How to set up your own VPN using Raspberry Pi

Set up an easy control system

To save switching around cables if you do not have a spare HDMI monitor and keyboard you can download a free utility that lets you control your Raspberry Pi through a pop up window on another computer.

This is called an SSH. The tool is called PuTTY (j.mp/DLPutty).

Double click the PuTTY.exe file you download and it opens a dialogue box where you can enter the new static IP address you have given your Raspberry Pi. The first time you do this it will ask you to confirm accessing the device.

You can now login and do everything you need to through this dialogue box on your computer, which means your Raspberry Pi never needs a monitor or keyboard to keep running. This is known as running it “headless”.

Update your Raspberry Pi

One last piece of housekeeping to ensure you are running the latest software and drivers.

At command prompt type:

sudo apt-get update

Wait for the updates to finish downloading and then type:

sudo apt-get upgrade

Wait until the upgrade completes.

You are now ready to make your VPN

The Raspbian operating system we just installed comes with OpenVPN ready to unpack, which is the software we will be using to make our VPN.

At command prompt type:

sudo apt-get install openvpn

You will be asked to confirm your instruction then the software will be unpacked and installed.

Generating keys

Just like the unique key that unlocks your front door, your VPN needs keys generated to make sure that only authorised devices can connect to it.

OpenVPN comes with Easy_RSA, a simple package for using the RSA encryption method to generate your unique keys.

The next series of commands need to be done in the root directory. You will notice at the moment the command prompt sits in a directory labelled as ‘pi@raspberrypi: ~ $’.

Typing “sudo” before a command tells the operating system to execute the command in the root directory, but if you want to save yourself some typing you can go ahead and type:

sudo -s

You will now see your command prompt sits at ‘root@raspberrypi:’

Now, at the command type on one line:

cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa

Make sure you have spaces in the right places (before /usr and /etc). This instruction copies all of the files from the easy-rsa 2.0 directory into a directory in your openvpn installation.

N.B. You can copy lines of text using right-click and then when you right click inside the PuTTY window it should paste, saving you a lot of typing. Be aware though, some formatting errors can occur when copying and pasting large blocks of text so if you do not get the result you are expecting, resort to typing the details in by hand.

Next type:

cd /etc/openvpn/easy-rsa

This changes the directory your command prompt sits at to your openvpn/easy-rsa directory.

You now need to edit the text in the file we just copied over. Nano is a simple text editor in Raspbian you are going to see a lot of over the next few pages. To open the file inside this text editor type:

nano /etc/openvpn/easy-rsa/vars

In the text that opens find the line that begins: export EASY_RSA=

You need to move the cursor down to edit this line to read:

export EASY_RSA=”/etc/openvpn/easy-rsa”

N.B. Make sure you remove any extraneous speech marks as anything other than the exact text above here will stop your keys from saving in the right place.

Next move your cursor down until you see the line: export KEY_SIZE=1024

If you want to be extra secure you can change the value here to 2048 bit encryption, although the key you eventually build will take significantly longer to generate. If you choose to do this edit that line to read:

export KEY_SIZE=2048

Keep scrolling to the end of the file and you will see a bunch of export parameters such as Country, Province and City etc. You can choose to change these to set new defaults (this will potentially save you some typing in various later stages), but doing so will not affect the workings of your VPN.

Type CTRL and X then Y then ENTER to save this file.

Build your certificates

You are now set up to build the certificates your VPN will use to grant authority to devices you want to connect with. To open the easy-rsa directory, at the command prompt type:

cd /etc/openvpn/easy-rsa

Next type:

source ./vars

This loads the vars document you edited earlier.

Next type:

./clean-all

This will remove any previous keys in the system.

Next type:

./build-ca

This final line builds your certificate authority. The Raspberry Pi will now ask you to complete some additional export values, like Country, Province, City, Organisation etc. (if you changed these in the previous stage you will see your own choices already set as default).

It is not necessary for these values to be accurate so just hit Enter each instance to use default value if you are feeling slack.

Name the server

Once you have entered through the fields and returned to the command prompt you need to name your server. Call it whatever you like but do not forget it.

Type:

./build-key-server [ServerName]

… replacing [ServerName] with your choice of name.

You will now be given some more fields to enter values. You can change these or leave them as the defaults, but pay attention to three fields:

Common Name MUST be the server name you picked.

A challenge password? MUST be left blank.

Sign the certificate? [y/n] Obviously, you must type “y.”

Finally when prompted with the question:

1 out of 1 certificate requests certified, commit? [y/n]

Type “y”

----------

If you liked this article, please subscribe to our YouTube Channel for tech news, reviews and video tutorials. You can also find us on Twitter, Instagram and Facebook.