How to Setup VPN on Raspberry Pi
 
  • view4349 Views
  • dateFebruary 20, 2016
  • useradmin
  • commentNo Comments

In order to configure Ivacy VPN on Raspberry Pi, you must have an active internet connection. You must also have an Ivacy VPN account. (if you haven’t subscribed for Ivacy VPN, as yet, you can click here to subscribe). You must have a Raspberry Pi device, with  Debian-Wheezy/Raspbian OS.

[Note] If you are using Pi as HTPC with kodi, follow this link for Installation Instructions.

 

  1. Update your current package list. Use the following command.
    sudo apt-get update
  2. Install the OpenVPN Daemon/Package:
    sudo apt-get install openvpn
  3. Download Config files and copy them to the pi (via SCP or FTP).
    • sudo mv openvpn.zip /etc/
    • sudo unzip openvpn.zip
    • cd /etc/openvpn
  4. Edit config and add your email and password (Note: this will not be prompted to input each time you attempt to establish connection).
    • Open a config file that you are willing to use. type ‘user.txt’ against the auth-user-pass.
    • Save and exit to shell.
    • Create the user.txt file with your email and password in two different rows, for example:
    [email protected]:/etc/openvpn# cat user.txt
    email
    password:
    [email protected]:/etc/openvpn#
    Two more things before you move ahead:
    Protect the file: chmod go-rwx user.txt
    Make the conf.sh executable: chmod +x /etc/openvpn/change_resolv_conf.sh
    * This step is optional.
  5. Now, replace the config name with the one you desire. Use the following command:
    sudo openvpn –daemon –cd /etc/openvpn –config UK-Maidenhead-UDP.ovpn Check status:
    Type the command: curl ifconfig.me
  6. Disconnect run:
    killall -9 openvpn
    Enable VPN at boot
    sudo systemctl enable [email protected]
    Setup Routing and NAT

    Enable IP Forwarding:

    sudo /bin/su -c “echo -e ‘\n#Enable IP Routing\nnet.ipv4.ip_forward = 1’ >> /etc/sysctl.conf”
    sudo sysctl -p
    Configure NAT from the local LAN down the VPN tunnel:
    sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
    sudo iptables -A FORWARD -i tun0 -o eth0 -m state –state RELATED,ESTABLISHED -j ACCEPT
    sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
    Make the NAT rules persistent across reboot:
    sudo apt-get install iptables-persistent
    The installer will ask if you want to save current rules, choose Yes. Alternatively, you can save the rules later on with sudo netfilter-persistent save.
    Make the rules apply at startup:
    sudo systemctl enable netfilter-persistent

    Kill Switch

    This will block outbound traffic from Raspberry Pi device and will only allow the VPN and related services to work. Once done, the only way the Pi can get to the internet is through the VPN.
    If your Ivacy VPN connection drops, your entire internet connection will be disconnected, ensuring that you don’t browse the internet insecurely. When the VPN connection is active again, you can use your internet without any fuss.
    sudo iptables -A OUTPUT -o tun0 -m comment –comment “vpn” -j ACCEPT
    sudo iptables -A OUTPUT -o eth0 -p icmp -m comment –comment “icmp” -j ACCEPT
    sudo iptables -A OUTPUT -d 192.168.1.0/24 -o eth0 -m comment –comment “lan” -j ACCEPT
    sudo iptables -A OUTPUT -o eth0 -p udp -m udp –dport 53 -m comment –comment “openvpn” -j ACCEPT
    sudo iptables -A OUTPUT -o eth0 -p tcp -m tcp –sport 22 -m comment –comment “ssh” -j ACCEPT
    sudo iptables -A OUTPUT -o eth0 -p udp -m udp –dport 123 -m comment –comment “ntp” -j ACCEPT
    sudo iptables -A OUTPUT -o eth0 -p udp -m udp –dport 53 -m comment –comment “dns” -j ACCEPT
    sudo iptables -A OUTPUT -o eth0 -p tcp -m tcp –dport 53 -m comment –comment “dns” -j ACCEPT
    sudo iptables -A OUTPUT -o eth0 -j DROP
    Now click ‘Save’ and then ‘Apply’ the settings after reboot:
    sudo netfilter-persistent save
    In case, the traffic on your other systems stops, then check the Raspberry Pi device to see if Ivacy VPN is up or not.
    Setup Other Systems on the LAN
    Now we are all set to command other systems to send the traffic via Raspberry Pi. In order to setup other systems’ network, you need to check the following.

  • Default Gateway: Pi’s IP address (eg: 192.168.1.2)
  • DNS: Something public like Google DNS (8.8.8.8 and 8.8.4.4)
    Do not use your existing internet router (eg: 192.168.1.1) as DNS, or your DNS queries will be visible to your ISP and thus may be visible to organizations who want to monitor your internet traffic or activities.

    Optional: DNS on Raspberry Pi
    To ensure that all your DNS goes through the VPN, you can install dnsmasq on Raspberry Pi device to accept DNS requests from the local LAN and forward requests to external DNS servers.

    sudo apt-get install dnsmasq

    You can now setup other systems on the LAN to use the Pi (192.168.1.2) as their DNS server as well as their gateway.
    Congrats!  You have now installed Ivacy VPN on Raspberry Pi. If you are facing any connection issues, don’t hesitate to contact our customer support team via live chat or email us at [email protected]

Was this helpful?

Leave a Reply

Your email address will not be published. Required fields are marked *