Raspberry Pi OpenVPN is a great way to access a home network from a remote location. In addition it can be used to secure network communications when connecting to public Wi-Fi. Since the RPi is very low-powered single board computer it is ideal for setup your own Raspberry VPN server with OpenVPN. OpenVPN comes with Easy_RSA, a simple package for using the RSA encryption. Let’s find out how you can how to setup OpenVPN on Raspberry Pi device.

Why VPN?

One possible scenario for wanting your own VPN server that while you are away from home and would like to be able to access all devices on the network at home in a secure manner and you can use public Wi-Fi but you can secure your connection to the world. VPN act as a secure tunnel that start from your device to your VPN server.

This tutorial is based on Raspbian Linux version 7 (wheezy), Raspberry Pi B/B+/2/3

Update Pi OS and Firmware

Lets update raspberry pi OS and firmware by issuing following two commands from shell, i prefer to use Putty but its up to you what ever you want to use to remote connect your Raspberry Pi.

Install OpenVPN server.

Enter following command to begin the openvpn installation.

Generating Keys

OpenVPN comes with easy_rsa, a light and easy package for using the RSA encryption method. This is what makes your VPN connection safe. if easy-ras isn’t installed then you can do so by running following command.

You will know if it worked if it says this at the bottom of the window:

Lets copy RSA to OpenVPN and make some changes

You need to make some changes to easy-ras, edit vars file

Change this to:

Now you can change key size from 1024 to 2048, simple scroll down using the arrow keys and locate export key_size

Change this to:

Now save the file and exit.

Build Encryption Certificates

Enter following command one at a time

Enter all relevant information, this could take some time to finish.

Raspberry Pi OpenVPN EASY_RSA Setup

Raspberry Pi OpenVPN EASY_RSA Setup

Server Certificate

Now we’ll create a certificate for and name the server. I named mine vpn.pihome.eu but it really doesn’t matter.

Enter all relevant information and make sure you don’t enter anything for a challenge password it must be left blank, once server certificate is created it would stay valid for 10 years.

Raspberry Pi OpenVPN RSA certificate for server

Raspberry Pi OpenVPN RSA certificate for server

Client Certificate

Now you can create certificate for each client or you can generate one certificate and use this on all clients. run following command, you can use any user you want to use, make sure you enter the  username that you can easily remember.

You can enter all default values but password for Enter PEM pass phrase that you can remember, this will be used every time you connect to your Raspberry pi OpenVPN server.

Raspberry Pi OpenVPN EASY RSA Client Certificate

Raspberry Pi OpenVPN EASY RSA Client Certificate

DS3 Encryption Scheme

Now we need to change the keys to an ds3 encryption scheme.

Enter the Enter pass phrase for pihome.key: as you did in previous step.

Enter PEM pass phrase: as as previous and then Verifying – Enter PEM pass phrase:

Raspberry Pi OpenVPN DS3 Encryption Scheme

Raspberry Pi OpenVPN DS3 Encryption Scheme

Diffie-Hellman Keys for Your Server

Now we will generate the Diffie-Hellman keys for your server. This will allow your clients and the server to exchange keys.for more on Diffi-Hellman see wiki page

Now change directories back to /etc/openvpn/easy-rsa/:

Lets generate Diffie-Hellman keys for your server. This process will take very long time so best to get coffee and sit back and enjoy your coffee.

Diffie-Hellman Keys for Your Server Raspberry Pi OpenVPN

Diffie-Hellman Keys for Your Server Raspberry Pi OpenVPN

DDoS Protection

OpenVPN has built in DDoS Protection so all you’ll need to do is run this command

OpenVPN Server Configuration

Now we need to configure OpenVPN Server to get connected. You need to create server.conf file and copy and paste  my server.conf settings, you can modify as you need.

Network Config for OpenVPN

By Default network traffic forwarding isn’t enabled. you can simply enable this by modifying /etc/sysctl.conf and un-commenting #net.ipv4.ip_forward=1 line

Now apply these changes with following command

iptables for Raspberry pi OpenVPN

OpenVPN server is fully configured but raspberry pi OS comes with built-in firewall and it blocks all incoming connections. rung following commands and make sure you don’t get any errors.

if above two lines don’t give you any error then you are good so far. Create sh file and copy and paste below text to.

Make this script executable by issuing following command.

Now you need to create symbolic link to this file in /etc/init.d/

Raspberry pi OpenVPN Client Configuration – Export OVPN

First create Default.txt file at /etc/openvpn/easy-rsa/keys/, copy and paste below to this file and save it. make sure you add your public ip or ddns hostname.

Second step to export client settings that are usable on any smart phone or desktop/laptop computer. create makeovpn.sh in /etc/openvpn/easy-rsa/keys and copy paste below script to this file.

Change directory to /etc/openvpn/easy-rsa/keys and make makeovpn.sh file executable make sure you run this script from /etc/openvpn/easy-rsa/keys otherwise you will get error message and exporting of OVPN wouldn’t work.

Repeat this for this process for all the users you have created. OVPN extension file will be saved with same name as you have username in /etc/openvpn/easy-rsa/keys/ you can use winscp or any other client to copy these files out.

If you need help for Installing Linux OS (Raspbian Jessie) on Raspberry Pi see this link