In order to configure Ivacy VPN on Raspberry Pi, you must have an active internet connection. You must also have an Ivacy VPN account. (if you haven’t subscribed for Ivacy VPN, as yet, you can click here to subscribe). You must have a Raspberry Pi device, with Debian-Wheezy/Raspbian OS.
[Note] If you are using Pi as HTPC with kodi, follow this link for Installation Instructions.
Update your current package list. Use the following command.
sudo apt-get update
Install the OpenVPN Daemon/Package:
sudo apt-get install openvpn
Download Config files and copy them to the pi (via SCP or FTP).
- sudo mv openvpn.zip /etc/
- sudo unzip openvpn.zip
- cd /etc/openvpn
Edit config and add your email and password (Note: this will not be prompted to input each time you attempt to establish connection).
- Open a config file that you are willing to use. type ‘user.txt’ against the auth-user-pass.
- Save and exit to shell.
- Create the user.txt file with your email and password in two different rows, for example:
root@raspberrypi:/etc/openvpn# cat user.txt
Two more things before you move ahead:
- Protect the file: chmod go-rwx user.txt
- Make the conf.sh executable: chmod +x /etc/openvpn/change_resolv_conf.sh
* This step is optional.
Now, replace the config name with the one you desire. Use the following command:
sudo openvpn --daemon --cd /etc/openvpn --config UK-Maidenhead-UDP.ovpn Check status:
Type the command: curl ifconfig.me
killall -9 openvpn
Enable VPN at boot
sudo systemctl enable openvpn@Maidenhead
Setup Routing and NAT
Enable IP Forwarding:
sudo /bin/su -c “echo -e ‘\n#Enable IP Routing\nnet.ipv4.ip_forward = 1’ >> /etc/sysctl.conf”
sudo sysctl -p
Configure NAT from the local LAN down the VPN tunnel:
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o eth0 -m state –state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
Make the NAT rules persistent across reboot:
sudo apt-get install iptables-persistent
The installer will ask if you want to save current rules, choose Yes. Alternatively, you can save the rules later on with sudo netfilter-persistent save.
Make the rules apply at startup:
sudo systemctl enable netfilter-persistent
This will block outbound traffic from Raspberry Pi device and will only allow the VPN and related services to work. Once done, the only way the Pi can get to the internet is through the VPN.
If your Ivacy VPN connection drops, your entire internet connection will be disconnected, ensuring that you don’t browse the internet insecurely. When the VPN connection is active again, you can use your internet without any fuss.
sudo iptables -A OUTPUT -o tun0 -m comment –comment “vpn” -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p icmp -m comment –comment “icmp” -j ACCEPT
sudo iptables -A OUTPUT -d 192.168.1.0/24 -o eth0 -m comment –comment “lan” -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p udp -m udp –dport 53 -m comment –comment “openvpn” -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p tcp -m tcp –sport 22 -m comment –comment “ssh” -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p udp -m udp –dport 123 -m comment –comment “ntp” -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p udp -m udp –dport 53 -m comment –comment “dns” -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p tcp -m tcp –dport 53 -m comment –comment “dns” -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -j DROP
Now click ‘Save’ and then ‘Apply’ the settings after reboot:
sudo netfilter-persistent save
In case, the traffic on your other systems stops, then check the Raspberry Pi device to see if Ivacy VPN is up or not.
Setup Other Systems on the LAN
Now we are all set to command other systems to send the traffic via Raspberry Pi. In order to setup other systems’ network, you need to check the following.
- Default Gateway: Pi’s IP address (eg: 192.168.1.2)
- DNS: Something public like Google DNS (22.214.171.124 and 126.96.36.199)
Do not use your existing internet router (eg: 192.168.1.1) as DNS, or your DNS queries will be visible to your ISP and thus may be visible to organizations who want to monitor your internet traffic or activities.
Optional: DNS on Raspberry Pi
To ensure that all your DNS goes through the VPN, you can install dnsmasq on Raspberry Pi device to accept DNS requests from the local LAN and forward requests to external DNS servers.
sudo apt-get install dnsmasq
You can now setup other systems on the LAN to use the Pi (192.168.1.2) as their DNS server as well as their gateway.
Congrats! You have now installed Ivacy VPN on Raspberry Pi. If you are facing any connection issues, don’t hesitate to contact our customer support team via live chat or email us at email@example.com