Thanks to the built-in Wi-Fi, the newest version of the Raspberry Pi is more useful than ever for networking projects. We recently showed you how to use your Raspberry Pi as a wireless access point – a router, essentially – and now we have a project for you that builds on that. You can use your Raspberry Pi as a VPN access point, helping you browse the web more privately. Here’s how.
How to use your Raspberry Pi as a VPN router
Step 1: Turn your Pi into a wireless access point
Step 2: Install OpenVPN
We’re going to use a program called OpenVPN to set up our VPN. Open the command line and type this to get it:
sudo apt-get install openvpn -y
Now go ahead and reboot the Pi:
Step 3: Download and unzip VyprVPN
We’ll need one more program for this project, and that’s VyprVPN. Let’s get it via the command line:
This puts us in the right directory.
sudo wget https://support.goldenfrog.com/hc/article_attachments/214728647/GF_OpenVPN_10142016.zip
This downloads the file.
sudo unzip GF_OpenVPN_10142016.zip
And this, of course, unzips it!
Step 4: List the VPNs
Hop into the new directory here, then type ls to list the files. We’re using the 256-bit version, so our path reflects that.
cd GF_OpenVPN_10142016/OpenVPN256 ls
You’ll see a whole bunch of files that end in .ovpn. These are the different VPNs you can use, listed by location. Remember these for when you want to connect to specific VPNs (consider writing them down, or just run these commands again when you forget).
Step 5: Create an authorization file
You need to be authorized to use VyprVPN. Let’s create an authorization file:
sudo nano /etc/openvpn/auth.txt
This should create a new file. In the file, type two lines. The first will be your username, the second your password. You’re not just making these up – they have to be your VyprVPN login (if you don’t have a VyprVPN account, create one). Now get out of the file (Ctrl+X), save it (Y), and confirm (Enter).
Step 6: Run a test
sudo openvpn --config "/etc/openvpn/GF_OpenVPN_10142016/OpenVPN256/FILENAME.ovpn" --auth-user-pass /etc/openvpn/auth.txt
Remember the VPN you wanted to use? Plug that in where we have FILENAME.ovpn. If you did it right, you should get a bunch of text that includes the happy words “Initialization Sequence Completed.”
Step 7: Fun with iptables
We’re not done yet. We changed a bunch of stuff in iptables when we used our Pi as a wireless access point, but we need to change that now.
sudo iptables -F sudo iptables -t nat -F sudo iptables -X
This clears out the old stuff.
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE sudo iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT
And this is what we want now. This will route the wlan0 connection through our tunnel instead of over the Ethernet connection.
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
This saves our work.
Step 8: Make things automatic
Let’s set it up so that our VPN starts up when our Pi starts up. We’ll need to edit the rc.local file.
sudo nano /etc/rc.local
In the file, look for the line that says “exit 0” and add these lines just above it:
sleep 5 sudo openvpn --config "/etc/openvpn/GF_OpenVPN_10142016/OpenVPN256/FILENAME.ovpn" --auth-user-pass /etc/openvpn/auth.txt
As with the last time, FILENAME.ovpn should be your choice from step 4. Head out of here with the same keystrokes as our last file editing step: Ctrl+X, Y, Enter.
That’s it! Everything should work properly now. You can check to make sure everything starts with each boot by rebooting the Pi with sudo reboot.