After reading so many articles in setting up a VPN for the Raspberry Pi the one used in this guide was published in Linux User and Developer Magazine. Whilst the article is excellent, expanded notes have been added for those new to Linux. This is split over three posts so please be patient.
Arch Linux has been used as the OS for the OpenVPN Server on the Raspberry Pi and for the OpenVPN Client the OS given reference to is any Debian based OS.
The following link sums up what an OpenVPN is;
and for the Arch Linux description please see the following summary;
- OpenVPN is a robust and highly flexible VPN daemon. OpenVPN supports SSL/TLS security, Ethernet bridging, TCP or UDP tunnel transport through proxies or NAT, support for dynamic IP addresses and DHCP, scalability to hundreds or thousands of users, and portability to most major OS platforms.
- OpenVPN is tightly bound to the OpenSSL library, and derives much of its crypto capabilities from it.
- OpenVPN supports conventional encryption using a pre-shared secret key (Static Key mode) or public key security (SSL/TLS mode) using client & server certificates. OpenVPN also supports unencrypted TCP/UDP tunnels.
- OpenVPN is designed to work with the TUN/TAP virtual networking interface that exists on most platforms.
- Overall, OpenVPN aims to offer many of the key features of IPSec but with a relatively lightweight footprint.
- OpenVPN was written by James Yonan and is published under the GNU General Public License (GPL).
OpenVPN Client on the Raspberry Pi – Please note that because Arch Linux is a rolling release, “netcfg” is not available in the main repos. Also GUI is a not default on Arch so there is a reliance on the command line.
For instructions on flashing the latest Arch Linux ARM image please see the following link;
The user name is root and the password is root at the Arch Linux login prompt. If you are using wireless rather than wired connection then run the following command to gain internet access;
Choose the correct AP, then run the following command;
to update system.
The VPN server on this set-up for the Raspberry Pi is be made up of the following software components:
- Base Arch Linux system
- OpenVPN – the software used to create a secure VPN
- Netcfg – used to easily manage the multiple network adapters needed
- Bridge-utils – used to bridge the VPN and Ethernet adaptors
- SSH – will provide secure remote access to the Raspberry Pi and the files on it
To download the main components as listed bar “netcfg” run the following command;
pacman -S noip bridge-utils openvpn
Netcfg is based in the unofficial arch repos (AUR). So to download any packages from here you will need packer or another program like yaourt. To download yaourt run the following;
curl -O https://aur.archlinux.org/packages/pa/package-query/package-query.tar.gz
tar zxvf package-query.tar.gz
curl -O https://aur.archlinux.org/packages/ya/yaourt/yaourt.tar.gz
tar zxvf yaourt.tar.gz