This guide will show the necessary steps to get an OpenVPN server running on your Raspberry Pi

First of all you would want to make sure your Raspberry Pi is updated and upgraded. For this tutorial we are going to be running all commands as the root user. To change to the root user enter;

sudo su

apt-get install update

apt-get install upgrade

After everything has been upgraded and installed the next step is to install openvpn and openssl if you don’t already have it installed.

apt-get install openvpn openssl

Once OpenVPN has been installed, we have to now configure it. Firstly copy the easy-rsa file into the openvpn folder.

cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa

Once that has been copied over we need to edit the var file so that when the script runs it put the config files correctly.

nano /etc/openvpn/easy-rsa/vars

Then on line 15 change

export EASY_RSA=”`pwd`”

to

export EASY_RSA=”/etc/openvpn/easy-rsa”

Then press CTRL + x and save it.Then you need to clean-all the easy-rsa. This will make sure all files are in place. So next change into the easy-rsa directory.

cd /etc/openvpn/easy-rsa

view the files by typing ls

Then we need to run the clean-all command. But first we need to point it to the vars file. So run;

source /etc/openvpn/easy-rsa/vars

and then we run the clean-all command

/etc/openvpn/easy-rsa/clean-all

Now to see that that necessary files are there type ls again and hopefully you should see something like this;

Now you have successfully configured your files you need to set up OpenVPN. Run;

ln -s openssl-1.0.0.cnf openssl.cnf

cd ..

Now we need to create the keys and certificates for the VPN. You can either press enter on all of the certificate prompts or fill them out it makes no difference.

./easy-rsa/build-ca OpenVPN

./easy-rsa/build-key-server server

./easy-rsa/build-key client1

./easy-rsa/build-dh

build-dh takes a while so be patient

The next part is making the config file for OpenVPN. To do this type;

nano openvpn.conf

Edit this file to look like this;

dev tun #defines which protocol tcp/udp proto udp # #Defines the port to connect port 1194 # #This defines where keys and cert are kept ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh1024.pem # user nobody group nogroup server 10.8.0.0 255.255.255.0 persist-key persist-tun status /var/log/openvpn-status.log verb 3 push “redirect-gateway def1" # #DNS to googles DNS servers push “dhcp-option DNS 8.8.8.8" push “dhcp-option DNS 8.8.4.4" log-append /var/log/openvpn comp-lzo

Then save these files using CTRL + X.

echo 1 > /proc/sys/net/ipv4/ip_forward

ifconfig

When you see your network adapters you want to use for VPN traffic. If you are connected via ethernet port it is usually eth0, the inet address that comes from adapter should be your raspberry Pi’s IP address. We need this information to add to the ip tables.

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT –to 192.168.0.2

Tip: Instead of 192.168.0.2 add your raspberry Pi’s IP address

cd ..

nano sysctl.conf

On line 28 you need to remove the # from in front of “#net.ipv4.ip_forward=1” to make it “net.ipv4.ip_forward=1”.

service openvpn restart

Now you have fully configured your OpenVPN server. Now we need to create the files to connect to it.

nano /etc/openvpn/easy-rsa/keys/newvpn.ovpn

This editor will create a file called newvpn.ovpn. Enter the following into this file to connect with the vpn.

dev tun client proto udp remote YOUR_NETWORK_IP 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key comp-lzo verb 3

TIP: On line 4 make sure you add your public ip address and not your Pi’s IP

Save this file. Then run;

nano /etc/rc.local

Add these two lines above exit 0;

iptables -t nat -A INPUT -i eth0 -p udp -m udp –dport 1194 -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT –to-source 192.168.0.2

Now we are up and running. We can copy the keys and certificates to our computer. Simple navigate to /etc/openvpn/easy-rsa/keys and do a copy function for all of the keys you need.

The keys we need are ca.crt, client1.crt, client1.key and newvpn.ovpn

Once these have been downloaded successfully open your client that you are going to use and configure the VPN tunnel.

You can use Tunnelblick for Mac – http://code.google.com/p/tunnelblick/

Use OpenVPN for Windows – https://openvpn.net/index.php/open-source/downloads.html

To make another client just run;

sudo su

source /etc/openvpn/easy-rsa/vars

/etc/openvpn/easy-rsa/build-key client2

Then copy the client2 keys just like above. Finally dont forget to change the newvpn.ovpn file to point the client2 keys and not the client1 keys.

Thank you if you have any questions please comment below.