Blogs, IT Services

Building a VPN with a raspberry pi 4b and piVPN

Who am I?

I don’t even know myself

My name is Yashlin and I am a software engineer currently specialising in web application development. I’ve worked with lots of different technologies ranging from the bleeding edge to legacy and I would like to add some simple but powerful tools to your arsenal.

Why?

Who knows boet , suggest me something.

Running your own VPN server is an awesome way to increase your mobile security and get access to your local network from the internet, they used to be hard to set up but , Pi VPN turns your Raspberry Pi into a cheap, effective VPN server using a wizard like installation that does most of the heavy lifting for you.

You’ll be able to bypass website filters at work or school, and easily connect to devices on your home network like fileservers or printers. And with just a few extra steps, you can also enable end-to-end encryption and run all of your mobile internet through a secure and anonymous tunnel.

Note: I reccomend going through the blog atleast once before attempting to do this as it will give you a nice overview about what you will need to do and have in order to complete this , I found this process to be easy and had minimum issues going through it.

Pre-requisites:

Stuff you need to know before we do the stuff

A Raspberry pi with all the critical accessories , at the time of writing the model I have is a Raspberry pi 4b
- Power cable (duh!)
- SD card with raspbian installed
- Keyboard ,mouse and monitor
Foundational understanding of VPN’S and the concept of routing.
Basic understanding of using terminals and executing commands on the terminal

Let’s Begin:

Finally , admin is boring.

Connect your Raspberry pi to your monitor and connect it to your network ( I connected via ethernet cable).
Having a secondary device like a laptop or desktop close helps with the installation steps
As always the sufficient permissions needed to execute the various commands and scripts successfully.

Disclaimer:

Please don’t sue me if your house catches on fire

This tutorial is not an introduction to Raspberry pi or any of the underlying principles and practices , please hold onto doing this unless you are familiar with it and have a basic understanding of virtual private networks (VPNS) and routing protocols. This also is not a concise guide to securing your networks , please consult an expert or do a lot more research if you are planning to use this as a security solution.

Since I am no expert in the technology or concepts , what I have done is aggregate a bunch of tutorials, blogs and videos and gone through it from a beginners perspective. I think this helps me relay the material in the simplest way I can and help other beginners get involved in new technologies and concepts. I have credited all the blogs , articles , videos in the reference section below 🙂 so dont just take my word for it!

Installing and configuring openVPN with piVPN

OpenVPN is open source software that implements virtual private network techniques to create a secure connection and remote access facilities. piVPN extends openVPN by overlaying an easy to understand wizard on top of the openVNP configuration. Even for absolute beginners( such as myself) it’s easy to understand and quiet intuitive.

Firstly , lets navigate over to the following link:

https://www.pivpn.io/

You can read a little bit more about how it works there but setting up piVPN is then as simple as running the following command on your pi terminal

curl -L https://install.pivpn.io | bash

The script will take a few minutes to install OpenVPN, and then I’ll walk you through the configuration process. From my experience I experienced slightly different screens in a slightly different order so its possible you may experience that as well but the concepts remain the same.

NOTE: for most of the options we are going to be using the defaults , at any time you can exit the process and start again so don’t stress if you think you have chosen the wrong option.

The screen above talks about a static IP address for the Raspberry Pi, this is so that when the Raspberry Pi is restarted for any reason, it will try and utilize the same IP address again.This is useful when trying to maintain a constant connection to our home network and addressing the Pi over a network , We can just press <Ok> here.

On this screen we will just be selecting <Yes> to using the current network settings as a static local IP Address. This will be different depending on your network gateway and the current IP’s and ports assigned to the devices on your network but it’s okay just to go with yes over here.

The warning you are presented with next basically tells you that there is a chance your router will assign the IP address to another device. Luckily most modern routers are smart enough not to do this but some of them also let you set a permanent IP address for a device within its interface as well so conflicts don’t happen. So just select <Ok> and press enter.

The screen above explains that we will need to set up a local user that the OVPN configurations will be created and stored for. You can just select <Ok> and go onto the next screen.

Here we will be presented with a list of users that we can choose from. In this tutorial, we will be just making use of the default pi user. Press enter to continue.

Here you are presented with an explanation of unattended upgrades; this feature allows Raspbian automatically download security package updates to your Raspberry Pi daily.

This setting helps secure your Raspberry Pi which is incredibly important since we will be opening a port on the router and dont want to miss out on security updates. Select <Ok> to continue.

On this screen, we are selecting <Yes>. Leaving this feature switched off can pose a significant security risk to your Raspberry Pi and potentially your home network as crucial security features won’t be installed.

Now we will be asked to set the protocol that OpenVPN will run through, we will be making use of UDP. The next option is TCP but unless you know why you want to install TCP its better to just go with UDP.

You can learn more about the difference between TCP and UDP here:

https://www.guru99.com/tcp-vs-udp-understanding-the-difference.html

Now we will be selecting the port OpenVPN will operate through, in this tutorial we are going to press enter to retain the default port of 1194 , if you are going to be making use of this VPN on your home or business network then I recommend that you change it in order to make it slightly more difficult for attackers to figure out you have a VPN running.

above is the confirmation screen for the port number you set, select <Yes> to continue.

Now we must the size of the encryption key, and I recommend using the default 2048-bit encryption as it is more than sufficient for the purpose of this tutorial and offers a decent level of security without compromising on performance.

