![]() Keep all the default values (hit enter for each question)Īnd answer yes for the two last questions It’s like what we did for the server, run this command to start:.The remote client also needs keys to secure the connection with the server You finish the server part, we now need to create the client configuration Install OpenVPN on a Client Copy the keys under the configuration folderĬp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpnĬp /etc/openvpn/easy-rsa/keys/server.crt /etc/openvpnĬp /etc/openvpn/easy-rsa/keys/server.key /etc/openvpn.We just need to move the keys to the OpenVPN configuration folder and start the service Let all fields by default, and password and company name empty.Then redo the previous command and it should be fine In my test, I got errors about files missing in the keys sub-folderĬopying them from the examples directory fixed this issu e cp /usr/share/doc/openvpn/examples/sample-keys/sample-ca/index.txt keys/Ĭp /usr/share/doc/openvpn/examples/sample-keys/sample-ca/ keys/Ĭp /usr/share/doc/openvpn/examples/sample-keys/sample-ca/serial keys/ Check you’re always in the easy-rsa folder (and using root).Then we move to the last steps with the server keys generation This may take a long time (One hour on Pi Zero!) Now we use dhparam to generate the Diffie-Helman file openssl dhparam -out /etc/openvpn/dh2048.pem 2048 Once the vars file is properly set, we can start with keys generation Generate SSL keys Fill the other KEY options with your own information, for example:. ![]() If you have another version, check in the easy-vars/ folder if you have a file closer to your version, and edit this line I had issues with this line, this one works with my 1.1.0j OpenSSL version Change or add the KEY_CONFIG option to use this syntax insteadĮxport KEY_CONFIG=$EASY_RSA/openssl-1.0.0.cnf.Edit the vars file to set your preferences.Copy Easy-RSA files to the OpenVPN configuration folder.The next step is to generate all the keys on the server side to secure the connection Your Raspberry Pi can now act as a router Configure Easy-RSA Then open this file to enable it on boot.Paste this command to enable it immediately.We’ll come back to this configuration file later, for the moment it’s fine Allow IP Forwardingīy default, Linux doesn’t allow IP forwardingĪs our Raspberry Pi will be the router between VPN clients and the local network, we have to enable it You can also set a second DNS server in the line above Let the default option if you don’t know what it is In my case, I’m using the Google DNS Server (8.8.8.8) but set what you want Comment this one (we don’t need TLS authentication for the first try).Gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/ > /etc/openvpn/nf Extract the sample configuration file to the OpenVPN folder.I recommend switching to the root user because you’ll type a lot of commands in this procedure that need root privileges.Let’s move to the OpenVPN installation procedure: Here is a detailed tutorial on how to use No-IP if you are interested. A static public IP address if possible or a dynamic host (I don’t have a static IP, so I’m using No-IP).Administrator access to your Internet router or firewall (for port forwarding).Raspbian installed (Follow this tutorial to install Raspbian if not already done).A Raspberry Pi (tested on Zero, so any model should work).Here is what you need to start this guide: Let’s go to the technical part! Install OpenVPN Server on Raspberry Pi Prerequisites You now understand how it works and what we need to do Same thing for packets coming from the home network to the VPN client.When the encrypted data arrives to the VPN server, the server software will decrypt it and know what to do with it.In the client configuration, we’ll tell the software to connect to the VPN server public IP address.On this client, we also have keys coming from the server to encrypt data in a way that only the VPN server can understand.We need to install a new software on the client computer to encrypt data.I won’t bother you with details concerning data encryption technology The goal of this tutorial is to create a secure tunnel between you (from anywhere in the world) and your local network at home If you use a VPN server on your Raspberry Pi, data flows in the secure tunnel, so nobody can decrypt them If you share a web server at home with port forwarding (public_ip:80 => local_ip:80), data could be accessible to hackers, as data flows in clear on the network (man in the middle attacks are possible) ![]() The main goal of a VPN is to encapsulate your data in a secure tunnel between you and the VPN server When connected to a VPN, it’s as if you were on a private network between you and the VPN server Before going further, let’s start with a few reminders about VPN IntroductionĪnd that’s exactly what it is.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |