Another big reason to operate through a VPN is if you are on someone else's network, perhaps a cafe Wifi service, and are (rightly) concerned about your traffic being snooped.
There are commercial VPN services available but I've recently set up a raspberry pi as a server and it works really well sitting on my home internet connection.
OpenVPN requires a single port, either TCP or UDP, between client and server.
Installation is well documented in several places, but I referred to the excellent instructions on Remi Bergsma's Blog.
I made two changes:
- Used tcp rather than udp as for some reason I couldn't connect via udp - update the setting in /etc/openvpn/server.conf
- Enabled nat on the pi as I was unable to set a static route on my home router - an Apple Airport extreme.
The command to enable nat on the pi is:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
I added that to /etc/rc.local so it will be re-applied on each boot.
Finally I forwarded the TCP port I want to use to connect from my home router to the Raspberry Pi. My home internet connection occasionally changes public IP address so if that becomes a problem I might use a dynamic DNS service to keep track of it.
Client
I use MacOS mostly and I'm using the Viscosity client which has a 30 trial period (which I'm still in) and then costs just US$9 which is very reasonable.












