvpn

$ cd /etc/openvpn

STEP 4. Make the up/down script executable

sudo chmod +x /etc/openvpn/update-resolv-conf

STEP 5. Use the following command to get connected (replace config file with the one of the VPN server you want to connect to):

sudo openvpn --daemon --cd /etc/openvpn --config Windscribe-US-Germany.ovpn
#put your vpn config file name exactly as it is in pi.

put in username:
put in password:
(both given on windscribe site).

Check status:

Type: $ curl ipinfo.io/ip


STEP 6. To disconnect run:

$ killall -9 openvpn


Option 1. Enable VPN at boot

sudo systemctl enable [email protected]

Anything not covered please reffer to manual
$ openvpn --help

I am fairly new to linux so I hope I can attribute to the next man as much as the community has helped me. Any suggestions or comments let me know. I may update this is anyone has anything further to contribute.

brianinmaine
Posts: 3
Joined: Mon Feb 12, 2018 4:29 am

Re: VPN OpenVPN ovpn Windscribe for stretch

Mon Feb 12, 2018 4:50 am

I also use Windscribe and just spent many hours trying to configure my setup just as I wanted.
I use a no-ip ddns address on my (Belkin)router with 1 port open for ssh.
My goal was to have the VPN up all the time, but still be able to ssh into the pi through my ddns address so I could tunnel other ports through that.

I came up with a very IN-elegant?? way to do that: I created a script I call /etc/openvpn/onstart:

Code: Select all

#!/bin/bash
sleep 5
ip rule add fwmark 65 table novpn
ip route add default via 192.168.2.1 dev wlan0 table novpn
ip route flush cache
iptables -t mangle -A OUTPUT -p tcp --sport 22 -j MARK --set-mark 65
and I call it with a service file (/etc/systemd/system/VPNrules.service)

Code: Select all

[unit]
Description=VPN rules
Wants=network.target

[Service]
ExecStart=/etc/openvpn/onstart
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=onstart
User=root
Group=root
Restart=always
[Install]
WantedBy=multi-user.target
after starting, enabling, and rebooting, this all seems to work out for me. I can sftp into the pi, all my regular traffic uses the vpn and I can still ssh tunnel ports, like for qbittorrent-nox...

I did check for dns leaks - seems good. Any advice or suggestions are most welcome?
Good luck!

Return to “Networking and servers”