Select Page

[:de]VPN mit Raspberry Pi und OpenVPN[:en]VPN with Raspberry Pi and OpenVPN[:]

by | Aug 24, 2015 | Administration | 0 comments

This entry has been published on 2015-08-24 and may be out of date.

Last Updated on 2015-08-24.

[:en]Scenario

You want a cheap and secure way for accessing your local network from outside. Your router or modem does not have any built-in VPN features. The Windows built-in PPTP VPN feature is not a real option because it is quite insecure.

You do not want to install it on any already existing system (Hyper-V etc.) because you also want access to features like Intel AMT or other KVM-over-IP tools in cases when these servers are not running.

You want access from several client types, like Windows, Android or iOS.

 

Solution

You can achieve this goal using a Raspberry Pi (any model) in combination with the open source tool OpenVPN.

It only needs one incoming port (UDP 1194) in your router to be configured (NAT -> to your RPi IP).

A great configuration guide can be found here (part two here).

The client application for Windows can be found on openvpn.net. For Android, Google Play Store offers “OpenVPN Connect”.

 

Note: Make sure you give your client key file a password (command “build-key-pass”, “PEM pass phrase”)! Other tutorials often even forget to mention this important step. You have to copy your client key files to every system you want to connect from. So if any unrequested person gets these files (e.g. your USB stick gets lost etc.), it can connect to your LAN without any password requests if you have not set a password for your key file.

 

Internet not working when VPN enabled / Only route certain IP range

The settings described in the tutorial (link above) route your whole network traffic through your enabled VPN connection.

This might not always be what you would like to achieve, e.g. your whole internet traffic is also routed through VPN. So if e.g. outgoing traffic from your RPi is disabled, you cannot open any websites while your VPN connection is enabled.

If you only want to get external access to your LAN, change your /etc/openvpn/server.conf:

  • Comment out: push “redirect-gateway def1” (or delete the line).
  • Instead, write: push “route 10.1.0.0 255.255.0.0 vpn_gateway”
    • (or, if you use 192.168.1 as your local network range, use something like 192.168.1.0 255.255.255.0)
    • vpn_gateway is a keyword used by OpenVPN
  • Restart openvpn service

 [:]

Submit a Comment