RaspberryPi | Zaptoid's Thoughts

Building A Raspberry Pi VPN HowTo: Creating An Encrypted Client Side

by Zaptoid | Apr 30, 2014 | HowTo

By now, it’s pretty apparent that turning your Raspberry Pi into a Virtual Private Network is an all-evening activity. But as security flaws further compromise our Internet lives, it feels increasingly worth it to have a secure server on your side. That way, you’re free to write emails and transfer data without worrying about what or whom might be intercepting it as it travels from your computer to the Web.

If you’ve followed the steps from other Raspberry Pi VPN HowTo, you’ve got a fully functional VPN server on your Raspberry Pi. You can use this to connect securely to your home network wherever there’s an unencrypted wireless connection. You can also access shared files and media you keep stored on your home network.

Only, you can’t access those files just yet. We’ve created keys for clients (computers and devices) to use, but we haven’t told the clients where to find the server, how to connect, or which key to use.

If you remember, we created several different client keys for each of the devices we want to grant VPN access. We called them Client1, Client2 and Client3.

It’d be a lot of trouble to generate a new configuration file for each client from scratch, which is why we’ll use an ingenious script written by Eric Jodoin of the SANS institute. Instead of generating a file for each client on our own, this script will do it for us.

Following The Script

The script will access our default settings to generate files for each client. The first thing we need to do, then, is create a blank text file in which those default settings can be read.

nano /etc/openvpn/easy-rsa/keys/Default.txt

Fill in the blank text file with the following:

client
dev tun
proto udp
remote <YOUR PUBLIC IP ADDRESS HERE> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20

It should look like the screenshot below, except it should show your public IP address. You’ll see that I deleted my own public IP address because that’s private information you shouldn’t be sharing around. On the other hand, local static IP addresses are very similar for everyone. They usually start with “192.168.”
Now, if you don’t have a static public IP address, you need to use a dynamic domain name system (DDNS) service to give yourself a domain name to put in place of the IP address. I recommend using the free service DNS Dynamic, which lets you pick a name of your choice. Then on your Pi, you need to run DDclient to update your DDNS registry automatically. I wrote a full tutorial for how to do this here.

(more…)

Building A Raspberry Pi VPN: HowTo Build A Server

by Zaptoid | Apr 29, 2014 | HowTo

Free, unencrypted wireless is everywhere, but you shouldn’t be checking your bank account on it unless you don’t mind somebody else snooping. The solution? A virtual private network, or VPN.

A VPN extends your own private network into public places, so even if you’re using Starbucks’ Wi-Fi connection, your Internet browsing stays encrypted and secure.

There are plenty of ways to set up a VPN, both with free and paid services, but each solution has its own pros and cons, determined by the way the VPN provider operates and charges and the kinds of VPN options it provides.

The easiest and cheapest solution to keep your data safe is to just abstain from public Wi-Fi completely. But that sounds a little extreme to me when it’s relatively simple and inexpensive to build your own VPN server at home, and run it off of a tiny, inexpensive ($35) Raspberry Pi.

My Raspberry Pi is about the size of a smartphone, but it runs a fully functional VPN server. That means no matter where I am, I can connect my computer to my home network and access shared files and media over a secure connection. It came in handy on a recent trip to Boston, where I was still able to watch videos stored on my network back home in DC.

This is the part where I’d link you to a handy tutorial on how to set this up. The problem is one doesn’t exist—or at least one that could satisfy this average computer user. And while there are plenty of tutorials about how to set up a VPN server on Raspberry Pi, there are very few that explain why.

I read several different tutorials and cobbled together the results into this semi-coherent tutorial for setting up a VPN on Raspberry Pi, which even I can understand, complete with the why behind the how. Most prominently, I relied on Eric Jodoin’s VPN tutorial for experts, and dumbed it down for me.

So follow me down the cryptography rabbit hole and learn that no matter how paranoid you are, whoever came up with the methods to generate VPNs was even more so.

Materials

Hardware

Raspberry Pi Model B: Plus everything that comes with it—by that, I mean a regular power source and a case to put it in. A case can help prevent accidental short-circuits that could permanently damage the machine—the case can even be as simple as a cardboard box you fold yourself.

SD card: I’m suggesting 8GB or more, just to make sure you have the space. As always for all Raspberry Pi projects, this should already have NOOBS installed.

Cat5e cable: This will connect the Pi’s ethernet port to the ethernet port on the router.

Software

Open VPN: This is the open source VPN service we’ll be installing today.