Once again, if your ISP already gives you a static IP address, you don’t need to worry about this section.
We’ve already set up a static internal IP address for the Raspberry Pi, which means computers inside your local network will always know where to find your Pi. But what about projects that require Raspberry Pi to be connected to the Internet? If you want to build a Web server with your Raspberry Pi, people outside your network need to know where your Pi lives, which means setting a public IP that always looks the same.
I say “looks the same” because we’re really setting up a pseudo-static IP. Your ISP will continue to change the address as usual. So every time somebody connects to your Pi, the script we’re about to write will say, “Looks like the Pi has moved! Let me redirect you to the new address.”
We do this with a Dynamic DNS (DDNS), which maintains a name server that gets updated in real-time, and DDClient, a program that will correspond with DDNS directly from your Pi.
First sign up for a free dynamic host service like DNS Dynamic. Follow the instructions and create a new nameserver like Yourserver.dnsdynamic.com.
Now go to the command line on your Raspberry Pi and install DDClient with the following line:
sudo apt-get install ddclient
We need to edit the DDClient configuration with our DDNS’s new name server:
sudo nano /etc/ddclient/ddclient.conf
Every service will have slightly different configuration, but the DDNS website should tell you what you need to do to configure this file. A standard configuration for DNS Dynamic, for example, goes like this. Copy and paste it in.
By now, it’s pretty apparent that turning your Raspberry Pi into a Virtual Private Network is an all-evening activity. But as security flaws further compromise our Internet lives, it feels increasingly worth it to have a secure server on your side. That way, you’re free to write emails and transfer data without worrying about what or whom might be intercepting it as it travels from your computer to the Web.
If you’ve followed the steps from other Raspberry Pi VPN HowTo, you’ve got a fully functional VPN server on your Raspberry Pi. You can use this to connect securely to your home network wherever there’s an unencrypted wireless connection. You can also access shared files and media you keep stored on your home network.
Only, you can’t access those files just yet. We’ve created keys for clients (computers and devices) to use, but we haven’t told the clients where to find the server, how to connect, or which key to use.
If you remember, we created several different client keys for each of the devices we want to grant VPN access. We called them Client1, Client2 and Client3.
It’d be a lot of trouble to generate a new configuration file for each client from scratch, which is why we’ll use an ingenious script written by Eric Jodoin of the SANS institute. Instead of generating a file for each client on our own, this script will do it for us.
Following The Script
The script will access our default settings to generate files for each client. The first thing we need to do, then, is create a blank text file in which those default settings can be read.
Fill in the blank text file with the following:
remote <YOUR PUBLIC IP ADDRESS HERE> 1194
It should look like the screenshot below, except it should show your public IP address. You’ll see that I deleted my own public IP address because that’s private information you shouldn’t be sharing around. On the other hand, local static IP addresses are very similar for everyone. They usually start with “192.168.”
Now, if you don’t have a static public IP address, you need to use a dynamic domain name system (DDNS) service to give yourself a domain name to put in place of the IP address. I recommend using the free service DNS Dynamic, which lets you pick a name of your choice. Then on your Pi, you need to run DDclient to update your DDNS registry automatically. I wrote a full tutorial for how to do this here.
Want to know what the numbers in chmod mean? Using flags is an easy and short form to set user permissions. This article(I hope) puts it SIMPLE, if you want to learn the theory, also visit the links in the end.
There are four OCTAL (0..7) digits, which control the file permissions. But often, only three are used. If you use 600 it equals 0600. The missing digit is appended at the beginning of the number.
Each of three digits described permissions. Position in the number defines to which group permissions do apply!
1 – can execute
2 – can write
4 – can read
The octal number is the sum of those free permissions, i.e.
3 (1+2) – can execute and write
6 (2+4) – can write and read
Position of the digit in value:
1 – what owner can
2 – what users in the file group(class) can
3 – what users not in the file group(class) can
chmod 600 file – owner can read and write
chmod 700 file – owner can read, write and execute
chmod 666 file – all can read and write
chmod 777 file – all can read, write and execute
1) Wikipedia explains that in greater detail: http://en.wikipedia.org/wiki/Filesystem_permissions
2) Main page for chmod: http://linux.die.net/man/1/chmod