DarthPi
Posts: 2
Joined: Wed Sep 26, 2018 2:04 pm

Raspbian on Pi 2 as VPN

Wed Sep 26, 2018 2:13 pm

I see a lot of VPN discussion in the groups but I still don't understand something. Why do I need to connect to a VPN service like IpVanish, or OpenVPN? I would like my Pi to encrypt my traffic prior to hitting the Internet. I'm not concerned with accessing my network off-site, I just want encrypted traffic so my ISP or other snoopers cannot see my info when I'm banking, shopping, etc.

Is it possible for the Pi to run as a VPN or some other encryption device without the use of a VPN service?

As you can probably tell, I'm very new to the Pi world and VPNs in general. Thanks.

User avatar
ScoobyDoo
Posts: 108
Joined: Wed Apr 04, 2012 2:52 pm
Location: Staffordshire, UK

Re: Raspbian on Pi 2 as VPN

Wed Sep 26, 2018 5:08 pm

Couple of guides here to setup your PI as a vpn server which will use your VPN service to encrypt all your traffic routed through the PI.

The only issue is speed. Your not going to get much speed through the PI but its sufficient for browsing etc.

Check these out.

http://www.dickson.me.uk/2016/06/21/set ... r-updated/

https://gist.github.com/superjamie/ac55b6d2c080582a3e64

The 2nd link uses PIA vpn but its easily changed to use ipvanish etc.

User avatar
thagrol
Posts: 868
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: Raspbian on Pi 2 as VPN

Wed Sep 26, 2018 8:45 pm

DarthPi wrote:
Wed Sep 26, 2018 2:13 pm
I see a lot of VPN discussion in the groups but I still don't understand something. Why do I need to connect to a VPN service like IpVanish, or OpenVPN? I would like my Pi to encrypt my traffic prior to hitting the Internet. I'm not concerned with accessing my network off-site, I just want encrypted traffic so my ISP or other snoopers cannot see my info when I'm banking, shopping, etc.

Is it possible for the Pi to run as a VPN or some other encryption device without the use of a VPN service?
No.

A VPN (Virtual Private Network) is basically a point to point service. You can't have a single ended one as there'd be nothing to handle the decryption/encryption at the other end.

They work by having software inside your local network the encrypts traffic then sends it to another machine on the internet which decrypts it before sending it on to the wider internet. Incoming traffics is handled the same but in reverse.

What a VPN will do:
  • Bypass any filters, data logging, etc that your ISP has in place
  • Hide you IP address from the server you're connected to
  • Allow you to appear to be in a different country
  • Allow encrypted access to your local network from anywhere on the internet (if you've set up your router and a server)
  • Give added protection from snoopers when using public networks/wifi (e.g. in your favourite coffee shop)
What it won't do:
Give end to end encryption between you and every website, game server, mail server etc on the internet. that's what ssl, https, and ssh are for.

The type of VPN usage most seen around here(hiding from your ISP etc) is not what VPNs were originally designed for. They were developed so that businesses with remote workers didn't need to have a dedicated phone line for each remote worker to use to connect to the company network. And/or to link multiple sites without having a tangle of leased lines. (That's the Private Network part)
Note to self: don't feed the trolls
If you believe "L'enfer, c'est les autres" (Hell is other people) have you considered that it may be of your own making?

itsmedoofer
Posts: 265
Joined: Wed Sep 25, 2013 8:43 am

Re: Raspbian on Pi 2 as VPN

Thu Sep 27, 2018 11:46 am

Hi,

Just a note on speeds, I have a Pi2 running OpenVPN, the same Pi also doubles as a ADS-B receiver, because of the location I have to connect via WiFi, I'm using the new Official Pi Dongle for this.

I typically see 14 - 15Mbps throughput on the Pi with the CPU at about 50%, I would suspect that with an Ethernet connection you could get close to 40Mbs with a bit of playing.... With a PiZeroW I was getting about 8Mbps, it needed a good old dollop of overclock to get there though...

One question I would ask is what makes you trust a VPN provider any more than your ISP with regards to security ? Covering your tracks, hiding activity yes, added protection with regards to banking and shopping, I'm to be convinced..

Regards,
Me.

