How to use your Raspberry Pi as a VPN router

How to use your Raspberry Pi as a VPN router

Thanks to the built-in Wi-Fi, the newest version of the Raspberry Pi is more useful than ever for networking projects. We recently showed you how to use your Raspberry Pi as a wireless access point – a router, essentially – and now we have a project for you that builds on that. You can use your Raspberry Pi as a VPN access point, helping you browse the web more privately. Here’s how.


How to use your Raspberry Pi as a VPN router

Step 1: Turn your Pi into a wireless access point

You’ll find everything you need in our how-to post.


Step 2: Install OpenVPN

We’re going to use a program called OpenVPN to set up our VPN. Open the command line and type this to get it:

sudo apt-get install openvpn -y

Now go ahead and reboot the Pi:

sudo reboot


Step 3: Download and unzip VyprVPN

We’ll need one more program for this project, and that’s VyprVPN. Let’s get it via the command line:

cd /etc/openvpn

This puts us in the right directory.

sudo wget

This downloads the file.

sudo unzip

And this, of course, unzips it!


Step 4: List the VPNs

Hop into the new directory here, then type ls to list the files. We’re using the 256-bit version, so our path reflects that.

cd GF_OpenVPN_10142016/OpenVPN256

You’ll see a whole bunch of files that end in .ovpn. These are the different VPNs you can use, listed by location. Remember these for when you want to connect to specific VPNs (consider writing them down, or just run these commands again when you forget).


Step 5: Create an authorization file

You need to be authorized to use VyprVPN. Let’s create an authorization file:

sudo nano /etc/openvpn/auth.txt

This should create a new file. In the file, type two lines. The first will be your username, the second your password. You’re not just making these up – they have to be your VyprVPN login (if you don’t have a VyprVPN account, create one). Now get out of the file (Ctrl+X), save it (Y), and confirm (Enter).


Step 6: Run a test

sudo openvpn --config "/etc/openvpn/GF_OpenVPN_10142016/OpenVPN256/FILENAME.ovpn" --auth-user-pass /etc/openvpn/auth.txt

Remember the VPN you wanted to use? Plug that in where we have FILENAME.ovpn. If you did it right, you should get a bunch of text that includes the happy words “Initialization Sequence Completed.”


Step 7: Fun with iptables

We’re not done yet. We changed a bunch of stuff in iptables when we used our Pi as a wireless access point, but we need to change that now.

sudo iptables -F
sudo iptables -t nat -F
sudo iptables -X

This clears out the old stuff.

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT

And this is what we want now. This will route the wlan0 connection through our tunnel instead of over the Ethernet connection.

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

This saves our work.


Step 8: Make things automatic

Let’s set it up so that our VPN starts up when our Pi starts up. We’ll need to edit the rc.local file.

sudo nano /etc/rc.local

In the file, look for the line that says “exit 0” and add these lines just above it:

sleep 5
sudo openvpn --config "/etc/openvpn/GF_OpenVPN_10142016/OpenVPN256/FILENAME.ovpn" --auth-user-pass /etc/openvpn/auth.txt

As with the last time, FILENAME.ovpn should be your choice from step 4. Head out of here with the same keystrokes as our last file editing step: Ctrl+X, Y, Enter.

That’s it! Everything should work properly now. You can check to make sure everything starts with each boot by rebooting the Pi with sudo reboot.

1 Comment on "How to use your Raspberry Pi as a VPN router"

  1. Jan van den Berg | October 31, 2017 at 10:21 pm | Reply

    Ps: I am a complete Pi/Linux noob. My VPN connects but when accessing the internet it can’t resolve DNS… Assume its something to do with resolv.conf?

    Also, what assumptions are taken into account for this project to work with regards to Wi-Fi setup, etc.?

Leave a comment

Your email address will not be published.