matteos1
Posts: 23
Joined: Wed Feb 25, 2015 6:39 pm

Re: How to set up a Raspberry Pi VPN server

Thu Feb 18, 2016 12:52 pm

hi, but the link give an error. page not found

ccclapp
Posts: 14
Joined: Sun Jan 31, 2016 4:46 am
Location: Boston

Re: How to set up a Raspberry Pi VPN server

Thu Feb 18, 2016 12:59 pm

Hi, I'm sorry if the link did not work I am pasting it here again…

https://github.com/StarshipEngineer/OpenVPN-Setup

Siamak
Posts: 68
Joined: Sat May 31, 2014 1:48 pm

Re: How to set up a Raspberry Pi VPN server

Thu Feb 18, 2016 3:28 pm

Thanks for the reply, we may be talking about different files, the file I managed to download is called "StarshipEngineering-master.zip" is it the one? if it is the Readme file is very small and has no instructions in it at all.

Would it be possible to have a link to an appropriate site for the ZIP file please, I really appreciate it.

Cheers

Siamak

P.S. The size of the zip file is about 9Kb and the Readme.md file is 263B

ccclapp
Posts: 14
Joined: Sun Jan 31, 2016 4:46 am
Location: Boston

Re: How to set up a Raspberry Pi VPN server

Thu Feb 18, 2016 3:32 pm

...there is no zip file. What I linked you to is an auto-install of OpenVPN. All you do is EXACTLY follow the Readme instructions. You do not download anything. The commands given in the readme download and install everything for you!!!

Get it?

Siamak
Posts: 68
Joined: Sat May 31, 2014 1:48 pm

Re: How to set up a Raspberry Pi VPN server

Thu Feb 18, 2016 3:53 pm

Great Thanks I will give it a try soon.

Cheers

Siamak

gido5731
Posts: 2
Joined: Sun Jan 10, 2016 8:35 pm
Location: Land of Butts
Contact: Website

Re: How to set up a Raspberry Pi VPN server

Wed Mar 23, 2016 3:13 pm

Hey, thanks for making this, i have 1 issue, but I may be overlooking something... So Im on mac and Im trying to connect, on the openVPN website they say something about some "https://yourvpnhostname.com" but i never remember making one... I did all the setup on the pi, no errors, the pi is already running wifi too... :?:


[Edit] I did intend for it to run wifi

jtetra5
Posts: 8
Joined: Sat Aug 13, 2016 9:53 pm

Re: How to set up a Raspberry Pi VPN server

Tue Aug 16, 2016 10:35 pm

Hello all! I recently set up and installed OpenVPN on My Raspberry Pi 3, that has the Raspbian Jessie OS. However, I used the following website to install it: http://www.bbc.com/news/technology-33548728

From the RPi Terminal, I run

Code: Select all

sudo service openvpn start
, and then

Code: Select all

sudo service openvpn status
, which produces the following output:

Code: Select all

root@raspberrypi:/etc/openvpn/easy-rsa/keys# service openvpn status
● openvpn.service - OpenVPN service
   Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)
   Active: active (exited) since Tue 2016-08-16 18:02:42 EDT; 30s ago
  Process: 10134 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 10134 (code=exited, status=0/SUCCESS)

Aug 16 18:02:42 raspberrypi systemd[1]: Started OpenVPN service.
Then, I run the command

Code: Select all

sudo openvpn RPiTetra5.ovpn
which produces the following output:

Code: Select all

root@raspberrypi:/etc/openvpn/easy-rsa/keys# openvpn RPiTetra5.ovpn
Tue Aug 16 18:04:35 2016 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Tue Aug 16 18:04:35 2016 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Enter Private Key Password: *********
Tue Aug 16 18:04:40 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 16 18:04:40 2016 Control Channel Authentication: tls-auth using INLINE static key file
Tue Aug 16 18:04:40 2016 RESOLVE: Cannot resolve host address: [my-public-ip-address]: Name or service not known
Tue Aug 16 18:04:40 2016 RESOLVE: Cannot resolve host address: [my-public-ip-address]: Name or service not known
Tue Aug 16 18:04:45 2016 RESOLVE: Cannot resolve host address: [my-public-ip-address]: Name or service not known
^CTue Aug 16 18:04:50 2016 RESOLVE: signal received during DNS resolution attempt
Tue Aug 16 18:04:50 2016 SIGINT[hard,init_instance] received, process exiting
Where

Code: Select all

my-public-ip-address
is the IP address I get when I do a Google search inquiring about it. Does anyone know why this is occuring? Any advice on how to solve this is greatly appreciated!


