Raspberry Pi OpenVPN Server Tutorial





Want 20GB free cloud space? Use my copy.com referral url to gain 20GB free space! Instead of 15GB of you are not using my referral link


PPTP VPN? Follow my PPTP VPN TUTORIAL!

OPENVPN CLIENT: CLICK HERE

OPENVPN CLIENT FOR ANDROID

 

Open Vpn on The Raspberry Pi!
I Installed the openvpn on the “2012-10-28-wheezy-raspbian.zip” image.
Did it all trough a ssh putty connection.
I am a totally Linux noob, so I found the open vpn tutorial on the internet, and I got some help from other ppl, thnx for that!

Let’s start.

Just copy the commands 1 by 1, after 1 command just hit the “enter” key

sudo su

[ENTER]

apt-get update

[ENTER]

apt-get install openvpn openssl

[ENTER]

cd /etc/openvpn

[ENTER]

cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa

[ENTER]

apt-get install nano

[ENTER]

nano easy-rsa/vars

[ENTER]

The nano editor pops up, now we gonna change some txt in the file

change

export EASY_RSA=”`pwd`”

To 

export EASY_RSA=”/etc/openvpn/easy-rsa”

And watch the “” “” signs! 


if you changed it, hit the left control + x  button on your keyboard. And save the file

. ./easy-rsa/vars

[ENTER]

./easy-rsa/clean-all

[ENTER]

cd easy-rsa

[ENTER]

ln -s openssl-1.0.0.cnf openssl.cnf

[ENTER]

cd ..

[ENTER]

The next steps are building the client/server files. The easyt way is to hit the 

enter keys on all questions.

./easy-rsa/build-ca OpenVPN

[ENTER]

./easy-rsa/build-key-server server

[ENTER]

./easy-rsa/build-key client1

[ENTER]

Build-dh command takes a few minutes. So just wait

[ENTER]

./easy-rsa/build-dh

[ENTER]

nano openvpn.conf

And again you made a new file called “openvpn.conf” and put this info in it.
(you can add "client-to-client" in the config or not, it is up to you. It allows VPN users to communicate to each other. This is normally not needed.

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push “redirect-gateway def1"
#set the dns servers
push “dhcp-option DNS 8.8.8.8"
push “dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo

And again watch if the “” signs!! If there are no “” signs the file will NOT WORK!

Hit Left control + x again, and save the file.

Next commands

echo 1 > /proc/sys/net/ipv4/ip_forward

[ENTER]

ifconfig 

[ENTER]

With the command ifconfig you can see your network and adapter info. Most of the 

times the default adapter name is “eth0” and your “inet addr” This is your 

Raspberry Pi IP adres ( the same adres as you connected to with Putty)

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to [ipadres rpi]

[ENTER]

cd ..

[ENTER]

nano sysctl.conf  

un-comment (remove the #) from the line containing #net.ipv4.ip_forward=1

(and again quit the nano editor with left control + x and save the file.

cd ..

[ENTER]

sudo /etc/init.d/openvpn start

[ENTER]

nano newvpn.ovpn

This opens the nano editor again with a new file called “newvpn.ovpn

Put this info in the file:

dev tun
client
proto udp
remote YOUR.RASPBERRYPI.IPADRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3

Hit left control + X, and save the file.

sudo nano /etc/rc.local

[ENTER]

The nano editor pops up with the rc.local file

Add this 2 lines just above “exit 0”

iptables -t nat -A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source RASPBERRY.PI.IP.ADRESS

Hit left control + x and save the file.

Now we need to copy the certificates from “/etc/openvpn/easy-rsa/keys” To another 

folder. It don’t care witch foler, put it in /etc/openvpn/ for example.

This is the command for copy a folder Just change the folders.cp -rf present/directory /desire/directory

(Don’t just copy this command, use your own folders)

Now we gonna use WinSCP to transfer the certificates, and the newvpn.ovpn file to your windows / 

android / whatever machine.

Browse to the Copy’d key folder, and copy the following files to your computer.

ca.crt, client1.crt, client1.key

if the copy’d key folder won’t open, give it 777 rights. (guess 755 is also enough)

Use putty again and browse to the copy’d key folder and typ:

chmod -R 777 .

Now close and reconnect with WinSCP, now you can enter the folder.

If you want use the VPN from outside your own network. Then you need to open up 

port 1194 (udp) in your router/modem. And change the local raspberry pi ip address 

in the file “newvpn.ovpn” to your external ip address.

Source: http://geeksandtweaks.com/wp/how-to-create-a-vpn-server-on-ubuntu-12-04/

And qwyrp2 Thnx for your time and help!


--------------------------------------------------------------------------------------------------------------------------------------------------------------

Ps, If you want to make more certificates.  ( you can’t use 1 certificate on 2 client devices on the same time )

Navigate to /etc/openvpn/

 

sudo su

And type:

. ./easy-rsa/vars

[Enter]

./easy-rsa/build-key client2 (or client3, or some other certificate name)