vrijdag 19 april 2013

OpenVPN Server on Raspberry Pi

Here i will explain how to quickly install OpenVPN on a Raspberry Pi running raspian

Needed Files:
Get Raspian Wheezy HERE
To get it installed on your SD card you need Win32DiskImager (Download it HERE)

After installing the image boot up your Pi, finish the setup by following instructions on the screen. Open up a command line tool if you booted to X.

First download the needed software packets:
apt-get install openvpn openssl module-init-tools zip dos2unix

Then, enable the tun module:
 modprobe tun

Load the tun module on boot:
echo '# Needed by OpenVPN
tun' >> '/etc/modules'

Create device file:
mkdir --parent '/dev/net'
mknod '/dev/net/tun' c 10 200

Install OpenVPN Tools:
wget 'https://raw.github.com/biapy/howto.biapy.com/master/openvpn/openvpn-tools' \
    --quiet --no-check-certificate --output-document='/usr/bin/openvpn-tools'
chmod +x '/usr/bin/openvpn-tools'

Get the 'update-resolve-conf' script:
wget 'https://raw.github.com/biapy/howto.biapy.com/master/openvpn/update-resolv-conf' \
  --quiet --no-check-certificate --output-document='/etc/openvpn/update-resolv-conf'
chmod +x '/etc/openvpn/update-resolv-conf'

Set SSL Certificate defaults:

openvpn-tools initialize

Setup Logs:
echo "/var/log/openvpn/*/*.log {
  daily
  missingok
  rotate 10
  compress
  delaycompress
  notifempty
  create 600 root root
  postrotate
    /etc/init.d/openvpn restart > /dev/null
  endscript
}" > "/etc/logrotate.d/openvpn"

Create server:
openvpn-tools create-server local-domain.vpn vpn.domain.com

Where:

local-domain.vpn is the VPN name of the new server.
vpn.domain.com is the Internet host name of the VPN server.
Default port is 1194 UDP. If needed, you can change ports later in the config file.

Next, create client configuration and certificates, they will be stored in: " /etc/openvpn/config/local-domain.vpn/clients/Client-name"
openvpn-tools add-client local-domain.vpn client-alias

This will create configuration files and certificates in a zip file. You can retrieve them with PSCP if you do not want to setup an ftp server.

Enable/Disable NAT:
openvpn-tools toggle-nat local-domain.vpn

Toggle Forced use of tunnel for all network traffic on clients:
openvpn-tools toggle-gateway local-domain.vpn

That should to the trick. Setup your client with clientsoftware from the OpenVPN website and copy the contents of the zip file downloaded from the pi into the config folder. U should now be able to use the VPN tunnel succesfully. Be sure to keep in mind to configure port forwarding on your router if needed. If you provider blocks port 1194, you can change that in the config file located at '/etc/openvpn/local-domain.vpn.conf' and allso the client config file!

For safety, allso create a new user with sudo rights and remove user pi.