jtetra5
Posts: 8
Joined: Sat Aug 13, 2016 9:53 pm

Re: How to set up a Raspberry Pi VPN server

Fri Aug 19, 2016 7:42 pm

Thank you for the link. I followed the instructions in the GitHub page, and set up OpenVPN on my RPi. Once fully set up, I did the following:

Code: Select all

root@raspberrypi:~# service openvpn start
root@raspberrypi:~# service openvpn status
● openvpn.service - OpenVPN service
   Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)
   Active: active (exited) since Fri 2016-08-19 15:12:55 EDT; 10min ago
  Process: 15641 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 15641 (code=exited, status=0/SUCCESS)

Aug 19 15:12:55 raspberrypi systemd[1]: Started OpenVPN service.
Aug 19 15:22:56 raspberrypi systemd[1]: Started OpenVPN service.
This was to start the VPN and confirm it's active.

Code: Select all

root@raspberrypi:~# ifconfig
eth0      Link encap:Ethernet  HWaddr b8:27:eb:1c:cb:ba  
          inet addr:***.***.***.***  Bcast:***.***.***.***  Mask:***.***.***.*
          inet6 addr: ****::****:****:***:***/64 Scope:Link
          inet6 addr: ****:****:****:****:****:****:****:****/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:54391 errors:0 dropped:26996 overruns:0 frame:0
          TX packets:7632 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3679055 (3.5 MiB)  TX bytes:701848 (685.3 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:200 errors:0 dropped:0 overruns:0 frame:0
          TX packets:200 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:16656 (16.2 KiB)  TX bytes:16656 (16.2 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr b8:27:eb:49:9e:ef  
          inet6 addr: ****::****:****:****:****/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:32257 errors:0 dropped:32257 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:14123715 (13.4 MiB)  TX bytes:0 (0.0 B)

This shows the tun0 configuration.

Code: Select all

root@raspberrypi:~# openvpn --config client.ovpn
Fri Aug 19 15:33:29 2016 Unrecognized option or missing parameter(s) in client.ovpn:14: block-outside-dns (2.3.4)
Fri Aug 19 15:33:29 2016 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Fri Aug 19 15:33:29 2016 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Fri Aug 19 15:33:29 2016 Control Channel Authentication: tls-auth using INLINE static key file
Fri Aug 19 15:33:29 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 19 15:33:29 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 19 15:33:29 2016 Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Aug 19 15:33:29 2016 UDPv4 link local: [undef]
Fri Aug 19 15:33:29 2016 UDPv4 link remote: [AF_INET]my-public-ip-address:1194
^CFri Aug 19 15:33:31 2016 event_wait : Interrupted system call (code=4)
Fri Aug 19 15:33:31 2016 SIGINT[hard,] received, process exiting

Where 'my-public-ip-address' is my actual publicly displayed IP address. I expected a connection initiation with the VPN server, but as you can see that is not what occurred. Could someone please tell me why the client failed to connect to the OpenVPN server? Thanks!

Hujino
Posts: 2
Joined: Mon Aug 22, 2016 4:35 pm

Re: How to set up a Raspberry Pi VPN server

Mon Aug 22, 2016 4:37 pm

Hi,

I didn't have this

Code: Select all

[quote]./clean-all
./build-ca[/quote]
What can i do for this problem ?

laurenmartinln10
Posts: 3
Joined: Fri Aug 26, 2016 8:08 am

Re: How to set up a Raspberry Pi VPN server

Sat Aug 27, 2016 9:09 am

Thanks "jtetra5" you did superb job. Nice reply.

User avatar
hiddenotebook
Posts: 68
Joined: Fri Oct 02, 2015 7:52 pm
Contact: Website

Re: How to set up a Raspberry Pi VPN server

Sat Aug 27, 2016 9:34 am

Thak you man this is a great job. Thaks for sharing!

blueraz
Posts: 2
Joined: Thu Aug 20, 2015 4:32 pm

Re: How to set up a Raspberry Pi VPN server

Wed Oct 19, 2016 4:28 am

Thanks for the summary. It is really helpful. My issue is with the iptables you mention. I believe that getting the iptables right is not just about getting access as one wants but also about denying access to others to improve security and robustness.

There are many articles online with help in setting up openVPN on a RPi. None of them agree on the iptables incantations to use and none of them really explain what they all mean. So i learned a little more about iptables and i'd like to make a few points about the ones you suggest.

