OpenVPN Server On Raspberry Pi: A Simple Setup Guide

by Alex Braham 53 views

Setting up an OpenVPN server on a Raspberry Pi is a fantastic way to secure your internet connection and access your home network remotely. This guide walks you through the process step-by-step, making it easy even if you're not a tech expert. So, let’s dive in and get your own VPN server up and running!

Why Use a Raspberry Pi for an OpenVPN Server?

Before we get started, let’s talk about why a Raspberry Pi is an excellent choice for hosting an OpenVPN server:

  • Low Cost: Raspberry Pi devices are quite affordable, making them an economical option for setting up a personal VPN.
  • Low Power Consumption: These little devices consume very little power, so you can leave them running 24/7 without worrying about a huge electricity bill.
  • Compact Size: Their small form factor means they can be tucked away easily without taking up much space.
  • Versatility: Besides being a VPN server, a Raspberry Pi can handle many other tasks, like running a media server, a home automation hub, or even a retro gaming console. It's like a Swiss Army knife for tech enthusiasts! This is especially handy if you're keen on making the most out of your hardware.

Now that you know the benefits, let's move on to the requirements.

Prerequisites

Before you start the installation, make sure you have the following:

  • Raspberry Pi: A Raspberry Pi 3B+, 4, or later model is recommended for better performance, but older models will also work.
  • Raspberry Pi OS: A fresh installation of Raspberry Pi OS (formerly Raspbian). It's best to use the latest version.
  • Internet Connection: A stable internet connection for your Raspberry Pi.
  • Router Access: Access to your router's configuration page to set up port forwarding.
  • MicroSD Card: A microSD card (at least 16GB) for the operating system.
  • Ethernet Cable: While Wi-Fi can work, a wired Ethernet connection is more stable and recommended for a VPN server.

With these prerequisites in place, you’re ready to start the setup process.

Step 1: Install Raspberry Pi OS

First, you need to install Raspberry Pi OS on your Raspberry Pi. Here’s how:

  1. Download Raspberry Pi Imager: Download the Raspberry Pi Imager from the official Raspberry Pi website (https://www.raspberrypi.com/software/). This tool is available for Windows, macOS, and Linux.
  2. Install and Open the Imager: Install the Raspberry Pi Imager on your computer and open it.
  3. Choose the OS: Click on “Choose OS,” select “Raspberry Pi OS (other),” and then choose the latest version of Raspberry Pi OS Lite (or the full version if you prefer a graphical interface).
  4. Choose Storage: Click on “Choose Storage” and select your microSD card.
  5. Write the Image: Click on “Write” to flash the OS onto your microSD card. This process might take a few minutes.
  6. Eject and Insert: Once the writing process is complete, safely eject the microSD card from your computer and insert it into your Raspberry Pi.

Step 2: Initial Raspberry Pi Configuration

After installing the OS, you need to configure your Raspberry Pi. Here’s how:

  1. Connect to the Network: Connect your Raspberry Pi to your network using an Ethernet cable. If you’re using Wi-Fi, you’ll need to configure it later.

  2. Boot Up: Power on your Raspberry Pi. It will boot into the Raspberry Pi OS.

  3. Access via SSH: To configure the Raspberry Pi, you’ll typically use SSH (Secure Shell) from another computer on your network. Find your Raspberry Pi’s IP address using your router’s admin panel or a network scanning tool.

  4. Enable SSH: Before you can SSH into your Raspberry Pi, you need to enable SSH. You can do this by creating an empty file named ssh in the boot partition of your microSD card. Alternatively, if you have a screen and keyboard connected, you can enable SSH via the raspi-config tool.

  5. SSH Login: Open a terminal or command prompt on your computer and use the following command to log in:

    ssh pi@your_raspberry_pi_ip

    Replace your_raspberry_pi_ip with the actual IP address of your Raspberry Pi. The default password is raspberry.

  6. Change Password: After logging in, it's crucial to change the default password for security reasons. Use the passwd command to set a new password.

  7. Update and Upgrade: Run the following commands to update and upgrade the installed packages:

    sudo apt update
sudo apt upgrade

    These commands ensure that your system has the latest security patches and software versions.

Step 3: Install and Configure OpenVPN

Now, let’s install and configure OpenVPN on your Raspberry Pi:

  1. Install OpenVPN and Easy-RSA: Run the following command to install OpenVPN and Easy-RSA:

    sudo apt install openvpn easy-rsa

    Easy-RSA is a tool for managing the certificate authority (CA) and generating the necessary certificates for OpenVPN.

  2. Prepare Easy-RSA: Copy the Easy-RSA scripts to a new directory:

    make-cadir /etc/openvpn/easy-rsa

    Then, navigate to that directory:

    cd /etc/openvpn/easy-rsa

  3. Initialize the PKI: Initialize the Public Key Infrastructure (PKI) by running:

    ./easyrsa init-pki

  4. Build the Certificate Authority (CA): Build the CA certificate:

    ./easyrsa build-ca

    You'll be prompted to enter a Common Name for your CA. This can be anything you like, such as “MyOpenVPNCA.”

  5. Generate the Server Certificate and Key: Generate the server certificate and key:

    ./easyrsa gen-req server nopass

    Then, sign the server certificate:

    ./easyrsa sign-req Server server

    Type yes when prompted to sign the certificate.

  6. Generate the Diffie-Hellman Parameters: Generate the Diffie-Hellman parameters. This might take a while:

    ./easyrsa gen-dh

  7. Generate the Client Certificate and Key: Generate the client certificate and key. Repeat this step for each client that will connect to the VPN:

    ./easyrsa gen-req client1 nopass
./easyrsa sign-req Client client1

    Replace client1 with the desired name for each client.

  8. Copy the Necessary Files: Copy the generated certificates and keys to the OpenVPN directory:

    sudo cp pki/ca.crt /etc/openvpn
sudo cp pki/dh.pem /etc/openvpn
sudo cp pki/issued/server.crt /etc/openvpn
sudo cp pki/private/server.key /etc/openvpn

    For each client, copy the client certificate and key:

    sudo cp pki/issued/client1.crt /etc/openvpn/client1.crt
sudo cp pki/private/client1.key /etc/openvpn/client1.key

Step 4: Configure the OpenVPN Server

Now, let’s configure the OpenVPN server:

  1. Create the OpenVPN Configuration File: Create a new OpenVPN configuration file:

    sudo nano /etc/openvpn/server.conf

  2. Add the Configuration: Add the following configuration to the server.conf file. Make sure to adjust the settings as needed:

    port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key  # This file should be kept secret
dh /etc/openvpn/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push