top of page

Make your own private VPN server!

Download the the file here:

http://www.signalfront.com/promptbox/ddclient-3.8.3.tar

​

Raspberry Pi VPN, QuickStart for fixed Static IP

 

A.  Allow access to your RPi from the internet

  1. Physically connect the RPi to the router in the country you want to access.  You may want to turn off WiFi.

  2. Enable VNC on the RPi for remote access (sudo raspi-config).  Consider changing the RPi’s password.

  3. You may want to ‘sudo apt-get update’ and ‘sudo apt-get upgrade’

  4. On the router, figure out the RPi’s DHCP IP number.  Make it static, so it never changes even with power cycles.

  5. On the router, open 2 ports, 5900 for VNC and we’ll use 55798 for VPN.

  6. From the RPi (or other device connected to the same router), record its IP number (Google ‘what is my IP number’)

 

B.  Setup the VPN server on the RPi

  1. ‘curl -L https://install.pivpn.io | bash’

  2. Don’t allow automated updates - seems to be a pivpn bug

  3. Enter 55798 for the port, step A5

  4. Choose ‘pi’ as the user

  5. Enter the DHCP IP number, step A4

  6. Enter the router’s IP number (Public IP), step A6

  7. Choose ‘Google DNS’

  8. This process will take more than 10 minutes to generate the encryption.

 

C.  Create a VPN profile

  1. ‘pivpn add nopass’, this means no password is needed

  2. Enter a profile name

  3. Copy the XXX.opvn file to the phone or computer you want to use. web.wechat.com is a easy way.

 

D.  Download OpenVPN on the target computer or phone.  Load the profile from step C.

​

  1. Allow access to your RPi from the internet:

  2. Connect the RPi to the router where you want access.  Maybe in your home country.

  3. On the router, record your current IP address and DNS server address

  4. Reserve the RPi’s DHCP IP address, so it doesn’t change (usually 192.168...)

  5. Use port forwarding to point to that IP address (any port number will do – remember it)

 

  1. Setup a Dynamic IP domain because the IP number your ISP gives you may change:

  2. Go to noip.com and setup an account.  You will need to activate it by email.

  3. Remember the new domain name, your account user name, and your noip.com password

  4. Set it to the current IP address that you recorded in step A2

 

  1. Setup the Dynamic DNS client on the RPi:

  2. ‘sudo apt-get update’

  3. ‘sudo apt-get upgrade’                              # makes sure you are on the latest Raspbian version

  4. ‘sudo apt-get install ddclient libjson-any-perl’

    1. just skip through the install questions, we’ll be overwriting them later

  5. Copy the file ‘ddclient-3.8.3.tar’ to the Raspberry Pi

  6. ‘tar -xvf ddclient-3.8.3.tar’

  7. ‘sudo cp -f ddclient-3.8.3/ddclient /usr/sbin/ddclient’

  8. ‘sudo mkdir /etc/ddclient’

  9. ‘sudo mv /etc/ddclient.conf /etc/ddclient’

  10. ‘sudo nano /etc/ddclient/ddclient.conf’

    1. use=web, web=checkip.dyndns.com/, web-skip='IP Address'

    2. ssl=yes

    3. protocol=dyndns2

    4. server=dynupdate.no-ip.com

    5. login=your_username  [from B2]

    6. password=your_password  [from B2]

    7. your.domain.com  [from B2]

  11. ‘sudo /etc/init.d/ddclient restart’

 

  1. Look for an IP address update every week:

  2. ‘sudo nano /etc/default/ddclient’

    1. run_daemon="true"

    2. run_dhclient="false"

    3. run_ipup="false"

  3. ‘sudo service ddclient start’

  4. ‘sudo nano /etc/cron.weekly/ddclient’

    1. #!/bin/sh

    2. /usr/sbin/ddclient -force 

  5. ‘sudo chmod +x /etc/cron.weekly/ddclient’

  6. ‘sudo service ddclient status’                   # to check that it is working

  7. To force a refresh of the IP address, ‘sudo ddclient -daemon=0 -debug -verbose -noquiet’

 

  1. Setup the VPN server on the RPi:

  2. ‘curl -L https://install.pivpn.io | bash’

  3. Follow the prompts, entering your port number from step A4

  4. For Public IP or DNS. Chose DNS and enter your domain name from step B2

  5. Choose OpenDNS instead of Google DNS if you are in China (Google is blocked)

  6. Be aware that this script will hardcode the RPi’s IP address in /etc/dhcpcd.conf

    1. You will have to adjust that file if you switch routers or IP numbers.

 

  1. I had to fix the following pivpn script problems:

  2. Uses Google DNS

    1. ‘su’                      # superuser

    2. ‘nano /etc/openvpn/server.conf’

    3. change 8.8.8.8 and 8.8.4.4 to

                                                               i.      Open DNS, 208.67.222.222 and 208.67.222.220

                                                             ii.      Or your local ISP’s DNS server (may be faster if your router is outside the US, step A2)

  1. Uses fixed IP address

    1. ‘su’                      # superuser

    2. ‘nano /etc/openvpn/easy-rsa/pki/Default.txt’

    3. change your IP number to your noip domain name (step B2)

  2. Reboot the RPi

 

  1. Create a OpenVPN profile:

  2. ‘pivpn add’

  3. Enter a profile name and password

  4. Look in the profile (in the ovpns directory) with nano and find the text between <key> and </key>

  5. Copy all of that to a file called client.key

  6. ‘openssl rsa -in client.key -des3 -out client.3des.key’

  7. Enter your password from step G2 3 times

  8. Replace the text between <key> and </key> in the original profile with the entire contents of client.3des.key

  9. Copy the edited profile to the phone or computer where you want to use the VPN (use email or flash drive)

 

  1. On the PC or Phone you want to connect:

  2. Download any openvpn client

  3. Have it use the profile you created in step G8

  4. Connect and enter your password

  5. You can check the connection on your RPi with ‘pivpn -c’

© 2017 by Prompt Box.

  • Facebook - Grey Circle
  • LinkedIn - Grey Circle
  • Google+ - Grey Circle
bottom of page