{"id":1275,"date":"2014-03-04T08:45:18","date_gmt":"2014-03-04T13:45:18","guid":{"rendered":"http:\/\/swildow.darktech.org\/wp\/?p=1275"},"modified":"2015-10-30T08:21:59","modified_gmt":"2015-10-30T13:21:59","slug":"raspberry-pi-vpn-server","status":"publish","type":"post","link":"http:\/\/www.wildow.com\/blog\/?p=1275","title":{"rendered":"Raspberry Pi VPN Server"},"content":{"rendered":"<h3>Raspberry Pi VPN Server<\/h3>\n<div><a href=\"http:\/\/blog.wellsb.com\/post\/29412820494\/raspberry-pi-vpn-server\" target=\"_blank\">\u00a0http:\/\/blog.wellsb.com\/post\/29412820494\/raspberry-pi-vpn-server<\/a><\/div>\n<div><!--more--><\/div>\n<div>You have a raspberry pi\u2014 a low-power always-on computer. Why not use it as a VPN server for tunneling your internet through when travelling? This could, for example, help you ensure a secure browsing experience when you\u2019re on a sketchy public wifi network. Or perhaps you\u2019re considering moving to another country for a couple months. Just find a friend or family member who is willing to let you mooch off their internet from time to time, and plug your Raspberry Pi into their network while you\u2019re away. This will give you an American IP address for utilizing all those US only services while you\u2019re abroad. There aren\u2019t many helpful step-by-step guides to setting up a VPN server on your raspberry pi, so that\u2019s what I seek to provide here.<\/p>\n<p>Don\u2019t have a\u00a0<a href=\"http:\/\/www.amazon.com\/gp\/product\/B009SQQF9C\/ref=as_li_tf_tl?ie=UTF8&amp;camp=1789&amp;creative=9325&amp;creativeASIN=B009SQQF9C&amp;linkCode=as2&amp;tag=wellsbcom-20\">Raspberry Pi<\/a>? Perhaps yours is already tied up with another project?\u00a0<a href=\"http:\/\/www.amazon.com\/gp\/product\/B009SQQF9C\/ref=as_li_tf_tl?ie=UTF8&amp;camp=1789&amp;creative=9325&amp;creativeASIN=B009SQQF9C&amp;linkCode=as2&amp;tag=wellsbcom-20\">Grab one today<\/a><\/p>\n<p><strong>Contents<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/blog.wellsb.com\/post\/29412820494\/raspberry-pi-vpn-server#server\">VPN Server Setup (Raspberry Pi)<\/a><\/li>\n<li><a href=\"http:\/\/blog.wellsb.com\/post\/29412820494\/raspberry-pi-vpn-server#router\">Router Setup<\/a><\/li>\n<li><a href=\"http:\/\/blog.wellsb.com\/post\/29412820494\/raspberry-pi-vpn-server#dyndns\">Dynamic DNS (Raspberry Pi)<\/a><\/li>\n<li><a href=\"http:\/\/blog.wellsb.com\/post\/29412820494\/raspberry-pi-vpn-server#win7client\">Windows 7 Client Setup<\/a><\/li>\n<li><a href=\"http:\/\/blog.wellsb.com\/post\/29412820494\/raspberry-pi-vpn-server#androidclient\">Android Client Setup<\/a><\/li>\n<\/ul>\n<div id=\"server\"><strong>VPN Server Setup (Raspberry Pi)<\/strong><\/div>\n<p>First, you\u2019ll need a kernel with MPPE support. I have tested this guide with<a href=\"http:\/\/learn.adafruit.com\/adafruit-raspberry-pi-educational-linux-distro\/occidentalis-v0-dot-1\">Occidentalis v0.1<\/a>\u00a0by Adafruit and with\u00a0<a href=\"http:\/\/www.raspbmc.com\/download\/\">Raspbmc RC4<\/a>. To test if the kernel on your distro of choice has MPPE support, type<\/p>\n<pre>sudo modprobe ppp-compress-18<\/pre>\n<p>If this works without any errors, your kernel should do the job. By the way, you can do all this through SSH (or through VNC) or directly on your Pi with a keyboard and mouse.<\/p>\n<p>Next, install the PPTP server package. I\u2019m using a debian based distro, so I execute the following command:<\/p>\n<pre>sudo apt-get install pptpd<\/pre>\n<p>Next, edit \u2018\/etc\/pptpd.conf\u2019 If you have started an X session, you can use a graphical text editor. Otherwise, you can use VI. Since this is a beginner\u2019s tutorial, I won\u2019t explain how to use VI. If you are using LXDE, open a\u00a0<strong>root<\/strong>terminal and type<\/p>\n<pre>leafpad \/etc\/pptpd.conf<\/pre>\n<p>If you prefer working in the terminal use the following. This is what I will use for the remainder of the tutorial, but you can use whatever text editor you like.