User avatar
thagrol
Posts: 868
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: Raspbian on Pi 2 as VPN

Thu Sep 27, 2018 12:24 pm

itsmedoofer wrote:
Thu Sep 27, 2018 11:46 am
One question I would ask is what makes you trust a VPN provider any more than your ISP with regards to security ? Covering your tracks, hiding activity yes, added protection with regards to banking and shopping, I'm to be convinced..
Can't speak for the OP but the answer to that is research and careful selection of a VPN provider with a no logs policy. Ultimately though all you're really doing is changing who can log what you're doing. Sure you can hide from your ISP, but don't expect much in the way of enhanced security over the public internet. Whoever has control of the other end of the VPN, as well as any node you end up routed through, can still sniff yopur traffic.

A VPN is not a replacement for https, ssl, etc.

Yeah, you could run both ends of the VPN tunnel (link) your self via different ISPs or by having your own remote server for the VPN but whatever gateway that routes through to the public internet can still log, snoop, and block your data if the operator so desires.

The only added security that a properly configured VPN may give for banking, shopping etc, is that your ISP doesn't know which website you've accessed and the website doesn't know the external IP address of your router.

An insecure website remains insecure even if part of the route to it is via a VPN.

Botton line: unless you want to hide your traffic from your ISP (and/or national firewalls), hide your location or access a private network (e.g. your employer's LAN) over the internet a VPN adds no security to internet usage.
Note to self: don't feed the trolls
If you believe "L'enfer, c'est les autres" (Hell is other people) have you considered that it may be of your own making?

itsmedoofer
Posts: 265
Joined: Wed Sep 25, 2013 8:43 am

Re: Raspbian on Pi 2 as VPN

Sat Sep 29, 2018 7:10 am

thagrol wrote:
Thu Sep 27, 2018 12:24 pm
itsmedoofer wrote:
Thu Sep 27, 2018 11:46 am
One question I would ask is what makes you trust a VPN provider any more than your ISP with regards to security ? Covering your tracks, hiding activity yes, added protection with regards to banking and shopping, I'm to be convinced..
Botton line: unless you want to hide your traffic from your ISP (and/or national firewalls), hide your location or access a private network (e.g. your employer's LAN) over the internet a VPN adds no security to internet usage.
Exactly the point I was trying to make, you made it a lot better though. :)

ejolson
Posts: 2018
Joined: Tue Mar 18, 2014 11:47 am

Re: Raspbian on Pi 2 as VPN

Sat Sep 29, 2018 10:38 pm

itsmedoofer wrote:
Thu Sep 27, 2018 11:46 am
One question I would ask is what makes you trust a VPN provider any more than your ISP with regards to security?
One difference is that most people don't have a choice which ISP they use: They are either run as a monopoly, by the state or by Starbucks. On the other hand, each person has a much greater choice with regards to VPN providers.

User avatar
thagrol
Posts: 868
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: Raspbian on Pi 2 as VPN

Sun Sep 30, 2018 1:07 pm

ejolson wrote:
Sat Sep 29, 2018 10:38 pm
itsmedoofer wrote:
Thu Sep 27, 2018 11:46 am
One question I would ask is what makes you trust a VPN provider any more than your ISP with regards to security?
One difference is that most people don't have a choice which ISP they use: They are either run as a monopoly, by the state or by Starbucks. On the other hand, each person has a much greater choice with regards to VPN providers.
All valid reasons for using a VPN but none of them make the VPN provider any more trustworthy. Like I said above, the onus is on the user to research and select an apropriate service provider.
Note to self: don't feed the trolls
If you believe "L'enfer, c'est les autres" (Hell is other people) have you considered that it may be of your own making?

patrickjburt
Posts: 2
Joined: Wed Aug 01, 2018 12:33 pm

Re: Raspbian on Pi 2 as VPN

Wed Oct 10, 2018 1:08 pm

Installed it with PureVPN, it's just a program like PiHole, won't lose any functionality :D

DarthPi
Posts: 2
Joined: Wed Sep 26, 2018 2:04 pm

Re: Raspbian on Pi 2 as VPN

Sun Oct 14, 2018 12:13 pm

All very good information. Thanks everybody.

bls
Posts: 4
Joined: Mon Oct 22, 2018 11:25 pm

Re: Raspbian on Pi 2 as VPN

Tue Oct 23, 2018 8:19 pm

I've used strongSwan quite successfully, and think it's really great, although I can't speak to the performance aspect. I like it so much that I built a tool to easily manage the CA and user certs/keys. See viewtopic.php?f=36&t=225379

Return to “Networking and servers”