The iptables you list do not mention the default policy ACCEPT/DROP for the INPUT, OUTPUT and FORWARD chains so they're not really useful as such to the beginner. I think the default policy in jessie is ACCEPT so most iptables commands you're suggesting (except the MASQUERADE) would have no effect since they are also ACCEPTing packets.

Then, you have an
iptables -A FORWARD -i tun+ -j ACCEPT
right before an
iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
I think the longer one is never used because anything that would match it is already matched by that shorter one before it.

I've got it all up and running and can access my PC at home from my tablet anywhere else. But when i do so, i can no longer access the rest of the internet from my tablet with openVPN active. I think the culprit is this line:
iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
Note you're assuming the LAN mask is 192.168.0.0/24 where as in other parts of your explanation you had a variable. You're also using conntrack which i can't find documentation for. And you're only forwarding traffic to the LAN, not to the Internet.

I don't understand why the following would not be better:

Code: Select all

iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -j ACCEPT
And the other thing, it seems like the iptables commands have to be reissued after each reboot of the RPi, so it would be better to have all that in a script or a service as others suggest on the web.

I'd really appreciate any iptables guru's insight on all the iptables in the original post.

Passant Elsayed
Posts: 1
Joined: Mon Jan 02, 2017 9:47 am

Re: How to set up a Raspberry Pi VPN server

Mon Jan 02, 2017 10:21 am

My VPN is the best ,i`m using it for 3 years till now ,working with all my devices and browsers
https://www.vpnanswers.com/vpn-free-download/

ravustaja
Posts: 8
Joined: Thu Oct 13, 2016 11:06 am

Re: How to set up a Raspberry Pi VPN server

Thu Jan 05, 2017 8:22 am

Great guide! I was having trouble with setting a VPN, but got it to work on first try using this guide.

Thank you, much appreciated!

Edit: How can I automate the commands so that I don't have to manually enter a list of commands after rebooting my Pi?

Siamak
Posts: 68
Joined: Sat May 31, 2014 1:48 pm

Re: How to set up a Raspberry Pi VPN server

Mon Jan 09, 2017 1:51 pm

Hi Everyone,

Here's a link that I found very interesting and useful:

http://blog.mxard.com/persistent-iptabl ... i-raspbian

Cheers

Siamak

mingas
Posts: 1
Joined: Thu Mar 09, 2017 6:52 pm

Re: How to set up a Raspberry Pi VPN server

Thu Mar 09, 2017 6:57 pm

Maybe someone can explain how pivpn server works. I install pivpn on my raspberry pi 3 and I connect to my pivpn server from remote location over WAN. In my remote location I used wireless network connection and when I have successfully joined pivpn server in my network connections also I saw active local area connection.
Then I tried to check all traffic on both connections with Wire Shark by browsing over different websites. I was able successfully open any web but when I checked my both connections Status details, on “Wireless network connection status” I saw IPv4 connectivity: Internet and on IPv6 Connectivity: No Internet access. On “Local area connection” I saw IPv4 and IPv6 connectivity: no internet access.
On Wire Shark window with my wireless traffic I saw my local private IP and destination IP was my remote site where is my pivpn server public IP. All traffic in protocols raw was openvpn, I not seen any http traffic so it seems like that traffic was encrypted.
On Wire Shark window with my local area traffic I saw in source row IP from my visited websites and in my destination row I saw IP 10.8.0.2 provided to me by pivpn server. In protocol row I saw just TCP traffic and no HTTP.
Can somebody explain how all traffic moving between pivpn server and clients? Seems that traffic between client and pivpn server encrypted but what about traffic between pivpn server and destination websites? Is all traffic routed through pivpn server raspberry pi or traffic bypasses raspberry pi? On raspberry pi cpu usage bar I see only 1% - 5% when I using it as vpn server so seems that raspberry pi don’t have any load.
Thanks.

Siamak
Posts: 68
Joined: Sat May 31, 2014 1:48 pm

Re: How to set up a Raspberry Pi VPN server

Fri Mar 10, 2017 4:22 pm

Hi Everyone,

I have finally managed to make my OpnVPN Sever using this tutorial and others, in one of them there was script that made .ovpn file that I copied to my Windoze openVPN config directory and is working fine.

It may seem silly question but I still put it to you guys.

I would like my other RasPi connect to my server, I would like it to connect automatically without asking me for a password, where do I have to copy the .ovpn file in order to make the RasPi act as a Client PLEASE.