The next screen basically tells us what the PiVPN script is about to do, expect this process to take some time, it can take anywhere from a couple of minutes to an hour. Select <Ok> to proceed.

You will now be asked if you want to utilize the 2.4 version of the OpenVPN software. If you are unsure if your client software supports 2.4, then select <No>.

You can read more about how version 2.4 works over here

Reference manual for OpenVPN 2.4

We now need to decide whether we want to make use of our public IP Address or utilize a Dynamic IP service such as noip.com. In this tutorial we will be setting up a Dynamic IP service using noip.com

After you have your dynamic IP address, then use the arrow keys to navigate up and down, and use spacebar to select the DNS Entry before pressing Enter.

Creating a dynamic ip service with no-ip

Navigate over to: https://my.noip.com/

Create a free account and then you can add a hostname using their easy to use wizard

Note: I would recommend using their dynamic update client to keep track of ip changes on your network.

Then you can set your DNS name you get here, it will be something like example.ddns.net and will map to a target ip which you can automatically update by downloading their update client pictured above.

The next step is to select a DNS provider. A DNS provider is what resolves a URL into an IP address. ivermectina 6 mg para q sirve For the sake of simplicity, we will be just making use of Google’s public DNS servers.

Note: You have now successfully completed the installation of piVPN, while there are still a couple more things you will need to complete to allow connections, you are now about 90% done!.

We will now be greeted by a screen asking for us to reboot the Raspberry Pi, just select <Yes> to the next two screens as it’s crucial that you reboot.

Adding a user

After rebooting, you’ll need to open a Terminal window and run:

pivpn add

On this screen, you will need to enter a name for the client.

It will also ask you to set a password for the client, and it is important to make this something secure and not easy to guess as this will secure the encryption key.

Once you press enter to these, the PiVPN script will generate the 2048-bit RSA private key for the client, and then store the file into /home/pi/ovpns.

/home/pi/ovpns is the folder we will have to gain access to in the next few steps so we can copy the generated file to our devices.

Make sure you keep these files safe as they are the configurations needed to access your vpn and thus your local network.

It is generally recommended that you do not email this to yourself or share it over a network due to security concerns. So simply plug a USB into your pi and copy the opvn profile over and then copy it onto the device you will be using to connect to your vpn.

Port forwarding your router to receive requests

We do this so we can map the IP to the relevant ports for forwarding requests , you can do this by logging into the router directly but since everyone has a different router , a more generic way is to do it on your windows machine , make sure you’re connected to the router on your laptop and then you can follow the instructions at the link below:

Unless you changed the default port , you can name the service vpn and the external and internal ports will be 1194 , also remember we elected to use UDP settings in our configuration.

https://superuser.com/questions/1298594/port-forwarding-without-router-access-how-does-it-work

If you want understand a little bit more about port forwarding , you can read more at the link below:

The Beginner’s Guide to VPN Port Forwarding

Installing the openVPN app on your mobile device

Note: your app might look a bit different but the process and concepts are exactly the same.

This step is quite simple , all you need to do is install the app , make sure you have the ovpn profile that you created in the previous step and then import that into the app.

The app will take some time to process everything and connect but if you have set it up correctly then you can go on your browser and try to access your local network from your phone , I tried logging onto my router remotely using my phones mobile data connection

Glossary:

Raspberry pi 4b: Raspberry Pi 4 Model B is the latest product in the popular Raspberry Pi range of computers

Raspbian: – Raspbian is a Debian-based computer operating system for Raspberry Pi. There are several versions of Raspbian including Raspbian Buster and Raspbian Stretch

OpenVPN: – OpenVPN is open-source commercial software that implements virtual private network techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities

Static IP address: A static IP address is an IP address that was manually configured for a device, versus one that was assigned by a DHCP server. It’s called static because it doesn’t change. It’s the exact opposite of a dynamic IP address, which does change.

local IP Address: A local or internal IP address is used inside a private network to locate the computers and devices connected to it.

OVPN configurations: OpenVPN config files (. ovpn) offer an easy way to configure OpenVPN on your computer to work with OpenVPN servers. These files contain the correct cipher types, Certificate Authority, Certificate, and Private Keys. You can use these files on Mac, Linux, Windows, Android, and iOS.

Encryption key: An encryption key is typically a random string of bits generated specifically to scramble and unscramble data. Encryption keys are created with algorithms designed to ensure that each key is unique and unpredictable

2048-bit encryption: The 2048-bit is about the RSA key pair: RSA keys are mathematical objects which include a big integer, and a “2048-bit key” is a key such that the big integer is larger than 2²⁰⁴⁷ but smaller than 2²⁰⁴⁸.

Dynamic IP address: A dynamic Internet Protocol address (dynamic IP address) is a temporary IP address that is assigned to a computing device or node when it’s connected to a network. A dynamic IP address is an automatically configured IP address assigned by a DHCP server to every new network node.

Hostname: A hostname is a unique name for a computer or network node in a network. Hostnames are specific names or character strings that refer to a host and make it usable for the network and people. can you get ivermectin cream over the counter They can describe both physical addresses and network nodes, which have multiple domains under one host.

DNS provider: A DNS hosting provider for your domain stores your DNS records. While a DNS hosting service is commonly provided by a domain name registrar, it may also be a dedicated hosting company.

Port forwarding: In computer networking, port forwarding or port mapping is an application of network address translation that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall.

References:

Note: A special thank you to the following blogs , articles and video resources below which contributed to my understanding of the concepts and principles needed to fulfill this post.