How to Setup VPN on Raspberry Pi


In order to configure Ivacy VPN on Raspberry Pi, you must have an active internet connection. You must also have an Ivacy VPN account. (if you haven’t subscribed for Ivacy VPN, as yet, you can click here to subscribe). You must have a Raspberry Pi device, with  Debian-Wheezy/Raspbian OS.

[Note] If you are using Pi as HTPC with kodi, follow this link for Installation Instructions.


Step 1

Update your current package list. Use the following command.

sudo apt-get update

Step 2

Install the OpenVPN Daemon/Package:

sudo apt-get install openvpn

Step 3

Download Config files and copy them to the pi (via SCP or FTP).

  • sudo mv /etc/
  • sudo unzip
  • cd /etc/openvpn

Step 4

Edit config and add your email and password (Note: this will not be prompted to input each time you attempt to establish connection).

  • Open a config file that you are willing to use. type ‘user.txt’ against the auth-user-pass.
  • Save and exit to shell.
  • Create the user.txt file with your email and password in two different rows, for example:

[email protected]:/etc/openvpn# cat user.txt



[email protected]:/etc/openvpn#

Two more things before you move ahead:

  • Protect the file: chmod go-rwx user.txt
  • Make the executable: chmod +x /etc/openvpn/

* This step is optional.

Step 5

Now, replace the config name with the one you desire. Use the following command:

sudo openvpn --daemon --cd /etc/openvpn --config UK-Maidenhead-UDP.ovpn 

Check status:

Type the command: curl

Step 6

Disconnect run:

killall -9 openvpn

Enable VPN at boot

sudo systemctl enable [email protected]

Setup Routing and NAT

Enable IP Forwarding:

sudo /bin/su -c “echo -e ‘\n#Enable IP Routing\nnet.ipv4.ip_forward = 1’ >> /etc/sysctl.conf”

sudo sysctl -p

Configure NAT from the local LAN down the VPN tunnel:

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

sudo iptables -A FORWARD -i tun0 -o eth0 -m state –state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

Make the NAT rules persistent across reboot:

sudo apt-get install iptables-persistent

The installer will ask if you want to save current rules, choose Yes. Alternatively, you can save the rules later on with sudo netfilter-persistent save.

Make the rules apply at startup:

sudo systemctl enable netfilter-persistent

Kill Switch

This will block outbound traffic from Raspberry Pi device and will only allow the VPN and related services to work. Once done, the only way the Pi can get to the internet is through the VPN.

If your Ivacy VPN connection drops, your entire internet connection will be disconnected, ensuring that you don’t browse the internet insecurely. When the VPN connection is active again, you can use your internet without any fuss.

sudo iptables -A OUTPUT -o tun0 -m comment –comment “vpn” -j ACCEPT

sudo iptables -A OUTPUT -o eth0 -p icmp -m comment –comment “icmp” -j ACCEPT

sudo iptables -A OUTPUT -d -o eth0 -m comment –comment “lan” -j ACCEPT

sudo iptables -A OUTPUT -o eth0 -p udp -m udp –dport 53 -m comment –comment “openvpn” -j ACCEPT

sudo iptables -A OUTPUT -o eth0 -p tcp -m tcp –sport 22 -m comment –comment “ssh” -j ACCEPT

sudo iptables -A OUTPUT -o eth0 -p udp -m udp –dport 123 -m comment –comment “ntp” -j ACCEPT

sudo iptables -A OUTPUT -o eth0 -p udp -m udp –dport 53 -m comment –comment “dns” -j ACCEPT

sudo iptables -A OUTPUT -o eth0 -p tcp -m tcp –dport 53 -m comment –comment “dns” -j ACCEPT

sudo iptables -A OUTPUT -o eth0 -j DROP

Now click ‘Save’ and then ‘Apply’ the settings after reboot:

sudo netfilter-persistent save

In case, the traffic on your other systems stops, then check the Raspberry Pi device to see if Ivacy VPN is up or not.

Setup Other Systems on the LAN

Now we are all set to command other systems to send the traffic via Raspberry Pi. In order to setup other systems’ network, you need to check the following.

  • Default Gateway: Pi’s IP address (eg:
  • DNS: Something public like Google DNS ( and

Do not use your existing internet router (eg: as DNS, or your DNS queries will be visible to your ISP and thus may be visible to organizations who want to monitor your internet traffic or activities.

Optional: DNS on Raspberry Pi

To ensure that all your DNS goes through the VPN, you can install dnsmasq on Raspberry Pi device to accept DNS requests from the local LAN and forward requests to external DNS servers.

sudo apt-get install dnsmasq

You can now setup other systems on the LAN to use the Pi ( as their DNS server as well as their gateway.

Congrats!  You have now installed Ivacy VPN on Raspberry Pi. If you are facing any connection issues, don’t hesitate to contact our customer support team via live chat or email us at [email protected]

Was this helpful?

Leave a Reply

Your email address will not be published. Required fields are marked *