How to Setup a VPN on Raspberry Pi

ⓘ Cet article peut avoir été partiellement ou totalement traduit à l'aide d'outils automatiques. Nous nous excusons des erreurs que cela pourrait engendrer.

This article follows the article released last week on the establishment of a personal seedbox. Indeed as suggested at the end of the article, it can be very interesting to make the Internet traffic of your seedbox anonymous through the use of a VPN. This article will nevertheless be useful to all those who wish to remain anonymous on the internet.

What is a VPN?

To remain simple, a VPN is a technology that allows to create a secure and anonymous connection between its user and its Internet browsing. This is made possible by the creation of a tunnel encrypted between the user’s computer and private networks elsewhere in the world. The user will therefore go out on the public networks with the IP address of the private networks to which he is connected and not his own.

How to choose a good VPN?

A VPN differs from the competition by several criteria. Price, speed, log retention, security, protocol used are the main ones. For this tutorial we will use the one that we consider the best of the market namely IPVanish. If we take the criteria mentioned just before, today it is the one that offers the best bandwidth and therefore the best speed, This means that your connection will absolutely never bridled because of the VPN. Moreover, it does not retain any logs which ensures total anonymity, the protocol used is simple to use and its price is very affordable. And if you look at the security side, the connection is encrypted in AES 256, in short, that good !

We strongly advise you to use  IPVanish  too as it will be simpler for you to follow our tutorial.

You should know that there are free VPNs. However we strongly advise against them because they are very restrictive. You are often very limited in connection speed and / or amount of data. Moreover the majority of free VPNs do not accept and block the protocol peer to peer what for a seedbox for example is very disturbing!

Implementation of IPVanish

IPVanish is a vpn that uses the openVPN protocol and its installation is simple! First, run the following command to install openVPN on your Raspberry Pi

sudo apt install openvpn

Next, you should avoid openVPN starting when the Raspberry Pi starts. To do this, execute the following command:

sudo update-rc.d -f openvpn remove

We will now prepare the Raspberry to receive the IPvanish files. Simply create a folder that should only contain IPVanish files. You can put it in your user’s folder. We will take for the example the basic user pi

mkdir /home/pi/vpn

Now that the folder is created, we will be able to download the openVPN configuration files from IPvanish. You can find the configuration files at  http://www.ipvanish.com/software/configs/ . Please note that you must download at least two files. The file with the extension “crt” which corresponds to the certificate that will allow you to connect to the vpn and a file with the extension “ovpn” which will determine the ip that will have your Raspberry Pi on the public networks. You can find the location of the IP in the file name.

As part of this tutorial, we will download all files that are located in compressed folder configs.zip.

cd /home/pi/vpn 

wget http://www.ipvanish.com/software/configs/configs.zip 

unzip configs.zip 

rm configs.zip

Once all the files are downloaded we can launch the VPN with the command

sudo openvpn --config SERVER.ovpn

Replace the server with the destination of your choice. For example if you want to have an IP address in Stockholm just use this command

sudo openvpn --config ipvanish-SE-Stockholm-sto-a01.ovpn

All you have to do is fill in your IPvanish credentials and your Raspberry is completely anonymous.

It is possible that like us, during the first attempt you have this error:
ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)

To fix it, you just have to restart your Raspberry Pi. And re-launch the vpn

sudo reboot

If you want to check the good behavior of the VPN, you can run the following command from another SSH connection to not turn off the VPN

curl http://ipecho.net/plain; echo;

You will see that the IP of your Raspberry Pi will be different from that of your computer which you can verify by going to the address  http://ipecho.net/ .

Launch the VPN in background task

As you probably notice, if you followed our tutorial to the letter, the VPN is not launched in background task and as soon as we leave the session SSH, the VPN stops what is not very practical . We will remedy this by launching the VPN via a screen.

What is a screen?

To simplify, screen is a command that allows to launch terminals on the server and thus to keep them if the SSH connection is cut. They can be found during a future connection. This will allow us never to close the terminal in which the VPN will be launched, and thus to be able to find it even by starting a new SSH connection.

Setting up the screen

It is necessary to first cut the execution of the VPN if it is running.

We will install the screen command on the Raspberry Pi if you do not have it yet.

sudo apt install screen

Now let’s create a screen that we will call “vpn”. This will allow us to easily find it during a future connection.

screen -s vpn

This command will create the terminal and directly attached us to it. We can therefore launch the vpn

Sudo openvpn --config ipvanish-SE-Stockholm-sto-a01.ovpn

It’s over, now if you cut the SSH, the VPN will still turn. During a future SSH connection you can find it using the command

screen -s vpn

So here you are with a perfectly anonymous connection and so keep your privacy what good news 🙂