<\/p>\n<pre>sudo vi \/etc\/pptpd.conf<\/pre>\n<p>At the end of the file, add (or uncomment if it already exists) the following lines<\/p>\n<pre>localip 192.168.0.1\r\nremoteip 192.168.1.234-238,192.168.1.245<\/pre>\n<p>Be sure to replace this information with what you actually need. LocalIP is the internal IP of your raspberry pi, and the Remote IP range are the addresses that will be handed out to clients.<\/p>\n<p>Now, edit the \u2018\/etc\/ppp\/pptpd-options\u2019 file.<\/p>\n<pre>sudo vi \/etc\/ppp\/pptpd-options<\/pre>\n<p>Append the following directives to the end of the file:<\/p>\n<pre>ms-dns 192.168.1.1\r\nnobsdcomp\r\nnoipx\r\nmtu 1490\r\nmru 1490<\/pre>\n<p>Where the IP used for the ms-dns directive is the DNS server for the local network to which your client will be connecting (quite possibly the IP address of your router).<\/p>\n<p>Next, edit the \u2018\/etc\/ppp\/chap-secrets\u2019 files. This is where you will place your credentials for logging into the VPN server.<\/p>\n<pre>sudo vi \/etc\/ppp\/chap-secrets<\/pre>\n<p>Add your authentication credentials in the following form:<\/p>\n<pre>username[TAB]*[TAB]password[TAB]*<\/pre>\n<p>You should probably use a very strong password for authentication.<\/p>\n<p>Restart the PPTP daemon by executing the following command:<\/p>\n<pre>sudo service pptpd restart<\/pre>\n<p>Now, enable forwarding if you wish to have access to your entire home network while away. Edit the \u2018sysctl\u2019 file.<\/p>\n<pre>sudo vi \/etc\/sysctl.conf<\/pre>\n<p>Find \u201cnet.ipv4.ip_forward=1\u201d and uncomment it (or change =0 to =1) to enable forwarding. Now, execute the following command to apply changes:<\/p>\n<pre>sudo sysctl -p<\/pre>\n<p>We\u2019re all set on the server side. Everything should persist upon restart, so no worries there. Now, let\u2019s configure our router.<\/p>\n<div id=\"router\"><strong>Router Setup<\/strong><\/div>\n<p>We must forward TCP port 1723 on the router to the IP Address of the Raspberry Pi. You can visit\u00a0<a href=\"http:\/\/portforward.com\/routers.htm\">Port Forward<\/a>\u00a0for step-by-step instructions for setting this up with your particular router. While you\u2019re at it, you may want to set up a static IP address for your Raspberry Pi\u2019s MAC address in your router\u2019s DHCP configuration settings. This way, your local IP address (the one to which you\u2019re forwarding the port) doesn\u2019t change.<\/p>\n<div id=\"dyndns\"><strong>Dynamic DNS (Raspberry Pi)<\/strong><\/div>\n<p>You may be wondering how you\u2019re going to connect to this thing? Your public IP address is probably not static. We\u2019ll set up dynamic DNS on our Pi, so we can refer to our VPN server by hostname. First, go to\u00a0<a href=\"http:\/\/www.dnsdynamic.org\/\">dnsdynamic.org<\/a>\u00a0and register. Validate your email address, and add a domain. Go ahead and save the new domain with the IP address that appears by default. This tutorial will use \u2018[domain].dnsdynamic.com\u2019 so when you see this notation, just replace it with the domain you\u2019ve selected.<\/p>\n<p>Now, we\u2019re back on our raspberry pi. Open a root terminal and type<\/p>\n<pre>sudo apt-get install ddclient<\/pre>\n<p>An installation dialogue should appear.<\/p>\n<ul>\n<li>When asked to select a Dynamic DNS service provider, choose \u201cOther.\u201d<\/li>\n<li>It should ask for the name of the service provider. Enter \u201cwww.dnsdynamic.org\u201d<\/li>\n<li>On the next screen, select the \u201cdyndns2\u201d protocol.<\/li>\n<li>Now, enter the username (email address) and password you used when you registered at\u00a0<a href=\"http:\/\/www.dnsdynamic.org\/\">dnsdynamic.org<\/a><\/li>\n<li>It, now, asks which network interface to use. If you are using the ethernet port on your Pi, enter \u201ceth0\u201d. If you have setup a usb wifi interface adapter, you may enter \u201cwlan0\u201d<\/li>\n<li>Next, enter the domain you registered: \u201c[domain].dnsdynamic.com\u201d<\/li>\n<\/ul>\n<p>Now, wait for the installation to complete. If you\u2019re behind a router, ddclient will incorrectly associate your internal IP address with your dynamic DNS domain. You can verify this by going to\u00a0<a href=\"http:\/\/www.dnsdynamic.org\/\">dnsdynamic.org<\/a>, log in, click manage, and edit your existing domain. Let\u2019s fix that.