Introduction
American Raspberry Pi Shop. One stop shop for all your Pi needs. Raspberry Pi add-ons, HATs, accessories, Starter Kit, Media Center kit, RetroPi Arcade kit, Ultimate Kit, and many other project kits. PiShop.us is approved Raspberry Pi re-seller and carries all official Raspberry Pi boards and products. The Raspberry Pi is a tiny and affordable computer that you can use to learn programming through fun, practical projects. Join the global Raspberry Pi community. We use cookies to ensure that we give you the best experience on our websites. By continuing to visit this site you agree to our use of cookies.
A Virtual Private Network establishes a secure encrypted connection between your system and a server. It allows you to connect to an untrusted network and tunnel all your network traffic so that it emerges from the VPN server to its destination. In this howto, we will configure the OpenVPN client to connect to the VPN servers hosted by Private Internet Access.
I've chosen to use Private Internet Access only because I already have an account with them and they support the OpenVPN client to connect to their VPN servers. I'm sure other VPN service providers would work the same way.
Raspberry Pi Pianobar
Although I initially tested this on Raspbian Stretch on a Raspberry Pi, I have since used the same steps on Debian Stretch and achieved the same results.
Installing all the prerequisites
To accomplish this task we are going to need to install openvpn, unzip, wget, curl and openresolv. We can do this by using the following command:
Setting up the directory structure
Just to keep things organized we will create a set of directories. This will help if we ever need to alter the configuration by only requiring the change of a couple of linked files. First we need to switch to '/etc/openvpn/client directory'.
Once there we create several directories by issuing the following commands:
Private Internet Access (as well as other VPN providers) provide configuration bundles for the OpenVPN default client. We are going to download those configurations, alter them a bit and use them to connect to the PIA VPN server as soon as our system finishes booting up.
Switch to the directory we created to store the configuration bundle by issuing the following command:
Once in /etc/openvpn/client/vpn-bundles we can proceed to download the configuration bundle with wget by issuing the following:
Now that we have the zipped file with all the configurations we need to unzip it by using the following command:
This command will unzip the openvpn.zip file into a directory whose name starts with the date followed by '-PIA-openvpn'. We are doing this so that in the future if there is a need to download a new set of configurations we can easily tell which directory contains the newly downloaded ones.
Raspberry Pi Piano
Once the file is unzipped we can start moving the configurations to the directories we previously created.
Because we want the OpenVPN client to start without user interaction, we need to add a couple of settings to all VPN configuration files we just downloaded. Change to the directory where we stored them by issuing the following command:
Raspberry Pi Pianobar
Although I initially tested this on Raspbian Stretch on a Raspberry Pi, I have since used the same steps on Debian Stretch and achieved the same results.
Installing all the prerequisites
To accomplish this task we are going to need to install openvpn, unzip, wget, curl and openresolv. We can do this by using the following command:
Setting up the directory structure
Just to keep things organized we will create a set of directories. This will help if we ever need to alter the configuration by only requiring the change of a couple of linked files. First we need to switch to '/etc/openvpn/client directory'.
Once there we create several directories by issuing the following commands:
Private Internet Access (as well as other VPN providers) provide configuration bundles for the OpenVPN default client. We are going to download those configurations, alter them a bit and use them to connect to the PIA VPN server as soon as our system finishes booting up.
Switch to the directory we created to store the configuration bundle by issuing the following command:
Once in /etc/openvpn/client/vpn-bundles we can proceed to download the configuration bundle with wget by issuing the following:
Now that we have the zipped file with all the configurations we need to unzip it by using the following command:
This command will unzip the openvpn.zip file into a directory whose name starts with the date followed by '-PIA-openvpn'. We are doing this so that in the future if there is a need to download a new set of configurations we can easily tell which directory contains the newly downloaded ones.
Raspberry Pi Piano
Once the file is unzipped we can start moving the configurations to the directories we previously created.
Because we want the OpenVPN client to start without user interaction, we need to add a couple of settings to all VPN configuration files we just downloaded. Change to the directory where we stored them by issuing the following command:
We need to alter all the configuration files so that they can get the user name and password from a file named 'login' located at '/etc/openvpn/client/login-enabled/'. This can be accomplished by issuing the following command:
We also need to add the following settings to all the configuration files. These settings deal with changing the DNS servers in order to prevent DNS leaks when the VPN is up.
Going into each file to add the aforementioned settings would be too tedious, it is better to use a small script that goes into each file and adds the settings. The script is simple, just create a file named add_vpn_settings.sh with the following content:
Next step is to make executable by issuing the following:
And finally we run the add_vpn_settings.sh script by issuing:
Now we need to backup the original update-resolv-conf file, this is because we are going to use a replacement that is better able to update the DNS servers in /etc/resolv.conf when they are pushed in by the VPN server. We can do this be issuing the following commands:
If we ever need to return to the default script we just rename 'update-resolv-conf-ORIG' back to 'update-resolv-conf '.
Next we need to download the replacement update-resolv-conf file from https://github.com/masterkorp/openvpn-update-resolv-conf. We can issue the following commands to accomplish this:
Now we rename it and make it executable:
Next we need to create a the file that contains the actual username and password for the PIA VPN server. Issuing the following three commands should do the job:
Now we create a link from /etc/openvpn/client/login-available to /etc/openvpn/client/login-enabled/login by issuing the following:
Finally we link one of the configurations available to be the default one (I've used the UK London configuration as an example below, you can use whichever configuration you desire).
After a reboot, the openvpn client should be up and everything should be flowing through the vpn tunnel.
