In this post I’ll show how to quickly setup OpenVPN on your Pi with PiVPN. If you repeat the process I took setting this up you should have little to no problem . How many clients can a Pi serve? I’ve read reports of 3-4, possibly as much as 10, with older Pi’s and Pi 2’s. The Pi Zero, the latest and smallest version of the Pi yet, performs on par with the original model B. The links I have listed are what I used as reference to setup WiFi and install OpenVPN. Let’s get started.
- Pi Zero
- 8 GB or more micro-SD card
- Raspberry Pi Zero w/ Raspbian Jessie Lite
- Edimax USB stub WiFi adapter
- Mini HDMI to HDMI adapter
- Micro USB to USB adapter
- Power Supply
- Pimoroni Case (optional)
- TV or monitor
- OpenVPN GUI (for clients)
After reading about other people having success with the Raspberry Pi 2 as a VPN (link), I decided to try it out on the Raspberry Pi Zero. This project was long due, because about a year ago I was attempting to flash an old router with some open source firmware (pfSense) when I bricked it. Having this device in my home running the OpenVPN software allows me to access my network media from anywhere, as long as I have an internet connection. Not only is this convenient, but it is secure as well.
The first thing one should do before committing to this project is take stock. Do you have all the parts? Will you be able to connect to the Pi and make the necessary changes so the WiFi adapter works? This is especially crucial because unlike other Raspberry Pi models, the Zero only has a micro-USB and micro-HDMI port to work with.
Once you’ve figured that much out, most of the work is done. Just do a basic install of Raspbian Jessie Lite with NOOBS bootloader or Win32DiskImager. Then, log into your Pi with PuTTY and paste the curl command from the PiVPN website/github:
curl -L https://install.pivpn.io | bash
***Note: the command above will grab the installation scripts and begin executing them immediately, which is a security risk in the event the website is compromised. Alternatively, you can run “curl -L https://install.pivpn.io”, review the code as much as you’d like/are able to, then execute the install.sh.
This will download and install the software via some shell scripts. All you will need to do is click through
the installer and change whatever default settings you wish to. If you’re a newbie, the default settings work fine. Adding clients is as simple as typing “pivpn add”, you’ll just need to manually transfer the certifications, or .ovpn file(s) with WinSCP or any equivalent software/tool of your choosing. The last step is forwarding port 1194 (default) to your Pi Zero in your router settings. For my router and ISP, I had to select the device, port range, and protocol (UDP). Once those rules were in place, I was able to connect to my home network from my phone. To test this, I tried accessing my NAS4Free machine at home:
Here’s the Pi Zero hooked up with all it needs (power supply, WiFi adapter):
What this allows you to do:
- Establish an encrypted connection between your client device (remote) and your home network.
- Access home network locations, media, and files that you can normally access by being logged in at home, from anywhere.
- Access websites and geo-restricted content through your home IP address. For example, if I was vacationing in another country I might not be able to log into my Netflix account because of their geographical restriction. I could then connect to my home VPN and log into my account as I normally would.
What this does NOT allow you to do:
- Encrypt your connection between your home and the destination address. For example, if you connect from your phone, the traffic between your phone and home network will be encrypted and safe from your carrier’s eyes but not from your internet service provider’s eyes at home (between your home network and destination address, like netflix.com).
- Reduce your bandwidth consumption between your clients and home network. Encrypted data is never less than the original message (that would be compressed data).
- Increase your download speeds.
- Create a 100% secure connection. There is no such thing as 100% safe, but maybe 99.9% safe.
I very much enjoyed this project and recommend it to anyone whether it’s their first Raspberry Pi project, or 9th. It was a breeze to setup and is on the higher end of usefulness/utility. You’ll get more experience with the command line, get to know a little more about open source projects like OpenVPN, and you might even get interested in cryptography. One of the steps in the installer involves generating a Diffie-Hellman key, which took quite a while on my Zero. If you’re a younger Engineering student, you’ll probably learn about the math behind this concept soon. Later on in the installation, you’ll choose the extent of the encryption you’ll use (1024 bit, 2048 bit, or 4096 bit). The greater the encryption, the harder it is to eavesdrop for other people. Cheers!