<br \/>\nEdit \u2018ddclient.conf\u2019<\/p>\n<pre>sudo vi \/etc\/ddclient.conf<\/pre>\n<ul>\n<li>Find the line \u201cuse=if, if=eth0\u201d and comment it (add a # in front).<\/li>\n<li>Add the line \u201cuse=web, web=checkip.dyndns.org\u201d<\/li>\n<li>Save and quit<\/li>\n<\/ul>\n<p>Restart ddclient<\/p>\n<pre>sudo service ddclient restart<\/pre>\n<p>Now, when you go to\u00a0<a href=\"http:\/\/www.dnsdynamic.org\/\">dnsdynamic.org<\/a>\u00a0and go to manage and edit your existing domain, you should see your public IP address, now.<\/p>\n<p>We\u2019re all finished on the server side. Now, let\u2019s configure our clients.<\/p>\n<div id=\"win7client\"><strong>Windows 7 Client Setup<\/strong><\/div>\n<ul>\n<li>In the Network and Sharing Center, set up a new connection.<\/li>\n<li>Connect to workplace<\/li>\n<li>Use my Internet Connection (VPN)<\/li>\n<li>Internet Address: \u201c[domain].dnsdynamic.com\u201d<\/li>\n<li>Destionation Name: \u201cRaspberry Pi\u201d (or whatever you want to call your VPN server)<\/li>\n<li>Enter Username and Password (from chap-secrets file on raspberry pi!)<\/li>\n<li>If the connection fails, set up this connection anyway and proceed to next step<\/li>\n<li>Back in Network and Sharing Center, click Change Adapter Settings<\/li>\n<li>Find connection we just created, right click, Properties<\/li>\n<li>Security tab: Set type to \u201cPPTP\u201d<\/li>\n<li>Advanced tab: Click IP4V, Click Properties<\/li>\n<li>In the new window, click Advanced<\/li>\n<li>Here you have two options:\n<ul>\n<li>If you wish to access resources or services on your home network, but wish to connect to the internet on your existing connection, then uncheck \u201cUse default gateway on remote network.\u201d This will establish a split-tunnel connection.<\/li>\n<li>If you wish to pass all traffic through the VPN, leave the box checked. Your browsing may be slower, but your traffic will appear from your home IP address.<\/li>\n<\/ul>\n<\/li>\n<li>Ok. You should now be able to connect<\/li>\n<\/ul>\n<div id=\"androidclient\"><strong>Android Client Setup<\/strong><\/div>\n<p>Your instructions may differ slightly depending on android version.<\/p>\n<ul>\n<li>Go to Settings<\/li>\n<li>Under Wireless &amp; Networks, select More\u2026<\/li>\n<li>Select VPN<\/li>\n<li>Name: \u201cRaspberry Pi\u201d (or whatever you want to call your VPN server)<\/li>\n<li>Type: PPTP<\/li>\n<li>Server Address: \u201c[domain].dnsdynamic.com\u201d<\/li>\n<li>Select Connection you just created<\/li>\n<li>Enter Username and Password (from chap-secrets file on server!)<\/li>\n<li>You should now be connected to your VPN server.<\/li>\n<\/ul>\n<p><strong>Conclusion<\/strong><br \/>\nThat\u2019s it! You\u2019re all set with a VPN server on your Raspberry Pi. Keep in mind, PPTP is inherently less secure than an OpenVPN protocol solution. However, it\u2019s much easier to set up on a Raspberry Pi \ud83d\ude42<br \/>\nSources:<\/p>\n<ul>\n<li><a href=\"http:\/\/www.howtogeek.com\/51237\/setting-up-a-vpn-pptp-server-on-debian\/\">http:\/\/www.howtogeek.com\/51237\/setting-up-a-vpn-pptp-server-on-debian\/<\/a><\/li>\n<li><a href=\"http:\/\/raspberrypipod.blogspot.co.uk\/2012\/07\/dynamic-dns-open-up-your-pis-webserver.html\">http:\/\/raspberrypipod.blogspot.co.uk\/2012\/07\/dynamic-dns-open-up-your-pis-webserver.html<\/a><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Raspberry Pi VPN Server \u00a0http:\/\/blog.wellsb.com\/post\/29412820494\/raspberry-pi-vpn-server<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":["post-1275","post","type-post","status-publish","format-standard","hentry","category-raspberrypi"],"_links":{"self":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1275","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1275"}],"version-history":[{"count":2,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1275\/revisions"}],"predecessor-version":[{"id":1277,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1275\/revisions\/1277"}],"wp:attachment":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1275"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}