Saturday, June 15, 2013

Raspberry Pi as an OpenVPN server

Many of us work inside fire walled networks where virtually all ports are blocked and web traffic goes through an annoying proxy server. A VPN connection makes your computer appear to be on another network and these issues go away.

Another big reason to operate through a VPN is if you are on someone else's network, perhaps a cafe Wifi service, and are (rightly) concerned about your traffic being snooped.

There are commercial VPN services available but I've recently set up a raspberry pi as a server and it works really well sitting on my home internet connection.


OpenVPN requires a single port, either TCP or UDP, between client and server.

Installation is well documented in several places, but I referred to the excellent instructions on Remi Bergsma's Blog.

I made two changes:

  • Used tcp rather than udp as for some reason I couldn't connect via udp - update the setting in /etc/openvpn/server.conf
  • Enabled nat on the pi as I was unable to set a static route on my home router - an Apple Airport extreme.
The command to enable nat on the pi is:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

I added that to /etc/rc.local so it will be re-applied on each boot.

Finally I forwarded the TCP port I want to use to connect from my home router to the Raspberry Pi. My home internet connection occasionally changes public IP address so if that becomes a problem I might use a dynamic DNS service to keep track of it.

Client

I use MacOS mostly and I'm using the Viscosity client which has a 30 trial period (which I'm still in) and then costs just US$9 which is very reasonable. At first I tried the free Tunnelblick client but it doesn't quite work at the moment with Mountain Lion (I can't get it to correctly set the DNS to the remote end of the tunnel).

No comments: