The Raspberry Pi Zero as a Dedicated VPN

By | August 2, 2016

pi zeroIn this post I’ll show how to quickly setup OpenVPN on your Pi with PiVPN. If you repeat the process I took setting this up you should have little to no problem . How many clients can a Pi serve? I’ve read reports of 3-4, possibly as much as 10, with older Pi’s and Pi 2’s. The Pi Zero, the latest and smallest version of the Pi yet, performs on par with the original model B. The links I have listed are what I used as reference to setup WiFi and install OpenVPN. Let’s get started.

Parts:

  • Pi Zero
  • 8 GB or more micro-SD cardOpenVPN android app
  • Raspberry Pi Zero w/ Raspbian Jessie Lite
  • Edimax USB stub WiFi adapter
  • Mini HDMI to HDMI adapter
  • Micro USB to USB adapter
  • Power Supply
  • Pimoroni Case (optional)

Tools:

  • TV or monitor
  • PuTTY
  • WinSCP
  • PiVPN.io
  • OpenVPN GUI (for clients)

Resources:

After reading about other people having success with the Raspberry Pi 2 as a VPN (link), I decided to try it out on the Raspberry Pi Zero. This project was long due, because about a year ago I was attempting to flash an old router with some open source firmware (pfSense) when I bricked it. Having this device in my home running the OpenVPN software allows me to access my network media from anywhere, as long as I have an internet connection. Not only is this convenient, but it is secure as well.

The first thing one should do before committing to this project is take stock. Do you have all the parts? Will you be able to connect to the Pi and make the necessary changes so the WiFi adapter works? This is especially crucial because unlike other Raspberry Pi models, the Zero only has a micro-USB and micro-HDMI port to work with.

Once you’ve figured that much out, most of the work is done. Just do a basic install of Raspbian Jessie Lite with NOOBS bootloader or Win32DiskImager. Then, log into your Pi with PuTTY and paste the curl command from the PiVPN website/github:

curl -L https://install.pivpn.io | bash

***Note: the command above will grab the installation scripts and begin executing them immediately, which is a security risk in the event the website is compromised. Alternatively, you can run “curl -L https://install.pivpn.io”, review the code as much as you’d like/are able to, then execute the install.sh.

This will download and install the software via some shell scripts. All you will need to do is click through
the installer and change whatever default settings you wish to. If you’re a newbie, the default settings work fine. Adding clients is as simple as typing “pivpn add”, you’ll just need to manually transfer the certifications, or .ovpn file(s) with WinSCP or any equivalent software/tool of your choosing. The last step is forwarding port 1194 (default) to your Pi Zero in your router settings. For my router and ISP, I had to select the device, port range, and protocol (UDP). Once those rules were in place, I was able to connect to my home network from my phone. To test this, I tried accessing my NAS4Free machine at home:

NAS4Free login screen

Success!

Here’s the Pi Zero hooked up with all it needs (power supply, WiFi adapter):

 

What this allows you to do:

  • Establish an encrypted connection between your client device (remote) and your home network.
  • Access home network locations, media, and files that you can normally access by being logged in at home, from anywhere.
  • Access websites and geo-restricted content through your home IP address. For example, if I was vacationing in another country I might not be able to log into my Netflix account because of their geographical restriction. I could then connect to my home VPN and log into my account as I normally would.

What this does NOT allow you to do:

  • Encrypt your connection between your home and the destination address. For example, if you connect from your phone, the traffic between your phone and home network will be encrypted and safe from your carrier’s eyes but not from your internet service provider’s eyes at home (between your home network and destination address, like netflix.com).
  • Reduce your bandwidth consumption between your clients and home network. Encrypted data is never less than the original message (that would be compressed data).
  • Increase your download speeds.
  • Create a 100% secure connection. There is no such thing as 100% safe, but maybe 99.9% safe.

Conclusion

I very much enjoyed this project and recommend it to anyone whether it’s their first Raspberry Pi project, or 9th. It was a breeze to setup and is on the higher end of usefulness/utility. You’ll get more experience with the command line, get to know a little more about open source projects like OpenVPN, and you might even get interested in cryptography. One of the steps in the installer involves generating a Diffie-Hellman key, which took quite a while on my Zero. If you’re a younger Engineering student, you’ll probably learn about the math behind this concept soon. Later on in the installation, you’ll choose the extent of the encryption you’ll use (1024 bit, 2048 bit,  or 4096 bit). The greater the encryption, the harder it is to eavesdrop for other people. Cheers!