Many thanks in advance.
Cheers
Siamak

patrickhillam7
Posts: 1
Joined: Wed Mar 15, 2017 8:21 pm

Re: How to set up a Raspberry Pi VPN server

Wed Mar 15, 2017 8:24 pm

check tutorial with many details how to set up Raspberry Pi VPN server. I have followed all steps and it's working like a charm:
http://itblogsec.com/build-own-openvpn- ... rry-pi-12/

Siamak
Posts: 68
Joined: Sat May 31, 2014 1:48 pm

Re: How to set up a Raspberry Pi VPN server

Thu Mar 16, 2017 8:31 am

Good morning all,

I have the Server running absolutely with no problem, my problem was connecting another RasPi to the server, that also I sorted it, I followed a tutorial and made a VPN Router using pi, and in order for the Router to connect to the my own VPN Server was just copied my .ovpn file in /etc/openvpn folder run the following command:

sudo openvpn --config /etc/openvpn/Client.ovpn

Ofcourse the Client.ovpn is the file you would have created when setting the VPN Server up.

Thanks for your answer.

Cheers
Siamak

gmag11
Posts: 1
Joined: Sun Apr 02, 2017 4:58 pm

Re: How to set up a Raspberry Pi VPN server

Sun Apr 02, 2017 5:01 pm

Thank you! I got it working, thanks. I had to change IP addressing to fit my network.

In order to make iptables rules permanent I had to run this command at the end of the process:

Code: Select all

apt-get install iptables-persistent
Regards

Siamak
Posts: 68
Joined: Sat May 31, 2014 1:48 pm

Re: How to set up a Raspberry Pi VPN server

Sat Sep 23, 2017 10:24 am

Hi Every One,

I have set-up a RasPi 3 as a VPN Server and it is working like a charm.

My question is : Can my real location be detected even when I am using the VPN Server, if the answer is yes then how to overcome that please.

Many thanks

Siamak

Foxtrod89
Posts: 1
Joined: Fri Nov 03, 2017 8:19 pm

Re: How to set up a Raspberry Pi VPN server

Sun Jan 28, 2018 12:44 am

Code: Select all

Sat Jan 27 19:17:47 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Sat Jan 27 19:17:47 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Jan 27 19:17:47 2018 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Sat Jan 27 19:17:47 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jan 27 19:17:47 2018 Need hold release from management interface, waiting...
Sat Jan 27 19:17:47 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Jan 27 19:17:47 2018 MANAGEMENT: CMD 'state on'
Sat Jan 27 19:17:47 2018 MANAGEMENT: CMD 'log all on'
Sat Jan 27 19:17:47 2018 MANAGEMENT: CMD 'echo all on'
Sat Jan 27 19:17:47 2018 MANAGEMENT: CMD 'hold off'
Sat Jan 27 19:17:47 2018 MANAGEMENT: CMD 'hold release'
Sat Jan 27 19:17:47 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jan 27 19:17:47 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jan 27 19:17:47 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]localhost:1194
Sat Jan 27 19:17:47 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jan 27 19:17:47 2018 UDP link local: (not bound)
Sat Jan 27 19:17:47 2018 UDP link remote: [AF_INET]localhost:1194
Sat Jan 27 19:17:47 2018 MANAGEMENT: >STATE:1517098667,WAIT,,,,,,
Sat Jan 27 19:18:47 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Jan 27 19:18:47 2018 TLS Error: TLS handshake failed
Sat Jan 27 19:18:47 2018 SIGUSR1[soft,tls-error] received, process restarting
Sat Jan 27 19:18:47 2018 MANAGEMENT: >STATE:1517098727,RECONNECTING,tls-error,,,,,
Sat Jan 27 19:18:47 2018 Restart pause, 5 second(s)
i'm bleeding guys! What's wrong with TLS? :x :x :x :x :evil:

zohair
Posts: 1
Joined: Sat Apr 28, 2018 7:42 pm

Re: How to set up a Raspberry Pi VPN server

Sat Apr 28, 2018 7:45 pm

Hello!
I followed tutorial and I connect to the server from my Mac using tunnelblick but I cant use the internet. Tunnelblick even throws up a warning saying it can't connect to the internet and to check the config file. I've copied it as is from this post. Any ideas?
Thank you!

vpnbest
Posts: 2
Joined: Tue Nov 07, 2017 12:19 pm

Re: How to set up a Raspberry Pi VPN server

Thu May 17, 2018 10:16 am

sorry guys for going a little off topic but can anyone recommend me a VPN for raspberrypi ? I was reading an article on best vpn providers but it was too general. Can I go with any of the VPN listed in that article ? Need help!

Return to “Networking and servers”

Who is online

Users browsing this forum: apfelsaft87 and 4 guests