Facebooktwittergoogle_plusredditpinterestlinkedintumblr

19 thoughts on “The Raspberry Pi Zero as a Dedicated VPN

  1. Pingback: Turn your Raspberry Pi (Zero) into a dedicated VPN server – Raspberry Pi Pod

  2. Pingback: The Raspberry Pi Zero as a Dedicated VPN @Raspberry_Pi #piday #raspberrypi « Adafruit Industries – Makers, hackers, artists, designers and engineers!

  3. Pingback: How to Build a Budget NAS Machine – Adamantine.me

  4. Miguel

    Hi. I can SSH to my Pi, but I am unable to access my LAN. What change did you do to your configuration? Thanks

    Reply
    1. transposedmessenger Post author

      Hello. Can you be more specific? What are you trying to access on your LAN and how? The only additional changes I made in this project were to my router, which is going to be different for everyone.

      Reply
      1. Miguel

        Hi. I mean my router config page, for example. I also can’t access the internet, shared drives, etc.
        When I do an ifconfig, I see a tun0 that seems to be missconfigured. there is a 10.8.0.1 ip referenced there, and this has nothing to do with the IP ranges in my network (192.168.1.0). Could this be part of the problem? I think I remember this being part of the configuration…
        Thanks.

        Reply
        1. transposedmessenger Post author

          Ok, yes that is a general network problem. Assuming you are also using a Pi Zero, you’ll need to work on getting internet connectivity as a first step. If you are using the Edimax WiFi stub like I am, please look into the links I listed under the resources section. Otherwise you’ll have to do some google searches based on what WiFi adapter you have.

          Reply
  5. Pingback: Share an Internet Connection with a Raspberry Pi Zero over USB | Steve Grunwell

  6. Kris

    I was trying to change the encryption to 4096 but I can’t get the little star that is on 2048 to move. If I put the curser on 4096 and hit enter to goes with 2048. How do I change the selection?

    Reply
    1. transposedmessenger Post author

      Hey Kris, I’m glad you asked for help – this is from the command line, correct? You probably have to do the selection with a keyboard by typing in Y for yes or N for no, or typing in the corresponding number from a list. That’s about the best I can do off the top of my head. Does that make sense?

      Reply
      1. Kris

        It’s a GUI in the command line and there is three boxes to choose from 1024, 2048, and 4096. You can only move the curser to the three boxes. I move it to 4096 and hit enter and it stays with 2048. I can try and take a picture of what I’m talking about tonight.

        Reply
        1. Brandon

          I’m pretty sure you use the space bar to make selections in shell GUI prompts. So arrow up to 4096 and press space.

          Reply
          1. transposedmessenger Post author

            Thanks for answering Brandon, I had a feeling it was like how you said but was unable to test/confirm that.

  7. Nick

    Thanks for this info! Few general questions. Is this little thing strong enough to handle the VPN traffic reliably? Since you turned it up have you noticed any speed related issues? I see in the comments that Kris wanted to max out the key at 4096. Do you know if the Zero’s processor can keep up with this? I like this concept and just wonder if this little thing is strong enough to pass a single connection and not be a bottle neck on the data flow. Asking because I saw one comment stating the VPN on the zero was slow on another site. I think this would be a fun project but I want it to be useful as well. Thanks in advance!

    Reply
    1. transposedmessenger Post author

      Hello Nick, I think it depends on the task, and as you are pointing out, the level of encryption. I’ve been able to do some basic things without trouble, like load web pages and stream some music. However there are a few factors that are preventing me from giving a definitive answer: my service providers data transfer rate, and the server I’m streaming from. As far as encryption, 4096 bit encryption is pretty hardcore and I think it might be too much for a Pi Zero. 2048 should be more than enough for most cases. I have some other Pis, so if I find a block of time maybe I could try to throw together some sort of bench test for this question. Thanks for commenting!

      Reply
  8. LBS

    “the installer involves generating a Diffie-Hellman key, which took quite a while on my Zero”
    Can you remember how long it took to generate the key on you Zero?

    Reply
    1. transposedmessenger Post author

      Hey LBS, it took a significant amount of time – more than 10-15 minutes so I just went and did something for an hour, came back and it was done. Why do you ask?

      Reply
      1. LBS

        I gave up the first time, ran out of coffee 🙁
        The day after I was more patient, the job finished after 15-20 min
        -it’s up’n’running now, thanx

        Reply
  9. Pingback: The Raspberry Pi 2 as a Dedicated VPN (round 2) – Adamantine.me

Leave a Reply

Your email address will not be published. Required fields are marked *